sequence number in TCP - networking

Why do we need the sequence number and the next sequence number field in the TCP header?
Below is a TCP header from a packet captured using wireshark.

First, fields in Wireshark enclosed by [brackets] are computed fields - they're not in the packet. That next sequence number field shown by Wireshark is one such field. Wireshark is computing that by taking the 'sequence number' field and adding it to the payload size of your packet. It's no surprise then that the difference between these two numbers is 1430 - a common TCP payload size.
Sequence numbers in TCP are in units of bytes - they basically say, what byte location in the TCP stream this packet's payload is inserted at.
The 'acknowledged' sequence number shows how many bytes I'm acknowledging as having received.
Since TCP is bidirectional, each end has to declare
Where the bytes its transmitting should go in the stream and
What bytes that you've sent me that I've received.
As such, each TCP packet has two fields that refer to sequence numbers - the 'sequence number' field, and the 'acknowledgment number' field.
Without the 'sequence number' field, the receiving end wouldn't be able to tell if packets were received out of order. Without the 'acknowledgment number' field, the transmitting end wouldn't know if some of his packets had been dropped and the receiver never received them.

Because TCP is a reliable pipe. This means that packets are delivered in sequence (and only once) even though the lower layers don't offer that guarantee. IN order to do this TCP needs housekeeping data, acks, nacks,....
https://en.wikipedia.org/wiki/Transmission_Control_Protocol
The 'next sequence' is an artifact of wireshark, its not actually in the TCP header, ws is just telling you the next packet in its capture file

Related

Exceptions to the TCP sequence numbering mechanism?

In a situation where both client and server sets their respective sequence number to 0, I read that the following is true:
C-->S: SYN=1, SEQ=0 (No data bytes)
C<--S: SYN=1, SEQ=0, ACK=1 (No data bytes)
C-->S: SEQ=1, ACK=1 (Data bytes optional)
In the third part, I understand the server is expecting the next sequence number to be 1, but aren't sequence numbers supposed to be set to initial_seq_num + sent_data_bytes_num? Since there was no data bytes sent in the first part of the handshake shouldn't the seq # be 0?
Is this just an exception during the handshake or are segments sent to with no data bytes supposed to increment the sequence number by 1 if they can be sent at all?
(There is a similar Q & A but the answer doesn't explain if this is an exception during the handshake phase OR if this happens after a TCP connection has been establish. I'm not even sure if a segment with no data bytes can even be sent. I'm assuming you can't)
ADDED It seems TCP keep-alive packets have no payload either. RFC 1122 says in these packets, SEG.SEQ = SND.NXT-1, and because this sequence number will be an already ACKed number, and a duplicate ACK will be sent, so as to keep the sequence number of the server the same.
Otherwise, I couldn't find any indications of what needs to be done when the sequence number is correct but there is no payload. I might be wrong since I only briefly scanned the document, but there is also no statement of rules of sequence numbering during the handshake except for examples.
In RFC 1122, it says
Unfortunately, some misbehaved TCP implementations fail to respond to a segment with SEG.SEQ = SND.NXT-1 unless the segment contains data.
So I'm assuming it depends on each implementation, but if there is any statement of a) the sequence numbering during handshake, and b) how to behave when the sequence # is correct but there is no payload, I would really appreciate it if someone could point me to that part.
Thanks!
The first ACK (that occurs as part of Handshake) acknowledges the reception of SYN from the other end. The SYN segment does not carry any data. But to allow the provision for acknowledging the reception of SYN, the first ACK is incremented though no payload is present.

