1.1.e Explain TCP Operations Flash Cards

Here are all of the flash cards for 1.1.e Explain TCP Operations !

If you don’t have or know what Anki is, it is my favorite , free flash card program:

Here is the Anki package you may import and start using the flash cards right away:


If you prefer the plain text flash cards, here they are:

How are TCP and UDP fundamentally different?
TCP is connection oriented while UDP is not.

In the TCP Header, what is the source port?
The source port, from the perspective of the client is the source port for the connection of this TCP IP packet the client has opened to keep track of this TCP connection to the server. From the server’s perspective, when he replies to packets, his source port is the one the service was listening on.

In the TCP Header, what is the destination port?
From the client’s perspective the destination TCP port is the port the destination IP address is listening on. From the server’s perspective the destination port is the port he is sending data to so that the client knows which connection this is.

In the TCP Header, what is the sequence number?
How many bits is it? The sequence number is a 32 bit field which is randomly set for each direciton of the TCP connection. It is exchanged during the SYNCH phase of the connection.

In the TCP Header, what is the acknowledgement number?
How many bits is it? The acknowledgement number field is used for TCP hosts to let the otherside of the connection know how many bytes/sequence they have received from them. It is used to detect packet loss in the middle of a segment.

In the TCP Header, what are 6 most important TCP flags and their purpose?

SYN- The Synchronize flag is used to synchronize sequence numbers, and exchange TCP options to bring up a new connection.
FIN- The Fin flag is used by applications and the TCPIP stack to gracefully shut down a connection and begin to release resources if possible.
ACK – The Acknowledgement flag is used to tell the TCP stack that we are acknowledging sequences of data in this packet (among other things).
PSH – The push flag is used by an application to let the TCP stack know that this data shouldn’t be stored in the buffer and should go out to the destination immediately.
RST – The reset flag is used by 1. the application 2.the tcpip stack 3. routers/firewalls along the path. 4. IPS to close a TCP connection without fins. It is a form of closing a connection that is not as graceful as the FIN.

URG – The urgent pointer flag tells the TCP stack to look at the urgent pointer field for directions to where the urgent sequence is. Hardly ever used.

In the TCP header, what is the window field for?
The window field is used to denote how much data this host can receive before they need to process it and ack you.

In the TCP header, what is the checksum field?
This field is similar to the IPv4 checksum header, except it differs in the fact that the TCP checksum is a checksum of the TCP header AND payload.

What is the total size of the TCP header? 20 bytes

Describe the TCP RECEIVE window and its operations.
Each host in a TCP connection sets their receive window based on how much buffer space their hardware is able to allocate. The receive window is how much data can be received before needing to send an acknowledgement back to the sender.

Describe the TCP CONGESTION/send window and its operations.
The TCP congestion window is how much data this host will send before needing an acknowledgement. This window starts off low but increases exponentially  until we reach the slow start threshold. Then it increases linearly. Once congestion is encountered we half this and start over.

What is true about the relationship between the TCP receive and congestion/send window?
The congestion window CANNOT be larger than the receive window of the other host.
In TCP, give a very light description to what options are for. In TCP, options are mainly used for TCP extensions, obsolete methods of data exchange, or extra parameters that we need to exchange.

In the TCP header, what is the Urgent Pointer field?
This field is used when the urgent flag field is set in the TCP flags, this field points to a sequence of data in the payload that is urgent and must be processed first by the receiver (similar to the PSH) except this method should never be used.

In TCP, how many sequence numbers do we need to keep track of?
In TCP we need to keep track of 2 sequence numbers, one for each direction.

What does it mean when TCP sequence numbers are relative in wireshark captures?
Although TCP sequence numbers are random numbers up to 4 bil (32bit) wireshark displays them relative to the first packet (0) so that they can be read easier.

What is the max value for a TCP sequence number?
(estimate) Since the field is 32 bits large, 4 billion is the biggest value (not exact)

How do TCP sequence and Acks work? Describe their relationship.
TCP sequence numbers are used to tell the destination how many BYTES we have sent them thus far. The TCP ack field is used to tell the destination how many BYTES we have received from them thus far. It is a way for us to keep track if we missed anything, and for the destination to keep track if we missed anything, for both directions of the flow.

“Describe the flow , sequence, ack, and legth fields below on a notepad. Then compare the results to confirm you understand how seq and acks work.

Here’s an example, of a stream starting after the 3 way handshake, meaning we are at seq = 1 and ack =1.

