Максимальный номер порта tcp

Transmission Control Protocol

Communication protocol
Developer(s) Vint Cerf and Bob Kahn
Introduction 1974
Based on Transmission Control Program
OSI layer 4
RFC(s) RFC 9293

The Transmission Control Protocol (TCP) is one of the main protocols of the Internet protocol suite. It originated in the initial network implementation in which it complemented the Internet Protocol (IP). Therefore, the entire suite is commonly referred to as TCP/IP. TCP provides reliable, ordered, and error-checked delivery of a stream of octets (bytes) between applications running on hosts communicating via an IP network. Major internet applications such as the World Wide Web, email, remote administration, and file transfer rely on TCP, which is part of the Transport Layer of the TCP/IP suite. SSL/TLS often runs on top of TCP.

TCP is connection-oriented, and a connection between client and server is established before data can be sent. The server must be listening (passive open) for connection requests from clients before a connection is established. Three-way handshake (active open), retransmission, and error detection adds to reliability but lengthens latency. Applications that do not require reliable data stream service may use the User Datagram Protocol (UDP) instead, which provides a connectionless datagram service that prioritizes time over reliability. TCP employs network congestion avoidance. However, there are vulnerabilities in TCP, including denial of service, connection hijacking, TCP veto, and reset attack.

Historical origin[edit]

In May 1974, Vint Cerf and Bob Kahn described an internetworking protocol for sharing resources using packet switching among network nodes.[1] The authors had been working with Gérard Le Lann to incorporate concepts from the French CYCLADES project into the new network.[2] The specification of the resulting protocol, RFC 675 (Specification of Internet Transmission Control Program), was written by Vint Cerf, Yogen Dalal, and Carl Sunshine, and published in December 1974. It contains the first attested use of the term internet, as a shorthand for internetwork.[3]

A central control component of this model was the Transmission Control Program that incorporated both connection-oriented links and datagram services between hosts. The monolithic Transmission Control Program was later divided into a modular architecture consisting of the Transmission Control Protocol and the Internet Protocol. This resulted in a networking model that became known informally as TCP/IP, although formally it was variously referred to as the Department of Defense (DOD) model, and ARPANET model, and eventually also as the Internet Protocol Suite.

In 2004, Vint Cerf and Bob Kahn received the Turing Award for their foundational work on TCP/IP.[4][5]

Network function[edit]

The Transmission Control Protocol provides a communication service at an intermediate level between an application program and the Internet Protocol. It provides host-to-host connectivity at the transport layer of the Internet model. An application does not need to know the particular mechanisms for sending data via a link to another host, such as the required IP fragmentation to accommodate the maximum transmission unit of the transmission medium. At the transport layer, TCP handles all handshaking and transmission details and presents an abstraction of the network connection to the application typically through a network socket interface.

At the lower levels of the protocol stack, due to network congestion, traffic load balancing, or unpredictable network behaviour, IP packets may be lost, duplicated, or delivered out of order. TCP detects these problems, requests re-transmission of lost data, rearranges out-of-order data and even helps minimize network congestion to reduce the occurrence of the other problems. If the data still remains undelivered, the source is notified of this failure. Once the TCP receiver has reassembled the sequence of octets originally transmitted, it passes them to the receiving application. Thus, TCP abstracts the application’s communication from the underlying networking details.

TCP is used extensively by many internet applications, including the World Wide Web (WWW), email, File Transfer Protocol, Secure Shell, peer-to-peer file sharing, and streaming media.

TCP is optimized for accurate delivery rather than timely delivery and can incur relatively long delays (on the order of seconds) while waiting for out-of-order messages or re-transmissions of lost messages. Therefore, it is not particularly suitable for real-time applications such as voice over IP. For such applications, protocols like the Real-time Transport Protocol (RTP) operating over the User Datagram Protocol (UDP) are usually recommended instead.[6]

TCP is a reliable byte stream delivery service which guarantees that all bytes received will be identical and in the same order as those sent. Since packet transfer by many networks is not reliable, TCP achieves this using a technique known as positive acknowledgement with re-transmission. This requires the receiver to respond with an acknowledgement message as it receives the data. The sender keeps a record of each packet it sends and maintains a timer from when the packet was sent. The sender re-transmits a packet if the timer expires before receiving the acknowledgement. The timer is needed in case a packet gets lost or corrupted.[6]

While IP handles actual delivery of the data, TCP keeps track of segments — the individual units of data transmission that a message is divided into for efficient routing through the network. For example, when an HTML file is sent from a web server, the TCP software layer of that server divides the file into segments and forwards them individually to the internet layer in the network stack. The internet layer software encapsulates each TCP segment into an IP packet by adding a header that includes (among other data) the destination IP address. When the client program on the destination computer receives them, the TCP software in the transport layer re-assembles the segments and ensures they are correctly ordered and error-free as it streams the file contents to the receiving application.

TCP segment structure[edit]

Transmission Control Protocol accepts data from a data stream, divides it into chunks, and adds a TCP header creating a TCP segment. The TCP segment is then encapsulated into an Internet Protocol (IP) datagram, and exchanged with peers.[7]

The term TCP packet appears in both informal and formal usage, whereas in more precise terminology segment refers to the TCP protocol data unit (PDU), datagram[8]: 5–6  to the IP PDU, and frame to the data link layer PDU:

Processes transmit data by calling on the TCP and passing buffers of data as arguments. The TCP packages the data from these buffers into segments and calls on the internet module [e.g. IP] to transmit each segment to the destination TCP.[9]

A TCP segment consists of a segment header and a data section. The segment header contains 10 mandatory fields, and an optional extension field (Options, pink background in table). The data section follows the header and is the payload data carried for the application. The length of the data section is not specified in the segment header; it can be calculated by subtracting the combined length of the segment header and IP header from the total IP datagram length specified in the IP header.

TCP segment header

Offsets Octet 0 1 2 3
Octet Bit  7  6  5  4  3  2  1  0  7  6 5 4 3 2 1 0 7 6 5 4 3 2 1 0 7 6 5 4 3 2 1 0
0 0 Source port Destination port
4 32 Sequence number
8 64 Acknowledgment number (if ACK set)
12 96 Data offset Reserved
0 0 0

NS

CWR

ECE

URG

ACK

PSH

RST

SYN

FIN

 Window Size
16 128 Checksum Urgent pointer (if URG set)
20 160 Options (if data offset > 5. Padded at the end with «0» bits if necessary.)
60 480
Source port (16 bits)
Identifies the sending port.
Destination port (16 bits)
Identifies the receiving port.
Sequence number (32 bits)
Has a dual role:

  • If the SYN flag is set (1), then this is the initial sequence number. The sequence number of the actual first data byte and the acknowledged number in the corresponding ACK are then this sequence number plus 1.
  • If the SYN flag is clear (0), then this is the accumulated sequence number of the first data byte of this segment for the current session.
Acknowledgment number (32 bits)
If the ACK flag is set then the value of this field is the next sequence number that the sender of the ACK is expecting. This acknowledges receipt of all prior bytes (if any). The first ACK sent by each end acknowledges the other end’s initial sequence number itself, but no data.
Data offset (4 bits)
Specifies the size of the TCP header in 32-bit words. The minimum size header is 5 words and the maximum is 15 words thus giving the minimum size of 20 bytes and maximum of 60 bytes, allowing for up to 40 bytes of options in the header. This field gets its name from the fact that it is also the offset from the start of the TCP segment to the actual data.
Reserved (3 bits)
For future use and should be set to zero.
Flags (9 bits)
Contains 9 1-bit flags (control bits) as follows:

  • NS (1 bit): ECN-nonce — concealment protection[a]
  • CWR (1 bit): Congestion window reduced (CWR) flag is set by the sending host to indicate that it received a TCP segment with the ECE flag set and had responded in congestion control mechanism.[b]
  • ECE (1 bit): ECN-Echo has a dual role, depending on the value of the SYN flag. It indicates:
  • If the SYN flag is set (1), that the TCP peer is ECN capable.
  • If the SYN flag is clear (0), that a packet with Congestion Experienced flag set (ECN=11) in the IP header was received during normal transmission.[b] This serves as an indication of network congestion (or impending congestion) to the TCP sender.
  • URG (1 bit): Indicates that the Urgent pointer field is significant
  • ACK (1 bit): Indicates that the Acknowledgment field is significant. All packets after the initial SYN packet sent by the client should have this flag set.
  • PSH (1 bit): Push function. Asks to push the buffered data to the receiving application.
  • RST (1 bit): Reset the connection
  • SYN (1 bit): Synchronize sequence numbers. Only the first packet sent from each end should have this flag set. Some other flags and fields change meaning based on this flag, and some are only valid when it is set, and others when it is clear.
  • FIN (1 bit): Last packet from sender
Window size (16 bits)
The size of the receive window, which specifies the number of window size units[c] that the sender of this segment is currently willing to receive.[d] (See § Flow control and § Window scaling.)
Checksum (16 bits)
The 16-bit checksum field is used for error-checking of the TCP header, the payload and an IP pseudo-header. The pseudo-header consists of the source IP address, the destination IP address, the protocol number for the TCP protocol (6) and the length of the TCP headers and payload (in bytes).
Urgent pointer (16 bits)
If the URG flag is set, then this 16-bit field is an offset from the sequence number indicating the last urgent data byte.
Options (Variable 0–320 bits, in units of 32 bits)
The length of this field is determined by the data offset field. Options have up to three fields: Option-Kind (1 byte), Option-Length (1 byte), Option-Data (variable). The Option-Kind field indicates the type of option and is the only field that is not optional. Depending on Option-Kind value, the next two fields may be set. Option-Length indicates the total length of the option, and Option-Data contains data associated with the option, if applicable. For example, an Option-Kind byte of 1 indicates that this is a no operation option used only for padding, and does not have an Option-Length or Option-Data fields following it. An Option-Kind byte of 0 marks the end of options, and is also only one byte. An Option-Kind byte of 2 is used to indicate Maximum Segment Size option, and will be followed by an Option-Length byte specifying the length of the MSS field. Option-Length is the total length of the given options field, including Option-Kind and Option-Length fields. So while the MSS value is typically expressed in two bytes, Option-Length will be 4. As an example, an MSS option field with a value of 0x05B4 is coded as (0x02 0x04 0x05B4) in the TCP options section.
Some options may only be sent when SYN is set; they are indicated below as [SYN]. Option-Kind and standard lengths given as (Option-Kind, Option-Length).
Option-Kind Option-Length Option-Data Purpose Notes
0 End of options list
1 No operation This may be used to align option fields on 32-bit boundaries for better performance.
2 4 SS Maximum segment size See § Maximum segment size [SYN]
3 3 S Window scale See § Window scaling for details[10] [SYN]
4 2 Selective Acknowledgement permitted See § Selective acknowledgments for details[11]: §2 [SYN]
5 N (10, 18, 26, or 34) BBBB, EEEE, … Selective ACKnowledgement (SACK)[11]: §3  These first two bytes are followed by a list of 1–4 blocks being selectively acknowledged, specified as 32-bit begin/end pointers.
8 10 TTTT, EEEE Timestamp and echo of previous timestamp See § TCP timestamps for details[12]
The remaining Option-Kind values are historical, obsolete, experimental, not yet standardized, or unassigned. Option number assignments are maintained by the IANA.[13]
Padding
The TCP header padding is used to ensure that the TCP header ends, and data begins, on a 32-bit boundary. The padding is composed of zeros.[9]

Protocol operation[edit]

A Simplified TCP State Diagram. See TCP EFSM diagram for more detailed diagrams, including detail on the ESTABLISHED state.

TCP protocol operations may be divided into three phases. Connection establishment is a multi-step handshake process that establishes a connection before entering the data transfer phase. After data transfer is completed, the connection termination closes the connection and releases all allocated resources.

A TCP connection is managed by an operating system through a resource that represents the local end-point for communications, the Internet socket. During the lifetime of a TCP connection, the local end-point undergoes a series of state changes:[14]

TCP socket states

State Endpoint Description
LISTEN Server Waiting for a connection request from any remote TCP end-point.
SYN-SENT Client Waiting for a matching connection request after having sent a connection request.
SYN-RECEIVED Server Waiting for a confirming connection request acknowledgment after having both received and sent a connection request.
ESTABLISHED Server and client An open connection, data received can be delivered to the user. The normal state for the data transfer phase of the connection.
FIN-WAIT-1 Server and client Waiting for a connection termination request from the remote TCP, or an acknowledgment of the connection termination request previously sent.
FIN-WAIT-2 Server and client Waiting for a connection termination request from the remote TCP.
CLOSE-WAIT Server and client Waiting for a connection termination request from the local user.
CLOSING Server and client Waiting for a connection termination request acknowledgment from the remote TCP.
LAST-ACK Server and client Waiting for an acknowledgment of the connection termination request previously sent to the remote TCP (which includes an acknowledgment of its connection termination request).
TIME-WAIT Server or client Waiting for enough time to pass to be sure that all remaining packets on the connection have expired.
CLOSED Server and client No connection state at all.

Connection establishment[edit]

Before a client attempts to connect with a server, the server must first bind to and listen at a port to open it up for connections: this is called a passive open. Once the passive open is established, a client may establish a connection by initiating an active open using the three-way (or 3-step) handshake:

  1. SYN: The active open is performed by the client sending a SYN to the server. The client sets the segment’s sequence number to a random value A.
  2. SYN-ACK: In response, the server replies with a SYN-ACK. The acknowledgment number is set to one more than the received sequence number i.e. A+1, and the sequence number that the server chooses for the packet is another random number, B.
  3. ACK: Finally, the client sends an ACK back to the server. The sequence number is set to the received acknowledgment value i.e. A+1, and the acknowledgment number is set to one more than the received sequence number i.e. B+1.

