HakTip 126 – Wireshark 101: Transmission Control Protocol

This week on HakTip, Shannon Morse explains the Transmission Control Protocol (or TCP) within Wireshark.

Download HD | Download MP4

Today we are breaking down the Transmission Control Protocol or TCP for short, which runs in Layer 4 of the OSI model and runs on top of IP. TCP basically makes sure your data gets to where it’s supposed to go in a reliable way. Consider that IP is the pizza, and TCP is the pizza delivery guy (or girl), she ensures your pizza gets to you on time.

Let’s check out a TCP Header Packet. The first part will be the Source Port, used to transmit the packet, then you have the Destination Port which is the port to where the packet will be transmitted. Next up is the Sequence Number. This ensures that part of the data stream isn’t missing from the whole packet. It identifies the TCP segment. The Acknowledgment Number is the sequence # for the next packet. Flags can include URG, ACH, PSH, RST, SYN, and FIN for type of TCP packet. Window Size is the size of the TCP receiver buffer in bytes. Checksum ensures the contacts are intact and legit. Urgent Pointer is if the URG flag is there, this part will give extra instructions about where the CPU should begin reading data in the packet. And options are extra info.

Let’s take a look at a TCP Packet header so we can point these out.

TCP works by transmitting data on ports, which range between 1-65,535. Ports 1-1023 are Standard Ports (like Port 80 for HTTP falls within this category), and ports 1024-65535 are ephemeral ports, which are randomly selected when a device needs to find an open port. Both the destination and the client need to know what port the other is listening on to be able to transmit data between them. Oftentimes, a source port will be chosen at random when TCP sends a packet.

TCP packets start with a handshake that ensures the host and destination are up and ready to communicate, checks the open port, and sends a sequence number so data stays in line. The host will send a SYN packet to the destination, the destination will send a SYN/ACK packet, then the Host will send an ACK packet back. During this handshake, the Sequence Number will go up by one each time.

The TCP Teardown is the last thing that happens between the two devices before their communication is over, and it’s signified by a FIN flag. The host sends the destination a FIN/ACK packet, then the destination sends the host an ACK packet, then a FIN/ACK, and the host responds with an ACK. Let’s see if we can find a teardown packet header.

Lastly, sometimes a TCP packet will need to send something called a RESET, or RST as it would be called in the Flag section. If a connection is halted all of a sudden by accident, the TCP packet will try to reset with this flag. This will halt all traffic during the sequence and close out the packet.

Let me know what you think. Send me a comment below or email us at [email protected]. And be sure to check out our sister show, Hak5 for more great stuff just like this. I’ll be there, reminding you to trust your technolust.

1 Comment

  • Paramotor - Paramotor Equipment
    Reply

    What you posted made a great deal of sense. But,
    consider this, suppose you were to create a killer headline?
    I am not suggesting your information is not
    good., however what if you added a headline that makes people want more?

    I mean HakTip 126 – Wireshark 101: Transmission Control Protocol is a little
    boring. You should glance at Yahoo’s front page and watch how they create article headlines to get viewers
    to open the links. You might add a related video or a related pic or two to grab people interested about everything’ve got to
    say. Just my opinion, it might make your posts a little bit more
    interesting.

  • ChandaAVaile
    Reply

    I am not sure where you are getting your information,
    but great topic. I needs to spend some time learning more or understanding more.
    Thanks for excellent info I was looking for this info for my
    mission.

  • CT limo
    Reply

    Fascinating blog! Is your theme custom made or did you download it from
    somewhere? A theme like yours with a few simple tweeks would really make my blog jump out.
    Please let me know where you got your design. Kudos

  • CharlineKLatshaw
    Reply

    Good post. I learn something totally new and challenging on sites I
    stumbleupon on a daily basis. It will always be interesting to read content from other writers and use something from other sites.

  • rifle shells for sale
    Reply

    When police raided Nicholson’s home, they found a knuckleduster, baseball bat and 26,000 in cash rifle shells for sale your credit score is not going to get a new decision when you apply fortoday, however your revenue will affect the amount you might be offered.

  • head gasket repair cost
    Reply

    Hi there just wanted to give you a brief heads up and let you know a few of the images aren’t loading
    properly. I’m not sure why but I think its a linking issue.
    I’ve tried it in two different internet browsers and both show the same outcome.

  • pandora bangle
    Reply

    Alverta is my name but I never really liked that name.
    It’s not a common thing but a few things i like doing is to learn comics
    but I’m thinking on starting something interesting.
    I am currently a filing assistant. Her husband and her proceeded to reside
    in Wyoming but her husband wants the move. Check out the latest news in this little website:
    pandora bangle

  • Fundamental Elements For Hemp Seeds Around The Usa
    Reply

    Celebrities are frequently spotted lighting up joints, from
    Paris Hilton to Lily Allen and Cameron Diaz. However,
    when it comes to other ladders, you might want to opt
    for a colour that goes well with the entire room.
    Patients who use cannabis to mitigate pain commonly report a significant reduction in their usage of other medications, especially prescription opiates which many complain cause
    negative side effects.

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>