Server communication – sequence = 1 , ack = 1, length = 318

Server to client communication – sequence = 1, ack = 319, length = 0
server to client communication  – sequence = 1, ack = 319, length = 1448
client to server communication – sequence = 319, ack 1449, length = 0
server to client communication – sequence = 1449, ack = 319, length 1448

In the TCP Tahoe algorithm, what happened to the congestion window when TCP encountered packetloss/timeouts?

1. The congestion window is reset to 1x the TCP MSS of the sender (himself)
2. Send threshold is half of the congestion window before the packet loss occured
3. TCP slow start is initiated

What is TCP slow start? Describe the operation.
TCP slow start is the algorithm used to start increasing the TCP congestion window for new connections quickly. The congestion window starts at 1x the TCPMSS of the sender. Then for every ack he gets back, the window is increased by 1x the TCPMSS until the size hits the slow start threshold, or matches the receive window of the receiver.

What did the TCP Reno algorithm do better than Tahoe?
Instead of dropping the congestion window to 1x the TCPMSS value when we experience congestion, we half it. This allows us to start from the slow start threshold rather than from the beginning. Slow start only happens at the begining of the connection and not constantly.

It also introduced the concept of fast retransmit, meaning if we got duplicate acks we retransmitted rather than waiting for timeout.

What did TCP New Reno do better than Reno? TCP New Reno solved the problem of of multiple packet losses causing the congestion window to half multiple times to a very small value.

How does TCP selective ack work (SACK)?
This is an option in the TCP options where hosts denote that they support TCP SACK. This congestion avoidance algorithm allows the client to let the sender know which parts of the segments he has and does not have. Thus preventing retransimittion of all segments, just the missing ones.

How do hosts do eachothers TCP MSS?
When two hosts begin a connection they both send each other SYNs , in the SYNs we tell eachother what our supported maximum segment size is. (per direction)

How is MSS calculated? Maximum segment size is the IP MTU – the IP header –  The TCP header

1500-20-20 = 1460 (most common value to see)

What is propogation delay?
Describe it. Propogation delay is the time it takes for the electrical signals to go from one end of the cable to the other.

What is serialization delay?
Serialization delay is the time it takes to put and pull bits on and off the wire. The more bandwidth a link has, the more bits it can serialize and deserialize from the wire.

What is data protocol delay? Data protocol delay is any delay introduced by higher level protocols to verify checksums, set up the connection (tcp 3 way, ip header checksup, ethernet FCS)

What is routing and switching delay?
This is the time it takes for the networking device to do a L2 and L3 lookup, and then process and attach the headers.

What is queueing and buffer delay?

This is the time a packet spends in the input or output queue of a router/switch. If there is a FIFO queue with no congestion, once the whole packet comes in (store and forward) it will be sent out.
However if we have any congestion on the link, then our input or output queues being and our queueing mechanisms may move packets around in memory either adding or decreasing their latency.

What is the formula for bandwidth delay product? Give an example.
BDP (in bits) = bandwidth (bits) * RTT (sec)

1 Mbps link with 30 ms of RTT
1 Mbps (1000000 bits)  * 0.30 = 300,000 Bits

What three solutions are available for fixing the TCP global synchronization problem?

1. Get more bandwidth
2. Enable a fair queueing mechanism
3. Enable weighted RED or Random early detection to selectively drop TCP flows at different times and to avoid TCP global sync

Describe TCP global synchronization and it’s issue. ”


As shown above TCP global synchronization is when multiple TCP flows experience congestion at the same time, thus they all drop to their slow start threshold at the same time, and start linearly  increasing again.
The immediate drop at the same time (due to uncontrolled congestion probably caused by output tail drop) rules in all of these flows synchronizing their TCP algorithms.
This leads to periods of ALL the TCP flows dropping down to their slow start threshold at one time, then slowly rising again. This time of slowly rising for ALL TCP flows means that there is bandwidth that is not being realized by TCP.

In TCP Options, what is the End of Options list option?
This option denotes the end of TCP options, it always comes last.

In TCP options, what is the NOP option?
This option denotes 1 bit padding, it’s used to align the options to a 32bit value for performance.

In TCP options, what is the maximum segment size?
When is it sent? This option is only when the packet is a SYN, it’s for TCP hosts to let the other side know what it’s biggest TCP payload will be.

In TCP options, what is the window scale? When is it sent? The Window scale is only used on SYNs and is used to get over the 16 bit limitation of the window size, this option is a multipler for the window size.

In TCP options, what is the timestamp?
This option is for TCP hosts to keep track of packets. It is marked on sending of the packet. It helps calculatre RTT and protect against wrapped sequences.

What are all of the fields in the TCP header?
Source port

destination port
sequence number
ack number
tcp flags
urgent point
tcp options