Steps 1 and 2 establish and acknowledge the sequence number for one direction. Steps 2 and 3 establish and acknowledge the sequence number for the other direction. Following the completion of these steps, both the client and server have received acknowledgments and a full-duplex communication is established.

Connection termination[edit]

The connection termination phase uses a four-way handshake, with each side of the connection terminating independently. When an endpoint wishes to stop its half of the connection, it transmits a FIN packet, which the other end acknowledges with an ACK. Therefore, a typical tear-down requires a pair of FIN and ACK segments from each TCP endpoint. After the side that sent the first FIN has responded with the final ACK, it waits for a timeout before finally closing the connection, during which time the local port is unavailable for new connections; this state lets the TCP client resend the final acknowledgement to the server in case the ACK is lost in transit. The time duration is implementation-dependent, but some common values are 30 seconds, 1 minute, and 2 minutes. After the timeout, the client enters the CLOSED state and the local port becomes available for new connections.[15]

It is also possible to terminate the connection by a 3-way handshake, when host A sends a FIN and host B replies with a FIN & ACK (combining two steps into one) and host A replies with an ACK.[16]

Some operating systems, such as Linux and HP-UX,[citation needed] implement a half-duplex close sequence. If the host actively closes a connection, while still having unread incoming data available, the host sends the signal RST (losing any received data) instead of FIN. This assures that a TCP application is aware there was a data loss.[17]

A connection can be in a half-open state, in which case one side has terminated the connection, but the other has not. The side that has terminated can no longer send any data into the connection, but the other side can. The terminating side should continue reading the data until the other side terminates as well.[citation needed]

Resource usage[edit]

Most implementations allocate an entry in a table that maps a session to a running operating system process. Because TCP packets do not include a session identifier, both endpoints identify the session using the client’s address and port. Whenever a packet is received, the TCP implementation must perform a lookup on this table to find the destination process. Each entry in the table is known as a Transmission Control Block or TCB. It contains information about the endpoints (IP and port), status of the connection, running data about the packets that are being exchanged and buffers for sending and receiving data.

The number of sessions in the server side is limited only by memory and can grow as new connections arrive, but the client must allocate an ephemeral port before sending the first SYN to the server. This port remains allocated during the whole conversation and effectively limits the number of outgoing connections from each of the client’s IP addresses. If an application fails to properly close unrequired connections, a client can run out of resources and become unable to establish new TCP connections, even from other applications.

Both endpoints must also allocate space for unacknowledged packets and received (but unread) data.

Data transfer[edit]

The Transmission Control Protocol differs in several key features compared to the User Datagram Protocol:

  • Ordered data transfer: the destination host rearranges segments according to a sequence number[6]
  • Retransmission of lost packets: any cumulative stream not acknowledged is retransmitted[6]
  • Error-free data transfer: corrupted packets are treated as lost and are retransmitted[18]
  • Flow control: limits the rate a sender transfers data to guarantee reliable delivery. The receiver continually hints the sender on how much data can be received. When the receiving host’s buffer fills, the next acknowledgment suspends the transfer and allows the data in the buffer to be processed.[6]
  • Congestion control: lost packets (presumed due to congestion) trigger a reduction in data delivery rate[6]

Reliable transmission[edit]

TCP uses a sequence number to identify each byte of data. The sequence number identifies the order of the bytes sent from each computer so that the data can be reconstructed in order, regardless of any out-of-order delivery that may occur. The sequence number of the first byte is chosen by the transmitter for the first packet, which is flagged SYN. This number can be arbitrary, and should, in fact, be unpredictable to defend against TCP sequence prediction attacks.

Acknowledgements (ACKs) are sent with a sequence number by the receiver of data to tell the sender that data has been received to the specified byte. ACKs do not imply that the data has been delivered to the application, they merely signify that it is now the receiver’s responsibility to deliver the data.

Reliability is achieved by the sender detecting lost data and retransmitting it. TCP uses two primary techniques to identify loss. Retransmission timeout (RTO) and duplicate cumulative acknowledgements (DupAcks).

Dupack-based retransmission[edit]

If a single segment (say segment number 100) in a stream is lost, then the receiver cannot acknowledge packets above that segment number (100) because it uses cumulative ACKs. Hence the receiver acknowledges packet 99 again on the receipt of another data packet. This duplicate acknowledgement is used as a signal for packet loss. That is, if the sender receives three duplicate acknowledgements, it retransmits the last unacknowledged packet. A threshold of three is used because the network may reorder segments causing duplicate acknowledgements. This threshold has been demonstrated to avoid spurious retransmissions due to reordering.[19] Some TCP implementation use selective acknowledgements (SACKs) to provide explicit feedback about the segments that have been received. This greatly improves TCP’s ability to retransmit the right segments.

Timeout-based retransmission[edit]

When a sender transmits a segment, it initializes a timer with a conservative estimate of the arrival time of the acknowledgement. The segment is retransmitted if the timer expires, with a new timeout threshold of twice the previous value, resulting in exponential backoff behavior. Typically, the initial timer value is {displaystyle {text{smoothed RTT}}+max(G,4times {text{RTT variation}})}, where G is the clock granularity.[20]: 2  This guards against excessive transmission traffic due to faulty or malicious actors, such as man-in-the-middle denial of service attackers.

Error detection[edit]

Sequence numbers allow receivers to discard duplicate packets and properly sequence out-of-order packets. Acknowledgments allow senders to determine when to retransmit lost packets.

To assure correctness a checksum field is included; see § Checksum computation for details. The TCP checksum is a weak check by modern standards and is normally paired with a CRC integrity check at layer 2, below both TCP and IP, such as is used in PPP or the Ethernet frame. However, introduction of errors in packets between CRC-protected hops is common and the 16-bit TCP checksum catches most of these.[21]

Flow control[edit]

TCP uses an end-to-end flow control protocol to avoid having the sender send data too fast for the TCP receiver to receive and process it reliably. Having a mechanism for flow control is essential in an environment where machines of diverse network speeds communicate. For example, if a PC sends data to a smartphone that is slowly processing received data, the smartphone must be able to regulate the data flow so as not to be overwhelmed.[6]

TCP uses a sliding window flow control protocol. In each TCP segment, the receiver specifies in the receive window field the amount of additionally received data (in bytes) that it is willing to buffer for the connection. The sending host can send only up to that amount of data before it must wait for an acknowledgement and receive window update from the receiving host.

TCP sequence numbers and receive windows behave very much like a clock. The receive window shifts each time the receiver receives and acknowledges a new segment of data. Once it runs out of sequence numbers, the sequence number loops back to 0.

When a receiver advertises a window size of 0, the sender stops sending data and starts its persist timer. The persist timer is used to protect TCP from a deadlock situation that could arise if a subsequent window size update from the receiver is lost, and the sender cannot send more data until receiving a new window size update from the receiver. When the persist timer expires, the TCP sender attempts recovery by sending a small packet so that the receiver responds by sending another acknowledgement containing the new window size.

If a receiver is processing incoming data in small increments, it may repeatedly advertise a small receive window. This is referred to as the silly window syndrome, since it is inefficient to send only a few bytes of data in a TCP segment, given the relatively large overhead of the TCP header.

Congestion control[edit]

The final main aspect of TCP is congestion control. TCP uses a number of mechanisms to achieve high performance and avoid congestive collapse, a gridlock situation where network performance is severely degraded. These mechanisms control the rate of data entering the network, keeping the data flow below a rate that would trigger collapse. They also yield an approximately max-min fair allocation between flows.

Acknowledgments for data sent, or the lack of acknowledgments, are used by senders to infer network conditions between the TCP sender and receiver. Coupled with timers, TCP senders and receivers can alter the behavior of the flow of data. This is more generally referred to as congestion control or congestion avoidance.

Modern implementations of TCP contain four intertwined algorithms: slow start, congestion avoidance, fast retransmit, and fast recovery.[22]

In addition, senders employ a retransmission timeout (RTO) that is based on the estimated round-trip time (RTT) between the sender and receiver, as well as the variance in this round-trip time.[20] There are subtleties in the estimation of RTT. For example, senders must be careful when calculating RTT samples for retransmitted packets; typically they use Karn’s Algorithm or TCP timestamps.[23] These individual RTT samples are then averaged over time to create a smoothed round trip time (SRTT) using Jacobson’s algorithm. This SRTT value is what is used as the round-trip time estimate.

Enhancing TCP to reliably handle loss, minimize errors, manage congestion and go fast in very high-speed environments are ongoing areas of research and standards development. As a result, there are a number of TCP congestion avoidance algorithm variations.

Maximum segment size[edit]

The maximum segment size (MSS) is the largest amount of data, specified in bytes, that TCP is willing to receive in a single segment. For best performance, the MSS should be set small enough to avoid IP fragmentation, which can lead to packet loss and excessive retransmissions. To accomplish this, typically the MSS is announced by each side using the MSS option when the TCP connection is established. The option value is derived from the maximum transmission unit (MTU) size of the data link layer of the networks to which the sender and receiver are directly attached. TCP senders can use path MTU discovery to infer the minimum MTU along the network path between the sender and receiver, and use this to dynamically adjust the MSS to avoid IP fragmentation within the network.

MSS announcement may also be called MSS negotiation but, strictly speaking, the MSS is not negotiated. Two completely independent values of MSS are permitted for the two directions of data flow in a TCP connection,[24][9] so there is no need to agree on a common MSS configuration for a bidirectional connection.

Selective acknowledgments[edit]

Relying purely on the cumulative acknowledgment scheme employed by the original TCP can lead to inefficiencies when packets are lost. For example, suppose bytes with sequence number 1,000 to 10,999 are sent in 10 different TCP segments of equal size, and the second segment (sequence numbers 2,000 to 2,999) is lost during transmission. In a pure cumulative acknowledgment protocol, the receiver can only send a cumulative ACK value of 2,000 (the sequence number immediately following the last sequence number of the received data) and cannot say that it received bytes 3,000 to 10,999 successfully. Thus the sender may then have to resend all data starting with sequence number 2,000.

To alleviate this issue TCP employs the selective acknowledgment (SACK) option, defined in 1996 in RFC 2018, which allows the receiver to acknowledge discontinuous blocks of packets that were received correctly, in addition to the sequence number immediately following the last sequence number of the last contiguous byte received successively, as in the basic TCP acknowledgment. The acknowledgment can include a number of SACK blocks, where each SACK block is conveyed by the Left Edge of Block (the first sequence number of the block) and the Right Edge of Block (the sequence number immediately following the last sequence number of the block), with a Block being a contiguous range that the receiver correctly received. In the example above, the receiver would send an ACK segment with a cumulative ACK value of 2,000 and a SACK option header with sequence numbers 3,000 and 11,000. The sender would accordingly retransmit only the second segment with sequence numbers 2,000 to 2,999.

A TCP sender may interpret an out-of-order segment delivery as a lost segment. If it does so, the TCP sender will retransmit the segment previous to the out-of-order packet and slow its data delivery rate for that connection. The duplicate-SACK option, an extension to the SACK option that was defined in May 2000 in RFC 2883, solves this problem. The TCP receiver sends a D-ACK to indicate that no segments were lost, and the TCP sender can then reinstate the higher transmission rate.

The SACK option is not mandatory and comes into operation only if both parties support it. This is negotiated when a connection is established. SACK uses a TCP header option (see § TCP segment structure for details). The use of SACK has become widespread—all popular TCP stacks support it. Selective acknowledgment is also used in Stream Control Transmission Protocol (SCTP).

Window scaling[edit]

For more efficient use of high-bandwidth networks, a larger TCP window size may be used. A 16-bit TCP window size field controls the flow of data and its value is limited to 65,535 bytes. Since the size field cannot be expanded beyond this limit, a scaling factor is used. The TCP window scale option, as defined in RFC 1323, is an option used to increase the maximum window size to 1 gigabyte. Scaling up to these larger window sizes is necessary for TCP tuning.

The window scale option is used only during the TCP 3-way handshake. The window scale value represents the number of bits to left-shift the 16-bit window size field when interpreting it. The window scale value can be set from 0 (no shift) to 14 for each direction independently. Both sides must send the option in their SYN segments to enable window scaling in either direction.

Some routers and packet firewalls rewrite the window scaling factor during a transmission. This causes sending and receiving sides to assume different TCP window sizes. The result is non-stable traffic that may be very slow. The problem is visible on some sites behind a defective router.[25]

TCP timestamps[edit]

TCP timestamps, defined in RFC 1323 in 1992, can help TCP determine in which order packets were sent. TCP timestamps are not normally aligned to the system clock and start at some random value. Many operating systems will increment the timestamp for every elapsed millisecond; however, the RFC only states that the ticks should be proportional.

There are two timestamp fields:

  • a 4-byte sender timestamp value (my timestamp)
  • a 4-byte echo reply timestamp value (the most recent timestamp received from you).

TCP timestamps are used in an algorithm known as Protection Against Wrapped Sequence numbers, or PAWS. PAWS is used when the receive window crosses the sequence number wraparound boundary. In the case where a packet was potentially retransmitted, it answers the question: «Is this sequence number in the first 4 GB or the second?» And the timestamp is used to break the tie.

