Understanding the TCP/IP Transport Layer 479
Figure 9-2 Transport Layer Role in Communication Between Network Devices
The transport layer provides the following basic services:
■ Segmenting upper-layer application data
■ Establishing end-to-end operations
■ Sending segments from one end host to another end host
■ Ensuring flow control provided by sliding windows
■ Ensuring reliability provided by sequence numbers and acknowledgments
The transport layer assumes that it can use the network as a “cloud,” to send data
packets from source to destination. The cloud deals with issues of which of several
paths is best for a given route. This starts to illustrate the role that routers perform
in this process.
TCP/IP is a combination of two individual protocols, TCP and IP. IP is a Layer 3 pro-
tocol, a connectionless service that provides best-effort delivery across a network. TCP
is a Layer 4 protocol, a connection-oriented service that provides flow control as well
as reliability. Pairing the protocols enables them to provide a wider range of services.
The TCP/IP protocol suite is made up of many protocols, but TCP and IP are the key
ones. TCP/IP is the protocol suite on which the Internet is based.
Flow Control
As the TCP transport layer protocol sends data segments, it can ensure the integrity
of the data. One method of doing this is called flow control. Flow control avoids the
problem of a transmitting host overflowing the buffers in the receiving host. Overflows
can present serious problems because they can result in the loss of data.
Transport layer services enable reliable data transport between hosts and destinations.
To obtain such reliable transport of data, a connection-oriented relationship is used
1102.book Page 479 Tuesday, May 20, 2003 2:53 PM
480 Chapter 9: TCP/IP Transport and Application Layer
between the communicating end systems. Reliable transport can accomplish the
following:
■ Ensure that segments delivered will be acknowledged to the sender
■ Provide for retransmission of any segments that are not acknowledged

■ Put segments back into their correct sequence at the destination
■ Provide congestion avoidance and control
Session Establishment, Maintenance, and Termination Overview
In the OSI and TCP/IP reference models, multiple applications can share the same
transport connection. Transport functionality is accomplished segment by segment.
This means that different applications can send data segments on a first-come, first-
served basis. Such segments can be intended for the same destination or for different
destinations. This setup sometimes is referred to as the multiplexing of upper-layer
conversations, as shown in Figure 9-3.
Figure 9-3 Multiple Types of Application Layer Data Share the Transport Layer
One function of the transport layer is to establish a connection-oriented session with
its peer system. For data transfer to begin, both the sending and the receiving applica-
tions inform their respective operating systems that a connection will be initiated. One
machine initiates a connection that must be accepted by the other. Protocol software
modules in the two operating systems communicate by sending messages across the
network to verify that the transfer is authorized and that both sides are ready.
After all synchronization has occurred, a connection is said to be established and the
transfer of data begins. During transfer, the two machines continue to communicate
with their protocol software to verify that data is received correctly.
Figure 9-4 shows a typical connection between sending and receiving systems. The first
handshake requests synchronization. The second and third handshakes acknowledge
Application
Electronic
Mail
File
Transfer
Terminal
Session
Application
Port

Data
Application
Port
Data
Presentation
Session
Transport
Segments
1102.book Page 480 Tuesday, May 20, 2003 2:53 PM
Understanding the TCP/IP Transport Layer 481
the initial synchronization request, as well as synchronize connection parameters in the
opposite direction. The final handshake segment is an acknowledgment used to inform
the destination that both sides agree that a connection has been established. After the
connection is established, data transfer begins.
Figure 9-4 Establishing a Connection with a Peer System
When data transfer is in progress, congestion can occur for two reasons. First, a high-
speed computer might be capable of generating traffic faster than a network can trans-
fer it. Second, if many computers simultaneously need to send datagrams to a single
destination, that destination can experience congestion, although no single source
caused the problem.
When datagrams arrive too quickly for a host or gateway to process, they temporarily
are stored in memory. If the traffic continues, the host or gateway eventually exhausts
its memory and must discard additional datagrams that arrive.
Instead of allowing data to be lost, the transport function can issue a “not ready” indi-
cator to the sender. Acting like a stop sign, this indicator signals the sender to stop
sending data. When the receiver can handle additional data, the receiver sends a “ready”
transport indicator, which is like a go signal. When it receives this indicator, the sender
can resume segment transmission.
At the end of data transfer, the sending host sends a signal that indicates the end of the
transmission. The receiving host at the end of the data sequence acknowledges the end

of transmission, and the connection is terminated.
Sender
Synchronize
Connection Established
Negotiate Connection
Synchronize
Acknowledge
Data Transfer
(Send Segments)
Receiver
1102.book Page 481 Tuesday, May 20, 2003 2:53 PM
482 Chapter 9: TCP/IP Transport and Application Layer
Three-Way Handshake
TCP is connection-oriented, so it requires connection establishment before data transfer
begins. For a connection to be established or initialized, the two hosts must synchronize
on each other’s initial sequence numbers (ISNs). Synchronization is done in an exchange
of connection-establishing segments that carry a control bit called SYN (for synchro-
nize) and the ISNs. Segments that carry the SYN bit also are called SYNs. Hence, the
solution requires a suitable mechanism for picking an initial sequence number and a
slightly involved handshake to exchange the ISNs.
The synchronization requires each side to send its own initial sequence number and to
receive a confirmation of it in an acknowledgment (ACK) from the other side. Each
side also must receive the other side’s INS and send a confirming ACK. The sequence
follows:
1. A→B SYN—My initial sequence number is X, the ACK number is 0, and the
SYN bit is set, but the ACK bit is not set.
2. B→A ACK—Your sequence number is X+1, my initial sequence number is Y,
and the SYN and ACK bits are set.
3. A→B ACK—Your sequence number is Y+1, my sequence number is X+1, and
the ACK bit is set, but the SYN bit is not set.

