transmission control protocol - Computer Definition
An Internet transport layer protocol. The standard is defined in STD 7, RFC 793. Relative to the UDP protocol, TCP is both connection and stream oriented. The TCP protocol is reliable but slower than the connectionless UDP protocol. From a security perspective, a TCP connection established through a three-way handshake can be abused by SYN flood attacks.
The terms addressed are illustrated in Figure 20-1. The protocol header contains a source port (dynamically generated) and a destination port (a port under 1,024 or one of the registered ports below 4,000). When analyzing network traffic, analysts need to keep in mind that communication over one port might not be what it initially appears to be because back doors and malicious traffic might use these well-known ports to hide behind.
The sequence number is initially set to a random value and then incremented by the number of bytes sent in the established connection. The acknowledgment number contains the sequence number of the last received communication, incremented by 1.
The header length contains the number of 32-bit words in the header.
Among the flags are SYN (Synchronize), ACK (Acknowledge), PSH (Push), RST (Reset), FIN (Finish), and URG (Urgent), which are used to signal various states in the lifetime of the communication. It is important to recognize that crackers use unusual and unspecified combinations of flags to cause abnormal behaviors in attacked systems.
The window size field is used for flow and congestion control to adjust the amount of data sent in one block of the message. If the connection slows, the window size can be decreased to slow the traffic rate—thus, a higher overall throughput of the connection can be realized without data packet losses.
The checksum field is used to ensure the integrity of the TCP header, and the urgent pointer is used to point to data in the data section.
A full discussion of TCP options is beyond the scope of this dictionary. An interested reader can refer to the RFC or one of the books on TCP/IP by Craig Hunt.
Hunt, C. and Cameron, D. TCP/IP Network Administration (3rd Edition). Online Books: O’Reilly Media, Inc., 2002; QUT Division of Technology, Information and Learning Support. Network Glossary. [Online, July 17, 2003.] QUT Division of Technology, Information and Learning Support Website. http://www.its.qut.edu.au/network/glossary.jsp.