Friday, January 24, 2014

TCP Flag Basics

TCP Flags are used for a variety of reasons. The 3-way handshake is likely the most common and well known (SYN/ACK), however all flags have their place and can greatly improve the flow of data and operation of applications. There are 6 different TCP Flags: Urgent, ACK, PUSH, Reset, SYN, and FIN As there are 6 flags, the TCP Flag field is 6 bits long. Each Flag has a bit that is either "on" [1] or "off" [0]. This is how the flag type is identified. I will now briefly touch on each flag and its uses.

The Urgent Pointer is the flag used to expedite the processing of a segment. When a receiving host receives a segment with the Urgent Pointer indicated, it sends it right to the front of the queue. I like to think of the Urgent Pointer as the "VIP" of the flags. When trying to gain entrance everyone has to wait their turn. However, when the "VIP" shows up, they are quickly brought to the front of the line and allowed in.

The Synchronisation (SYN) flag... definitely the first I learned about. SYN is used to establish connections as part of the 3-way handshake. To review, that involves Host A sending a SYN, Host B sending a SYN ACK, and Host A sending an ACK back to establish the connection.

Acknowledgement (ACK) Flags are used to indicate the successful receipt of a packet. With TCP, just about any data that is sent will receive an ACK back.

The PUSH flag is used to give data precedence over other packets, similar to the Urgent pointer. This is especially useful for applications whose integrity is compromised by too much delay (VoIP, video/music streaming, etc).

The RST (reset) flag is used when a segment arrives that isn't meant for the current session. When a host receives such a segment it sends out a RST and rejects the connection. This lets the sending device know where the mistake was made and initiate the correct connection.

The FIN flag (for Finished) is pretty much the opposite of SYN. When tearing down a connection Host A sends a FIN ACK, host B then ACKs, followed by a FIN ACK, which host A ACKs in response to. This completes the teardown.
I find it notable that data may continue flowing until both sides have shut the connection down.

No comments:

Post a Comment