TCP Urgent Pointer, buffer management, and the "Send" call

My question relates to TCP Segment-creation on the sending device.
My understanding of TCP is that it will buffer "non-urgent" bytes of traffic until either some kind of internal timeout is reached...or the MSS is reached. Then the segment is finished and transmitted onto the wire.
My question: If TCP has been buffering "normal/non-urgent" bytes, and then receives a string of "urgent" bytes from the upper-layer process will it:
Terminate buffering of "non-urgent" bytes, send the non-urgent segment, and start creation of a new TCP segment, beginning with the "urgent" bytes...or...
Continue building the currently-buffered, partial-segment, placing the urgent bytes somewhere in the middle of the segment after the normal bytes.
RFC 1122 (section 4.2.2.4) indicates that the Urgent Pointer points to the LAST BYTE of urgent data in a segment (inferring that non-urgent data could follow the urgent data within the same segment). It does not clarify if a segment must BEGIN with urgent data...or, if the urgent data might be "in the middle".
This question concerns a possible TCP segment with the "urgent" bit set but NOT the "push" bit. My understanding of RFC 793 is that they are mutually exclusive of each other (although typically set together).
Thanks!
My understanding of TCP is that it will buffer "non-urgent" bytes of traffic until either some kind of internal timeout is reached
If the Nagle algorithm is enabled, which it is by default. Otherwise it will just send the data immediately, subject to windowing etc.
...or the MSS is reached. Then the segment is finished and transmitted onto the wire.
Not really. It will transmit as and when it can, subject only to the Nagle algorithm, windowing, congestion control, etc.
My question: If TCP has been buffering "normal/non-urgent" bytes, and then receives a string of "urgent" bytes from the upper-layer process will it:
Terminate buffering of "non-urgent" bytes, send the non-urgent segment, and start creation of a new TCP segment, beginning with the "urgent" bytes...or...
Continue building the currently-buffered, partial-segment, placing the urgent bytes somewhere in the middle of the segment after the normal bytes.
Neither. See above. From the point of view of actually sending, there is nothing 'urgent' about urgent data.
RFC 1122 (section 4.2.2.4) indicates that the Urgent Pointer points to the LAST BYTE of urgent data in a segment (inferring that non-urgent data could follow the urgent data within the same segment).
Correct, except that you mean 'implying'.
It does not clarify if a segment must BEGIN with urgent data...or, if the urgent data might be "in the middle".
It doesn't require that the segment must begin with urgent data, so it needn't.
This question concerns a possible TCP segment with the "urgent" bit set but NOT the "push" bit.
Why? The PUSH bit is basically meaningless to modern TCP implementations, and ignored, and there is no way you can detect segment boundaries, so why do you care?
My understanding of RFC 793 is that they are mutually exclusive of each other (although typically set together).
Why? Please explain.

TCP -- acknowledgement

The 32-bit acknowledgement field, say x, on the TCP header
tells the other host that "I received all the bytes up until and including x-1,
now expecting
the bytes from x and on". In this case, the receiver may have received some
further bytes, say x+100 through x+180,
but it hasn't yet received x-th byte yet.
Is there a case that, although the receiver hasn't received
x through x+100 bytes but received the bytes say x+100 through x+180,
the receiver is acknowledging that it received x+180?
One resource I read indicates the acknowledgement of bytes received despite a gap in the earlier bytes.
However, every other source tells
"acknowledgement of x tells all bytes up until x-1 are received".
Are there any exceptional cases? I'm looking to verify this.
TIA.
This can be achieved by TCP option called SACK.
Here, client can say through a duplicate ACK that it has only up to particular packet number 2 (sequence number of packet) in order and append SACK(Selective Acknowledgement) option for the range of contiguous packets received like packets numbered 4 to 5 (sequence number). This in turn shall enable the server to retransmit only the packets(3 sequence number) that were not received by the client.
Provided below an extract from RFC 2018 : TCP Selective Acknowledgement Options
The SACK option is to be sent by a data receiver to inform the data
sender of non-contiguous blocks of data that have been received and
queued. The data receiver awaits the receipt of data (perhaps by
means of retransmissions) to fill the gaps in sequence space between
received blocks. When missing segments are received, the data
receiver acknowledges the data normally by advancing the left window
edge in the Acknowledgement Number Field of the TCP header. The SACK
option does not change the meaning of the Acknowledgement Number
field.
From the TCP RFC at https://www.rfc-editor.org/rfc/rfc793.txt:
3.3. Sequence Numbers
A fundamental notion in the design is that every octet of data sent
over a TCP connection has a sequence number. Since every octet is
sequenced, each of them can be acknowledged. The acknowledgment
mechanism employed is cumulative so that an acknowledgment of sequence
number X indicates that all octets up to but not including X have been
received.
That seems pretty clear to me, the sequence number stops at the first missing data.