This exchange, shown in Figure 9-5, is called the three-way handshake.
Figure 9-5 Three-Way Handshake
1102.book Page 482 Tuesday, May 20, 2003 2:53 PM
Windowing 483
A three-way handshake is an asynchronous connection mechanism, which is necessary
because sequence numbers are not tied to a global clock in the network; therefore, TCP
protocols can have different mechanisms for picking the ISN. The three-way hand-
shake addresses a lot more issues than just the sequence numbers. Other issues that are
addressed include window size, MTU, and any network latency to expect. The receiver
of the first SYN has no way of knowing whether the segment was an old delayed one,
unless it remembers the last sequence number used on the connection (which is not
always possible), so it must ask the sender to verify this SYN.
Windowing
In the most basic form of reliable, connection-oriented data transfer, data packets must
be delivered to the recipient in the same order in which they were transmitted. The
protocol fails if any data packets are lost, damaged, duplicated, or received in a differ-
ent order. The basic solution is to have a recipient acknowledge the receipt of each
data segment.
If the sender must wait for an acknowledgment after sending each segment, as shown
in Figure 9-6, throughput is low. Therefore, most connection-oriented, reliable proto-
cols allow more than one frame or segment to be outstanding at a time. Because time is
available after the sender finishes transmitting the data packet and before the sender
finishes processing any received acknowledgment, the interval is used for transmitting
more data. The number of data packets that the sender is allowed to have outstanding
without having received an acknowledgment is known as the window.
Figure 9-6 Window Size of 1
1102.book Page 483 Tuesday, May 20, 2003 2:53 PM
484 Chapter 9: TCP/IP Transport and Application Layer
TCP uses expectational acknowledgments, meaning that the acknowledgment number
refers to the octet that is expected next. Windowing refers to the fact that the window

size is negotiated dynamically during the TCP session. Windowing is a flow-control
mechanism requiring that the source device receive an acknowledgment from the desti-
nation after transmitting a certain amount of data.
To govern the flow of data between devices, TCP uses a flow-control mechanism. The
receiving TCP device reports a “window” to the sending TCP device. This window
specifies the number of octets, starting with the acknowledgment number, that the
receiving TCP device currently is capable of receiving.
For example, with a window size of 3, the source device can send three octets to the
destination. It then must wait for an acknowledgment. If the destination receives the three
octets, it sends an acknowledgment to the source device, which now can transmit three more
octets. If the destination does not receive the three octets—for example, because of
overflowing buffers—it does not send an acknowledgment. Because the source does
not receive an acknowledgment, it knows that the octets should be retransmitted and
that the transmission rate should be slowed.
TCP window sizes are variable during the lifetime of a connection. Each acknowledg-
ment contains a window advertisement that indicates the number of bytes that the
receiver can accept. TCP also maintains a congestion-control window, which is nor-
mally the same size as the receiver’s window but is cut in half when a segment is lost
(for example, there is congestion). This approach permits the window to be expanded
or contracted as necessary to manage buffer space and processing. A larger window
size controls the permissible number of octets that can be transmitted.
If the sender sends three octets, it is expecting an ACK of 4. If the receiver can handle
a window size of only two octets , it drops packet 3, specifies 3 as the next octet, and
specifies a new window size of 2. The sender sends the next two octets but still specifies
its own window size of 3 (for example, it still can accept three octets from the receiver).
The receiver replies by requesting octet 5 and specifying a window size of 2.
Acknowledgment
Reliable delivery guarantees that a stream of data sent from one machine is delivered
through a data link to another machine without duplication or data loss. Positive
acknowledgment with retransmission is one technique that guarantees reliable delivery