Also, the Eifel detection algorithm uses TCP timestamps to determine if retransmissions are occurring because packets are lost or simply out of order.[26]

TCP timestamps are enabled by default in Linux,[27] and disabled by default in Windows Server 2008, 2012 and 2016.[28]

Recent Statistics show that the level of TCP timestamp adoption has stagnated, at ~40%, owing to Windows Server dropping support since Windows Server 2008.[29]

Out-of-band data[edit]

It is possible to interrupt or abort the queued stream instead of waiting for the stream to finish. This is done by specifying the data as urgent. This marks the transmission as out-of-band data (OOB) and tells the receiving program to process it immediately. When finished, TCP informs the application and resumes the stream queue. An example is when TCP is used for a remote login session where the user can send a keyboard sequence that interrupts or aborts the remotely-running program without waiting for the program to finish its current transfer.[6]

The urgent pointer only alters the processing on the remote host and doesn’t expedite any processing on the network itself. The capability is implemented differently or poorly on different systems or may not be supported. Where it is available, it is prudent to assume only single bytes of OOB data will be reliably handled.[30][31] Since the feature is not frequently used, it is not well tested on some platforms and has been associated with vunerabilities, WinNuke for instance.

Forcing data delivery[edit]

Normally, TCP waits for 200 ms for a full packet of data to send (Nagle’s Algorithm tries to group small messages into a single packet). This wait creates small, but potentially serious delays if repeated constantly during a file transfer. For example, a typical send block would be 4 KB, a typical MSS is 1460, so 2 packets go out on a 10 Mbit/s ethernet taking ~1.2 ms each followed by a third carrying the remaining 1176 after a 197 ms pause because TCP is waiting for a full buffer.

In the case of telnet, each user keystroke is echoed back by the server before the user can see it on the screen. This delay would become very annoying.

Setting the socket option TCP_NODELAY overrides the default 200 ms send delay. Application programs use this socket option to force output to be sent after writing a character or line of characters.

The RFC defines the PSH push bit as «a message to the receiving TCP stack to send this data immediately up to the receiving application».[6] There is no way to indicate or control it in user space using Berkeley sockets and it is controlled by protocol stack only.[32]

Vulnerabilities[edit]

TCP may be attacked in a variety of ways. The results of a thorough security assessment of TCP, along with possible mitigations for the identified issues, were published in 2009,[33] and is currently[when?] being pursued within the IETF.[34]

Denial of service[edit]

By using a spoofed IP address and repeatedly sending purposely assembled SYN packets, followed by many ACK packets, attackers can cause the server to consume large amounts of resources keeping track of the bogus connections. This is known as a SYN flood attack. Proposed solutions to this problem include SYN cookies and cryptographic puzzles, though SYN cookies come with their own set of vulnerabilities.[35] Sockstress is a similar attack, that might be mitigated with system resource management.[36] An advanced DoS attack involving the exploitation of the TCP Persist Timer was analyzed in Phrack #66.[37] PUSH and ACK floods are other variants.[38]

Connection hijacking[edit]

An attacker who is able to eavesdrop a TCP session and redirect packets can hijack a TCP connection. To do so, the attacker learns the sequence number from the ongoing communication and forges a false segment that looks like the next segment in the stream. Such a simple hijack can result in one packet being erroneously accepted at one end. When the receiving host acknowledges the extra segment to the other side of the connection, synchronization is lost. Hijacking might be combined with Address Resolution Protocol (ARP) or routing attacks that allow taking control of the packet flow, so as to get permanent control of the hijacked TCP connection.[39]

Impersonating a different IP address was not difficult prior to RFC 1948, when the initial sequence number was easily guessable. That allowed an attacker to blindly send a sequence of packets that the receiver would believe to come from a different IP address, without the need to deploy ARP or routing attacks: it is enough to ensure that the legitimate host of the impersonated IP address is down, or bring it to that condition using denial-of-service attacks. This is why the initial sequence number is now chosen at random.

TCP veto[edit]

An attacker who can eavesdrop and predict the size of the next packet to be sent can cause the receiver to accept a malicious payload without disrupting the existing connection. The attacker injects a malicious packet with the sequence number and a payload size of the next expected packet. When the legitimate packet is ultimately received, it is found to have the same sequence number and length as a packet already received and is silently dropped as a normal duplicate packet—the legitimate packet is «vetoed» by the malicious packet. Unlike in connection hijacking, the connection is never desynchronized and communication continues as normal after the malicious payload is accepted. TCP veto gives the attacker less control over the communication, but makes the attack particularly resistant to detection. The large increase in network traffic from the ACK storm is avoided. The only evidence to the receiver that something is amiss is a single duplicate packet, a normal occurrence in an IP network. The sender of the vetoed packet never sees any evidence of an attack.[40]

Another vulnerability is the TCP reset attack.

TCP ports[edit]

TCP and UDP use port numbers to identify sending and receiving application end-points on a host, often called Internet sockets. Each side of a TCP connection has an associated 16-bit unsigned port number (0-65535) reserved by the sending or receiving application. Arriving TCP packets are identified as belonging to a specific TCP connection by its sockets, that is, the combination of source host address, source port, destination host address, and destination port. This means that a server computer can provide several clients with several services simultaneously, as long as a client takes care of initiating any simultaneous connections to one destination port from different source ports.

Port numbers are categorized into three basic categories: well-known, registered, and dynamic/private. The well-known ports are assigned by the Internet Assigned Numbers Authority (IANA) and are typically used by system-level or root processes. Well-known applications running as servers and passively listening for connections typically use these ports. Some examples include: FTP (20 and 21), SSH (22), TELNET (23), SMTP (25), HTTP over SSL/TLS (443), and HTTP (80). Note, as of the latest standard, HTTP/3, QUIC is used as a transport instead of TCP. Registered ports are typically used by end user applications as ephemeral source ports when contacting servers, but they can also identify named services that have been registered by a third party. Dynamic/private ports can also be used by end user applications, but are less commonly so. Dynamic/private ports do not contain any meaning outside of any particular TCP connection.

Network Address Translation (NAT), typically uses dynamic port numbers, on the («Internet-facing») public side, to disambiguate the flow of traffic that is passing between a public network and a private subnetwork, thereby allowing many IP addresses (and their ports) on the subnet to be serviced by a single public-facing address.

Development[edit]

TCP is a complex protocol. However, while significant enhancements have been made and proposed over the years, its most basic operation has not changed significantly since its first specification RFC 675 in 1974, and the v4 specification RFC 793, published in September 1981. RFC 1122, Host Requirements for Internet Hosts, clarified a number of TCP protocol implementation requirements. A list of the 8 required specifications and over 20 strongly encouraged enhancements is available in RFC 7414. Among this list is RFC 2581, TCP Congestion Control, one of the most important TCP-related RFCs in recent years, describes updated algorithms that avoid undue congestion. In 2001, RFC 3168 was written to describe Explicit Congestion Notification (ECN), a congestion avoidance signaling mechanism.

The original TCP congestion avoidance algorithm was known as «TCP Tahoe», but many alternative algorithms have since been proposed (including TCP Reno, TCP Vegas, FAST TCP, TCP New Reno, and TCP Hybla).

TCP Interactive (iTCP) [41] is a research effort into TCP extensions that allows applications to subscribe to TCP events and register handler components that can launch applications for various purposes, including application-assisted congestion control.

Multipath TCP (MPTCP) [42][43] is an ongoing effort within the IETF that aims at allowing a TCP connection to use multiple paths to maximize resource usage and increase redundancy. The redundancy offered by Multipath TCP in the context of wireless networks enables the simultaneous utilization of different networks, which brings higher throughput and better handover capabilities. Multipath TCP also brings performance benefits in datacenter environments.[44] The reference implementation[45] of Multipath TCP is being developed in the Linux kernel.[46] Multipath TCP is used to support the Siri voice recognition application on iPhones, iPads and Macs [47]

tcpcrypt is an extension proposed in July 2010 to provide transport-level encryption directly in TCP itself. It is designed to work transparently and not require any configuration. Unlike TLS (SSL), tcpcrypt itself does not provide authentication, but provides simple primitives down to the application to do that. As of 2010, the first tcpcrypt IETF draft has been published and implementations exist for several major platforms.

TCP Fast Open is an extension to speed up the opening of successive TCP connections between two endpoints. It works by skipping the three-way handshake using a cryptographic «cookie». It is similar to an earlier proposal called T/TCP, which was not widely adopted due to security issues.[48] TCP Fast Open was published as RFC 7413 in 2014.[49]

Proposed in May 2013, Proportional Rate Reduction (PRR) is a TCP extension developed by Google engineers. PRR ensures that the TCP window size after recovery is as close to the slow start threshold as possible.[50] The algorithm is designed to improve the speed of recovery and is the default congestion control algorithm in Linux 3.2+ kernels.[51]

Deprecated proposals[edit]

TCP Cookie Transactions (TCPCT) is an extension proposed in December 2009[52] to secure servers against denial-of-service attacks. Unlike SYN cookies, TCPCT does not conflict with other TCP extensions such as window scaling. TCPCT was designed due to necessities of DNSSEC, where servers have to handle large numbers of short-lived TCP connections. In 2016, TCPCT was deprecated in favor of TCP Fast Open. Status of the original RFC was changed to «historic».[53]

TCP over wireless networks[edit]

TCP was originally designed for wired networks. Packet loss is considered to be the result of network congestion and the congestion window size is reduced dramatically as a precaution. However, wireless links are known to experience sporadic and usually temporary losses due to fading, shadowing, hand off, interference, and other radio effects, that are not strictly congestion. After the (erroneous) back-off of the congestion window size, due to wireless packet loss, there may be a congestion avoidance phase with a conservative decrease in window size. This causes the radio link to be underutilized. Extensive research on combating these harmful effects has been conducted. Suggested solutions can be categorized as end-to-end solutions, which require modifications at the client or server,[54] link layer solutions, such as Radio Link Protocol (RLP) in cellular networks, or proxy-based solutions which require some changes in the network without modifying end nodes.[54][55]

A number of alternative congestion control algorithms, such as Vegas, Westwood, Veno, and Santa Cruz, have been proposed to help solve the wireless problem.[citation needed]

Hardware implementations[edit]

One way to overcome the processing power requirements of TCP is to build hardware implementations of it, widely known as TCP offload engines (TOE). The main problem of TOEs is that they are hard to integrate into computing systems, requiring extensive changes in the operating system of the computer or device. One company to develop such a device was Alacritech.

Wire image and ossification[edit]

The wire image of TCP provides significant information-gathering and modification opportunities to on-path observers, as the protocol metadata is transmitted in cleartext.[56][57] While this transparency is useful to network operators and researchers,[59] information gathered from protocol metadata may reduce the end-user’s privacy.[60] This visibility and malleability of metadata has led to TCP being difficult to extend—a case of protocol ossification—as any intermediate node (a ‘middlebox’) can make decisions based on that metadata or even modify it,[61][62] breaking the end-to-end principle.[63] One measurement found that a third of paths across the Internet encounter at least one intermediary that modifies TCP metadata, and 6.5% of paths encounter harmful ossifying effects from intermediaries.[64] Avoiding extensibility hazards from intermediaries placed significant constraints on the design of MPTCP,[65][66] and difficulties caused by intermediaries have hindered the deployment of TCP Fast Open in web browsers.[67] Another source of ossification is the difficulty of modification of TCP functions at the endpoints, typically in the operating system kernel[68] or in hardware with a TCP offload engine.[69]

Performance[edit]

As TCP provides applications with the abstraction of a reliable byte stream, it can suffer from head-of-line blocking: if packets are reordered or lost and need to be retransmitted (and thus arrive out-of-order), data from sequentially later parts of the stream may be received before sequentially earlier parts of the stream; however, the later data cannot typically be used until the earlier data has been received, incurring network latency. If multiple independent higher-level messages are encapsulated and multiplexed onto a single TCP connection, then head-of-line blocking can cause processing of a fully-received message that was sent later to wait for delivery of a message that was sent earlier.[70]

Acceleration[edit]

The idea of a TCP accelerator is to terminate TCP connections inside the network processor and then relay the data to a second connection toward the end system. The data packets that originate from the sender are buffered at the accelerator node, which is responsible for performing local retransmissions in the event of packet loss. Thus, in case of losses, the feedback loop between the sender and the receiver is shortened to the one between the acceleration node and the receiver which guarantees a faster delivery of data to the receiver.

Since TCP is a rate-adaptive protocol, the rate at which the TCP sender injects
packets into the network is directly proportional to the prevailing load condition within the network as well as the processing capacity of the receiver. The prevalent conditions within the network are judged by the sender on the basis of the acknowledgments received by it. The acceleration node splits the feedback loop between the sender and the receiver and thus guarantees a shorter round trip time (RTT) per packet. A shorter RTT is beneficial as it ensures a quicker response time to any changes in the network and a faster adaptation by the sender to combat these changes.

Disadvantages of the method include the fact that the TCP session has to be directed through the accelerator; this means that if routing changes, so that the accelerator is no longer in the path, the connection will be broken. It also destroys the end-to-end property of the TCP ack mechanism; when the ACK is received by the sender, the packet has been stored by the accelerator, not delivered to the receiver.

Debugging[edit]

A packet sniffer, which intercepts TCP traffic on a network link, can be useful in debugging networks, network stacks, and applications that use TCP by showing the user what packets are passing through a link. Some networking stacks support the SO_DEBUG socket option, which can be enabled on the socket using setsockopt. That option dumps all the packets, TCP states, and events on that socket, which is helpful in debugging. Netstat is another utility that can be used for debugging.

Alternatives[edit]

For many applications TCP is not appropriate. One problem (at least with normal implementations) is that the application cannot access the packets coming after a lost packet until the retransmitted copy of the lost packet is received. This causes problems for real-time applications such as streaming media, real-time multiplayer games and voice over IP (VoIP) where it is generally more useful to get most of the data in a timely fashion than it is to get all of the data in order.

For historical and performance reasons, most storage area networks (SANs) use Fibre Channel Protocol (FCP) over Fibre Channel connections.

