TCP Header

(Hussein Samir) #21

Thanks LAZ that indeed helpful,

the seq number indicate the amount of data has been sent in one window not in the entire TCP session, I was confused because Rene said seq number indicates how much data is sent during the TCP session


(Lazaros Agapides) #22

Hello Hussein

Yes I understand the confusion. Keep in mind that if you take the first sequence number that was used when the session was initiated and the last sequence number that was used before termination, if you calculate the difference between them, it will indeed be the total amount of data in bytes that have been sent over the whole session (taking into account the number of times the sequence number has to be reset to zero when it reaches the upper limit of the 32 bit field).

I hope this has been helpful!


(Hussein Samir) #23

Hello @lagapides

Thank you very much, now everything is clear, only one thing which is how to find out the number of times the sequence has been reset to zero ?? I mean is there any filed or option in TCP header determine that ??

(Lazaros Agapides) #24

Hello Hussein

Unfortunately there isn’t. Because the window size is always going to be much much smaller than the largest available sequence number, it will never reset to zero within a single segment. Segments are always many many orders of magnitude smaller. Only the hosts between them keep track of when the counter resets to zero. Even when it does, they only detect it at that specific segment. Once the segment is received and acknowledged, there is no need to keep track of the resetting of the counter from the host’s point of view.

If you want to keep track of the total amount of data that has been sent in a session, there are other mechanisms that can do that, that belong to higher layers. For example, in an FTP transaction, FTP keeps track of bytes transferred and other such statistics.

I hope this has been helpful!


1 Like
(Hussein Samir) #25

Thank you very much @lagapides your answer very clear and helpful for me

(Muhammad Rasoul A) #26

Hi there,
Could you please tell me what is Urgent Pointer field and URG in the Flag field.

(Lazaros Agapides) #27

Hello Muhammad

A host can have many TCP sessions occurring at the same time. Hosts will generally processes TCP segments on a first come first serve (FIFO) basis even when these segments come from multiple TCP sessions. When large volumes of data are being transferred, this can impact the responsiveness of some of the TCP sessions.

If the URG flag is set to zero, segments are treated in a FIFO manner. When the URG flag is set to 1, this tells the receiving host that this segment should be treated as urgent. How urgent? Well that depends on what is found within the Urgent Pointer field. The Urgent Pointer field instructs the TCP stack to halt other sequential data pushes and immediately create a secondary “out of band” channel for those packets to speed up data transmission. The value in the Urgent Pointer is known as a sequence number offset, indicating how far forward in the sequence numbering of the TCP segments this particular segment should be placed.

Examples of the use of the URG flag and the Urgent Pointer include its use in Telnet and SSH sessions where an immediate response, such as the echoing of typed characters, is required.

I hope this has been helpful!


(Muhammad Rasoul A) #28

Thank you Lazaros,
now it is clear.

1 Like
(Dominique R) #29

Hi Rene and staff,
please , could you add some explanations about TCP header in TCP connections with MD5 authentication ?

(Lazaros Agapides) #30

Hello Dominique

The TCP authentication using MD5 is a feature that is included in the Options portion of the TCP header. This feature is primarily used to protect BGP sessions using an MD5 Signature. This is further described in RFC 2385. However, this is now considered obsolete and has been replaced by the TCP Authentication Option which is described in RFC 5925.

Cisco has support for the Authentication Option in its Nexus platforms which can be seen here:

Most of the info concerning TCP header fields for both AO and MD5 authentication can be found in the RFCs.

I hope this has been helpful!