of data. Positive acknowledgment requires a recipient to communicate with the source,
sending back an acknowledgment message when it receives data. The sender keeps a
record of each data packet (TCP segment) that it sends and expects an acknowledgment.
1102.book Page 484 Tuesday, May 20, 2003 2:53 PM
Windowing 485
The sender also starts a timer when it sends a segment, and it retransmits a segment if
the timer expires before an acknowledgment arrives.
Figure 9-7 shows the sender transmitting data packets 1, 2, and 3. The receiver acknowl-
edges receipt of the packets by requesting packet 4. Upon receiving the acknowledgment,
the sender sends packets 4, 5, and 6. If packet 5 does not arrive at the destination, the
receiver acknowledges with a request to resend packet 5. The sender resends packet 5
and then receives an acknowledgment to continue with the transmission of packet 7.
Figure 9-7 Window Size of 3
TCP provides sequencing of segments with a forward reference acknowledgment. Each
datagram is numbered before transmission, as shown in Figure 9-8. At the receiving
station, TCP reassembles the segments into a complete message. TCP must recover from
data that is damaged, lost, duplicated, or delivered out of order by the Internet com-
munication system. This is achieved by assigning a sequence number to each octet
transmitted and requiring a positive acknowledgment (ACK) from the receiving TCP.
If the ACK is not received within a timeout interval, the data is retransmitted. At the
receiver, the sequence numbers are used to correctly order segments that might be received
out of order and to eliminate duplicates. Damage is handled by adding a checksum to
each segment transmitted, checking it at the receiver, and discarding damaged segments.
1102.book Page 485 Tuesday, May 20, 2003 2:53 PM
486 Chapter 9: TCP/IP Transport and Application Layer
Figure 9-8 TCP Sequence and Acknowledgment
TCP
Transmission Control Protocol (TCP) is a connection-oriented transport layer protocol
that provides reliable full-duplex data transmission. TCP is part of the TCP/IP proto-
col stack. In a connection-oriented environment, a connection is established between

both ends before transfer of information can begin. TCP is responsible for breaking
messages into segments, reassembling them at the destination station, resending any-
thing that is not received, and reassembling messages from the segments. TCP supplies
a virtual circuit between end-user applications.
These protocols use TCP:
■ File Transfer Protocol (FTP)
■ Hypertext Transfer Protocol (HTTP)
■ Simple Mail Transfer Protocol (SMTP)
■ Domain Name System (DNS)
Figure 9-9 shows the TCP segment format.
Figure 9-9 TCP Segment Format
I sent # 10.
I received # 10.
Now send # 11.
Source Des. Seq. Ack.
1028 23 10 1
Source Des. Seq. Ack.
1028 23 11 2
Source Des. Seq. Ack.
23 1028 1 11
Source
Port
Destination
Port
Sequence
Number
Acknowledgment
Numbers
…
1102.book Page 486 Tuesday, May 20, 2003 2:53 PM

Windowing 487
The following list defines the fields in the TCP segment shown in Figure 9-9:
■ Source Port—Number of the calling port
■ Destination Port—Number of the called port
■ Sequence Number—Number used to ensure correct sequencing of the
arriving data
■ Acknowledgment Number—Next expected TCP octet
■ HLEN—Number of 32-bit words in the header
■ Reserved—Set to 0
■ Code Bits—Control functions (such as setup and termination of a session)
■ Window—Number of octets that the sender is willing to accept
■ Checksum—Calculated checksum of the header and data fields
■ Urgent Pointer—Indication of the end of the urgent data
■ Options—One option currently defined—maximum TCP segment size
■ Data—Upper-layer protocol data
UDP
User Datagram Protocol (UDP), the segment format for which is shown in Figure 9-10,
is the connectionless transport protocol in the TCP/IP protocol stack. UDP is a simple
protocol that exchanges datagrams without acknowledgments or guaranteed delivery.
This simplicity is evident when comparing the UDP segment format with that of TCP.
Error processing and retransmission must be handled by upper-layer protocols. For
example, if a TFTP download gets interrupted for some reason, the human operator
can just retry until it is successfully done.
Figure 9-10 UDP Segment Format
The following list defines the fields in the UDP segment shown in Figure 9-10:
■ Source Port—Number of the calling port
■ Destination Port—Number of the called port
■ Length—Number of bytes, including header and data
■ Checksum—Calculated checksum of the header and data fields
■ Data—Upper-layer protocol data

1102.book Page 487 Tuesday, May 20, 2003 2:53 PM
488 Chapter 9: TCP/IP Transport and Application Layer
UDP uses no windowing or acknowledgments; therefore, application layer protocols
provide reliability. UDP is designed for applications that do not need to put sequences
of segments together.
These protocols use UDP:
■ Trivial File Transfer Protocol (TFTP)
■ Simple Network Management Protocol (SNMP)
■ Dynamic Host Configuration Protocol (DHCP)
■ Domain Name System (DNS)
TCP and UDP Port Numbers
Both TCP and UDP use port numbers to pass information to the upper layers. The
combination of an IP address and a port number is referred to as a socket. Port numbers
are used to keep track of different conversations crossing the network at the same time.
Application software developers agree to use well-known port numbers that are con-
trolled by the Internet Assigned Numbers Authority (IANA). For example, any conver-
sation bound for the FTP application uses the standard port numbers 20 (for the data)
and 21 (for control), as shown in Figure 9-11. Conversations that do not involve an
application with a well-known port number are assigned port numbers randomly from
within a specific range above 1023. Some ports are reserved in both TCP and UDP, but
applications might not be written to support them, as shown in Table 9-1. Port num-
bers have the assigned ranges shown in this table.
Figure 9-11 Port Numbers
F
T
P
T
e
l
n

e
t
S
M
T
P
D
N
S
T
F
T
P
S
N
M
P
21
Application
Layer
Transport
Layer
Port
Numbers
23
TCP UDP
25 53 69 161
1102.book Page 488 Tuesday, May 20, 2003 2:53 PM