Also, for embedded systems, network booting, and servers that serve simple requests from huge numbers of clients (e.g. DNS servers) the complexity of TCP can be a problem. Finally, some tricks such as transmitting data between two hosts that are both behind NAT (using STUN or similar systems) are far simpler without a relatively complex protocol like TCP in the way.

Generally, where TCP is unsuitable, the User Datagram Protocol (UDP) is used. This provides the application multiplexing and checksums that TCP does, but does not handle streams or retransmission, giving the application developer the ability to code them in a way suitable for the situation, or to replace them with other methods like forward error correction or interpolation.

Stream Control Transmission Protocol (SCTP) is another protocol that provides reliable stream oriented services similar to TCP. It is newer and considerably more complex than TCP, and has not yet seen widespread deployment. However, it is especially designed to be used in situations where reliability and near-real-time considerations are important.

Venturi Transport Protocol (VTP) is a patented proprietary protocol that is designed to replace TCP transparently to overcome perceived inefficiencies related to wireless data transport.

TCP also has issues in high-bandwidth environments. The TCP congestion avoidance algorithm works very well for ad-hoc environments where the data sender is not known in advance. If the environment is predictable, a timing based protocol such as Asynchronous Transfer Mode (ATM) can avoid TCP’s retransmits overhead.

UDP-based Data Transfer Protocol (UDT) has better efficiency and fairness than TCP in networks that have high bandwidth-delay product.[71]

Multipurpose Transaction Protocol (MTP/IP) is patented proprietary software that is designed to adaptively achieve high throughput and transaction performance in a wide variety of network conditions, particularly those where TCP is perceived to be inefficient.

Checksum computation[edit]

TCP checksum for IPv4[edit]

When TCP runs over IPv4, the method used to compute the checksum is defined as follows:[9]

The checksum field is the 16-bit ones’ complement of the ones’ complement sum of all 16-bit words in the header and text. The checksum computation needs to ensure the 16-bit alignment of the data being summed. If a segment contains an odd number of header and text octets, alignment can be achieved by padding the last octet with zeros on its right to form a 16-bit word for checksum purposes. The pad is not transmitted as part of the segment. While computing the checksum, the checksum field itself is replaced with zeros.

In other words, after appropriate padding, all 16-bit words are added using one’s complement arithmetic. The sum is then bitwise complemented and inserted as the checksum field. A pseudo-header that mimics the IPv4 packet header used in the checksum computation is shown in the table below.

TCP pseudo-header for checksum computation (IPv4)

Bit offset 0–3 4–7 8–15 16–31
0 Source address
32 Destination address
64 Zeros Protocol TCP length
96 Source port Destination port
128 Sequence number
160 Acknowledgement number
192 Data offset Reserved Flags Window
224 Checksum Urgent pointer
256 Options (optional)
256/288+  
Data
 

The source and destination addresses are those of the IPv4 header. The protocol value is 6 for TCP (cf. List of IP protocol numbers). The TCP length field is the length of the TCP header and data (measured in octets).

TCP checksum for IPv6[edit]

When TCP runs over IPv6, the method used to compute the checksum is changed:[72]

Any transport or other upper-layer protocol that includes the addresses from the IP header in its checksum computation must be modified for use over IPv6, to include the 128-bit IPv6 addresses instead of 32-bit IPv4 addresses.

A pseudo-header that mimics the IPv6 header for computation of the checksum is shown below.

TCP pseudo-header for checksum computation (IPv6)

Bit offset 0–7 8–15 16–23 24–31
0 Source address
32
64
96
128 Destination address
160
192
224
256 TCP length
288 Zeros Next header
= Protocol
320 Source port Destination port
352 Sequence number
384 Acknowledgement number
416 Data offset Reserved Flags Window
448 Checksum Urgent pointer
480 Options (optional)
480/512+  
Data
 
  • Source address: the one in the IPv6 header
  • Destination address: the final destination; if the IPv6 packet doesn’t contain a Routing header, TCP uses the destination address in the IPv6 header, otherwise, at the originating node, it uses the address in the last element of the Routing header, and, at the receiving node, it uses the destination address in the IPv6 header.
  • TCP length: the length of the TCP header and data
  • Next Header: the protocol value for TCP

Checksum offload [edit]

Many TCP/IP software stack implementations provide options to use hardware assistance to automatically compute the checksum in the network adapter prior to transmission onto the network or upon reception from the network for validation. This may relieve the OS from using precious CPU cycles calculating the checksum. Hence, overall network performance is increased.

This feature may cause packet analyzers that are unaware or uncertain about the use of checksum offload to report invalid checksums in outbound packets that have not yet reached the network adapter.[73] This will only occur for packets that are intercepted before being transmitted by the network adapter; all packets transmitted by the network adaptor on the wire will have valid checksums.[74] This issue can also occur when monitoring packets being transmitted between virtual machines on the same host, where a virtual device driver may omit the checksum calculation (as an optimization), knowing that the checksum will be calculated later by the VM host kernel or its physical hardware.

RFC documents[edit]

  • RFC 675 – Specification of Internet Transmission Control Program, December 1974 Version
  • RFC 793 – TCP v4
  • RFC 1122 – includes some error corrections for TCP
  • RFC 1323 – TCP Extensions for High Performance [Obsoleted by RFC 7323]
  • RFC 1379 – Extending TCP for Transactions—Concepts [Obsoleted by RFC 6247]
  • RFC 1948 – Defending Against Sequence Number Attacks
  • RFC 2018 – TCP Selective Acknowledgment Options
  • RFC 5681 – TCP Congestion Control
  • RFC 6247 – Moving the Undeployed TCP Extensions RFC 1072, 1106, 1110, 1145, 1146, 1379, 1644 and 1693 to Historic Status
  • RFC 6298 – Computing TCP’s Retransmission Timer
  • RFC 6824 – TCP Extensions for Multipath Operation with Multiple Addresses
  • RFC 7323 – TCP Extensions for High Performance
  • RFC 7414 – A Roadmap for TCP Specification Documents
  • RFC 9293 – Transmission Control Protocol (TCP)

See also[edit]

  • Connection-oriented communication
  • List of TCP and UDP port numbers (a long list of ports and services)
  • Micro-bursting (networking)
  • T/TCP variant of TCP
  • TCP global synchronization
  • TCP pacing
  • Transport layer § Comparison of transport layer protocols
  • WTCP a proxy-based modification of TCP for wireless networks

Notes[edit]

  1. ^ Experimental: see RFC 3540
  2. ^ a b Added to header by RFC 3168
  3. ^ Windows size units are, by default, bytes.
  4. ^ Window size is relative to the segment identified by the sequence number in the acknowledgment field.

References[edit]

  1. ^ Vinton G. Cerf; Robert E. Kahn (May 1974). «A Protocol for Packet Network Intercommunication» (PDF). IEEE Transactions on Communications. 22 (5): 637–648. doi:10.1109/tcom.1974.1092259. Archived from the original (PDF) on March 4, 2016.
  2. ^ Bennett, Richard (September 2009). «Designed for Change: End-to-End Arguments, Internet Innovation, and the Net Neutrality Debate» (PDF). Information Technology and Innovation Foundation. p. 11. Retrieved 11 September 2017.
  3. ^ V. Cerf; Y. Dalal; C. Sunshine (December 1974). SPECIFICATION OF INTERNET TRANSMISSION CONTROL PROGRAM. Network Working Group. doi:10.17487/RFC0698. RFC 698. Obsolete. Obsoleted by RFC 7805. NIC 2. INWG 72.
  4. ^ «Robert E Kahn — A.M. Turing Award Laureate». amturing.acm.org.
  5. ^ «Vinton Cerf — A.M. Turing Award Laureate». amturing.acm.org.
  6. ^ a b c d e f g h i Comer, Douglas E. (2006). Internetworking with TCP/IP: Principles, Protocols, and Architecture. Vol. 1 (5th ed.). Prentice Hall. ISBN 978-0-13-187671-2.
  7. ^ «TCP (Transmission Control Protocol)». Retrieved 2019-06-26.
  8. ^ J. Postel, ed. (September 1981). INTERNET PROTOCOL — DARPA INTERNET PROGRAM PROTOCOL SPECIFICATION. IETF. doi:10.17487/RFC0791. STD 5. RFC 791. IEN 128, 123, 111, 80, 54, 44, 41, 28, 26. Internet Standard. Obsoletes RFC 760. Updated by RFC 1349, 2474 and 6864.
  9. ^ a b c d W. Eddy, ed. (August 2022). Transmission Control Protocol (TCP). Internet Engineering Task Force. doi:10.17487/RFC9293. ISSN 2070-1721. STD 7. RFC 9293. Internet Standard. Obsoletes RFC 793, 879, 2873, 6093, 6429, 6528 and 6691. Updates RFC 1011, 1122 and 5961.
  10. ^ TCP Extensions for High Performance. sec. 2.2. RFC 1323.
  11. ^ a b S. Floyd; J. Mahdavi; M. Mathis; A. Romanow (October 1996). TCP Selective Acknowledgment Options. IETF TCP Large Windows workgroup. doi:10.17487/RFC2018. RFC 2018. Proposed Standard. Obsoletes RFC 1072.
  12. ^ «RFC 1323, TCP Extensions for High Performance, Section 3.2».
  13. ^ «Transmission Control Protocol (TCP) Parameters: TCP Option Kind Numbers». IANA.
  14. ^ W. Eddy, ed. (August 2022). Transmission Control Protocol (TCP). Internet Engineering Task Force. doi:10.17487/RFC9293. ISSN 2070-1721. STD 7. RFC 9293. Internet Standard. sec. 3.3.2.
  15. ^ Kurose, James F. (2017). Computer networking : a top-down approach. Keith W. Ross (7th ed.). Harlow, England. p. 286. ISBN 978-0-13-359414-0. OCLC 936004518.
  16. ^ Tanenbaum, Andrew S. (2003-03-17). Computer Networks (Fourth ed.). Prentice Hall. ISBN 978-0-13-066102-9.
  17. ^ R. Braden, ed. (October 1989). Requirements for Internet Hosts — Communication Layers. Network Working Group. doi:10.17487/RFC1122. STD 3. RFC 1122. Internet Standard. sec. 4.2.2.13.
  18. ^ «TCP Definition». Retrieved 2011-03-12.
  19. ^ Mathis; Mathew; Semke; Mahdavi; Ott (1997). «The macroscopic behavior of the TCP congestion avoidance algorithm». ACM SIGCOMM Computer Communication Review. 27 (3): 67–82. CiteSeerX 10.1.1.40.7002. doi:10.1145/263932.264023. S2CID 1894993.
  20. ^ a b V. Paxson; M. Allman; J. Chu; M. Sargent (June 2011). Computing TCP’s Retransmission Timer. Internet Engineering Task Force. doi:10.17487/RFC6298. ISSN 2070-1721. RFC 6298. Proposed Standard. Obsoletes RFC 2988. Updates RFC 1122.
  21. ^ Stone; Partridge (2000). «When The CRC and TCP Checksum Disagree». ACM SIGCOMM Computer Communication Review: 309–319. CiteSeerX 10.1.1.27.7611. doi:10.1145/347059.347561. ISBN 978-1581132236. S2CID 9547018.
  22. ^ M. Allman; V. Paxson; E. Blanton (September 2009). TCP Congestion Control. IETF. doi:10.17487/RFC5681. RFC 5681. Draft Standard. Obsoletes RFC 2581.
  23. ^ D. Borman; B. Braden; V. Jacobson (September 2014). R. Scheffenegger (ed.). TCP Extensions for High Performance. Internet Engineering Task Force. doi:10.17487/RFC7323. ISSN 2070-1721. RFC 7323. Proposed Standard. Obsoletes RFC 1323.
  24. ^ R. Braden, ed. (October 1989). Requirements for Internet Hosts — Communication Layers. Network Working Group. doi:10.17487/RFC1122. STD 3. RFC 1122. Internet Standard. Updated by RFC 1349, 4379, 5884, 6093, 6298, 6633, 6864, 8029 and 9293.
  25. ^ «TCP window scaling and broken routers». LWN.net.
  26. ^ RFC 3522
  27. ^ «IP sysctl». Linux Kernel Documentation. Retrieved 15 December 2018.
  28. ^ Wang, Eve. «TCP timestamp is disabled». Technet — Windows Server 2012 Essentials. Microsoft. Archived from the original on 2018-12-15. Retrieved 2018-12-15.
  29. ^ David Murray; Terry Koziniec; Sebastian Zander; Michael Dixon; Polychronis Koutsakis (2017). «An Analysis of Changing Enterprise Network Traffic Characteristics» (PDF). The 23rd Asia-Pacific Conference on Communications (APCC 2017). Retrieved 3 October 2017.
  30. ^ Gont, Fernando (November 2008). «On the implementation of TCP urgent data». 73rd IETF meeting. Retrieved 2009-01-04.
  31. ^ Peterson, Larry (2003). Computer Networks. Morgan Kaufmann. p. 401. ISBN 978-1-55860-832-0.
  32. ^ Richard W. Stevens (November 2011). TCP/IP Illustrated. Vol. 1, The protocols. Addison-Wesley. pp. Chapter 20. ISBN 978-0-201-63346-7.
  33. ^ «Security Assessment of the Transmission Control Protocol (TCP)» (PDF). Archived from the original on March 6, 2009. Retrieved 2010-12-23.{{cite web}}: CS1 maint: bot: original URL status unknown (link)
  34. ^ Security Assessment of the Transmission Control Protocol (TCP)
  35. ^ Jakob Lell. «Quick Blind TCP Connection Spoofing with SYN Cookies». Retrieved 2014-02-05.
  36. ^ «Some insights about the recent TCP DoS (Denial of Service) vulnerabilities» (PDF).
  37. ^ «Exploiting TCP and the Persist Timer Infiniteness».
  38. ^ «PUSH and ACK Flood». f5.com.
  39. ^ «Laurent Joncheray, Simple Active Attack Against TCP, 1995″.
  40. ^ John T. Hagen; Barry E. Mullins (2013). TCP veto: A novel network attack and its application to SCADA protocols. Innovative Smart Grid Technologies (ISGT), 2013 IEEE PES. pp. 1–6. doi:10.1109/ISGT.2013.6497785. ISBN 978-1-4673-4896-6. S2CID 25353177.
  41. ^ «TCP Interactive». www.medianet.kent.edu.
  42. ^ J. Iyengar; C. Raiciu; S. Barre; M. Handley; A. Ford (March 2011). Architectural Guidelines for Multipath TCP Development. Internet Engineering Task Force (IETF). doi:10.17487/RFC6182. RFC 6182. Informational.
  43. ^ Alan Ford; C. Raiciu; M. Handley; O. Bonaventure (January 2013). TCP Extensions for Multipath Operation with Multiple Addresses. Internet Engineering Task Force. doi:10.17487/RFC6824. ISSN 2070-1721. RFC 6824. Experimental. Obsoleted by RFC 8624.
  44. ^ Raiciu; Barre; Pluntke; Greenhalgh; Wischik; Handley (2011). «Improving datacenter performance and robustness with multipath TCP». ACM SIGCOMM Computer Communication Review. 41 (4): 266. CiteSeerX 10.1.1.306.3863. doi:10.1145/2043164.2018467. Archived from the original on 2020-04-04. Retrieved 2011-06-29.
  45. ^ «MultiPath TCP — Linux Kernel implementation».
  46. ^ Raiciu; Paasch; Barre; Ford; Honda; Duchene; Bonaventure; Handley (2012). «How Hard Can It Be? Designing and Implementing a Deployable Multipath TCP». Usenix NSDI: 399–412.
  47. ^ Bonaventure; Seo (2016). «Multipath TCP Deployments». IETF Journal.
  48. ^ Michael Kerrisk (2012-08-01). «TCP Fast Open: expediting web services». LWN.net.
  49. ^ Yuchung Cheng; Jerry Chu; Sivasankar Radhakrishnan & Arvind Jain (December 2014). «TCP Fast Open». IETF. Retrieved 10 January 2015.
  50. ^ Mathis, Matt; Dukkipati, Nandita; Cheng, Yuchung (May 2013). «RFC 6937 — Proportional Rate Reduction for TCP». Retrieved 6 June 2014.
  51. ^ Grigorik, Ilya (2013). High-performance browser networking (1. ed.). Beijing: O’Reilly. ISBN 978-1449344764.
  52. ^ W. Simpson (January 2011). TCP Cookie Transactions (TCPCT). IETF. doi:10.17487/RFC6013. ISSN 2070-1721. RFC 6013. Obsolete. Obsoleted by RFC 7805.
  53. ^ A. Zimmermann; W. Eddy; L. Eggert (April 2016). Moving Outdated TCP Extensions and TCP-Related Documents to Historic or Informational Status. IETF. doi:10.17487/RFC7805. ISSN 2070-1721. RFC 7805. Informational. Obsoletes RFC 675, 721, 761, 813, 816, 879, 896 and 6013. Updates RFC 7414, 4291, 4338, 4391, 5072 and 5121.
  54. ^ a b «TCP performance over CDMA2000 RLP». Archived from the original on 2011-05-03. Retrieved 2010-08-30.
  55. ^ Muhammad Adeel & Ahmad Ali Iqbal (2004). TCP Congestion Window Optimization for CDMA2000 Packet Data Networks. International Conference on Information Technology (ITNG’07). pp. 31–35. doi:10.1109/ITNG.2007.190. ISBN 978-0-7695-2776-5. S2CID 8717768.
  56. ^ Trammell & Kuehlewind 2019, p. 6.
  57. ^ Hardie 2019, p. 3.
  58. ^ Fairhurst & Perkins 2021, 3. Research, Development, and Deployment.
  59. ^ Hardie 2019, p. 8.
  60. ^ Thomson & Pauly 2021, 2.3. Multi-party Interactions and Middleboxes.
  61. ^ Thomson & Pauly 2021, A.5. TCP.
  62. ^ Papastergiou et al. 2017, p. 620.
  63. ^ Edeline & Donnet 2019, p. 175-176.
  64. ^ Raiciu et al. 2012, p. 1.
  65. ^ Hesmans et al. 2013, p. 1.
  66. ^ Rybczyńska 2020.
  67. ^ Papastergiou et al. 2017, p. 621.
  68. ^ Corbet 2015.
  69. ^ Briscoe et al. 2006, p. 29-30.
  70. ^
    Yunhong Gu, Xinwei Hong, and Robert L. Grossman.
    «An Analysis of AIMD Algorithm with Decreasing Increases».
    2004.
  71. ^ S. Deering; R. Hinden (July 2017). Internet Protocol, Version 6 (IPv6) Specification. IETF. doi:10.17487/RFC8200. STD 86. RFC 8200. Internet Standard. Obsoletes RFC 2460.
  72. ^ «Wireshark: Offloading». Wireshark captures packets before they are sent to the network adapter. It won’t see the correct checksum because it has not been calculated yet. Even worse, most OSes don’t bother initialize this data so you’re probably seeing little chunks of memory that you shouldn’t. New installations of Wireshark 1.2 and above disable IP, TCP, and UDP checksum validation by default. You can disable checksum validation in each of those dissectors by hand if needed.
  73. ^ «Wireshark: Checksums». Checksum offloading often causes confusion as the network packets to be transmitted are handed over to Wireshark before the checksums are actually calculated. Wireshark gets these «empty» checksums and displays them as invalid, even though the packets will contain valid checksums when they leave the network hardware later.