Sequence number TCP

Every byte (of data send via TCP) has it's own sequence number. This sequence number features in the TCP header (the sequence number field).
I read that this is separate from the sequence number used for the sliding window protocol. This makes me wonder:
Q:
If the sequence number field in the TCP header does not contain the sequence number used for the sliding window protocol - where can the sliding window sequence number be found in the TCP header (or segment)?
The TCP sequence number is used by the protocol to signal the acknowledgement of data acknowledgement.
That is, the sender sends out data with a sequence number in the header of the last byte in the packet.
The receiver returns acknowledgements containing the sequence number of the last byte of data known to have been received. If the transmitter sees the receiver acking data "too long ago" it retransmits the data presumed to have been lost.
If in fact the receiver has received the data retransmitted it knows because of its own highest sequence number that this is so, and can drop part or all of the data received, and send an ack back with the correct sequence so the transmitter can continue.
I think your informant is incorrect BTW. The best book I know of for TCP internals is "TCP/IP Illustrated" by Wright & Stevens, which is well worth getting. See Vol 2 pp 807..812 for all the details...

value of 'More Fragment' bit when IP packet is fragmented multiple times

Suppose I have two hosts, host A and host B, and host A sends a 1500 byte packet to B and there are two routers between them with a MTU of 800 bytes for the first link, and MTU of 500 bytes for the second link between them.
As I understand it the packet will have to be fragmented both times. The packet will have to be fragmented into 3 packets (2 equally sized packets and one smaller one).
Then when we hit this second router we will have each of the first two fragmented packets be fragmented once more. The first two original fragments will produce 1 larger fragment (close to 500 bytes), and one smaller one.
This is where I am confused.
I know that the 'More Fragment' bit should be set to 1 on all of the first 3 fragments except the last indicating that the packets are part of a fragment up to and including the next packet with 'More Fragment' set to 0. However, for the second set of fragments I am not so sure. If this was the first time the packet had been fragmented, the last fragment would have 'More Fragment' of 0, but since this is actually just a fragment somewhere in the middle of the original message, I have a feeling it should be 1.
I am hoping someone with more experience can shed some light on this for me. Is the 'More Fragment' bit used in reassembly? If so I would imagine that when the fragments are fragmented then we do not set the last fragment to 0.
So the algorithm would go:
If fragmenting a packet with 'More Fragment' set to 0,
then set 'More Fragment' to 1 in all fragmented packets except the last.
Else If fragmenting a packet with 'More Fragment' set to 1,
then set 'More Fragment' to 1 in all of the fragmented packets.
Is my assumption here correct?
You are more or less right. Routers besides adding MF (more fragments) flag are doing some more processing:
To fragment/segment a long internet packet, a router (R1 in the figure
below) creates a new IP packet and copies the contents of the IP
header fields from the long packet into the new IP header. The data of
the long packet is then divided into two portions on a 8 byte (64 bit)
boundary, so that the first packet is less than the MTU of the
out-going interface. The more-fragments flag (MF) in the first packet
is set to one (to indicate that more fragments of this packet follow).
The More Flag may already be set in this packet if it has already been
fragmented by another system. This packet is forwarded.
The second created new packet is then processed. The packet header
field is identical to that of the original packet (including the same
value of the packet ID, the total length field, the more-fragments
flag (MF) and the fragment offset field in the original packet). The
packet header field is updated with a new offset field, by adding the
number of payload bytes sent in the first fragment. If this new packet
is larger than the allowed link MTU, the packet is again fragmented.
So in nutshell for already fragmented packets whole IP header is being copied to new packets (smaller fragments of fragment). It means that if IP packet has MF set it will be also copied to last fragmented packet. Thanks to changing offset and packets ID host receiving fragmented packets will be able to reassemble those.

Resources