Transmission Control Protocol (TCP)
Transmission Control Protocol (TCP) is a trustworthy protocol to ensure that the data sent is properly received, and in the correct order. If there is an error, the message is sent again.
- connection-based π€: a prior connection is established
- stateful π΅: information about the session is kept
- flow-control π: the sender can slow down the transmission rate
It's used when quality is more important than speed.
ποΈ Port: N/A
πΊοΈ Used by: ssh, ftp, http...
βοΈ TCP PDUs are called segments.
TCP messages all have a flag according to they type:
-
1: F=FIN -
2: S=Syn -
4: R=Reset -
8: P=Push -
16: A=Ack - ...
TCP three-way handshake π
Using TCP, we establish a session between two machines A and B. A start with a SYN. B replies with SYN, ACK. A receives SYN, ACK, and replies with ACK. The closing handshake is the same with FIN.
There are sequence numbers and ack numbers on every message. The first SYN has a random value $a$. The second SYN has a random value $b$, while the ACK has the value $a+1$. The final ACK has the value $b+1$.
Header
- 2 bytes for the "source port"
- 2 bytes for the "destination port"
- 4 bytes for the "sequence number" (seq)
- 2 bytes for the "acknowledgment number" (ack)
- 4 bits for the "offset"
- 3 bits that are "reserved" (000)
- 9 bits for the "flag"
- 2 bytes for the "frame/windows" (
cadre) - 2 bytes for the "checksum"
- 2 bytes for the "urgent pointer"
- 0 to 40 bytes for "options" (optional)
TCP vulnerabilities
- SYN Flood Attack
π An attacker send mass SYN requests creating many half-open connections and slowing down the target. π₯ DoS β‘οΈ Limit-rate the number of SYN packets accepted per second.
- TCP Reset Attack
π An attacker send RST to terminate legitimate connections to disrupt service. β‘οΈ Protect TCP connections (ex: filters, encryption...).
- TCP Session Hijacking
π An attacker steal a session by stealing or guessing the session ID. β‘οΈ Use encryption, timeouts, forbid many active sessions...