Bibliography[edit]

  • Trammell, Brian; Kuehlewind, Mirja (April 2019). The Wire Image of a Network Protocol. doi:10.17487/RFC8546. RFC 8546.
  • Hardie, Ted, ed. (April 2019). Transport Protocol Path Signals. doi:10.17487/RFC8558. RFC 8558.
  • Fairhurst, Gorry; Perkins, Colin (July 2021). Considerations around Transport Header Confidentiality, Network Operations, and the Evolution of Internet Transport Protocols. doi:10.17487/RFC9065. RFC 9065.
  • Thomson, Martin; Pauly, Tommy (December 2021). Long-Term Viability of Protocol Extension Mechanisms. doi:10.17487/RFC9170. RFC 9170.
  • Hesmans, Benjamin; Duchene, Fabien; Paasch, Christoph; Detal, Gregory; Bonaventure, Olivier (2013). Are TCP extensions middlebox-proof?. HotMiddlebox ’13. doi:10.1145/2535828.2535830.
  • Corbet, Jonathan (8 December 2015). «Checksum offloads and protocol ossification». LWN.net.
  • Briscoe, Bob; Brunstrom, Anna; Petlund, Andreas; Hayes, David; Ros, David; Tsang, Ing-Jyh; Gjessing, Stein; Fairhurst, Gorry; Griwodz, Carsten; Welzl, Michael (2016). «Reducing Internet Latency: A Survey of Techniques and Their Merits». IEEE Communications Surveys & Tutorials. 18 (3): 2149–2196. doi:10.1109/COMST.2014.2375213. hdl:2164/8018. S2CID 206576469.
  • Papastergiou, Giorgos; Fairhurst, Gorry; Ros, David; Brunstrom, Anna; Grinnemo, Karl-Johan; Hurtig, Per; Khademi, Naeem; Tüxen, Michael; Welzl, Michael; Damjanovic, Dragana; Mangiante, Simone (2017). «De-Ossifying the Internet Transport Layer: A Survey and Future Perspectives». IEEE Communications Surveys & Tutorials. doi:10.1109/COMST.2016.2626780.
  • Edeline, Korian; Donnet, Benoit (2019). A Bottom-Up Investigation of the Transport-Layer Ossification. 2019 Network Traffic Measurement and Analysis Conference (TMA). doi:10.23919/TMA.2019.8784690.
  • Rybczyńska, Marta (13 March 2020). «A QUIC look at HTTP/3». LWN.net.

Further reading[edit]

  • Stevens, W. Richard (1994-01-10). TCP/IP Illustrated, Volume 1: The Protocols. Addison-Wesley Pub. Co. ISBN 978-0-201-63346-7.
  • Stevens, W. Richard; Wright, Gary R (1994). TCP/IP Illustrated, Volume 2: The Implementation. ISBN 978-0-201-63354-2.
  • Stevens, W. Richard (1996). TCP/IP Illustrated, Volume 3: TCP for Transactions, HTTP, NNTP, and the UNIX Domain Protocols. ISBN 978-0-201-63495-2.**

External links[edit]

  • Oral history interview with Robert E. Kahn
  • IANA Port Assignments
  • IANA TCP Parameters
  • John Kristoff’s Overview of TCP (Fundamental concepts behind TCP and how it is used to transport data between two endpoints)
  • Checksum example
  • TCP tutorial
Источник
Transmission Control Protocol

Communication protocol
Developer(s) Vint Cerf and Bob Kahn
Introduction 1974
Based on Transmission Control Program
OSI layer 4
RFC(s) RFC 9293

The Transmission Control Protocol (TCP) is one of the main protocols of the Internet protocol suite. It originated in the initial network implementation in which it complemented the Internet Protocol (IP). Therefore, the entire suite is commonly referred to as TCP/IP. TCP provides reliable, ordered, and error-checked delivery of a stream of octets (bytes) between applications running on hosts communicating via an IP network. Major internet applications such as the World Wide Web, email, remote administration, and file transfer rely on TCP, which is part of the Transport Layer of the TCP/IP suite. SSL/TLS often runs on top of TCP.

TCP is connection-oriented, and a connection between client and server is established before data can be sent. The server must be listening (passive open) for connection requests from clients before a connection is established. Three-way handshake (active open), retransmission, and error detection adds to reliability but lengthens latency. Applications that do not require reliable data stream service may use the User Datagram Protocol (UDP) instead, which provides a connectionless datagram service that prioritizes time over reliability. TCP employs network congestion avoidance. However, there are vulnerabilities in TCP, including denial of service, connection hijacking, TCP veto, and reset attack.

Historical origin[edit]

In May 1974, Vint Cerf and Bob Kahn described an internetworking protocol for sharing resources using packet switching among network nodes.[1] The authors had been working with Gérard Le Lann to incorporate concepts from the French CYCLADES project into the new network.[2] The specification of the resulting protocol, RFC 675 (Specification of Internet Transmission Control Program), was written by Vint Cerf, Yogen Dalal, and Carl Sunshine, and published in December 1974. It contains the first attested use of the term internet, as a shorthand for internetwork.[3]

A central control component of this model was the Transmission Control Program that incorporated both connection-oriented links and datagram services between hosts. The monolithic Transmission Control Program was later divided into a modular architecture consisting of the Transmission Control Protocol and the Internet Protocol. This resulted in a networking model that became known informally as TCP/IP, although formally it was variously referred to as the Department of Defense (DOD) model, and ARPANET model, and eventually also as the Internet Protocol Suite.

In 2004, Vint Cerf and Bob Kahn received the Turing Award for their foundational work on TCP/IP.[4][5]

Network function[edit]

The Transmission Control Protocol provides a communication service at an intermediate level between an application program and the Internet Protocol. It provides host-to-host connectivity at the transport layer of the Internet model. An application does not need to know the particular mechanisms for sending data via a link to another host, such as the required IP fragmentation to accommodate the maximum transmission unit of the transmission medium. At the transport layer, TCP handles all handshaking and transmission details and presents an abstraction of the network connection to the application typically through a network socket interface.

At the lower levels of the protocol stack, due to network congestion, traffic load balancing, or unpredictable network behaviour, IP packets may be lost, duplicated, or delivered out of order. TCP detects these problems, requests re-transmission of lost data, rearranges out-of-order data and even helps minimize network congestion to reduce the occurrence of the other problems. If the data still remains undelivered, the source is notified of this failure. Once the TCP receiver has reassembled the sequence of octets originally transmitted, it passes them to the receiving application. Thus, TCP abstracts the application’s communication from the underlying networking details.

TCP is used extensively by many internet applications, including the World Wide Web (WWW), email, File Transfer Protocol, Secure Shell, peer-to-peer file sharing, and streaming media.

TCP is optimized for accurate delivery rather than timely delivery and can incur relatively long delays (on the order of seconds) while waiting for out-of-order messages or re-transmissions of lost messages. Therefore, it is not particularly suitable for real-time applications such as voice over IP. For such applications, protocols like the Real-time Transport Protocol (RTP) operating over the User Datagram Protocol (UDP) are usually recommended instead.[6]

TCP is a reliable byte stream delivery service which guarantees that all bytes received will be identical and in the same order as those sent. Since packet transfer by many networks is not reliable, TCP achieves this using a technique known as positive acknowledgement with re-transmission. This requires the receiver to respond with an acknowledgement message as it receives the data. The sender keeps a record of each packet it sends and maintains a timer from when the packet was sent. The sender re-transmits a packet if the timer expires before receiving the acknowledgement. The timer is needed in case a packet gets lost or corrupted.[6]

While IP handles actual delivery of the data, TCP keeps track of segments — the individual units of data transmission that a message is divided into for efficient routing through the network. For example, when an HTML file is sent from a web server, the TCP software layer of that server divides the file into segments and forwards them individually to the internet layer in the network stack. The internet layer software encapsulates each TCP segment into an IP packet by adding a header that includes (among other data) the destination IP address. When the client program on the destination computer receives them, the TCP software in the transport layer re-assembles the segments and ensures they are correctly ordered and error-free as it streams the file contents to the receiving application.

