- Time to Live (TTL) — How long a packet should live on the network before being discarded.
- Source port — A random (unused) port chosen by the sender.
- Destination port — The port on the receiving end, which normally is determined by the application being used.
- Source address — “From” IP address.
- Destination address — “To” IP address.
- Sequence number — A random number that identifies a given connection.
- Acknowledgement number — Starts at the sequence number and then increases by the number of bytes received in the previous packet (or 1 is the previous packet did not include a data segment). Used to ensure that no data is lost, and that packets are reassembled in the right order.
- Checksum — Integrity check.
- Data — The, well, data.
- Flag(s) — How the packet should be handled (SYN, ACK, FIN, RST, etc.).
There’s potentially a lot more detail than this in a TCP packet header, however.
Acknowledgement number
The TCP “acknowledgment number” contains the next sequence number that the sender is expecting to receive (so basically senders determine the next sequence number). This is the current sequence number (for the other host) + the number of bytes in the data segment of the packet being sent to that host.
Packets with a zero-length data segment that start or continue a conversation (for example, SYN packets) get their sequence/acknowledgement number incremented by 1. This is called a “ghost byte”.
The acknowledgement number for RST packets is always 0.
The initial SYN packet that starts the three-way handshake should not have an acknowledgement number
Flags
TCP header flags
Link to original
- URG — Process the current TCP packet immediately. Directs the receiving system to examine the “urgent pointer” field.
- ACK — Acknowledgement. Directs the receiving system to examine the “acknowledgement number” field.
- PSH — Push. Elevate the priority of the packet’s data, but does not otherwise change rules around packet processing.
- RST — Reset. Terminates the connection forcefully.
- SYN — Synchronize. Used during the initial three-way handshake to set a shared (starting) sequence number.
- FIN — Finish. Indicates that the connection may be dropped gracefully.