Skip to content

The Header#

Now let's finally look at the TCP header. You don't need to memorise this or even study it in detail. In fact let me give you a pro-tip here: I've never referred to this diagram or this information during my professional career, even during my brief one year as a network administrator.

TCP Header

TCP Header
(Sajidur89, CC BY-SA 3.0, via Wikimedia Commons)

Let's break down the important things you'll work with the most when configuring firewalls, software, and the likes.

Ports#

We've looked at ports already. There are two ports mentioned in the header: source and destination.

From the client's perspective, the destination port is usually the port number of the remote service you're accessing like 443 for HTTPS or 22 for SSH. The source port is going to be a random port number in a very large range. This is used so that the remote end of the TCP connection can reply to the client, citing the source port as being the port to reply to.

From the server's perspective, the source port is the port the application is LISTEN-ing on via a TCP connection, like 443. The destination port is like the "reply to" port of the client connection, so when the server sends back information it "replies" to that source port.

These two port numbers are going to be the primary thing you'll be concerned with and even then you're not really going to be too concerned with the source port much.

Sequence and ACK Numbers#

These are used by the TCP connection to check that packets are delivered as expected. When a packet is sent the sending party expects to see an ACK packet sent back to say, "I got that!" If it doesn't then the packet may be sent again.

You won't work with these values or parts of the header at all.

Everything else#

All the other parts of the header has its place and a function, of course, but you simply don't need to concern yourself with them at all. I don't believe I've ever had to be concerned with anything more than ports, perhaps the Windows Size and the state of the connection.

I'd recommend you leave studying the rest of the protocol's details until you need to know more.