TCP segment structure[edit]

Transmission Control Protocol accepts data from a data stream, divides it into chunks, and adds a TCP header creating a TCP segment. The TCP segment is then encapsulated into an Internet Protocol (IP) datagram, and exchanged with peers.[7]

The term TCP packet appears in both informal and formal usage, whereas in more precise terminology segment refers to the TCP protocol data unit (PDU), datagram[8]: 5–6  to the IP PDU, and frame to the data link layer PDU:

Processes transmit data by calling on the TCP and passing buffers of data as arguments. The TCP packages the data from these buffers into segments and calls on the internet module [e.g. IP] to transmit each segment to the destination TCP.[9]

A TCP segment consists of a segment header and a data section. The segment header contains 10 mandatory fields, and an optional extension field (Options, pink background in table). The data section follows the header and is the payload data carried for the application. The length of the data section is not specified in the segment header; it can be calculated by subtracting the combined length of the segment header and IP header from the total IP datagram length specified in the IP header.

TCP segment header

Offsets Octet 0 1 2 3
Octet Bit  7  6  5  4  3  2  1  0  7  6 5 4 3 2 1 0 7 6 5 4 3 2 1 0 7 6 5 4 3 2 1 0
0 0 Source port Destination port
4 32 Sequence number
8 64 Acknowledgment number (if ACK set)
12 96 Data offset Reserved
0 0 0

NS

CWR

ECE

URG

ACK

PSH

RST

SYN

FIN

 Window Size
16 128 Checksum Urgent pointer (if URG set)
20 160 Options (if data offset > 5. Padded at the end with «0» bits if necessary.)
60 480
Source port (16 bits)
Identifies the sending port.
Destination port (16 bits)
Identifies the receiving port.
Sequence number (32 bits)
Has a dual role:

  • If the SYN flag is set (1), then this is the initial sequence number. The sequence number of the actual first data byte and the acknowledged number in the corresponding ACK are then this sequence number plus 1.
  • If the SYN flag is clear (0), then this is the accumulated sequence number of the first data byte of this segment for the current session.
Acknowledgment number (32 bits)
If the ACK flag is set then the value of this field is the next sequence number that the sender of the ACK is expecting. This acknowledges receipt of all prior bytes (if any). The first ACK sent by each end acknowledges the other end’s initial sequence number itself, but no data.
Data offset (4 bits)
Specifies the size of the TCP header in 32-bit words. The minimum size header is 5 words and the maximum is 15 words thus giving the minimum size of 20 bytes and maximum of 60 bytes, allowing for up to 40 bytes of options in the header. This field gets its name from the fact that it is also the offset from the start of the TCP segment to the actual data.
Reserved (3 bits)
For future use and should be set to zero.
Flags (9 bits)
Contains 9 1-bit flags (control bits) as follows:

  • NS (1 bit): ECN-nonce — concealment protection[a]
  • CWR (1 bit): Congestion window reduced (CWR) flag is set by the sending host to indicate that it received a TCP segment with the ECE flag set and had responded in congestion control mechanism.[b]
  • ECE (1 bit): ECN-Echo has a dual role, depending on the value of the SYN flag. It indicates:
  • If the SYN flag is set (1), that the TCP peer is ECN capable.
  • If the SYN flag is clear (0), that a packet with Congestion Experienced flag set (ECN=11) in the IP header was received during normal transmission.[b] This serves as an indication of network congestion (or impending congestion) to the TCP sender.
  • URG (1 bit): Indicates that the Urgent pointer field is significant
  • ACK (1 bit): Indicates that the Acknowledgment field is significant. All packets after the initial SYN packet sent by the client should have this flag set.
  • PSH (1 bit): Push function. Asks to push the buffered data to the receiving application.
  • RST (1 bit): Reset the connection
  • SYN (1 bit): Synchronize sequence numbers. Only the first packet sent from each end should have this flag set. Some other flags and fields change meaning based on this flag, and some are only valid when it is set, and others when it is clear.
  • FIN (1 bit): Last packet from sender
Window size (16 bits)
The size of the receive window, which specifies the number of window size units[c] that the sender of this segment is currently willing to receive.[d] (See § Flow control and § Window scaling.)
Checksum (16 bits)
The 16-bit checksum field is used for error-checking of the TCP header, the payload and an IP pseudo-header. The pseudo-header consists of the source IP address, the destination IP address, the protocol number for the TCP protocol (6) and the length of the TCP headers and payload (in bytes).
Urgent pointer (16 bits)
If the URG flag is set, then this 16-bit field is an offset from the sequence number indicating the last urgent data byte.
Options (Variable 0–320 bits, in units of 32 bits)
The length of this field is determined by the data offset field. Options have up to three fields: Option-Kind (1 byte), Option-Length (1 byte), Option-Data (variable). The Option-Kind field indicates the type of option and is the only field that is not optional. Depending on Option-Kind value, the next two fields may be set. Option-Length indicates the total length of the option, and Option-Data contains data associated with the option, if applicable. For example, an Option-Kind byte of 1 indicates that this is a no operation option used only for padding, and does not have an Option-Length or Option-Data fields following it. An Option-Kind byte of 0 marks the end of options, and is also only one byte. An Option-Kind byte of 2 is used to indicate Maximum Segment Size option, and will be followed by an Option-Length byte specifying the length of the MSS field. Option-Length is the total length of the given options field, including Option-Kind and Option-Length fields. So while the MSS value is typically expressed in two bytes, Option-Length will be 4. As an example, an MSS option field with a value of 0x05B4 is coded as (0x02 0x04 0x05B4) in the TCP options section.
Some options may only be sent when SYN is set; they are indicated below as [SYN]. Option-Kind and standard lengths given as (Option-Kind, Option-Length).
Option-Kind Option-Length Option-Data Purpose Notes
0 End of options list
1 No operation This may be used to align option fields on 32-bit boundaries for better performance.
2 4 SS Maximum segment size See § Maximum segment size [SYN]
3 3 S Window scale See § Window scaling for details[10] [SYN]
4 2 Selective Acknowledgement permitted See § Selective acknowledgments for details[11]: §2 [SYN]
5 N (10, 18, 26, or 34) BBBB, EEEE, … Selective ACKnowledgement (SACK)[11]: §3  These first two bytes are followed by a list of 1–4 blocks being selectively acknowledged, specified as 32-bit begin/end pointers.
8 10 TTTT, EEEE Timestamp and echo of previous timestamp See § TCP timestamps for details[12]
The remaining Option-Kind values are historical, obsolete, experimental, not yet standardized, or unassigned. Option number assignments are maintained by the IANA.[13]
Padding
The TCP header padding is used to ensure that the TCP header ends, and data begins, on a 32-bit boundary. The padding is composed of zeros.[9]

Protocol operation[edit]

A Simplified TCP State Diagram. See TCP EFSM diagram for more detailed diagrams, including detail on the ESTABLISHED state.

TCP protocol operations may be divided into three phases. Connection establishment is a multi-step handshake process that establishes a connection before entering the data transfer phase. After data transfer is completed, the connection termination closes the connection and releases all allocated resources.

A TCP connection is managed by an operating system through a resource that represents the local end-point for communications, the Internet socket. During the lifetime of a TCP connection, the local end-point undergoes a series of state changes:[14]

TCP socket states

State Endpoint Description
LISTEN Server Waiting for a connection request from any remote TCP end-point.
SYN-SENT Client Waiting for a matching connection request after having sent a connection request.
SYN-RECEIVED Server Waiting for a confirming connection request acknowledgment after having both received and sent a connection request.
ESTABLISHED Server and client An open connection, data received can be delivered to the user. The normal state for the data transfer phase of the connection.
FIN-WAIT-1 Server and client Waiting for a connection termination request from the remote TCP, or an acknowledgment of the connection termination request previously sent.
FIN-WAIT-2 Server and client Waiting for a connection termination request from the remote TCP.
CLOSE-WAIT Server and client Waiting for a connection termination request from the local user.
CLOSING Server and client Waiting for a connection termination request acknowledgment from the remote TCP.
LAST-ACK Server and client Waiting for an acknowledgment of the connection termination request previously sent to the remote TCP (which includes an acknowledgment of its connection termination request).
TIME-WAIT Server or client Waiting for enough time to pass to be sure that all remaining packets on the connection have expired.
CLOSED Server and client No connection state at all.

Connection establishment[edit]

Before a client attempts to connect with a server, the server must first bind to and listen at a port to open it up for connections: this is called a passive open. Once the passive open is established, a client may establish a connection by initiating an active open using the three-way (or 3-step) handshake:

  1. SYN: The active open is performed by the client sending a SYN to the server. The client sets the segment’s sequence number to a random value A.
  2. SYN-ACK: In response, the server replies with a SYN-ACK. The acknowledgment number is set to one more than the received sequence number i.e. A+1, and the sequence number that the server chooses for the packet is another random number, B.
  3. ACK: Finally, the client sends an ACK back to the server. The sequence number is set to the received acknowledgment value i.e. A+1, and the acknowledgment number is set to one more than the received sequence number i.e. B+1.

Steps 1 and 2 establish and acknowledge the sequence number for one direction. Steps 2 and 3 establish and acknowledge the sequence number for the other direction. Following the completion of these steps, both the client and server have received acknowledgments and a full-duplex communication is established.

Connection termination[edit]

The connection termination phase uses a four-way handshake, with each side of the connection terminating independently. When an endpoint wishes to stop its half of the connection, it transmits a FIN packet, which the other end acknowledges with an ACK. Therefore, a typical tear-down requires a pair of FIN and ACK segments from each TCP endpoint. After the side that sent the first FIN has responded with the final ACK, it waits for a timeout before finally closing the connection, during which time the local port is unavailable for new connections; this state lets the TCP client resend the final acknowledgement to the server in case the ACK is lost in transit. The time duration is implementation-dependent, but some common values are 30 seconds, 1 minute, and 2 minutes. After the timeout, the client enters the CLOSED state and the local port becomes available for new connections.[15]

It is also possible to terminate the connection by a 3-way handshake, when host A sends a FIN and host B replies with a FIN & ACK (combining two steps into one) and host A replies with an ACK.[16]

Some operating systems, such as Linux and HP-UX,[citation needed] implement a half-duplex close sequence. If the host actively closes a connection, while still having unread incoming data available, the host sends the signal RST (losing any received data) instead of FIN. This assures that a TCP application is aware there was a data loss.[17]

A connection can be in a half-open state, in which case one side has terminated the connection, but the other has not. The side that has terminated can no longer send any data into the connection, but the other side can. The terminating side should continue reading the data until the other side terminates as well.[citation needed]

Resource usage[edit]

Most implementations allocate an entry in a table that maps a session to a running operating system process. Because TCP packets do not include a session identifier, both endpoints identify the session using the client’s address and port. Whenever a packet is received, the TCP implementation must perform a lookup on this table to find the destination process. Each entry in the table is known as a Transmission Control Block or TCB. It contains information about the endpoints (IP and port), status of the connection, running data about the packets that are being exchanged and buffers for sending and receiving data.

The number of sessions in the server side is limited only by memory and can grow as new connections arrive, but the client must allocate an ephemeral port before sending the first SYN to the server. This port remains allocated during the whole conversation and effectively limits the number of outgoing connections from each of the client’s IP addresses. If an application fails to properly close unrequired connections, a client can run out of resources and become unable to establish new TCP connections, even from other applications.

Both endpoints must also allocate space for unacknowledged packets and received (but unread) data.

Data transfer[edit]

The Transmission Control Protocol differs in several key features compared to the User Datagram Protocol:

  • Ordered data transfer: the destination host rearranges segments according to a sequence number[6]
  • Retransmission of lost packets: any cumulative stream not acknowledged is retransmitted[6]
  • Error-free data transfer: corrupted packets are treated as lost and are retransmitted[18]
  • Flow control: limits the rate a sender transfers data to guarantee reliable delivery. The receiver continually hints the sender on how much data can be received. When the receiving host’s buffer fills, the next acknowledgment suspends the transfer and allows the data in the buffer to be processed.[6]
  • Congestion control: lost packets (presumed due to congestion) trigger a reduction in data delivery rate[6]

Reliable transmission[edit]

TCP uses a sequence number to identify each byte of data. The sequence number identifies the order of the bytes sent from each computer so that the data can be reconstructed in order, regardless of any out-of-order delivery that may occur. The sequence number of the first byte is chosen by the transmitter for the first packet, which is flagged SYN. This number can be arbitrary, and should, in fact, be unpredictable to defend against TCP sequence prediction attacks.

Acknowledgements (ACKs) are sent with a sequence number by the receiver of data to tell the sender that data has been received to the specified byte. ACKs do not imply that the data has been delivered to the application, they merely signify that it is now the receiver’s responsibility to deliver the data.

Reliability is achieved by the sender detecting lost data and retransmitting it. TCP uses two primary techniques to identify loss. Retransmission timeout (RTO) and duplicate cumulative acknowledgements (DupAcks).

Dupack-based retransmission[edit]

If a single segment (say segment number 100) in a stream is lost, then the receiver cannot acknowledge packets above that segment number (100) because it uses cumulative ACKs. Hence the receiver acknowledges packet 99 again on the receipt of another data packet. This duplicate acknowledgement is used as a signal for packet loss. That is, if the sender receives three duplicate acknowledgements, it retransmits the last unacknowledged packet. A threshold of three is used because the network may reorder segments causing duplicate acknowledgements. This threshold has been demonstrated to avoid spurious retransmissions due to reordering.[19] Some TCP implementation use selective acknowledgements (SACKs) to provide explicit feedback about the segments that have been received. This greatly improves TCP’s ability to retransmit the right segments.

Timeout-based retransmission[edit]

When a sender transmits a segment, it initializes a timer with a conservative estimate of the arrival time of the acknowledgement. The segment is retransmitted if the timer expires, with a new timeout threshold of twice the previous value, resulting in exponential backoff behavior. Typically, the initial timer value is {displaystyle {text{smoothed RTT}}+max(G,4times {text{RTT variation}})}, where G is the clock granularity.[20]: 2  This guards against excessive transmission traffic due to faulty or malicious actors, such as man-in-the-middle denial of service attackers.

Error detection[edit]

Sequence numbers allow receivers to discard duplicate packets and properly sequence out-of-order packets. Acknowledgments allow senders to determine when to retransmit lost packets.

To assure correctness a checksum field is included; see § Checksum computation for details. The TCP checksum is a weak check by modern standards and is normally paired with a CRC integrity check at layer 2, below both TCP and IP, such as is used in PPP or the Ethernet frame. However, introduction of errors in packets between CRC-protected hops is common and the 16-bit TCP checksum catches most of these.[21]

Flow control[edit]

TCP uses an end-to-end flow control protocol to avoid having the sender send data too fast for the TCP receiver to receive and process it reliably. Having a mechanism for flow control is essential in an environment where machines of diverse network speeds communicate. For example, if a PC sends data to a smartphone that is slowly processing received data, the smartphone must be able to regulate the data flow so as not to be overwhelmed.[6]

TCP uses a sliding window flow control protocol. In each TCP segment, the receiver specifies in the receive window field the amount of additionally received data (in bytes) that it is willing to buffer for the connection. The sending host can send only up to that amount of data before it must wait for an acknowledgement and receive window update from the receiving host.

TCP sequence numbers and receive windows behave very much like a clock. The receive window shifts each time the receiver receives and acknowledges a new segment of data. Once it runs out of sequence numbers, the sequence number loops back to 0.

When a receiver advertises a window size of 0, the sender stops sending data and starts its persist timer. The persist timer is used to protect TCP from a deadlock situation that could arise if a subsequent window size update from the receiver is lost, and the sender cannot send more data until receiving a new window size update from the receiver. When the persist timer expires, the TCP sender attempts recovery by sending a small packet so that the receiver responds by sending another acknowledgement containing the new window size.

If a receiver is processing incoming data in small increments, it may repeatedly advertise a small receive window. This is referred to as the silly window syndrome, since it is inefficient to send only a few bytes of data in a TCP segment, given the relatively large overhead of the TCP header.

Congestion control[edit]

The final main aspect of TCP is congestion control. TCP uses a number of mechanisms to achieve high performance and avoid congestive collapse, a gridlock situation where network performance is severely degraded. These mechanisms control the rate of data entering the network, keeping the data flow below a rate that would trigger collapse. They also yield an approximately max-min fair allocation between flows.

Acknowledgments for data sent, or the lack of acknowledgments, are used by senders to infer network conditions between the TCP sender and receiver. Coupled with timers, TCP senders and receivers can alter the behavior of the flow of data. This is more generally referred to as congestion control or congestion avoidance.

Modern implementations of TCP contain four intertwined algorithms: slow start, congestion avoidance, fast retransmit, and fast recovery.[22]

In addition, senders employ a retransmission timeout (RTO) that is based on the estimated round-trip time (RTT) between the sender and receiver, as well as the variance in this round-trip time.[20] There are subtleties in the estimation of RTT. For example, senders must be careful when calculating RTT samples for retransmitted packets; typically they use Karn’s Algorithm or TCP timestamps.[23] These individual RTT samples are then averaged over time to create a smoothed round trip time (SRTT) using Jacobson’s algorithm. This SRTT value is what is used as the round-trip time estimate.

Enhancing TCP to reliably handle loss, minimize errors, manage congestion and go fast in very high-speed environments are ongoing areas of research and standards development. As a result, there are a number of TCP congestion avoidance algorithm variations.

Maximum segment size[edit]

The maximum segment size (MSS) is the largest amount of data, specified in bytes, that TCP is willing to receive in a single segment. For best performance, the MSS should be set small enough to avoid IP fragmentation, which can lead to packet loss and excessive retransmissions. To accomplish this, typically the MSS is announced by each side using the MSS option when the TCP connection is established. The option value is derived from the maximum transmission unit (MTU) size of the data link layer of the networks to which the sender and receiver are directly attached. TCP senders can use path MTU discovery to infer the minimum MTU along the network path between the sender and receiver, and use this to dynamically adjust the MSS to avoid IP fragmentation within the network.

MSS announcement may also be called MSS negotiation but, strictly speaking, the MSS is not negotiated. Two completely independent values of MSS are permitted for the two directions of data flow in a TCP connection,[24][9] so there is no need to agree on a common MSS configuration for a bidirectional connection.

Selective acknowledgments[edit]

Relying purely on the cumulative acknowledgment scheme employed by the original TCP can lead to inefficiencies when packets are lost. For example, suppose bytes with sequence number 1,000 to 10,999 are sent in 10 different TCP segments of equal size, and the second segment (sequence numbers 2,000 to 2,999) is lost during transmission. In a pure cumulative acknowledgment protocol, the receiver can only send a cumulative ACK value of 2,000 (the sequence number immediately following the last sequence number of the received data) and cannot say that it received bytes 3,000 to 10,999 successfully. Thus the sender may then have to resend all data starting with sequence number 2,000.

To alleviate this issue TCP employs the selective acknowledgment (SACK) option, defined in 1996 in RFC 2018, which allows the receiver to acknowledge discontinuous blocks of packets that were received correctly, in addition to the sequence number immediately following the last sequence number of the last contiguous byte received successively, as in the basic TCP acknowledgment. The acknowledgment can include a number of SACK blocks, where each SACK block is conveyed by the Left Edge of Block (the first sequence number of the block) and the Right Edge of Block (the sequence number immediately following the last sequence number of the block), with a Block being a contiguous range that the receiver correctly received. In the example above, the receiver would send an ACK segment with a cumulative ACK value of 2,000 and a SACK option header with sequence numbers 3,000 and 11,000. The sender would accordingly retransmit only the second segment with sequence numbers 2,000 to 2,999.

A TCP sender may interpret an out-of-order segment delivery as a lost segment. If it does so, the TCP sender will retransmit the segment previous to the out-of-order packet and slow its data delivery rate for that connection. The duplicate-SACK option, an extension to the SACK option that was defined in May 2000 in RFC 2883, solves this problem. The TCP receiver sends a D-ACK to indicate that no segments were lost, and the TCP sender can then reinstate the higher transmission rate.

The SACK option is not mandatory and comes into operation only if both parties support it. This is negotiated when a connection is established. SACK uses a TCP header option (see § TCP segment structure for details). The use of SACK has become widespread—all popular TCP stacks support it. Selective acknowledgment is also used in Stream Control Transmission Protocol (SCTP).

Window scaling[edit]

For more efficient use of high-bandwidth networks, a larger TCP window size may be used. A 16-bit TCP window size field controls the flow of data and its value is limited to 65,535 bytes. Since the size field cannot be expanded beyond this limit, a scaling factor is used. The TCP window scale option, as defined in RFC 1323, is an option used to increase the maximum window size to 1 gigabyte. Scaling up to these larger window sizes is necessary for TCP tuning.

The window scale option is used only during the TCP 3-way handshake. The window scale value represents the number of bits to left-shift the 16-bit window size field when interpreting it. The window scale value can be set from 0 (no shift) to 14 for each direction independently. Both sides must send the option in their SYN segments to enable window scaling in either direction.

Some routers and packet firewalls rewrite the window scaling factor during a transmission. This causes sending and receiving sides to assume different TCP window sizes. The result is non-stable traffic that may be very slow. The problem is visible on some sites behind a defective router.[25]

TCP timestamps[edit]

TCP timestamps, defined in RFC 1323 in 1992, can help TCP determine in which order packets were sent. TCP timestamps are not normally aligned to the system clock and start at some random value. Many operating systems will increment the timestamp for every elapsed millisecond; however, the RFC only states that the ticks should be proportional.

There are two timestamp fields:

  • a 4-byte sender timestamp value (my timestamp)
  • a 4-byte echo reply timestamp value (the most recent timestamp received from you).

TCP timestamps are used in an algorithm known as Protection Against Wrapped Sequence numbers, or PAWS. PAWS is used when the receive window crosses the sequence number wraparound boundary. In the case where a packet was potentially retransmitted, it answers the question: «Is this sequence number in the first 4 GB or the second?» And the timestamp is used to break the tie.

Also, the Eifel detection algorithm uses TCP timestamps to determine if retransmissions are occurring because packets are lost or simply out of order.[26]

TCP timestamps are enabled by default in Linux,[27] and disabled by default in Windows Server 2008, 2012 and 2016.[28]

Recent Statistics show that the level of TCP timestamp adoption has stagnated, at ~40%, owing to Windows Server dropping support since Windows Server 2008.[29]

Out-of-band data[edit]

It is possible to interrupt or abort the queued stream instead of waiting for the stream to finish. This is done by specifying the data as urgent. This marks the transmission as out-of-band data (OOB) and tells the receiving program to process it immediately. When finished, TCP informs the application and resumes the stream queue. An example is when TCP is used for a remote login session where the user can send a keyboard sequence that interrupts or aborts the remotely-running program without waiting for the program to finish its current transfer.[6]

The urgent pointer only alters the processing on the remote host and doesn’t expedite any processing on the network itself. The capability is implemented differently or poorly on different systems or may not be supported. Where it is available, it is prudent to assume only single bytes of OOB data will be reliably handled.[30][31] Since the feature is not frequently used, it is not well tested on some platforms and has been associated with vunerabilities, WinNuke for instance.

Forcing data delivery[edit]

Normally, TCP waits for 200 ms for a full packet of data to send (Nagle’s Algorithm tries to group small messages into a single packet). This wait creates small, but potentially serious delays if repeated constantly during a file transfer. For example, a typical send block would be 4 KB, a typical MSS is 1460, so 2 packets go out on a 10 Mbit/s ethernet taking ~1.2 ms each followed by a third carrying the remaining 1176 after a 197 ms pause because TCP is waiting for a full buffer.

In the case of telnet, each user keystroke is echoed back by the server before the user can see it on the screen. This delay would become very annoying.

Setting the socket option TCP_NODELAY overrides the default 200 ms send delay. Application programs use this socket option to force output to be sent after writing a character or line of characters.

The RFC defines the PSH push bit as «a message to the receiving TCP stack to send this data immediately up to the receiving application».[6] There is no way to indicate or control it in user space using Berkeley sockets and it is controlled by protocol stack only.[32]

Vulnerabilities[edit]

TCP may be attacked in a variety of ways. The results of a thorough security assessment of TCP, along with possible mitigations for the identified issues, were published in 2009,[33] and is currently[when?] being pursued within the IETF.[34]

Denial of service[edit]

By using a spoofed IP address and repeatedly sending purposely assembled SYN packets, followed by many ACK packets, attackers can cause the server to consume large amounts of resources keeping track of the bogus connections. This is known as a SYN flood attack. Proposed solutions to this problem include SYN cookies and cryptographic puzzles, though SYN cookies come with their own set of vulnerabilities.[35] Sockstress is a similar attack, that might be mitigated with system resource management.[36] An advanced DoS attack involving the exploitation of the TCP Persist Timer was analyzed in Phrack #66.[37] PUSH and ACK floods are other variants.[38]

Connection hijacking[edit]

An attacker who is able to eavesdrop a TCP session and redirect packets can hijack a TCP connection. To do so, the attacker learns the sequence number from the ongoing communication and forges a false segment that looks like the next segment in the stream. Such a simple hijack can result in one packet being erroneously accepted at one end. When the receiving host acknowledges the extra segment to the other side of the connection, synchronization is lost. Hijacking might be combined with Address Resolution Protocol (ARP) or routing attacks that allow taking control of the packet flow, so as to get permanent control of the hijacked TCP connection.[39]

Impersonating a different IP address was not difficult prior to RFC 1948, when the initial sequence number was easily guessable. That allowed an attacker to blindly send a sequence of packets that the receiver would believe to come from a different IP address, without the need to deploy ARP or routing attacks: it is enough to ensure that the legitimate host of the impersonated IP address is down, or bring it to that condition using denial-of-service attacks. This is why the initial sequence number is now chosen at random.

TCP veto[edit]

An attacker who can eavesdrop and predict the size of the next packet to be sent can cause the receiver to accept a malicious payload without disrupting the existing connection. The attacker injects a malicious packet with the sequence number and a payload size of the next expected packet. When the legitimate packet is ultimately received, it is found to have the same sequence number and length as a packet already received and is silently dropped as a normal duplicate packet—the legitimate packet is «vetoed» by the malicious packet. Unlike in connection hijacking, the connection is never desynchronized and communication continues as normal after the malicious payload is accepted. TCP veto gives the attacker less control over the communication, but makes the attack particularly resistant to detection. The large increase in network traffic from the ACK storm is avoided. The only evidence to the receiver that something is amiss is a single duplicate packet, a normal occurrence in an IP network. The sender of the vetoed packet never sees any evidence of an attack.[40]

Another vulnerability is the TCP reset attack.

TCP ports[edit]

TCP and UDP use port numbers to identify sending and receiving application end-points on a host, often called Internet sockets. Each side of a TCP connection has an associated 16-bit unsigned port number (0-65535) reserved by the sending or receiving application. Arriving TCP packets are identified as belonging to a specific TCP connection by its sockets, that is, the combination of source host address, source port, destination host address, and destination port. This means that a server computer can provide several clients with several services simultaneously, as long as a client takes care of initiating any simultaneous connections to one destination port from different source ports.

Port numbers are categorized into three basic categories: well-known, registered, and dynamic/private. The well-known ports are assigned by the Internet Assigned Numbers Authority (IANA) and are typically used by system-level or root processes. Well-known applications running as servers and passively listening for connections typically use these ports. Some examples include: FTP (20 and 21), SSH (22), TELNET (23), SMTP (25), HTTP over SSL/TLS (443), and HTTP (80). Note, as of the latest standard, HTTP/3, QUIC is used as a transport instead of TCP. Registered ports are typically used by end user applications as ephemeral source ports when contacting servers, but they can also identify named services that have been registered by a third party. Dynamic/private ports can also be used by end user applications, but are less commonly so. Dynamic/private ports do not contain any meaning outside of any particular TCP connection.

Network Address Translation (NAT), typically uses dynamic port numbers, on the («Internet-facing») public side, to disambiguate the flow of traffic that is passing between a public network and a private subnetwork, thereby allowing many IP addresses (and their ports) on the subnet to be serviced by a single public-facing address.

Development[edit]

TCP is a complex protocol. However, while significant enhancements have been made and proposed over the years, its most basic operation has not changed significantly since its first specification RFC 675 in 1974, and the v4 specification RFC 793, published in September 1981. RFC 1122, Host Requirements for Internet Hosts, clarified a number of TCP protocol implementation requirements. A list of the 8 required specifications and over 20 strongly encouraged enhancements is available in RFC 7414. Among this list is RFC 2581, TCP Congestion Control, one of the most important TCP-related RFCs in recent years, describes updated algorithms that avoid undue congestion. In 2001, RFC 3168 was written to describe Explicit Congestion Notification (ECN), a congestion avoidance signaling mechanism.

The original TCP congestion avoidance algorithm was known as «TCP Tahoe», but many alternative algorithms have since been proposed (including TCP Reno, TCP Vegas, FAST TCP, TCP New Reno, and TCP Hybla).

TCP Interactive (iTCP) [41] is a research effort into TCP extensions that allows applications to subscribe to TCP events and register handler components that can launch applications for various purposes, including application-assisted congestion control.

Multipath TCP (MPTCP) [42][43] is an ongoing effort within the IETF that aims at allowing a TCP connection to use multiple paths to maximize resource usage and increase redundancy. The redundancy offered by Multipath TCP in the context of wireless networks enables the simultaneous utilization of different networks, which brings higher throughput and better handover capabilities. Multipath TCP also brings performance benefits in datacenter environments.[44] The reference implementation[45] of Multipath TCP is being developed in the Linux kernel.[46] Multipath TCP is used to support the Siri voice recognition application on iPhones, iPads and Macs [47]

tcpcrypt is an extension proposed in July 2010 to provide transport-level encryption directly in TCP itself. It is designed to work transparently and not require any configuration. Unlike TLS (SSL), tcpcrypt itself does not provide authentication, but provides simple primitives down to the application to do that. As of 2010, the first tcpcrypt IETF draft has been published and implementations exist for several major platforms.

TCP Fast Open is an extension to speed up the opening of successive TCP connections between two endpoints. It works by skipping the three-way handshake using a cryptographic «cookie». It is similar to an earlier proposal called T/TCP, which was not widely adopted due to security issues.[48] TCP Fast Open was published as RFC 7413 in 2014.[49]

Proposed in May 2013, Proportional Rate Reduction (PRR) is a TCP extension developed by Google engineers. PRR ensures that the TCP window size after recovery is as close to the slow start threshold as possible.[50] The algorithm is designed to improve the speed of recovery and is the default congestion control algorithm in Linux 3.2+ kernels.[51]

Deprecated proposals[edit]

TCP Cookie Transactions (TCPCT) is an extension proposed in December 2009[52] to secure servers against denial-of-service attacks. Unlike SYN cookies, TCPCT does not conflict with other TCP extensions such as window scaling. TCPCT was designed due to necessities of DNSSEC, where servers have to handle large numbers of short-lived TCP connections. In 2016, TCPCT was deprecated in favor of TCP Fast Open. Status of the original RFC was changed to «historic».[53]

TCP over wireless networks[edit]

TCP was originally designed for wired networks. Packet loss is considered to be the result of network congestion and the congestion window size is reduced dramatically as a precaution. However, wireless links are known to experience sporadic and usually temporary losses due to fading, shadowing, hand off, interference, and other radio effects, that are not strictly congestion. After the (erroneous) back-off of the congestion window size, due to wireless packet loss, there may be a congestion avoidance phase with a conservative decrease in window size. This causes the radio link to be underutilized. Extensive research on combating these harmful effects has been conducted. Suggested solutions can be categorized as end-to-end solutions, which require modifications at the client or server,[54] link layer solutions, such as Radio Link Protocol (RLP) in cellular networks, or proxy-based solutions which require some changes in the network without modifying end nodes.[54][55]

A number of alternative congestion control algorithms, such as Vegas, Westwood, Veno, and Santa Cruz, have been proposed to help solve the wireless problem.[citation needed]

Hardware implementations[edit]

One way to overcome the processing power requirements of TCP is to build hardware implementations of it, widely known as TCP offload engines (TOE). The main problem of TOEs is that they are hard to integrate into computing systems, requiring extensive changes in the operating system of the computer or device. One company to develop such a device was Alacritech.

Wire image and ossification[edit]

The wire image of TCP provides significant information-gathering and modification opportunities to on-path observers, as the protocol metadata is transmitted in cleartext.[56][57] While this transparency is useful to network operators and researchers,[59] information gathered from protocol metadata may reduce the end-user’s privacy.[60] This visibility and malleability of metadata has led to TCP being difficult to extend—a case of protocol ossification—as any intermediate node (a ‘middlebox’) can make decisions based on that metadata or even modify it,[61][62] breaking the end-to-end principle.[63] One measurement found that a third of paths across the Internet encounter at least one intermediary that modifies TCP metadata, and 6.5% of paths encounter harmful ossifying effects from intermediaries.[64] Avoiding extensibility hazards from intermediaries placed significant constraints on the design of MPTCP,[65][66] and difficulties caused by intermediaries have hindered the deployment of TCP Fast Open in web browsers.[67] Another source of ossification is the difficulty of modification of TCP functions at the endpoints, typically in the operating system kernel[68] or in hardware with a TCP offload engine.[69]

Performance[edit]

As TCP provides applications with the abstraction of a reliable byte stream, it can suffer from head-of-line blocking: if packets are reordered or lost and need to be retransmitted (and thus arrive out-of-order), data from sequentially later parts of the stream may be received before sequentially earlier parts of the stream; however, the later data cannot typically be used until the earlier data has been received, incurring network latency. If multiple independent higher-level messages are encapsulated and multiplexed onto a single TCP connection, then head-of-line blocking can cause processing of a fully-received message that was sent later to wait for delivery of a message that was sent earlier.[70]

Acceleration[edit]

The idea of a TCP accelerator is to terminate TCP connections inside the network processor and then relay the data to a second connection toward the end system. The data packets that originate from the sender are buffered at the accelerator node, which is responsible for performing local retransmissions in the event of packet loss. Thus, in case of losses, the feedback loop between the sender and the receiver is shortened to the one between the acceleration node and the receiver which guarantees a faster delivery of data to the receiver.

Since TCP is a rate-adaptive protocol, the rate at which the TCP sender injects
packets into the network is directly proportional to the prevailing load condition within the network as well as the processing capacity of the receiver. The prevalent conditions within the network are judged by the sender on the basis of the acknowledgments received by it. The acceleration node splits the feedback loop between the sender and the receiver and thus guarantees a shorter round trip time (RTT) per packet. A shorter RTT is beneficial as it ensures a quicker response time to any changes in the network and a faster adaptation by the sender to combat these changes.

Disadvantages of the method include the fact that the TCP session has to be directed through the accelerator; this means that if routing changes, so that the accelerator is no longer in the path, the connection will be broken. It also destroys the end-to-end property of the TCP ack mechanism; when the ACK is received by the sender, the packet has been stored by the accelerator, not delivered to the receiver.

Debugging[edit]

A packet sniffer, which intercepts TCP traffic on a network link, can be useful in debugging networks, network stacks, and applications that use TCP by showing the user what packets are passing through a link. Some networking stacks support the SO_DEBUG socket option, which can be enabled on the socket using setsockopt. That option dumps all the packets, TCP states, and events on that socket, which is helpful in debugging. Netstat is another utility that can be used for debugging.

Alternatives[edit]

For many applications TCP is not appropriate. One problem (at least with normal implementations) is that the application cannot access the packets coming after a lost packet until the retransmitted copy of the lost packet is received. This causes problems for real-time applications such as streaming media, real-time multiplayer games and voice over IP (VoIP) where it is generally more useful to get most of the data in a timely fashion than it is to get all of the data in order.

For historical and performance reasons, most storage area networks (SANs) use Fibre Channel Protocol (FCP) over Fibre Channel connections.

Also, for embedded systems, network booting, and servers that serve simple requests from huge numbers of clients (e.g. DNS servers) the complexity of TCP can be a problem. Finally, some tricks such as transmitting data between two hosts that are both behind NAT (using STUN or similar systems) are far simpler without a relatively complex protocol like TCP in the way.

Generally, where TCP is unsuitable, the User Datagram Protocol (UDP) is used. This provides the application multiplexing and checksums that TCP does, but does not handle streams or retransmission, giving the application developer the ability to code them in a way suitable for the situation, or to replace them with other methods like forward error correction or interpolation.

Stream Control Transmission Protocol (SCTP) is another protocol that provides reliable stream oriented services similar to TCP. It is newer and considerably more complex than TCP, and has not yet seen widespread deployment. However, it is especially designed to be used in situations where reliability and near-real-time considerations are important.

Venturi Transport Protocol (VTP) is a patented proprietary protocol that is designed to replace TCP transparently to overcome perceived inefficiencies related to wireless data transport.

TCP also has issues in high-bandwidth environments. The TCP congestion avoidance algorithm works very well for ad-hoc environments where the data sender is not known in advance. If the environment is predictable, a timing based protocol such as Asynchronous Transfer Mode (ATM) can avoid TCP’s retransmits overhead.

UDP-based Data Transfer Protocol (UDT) has better efficiency and fairness than TCP in networks that have high bandwidth-delay product.[71]

Multipurpose Transaction Protocol (MTP/IP) is patented proprietary software that is designed to adaptively achieve high throughput and transaction performance in a wide variety of network conditions, particularly those where TCP is perceived to be inefficient.

Checksum computation[edit]

TCP checksum for IPv4[edit]

When TCP runs over IPv4, the method used to compute the checksum is defined as follows:[9]

The checksum field is the 16-bit ones’ complement of the ones’ complement sum of all 16-bit words in the header and text. The checksum computation needs to ensure the 16-bit alignment of the data being summed. If a segment contains an odd number of header and text octets, alignment can be achieved by padding the last octet with zeros on its right to form a 16-bit word for checksum purposes. The pad is not transmitted as part of the segment. While computing the checksum, the checksum field itself is replaced with zeros.

In other words, after appropriate padding, all 16-bit words are added using one’s complement arithmetic. The sum is then bitwise complemented and inserted as the checksum field. A pseudo-header that mimics the IPv4 packet header used in the checksum computation is shown in the table below.

TCP pseudo-header for checksum computation (IPv4)

Bit offset 0–3 4–7 8–15 16–31
0 Source address
32 Destination address
64 Zeros Protocol TCP length
96 Source port Destination port
128 Sequence number
160 Acknowledgement number
192 Data offset Reserved Flags Window
224 Checksum Urgent pointer
256 Options (optional)
256/288+  
Data
 

The source and destination addresses are those of the IPv4 header. The protocol value is 6 for TCP (cf. List of IP protocol numbers). The TCP length field is the length of the TCP header and data (measured in octets).

TCP checksum for IPv6[edit]

When TCP runs over IPv6, the method used to compute the checksum is changed:[72]

Any transport or other upper-layer protocol that includes the addresses from the IP header in its checksum computation must be modified for use over IPv6, to include the 128-bit IPv6 addresses instead of 32-bit IPv4 addresses.

A pseudo-header that mimics the IPv6 header for computation of the checksum is shown below.

TCP pseudo-header for checksum computation (IPv6)

Bit offset 0–7 8–15 16–23 24–31
0 Source address
32
64
96
128 Destination address
160
192
224
256 TCP length
288 Zeros Next header
= Protocol
320 Source port Destination port
352 Sequence number
384 Acknowledgement number
416 Data offset Reserved Flags Window
448 Checksum Urgent pointer
480 Options (optional)
480/512+  
Data
 
  • Source address: the one in the IPv6 header
  • Destination address: the final destination; if the IPv6 packet doesn’t contain a Routing header, TCP uses the destination address in the IPv6 header, otherwise, at the originating node, it uses the address in the last element of the Routing header, and, at the receiving node, it uses the destination address in the IPv6 header.
  • TCP length: the length of the TCP header and data
  • Next Header: the protocol value for TCP

Checksum offload [edit]

Many TCP/IP software stack implementations provide options to use hardware assistance to automatically compute the checksum in the network adapter prior to transmission onto the network or upon reception from the network for validation. This may relieve the OS from using precious CPU cycles calculating the checksum. Hence, overall network performance is increased.

This feature may cause packet analyzers that are unaware or uncertain about the use of checksum offload to report invalid checksums in outbound packets that have not yet reached the network adapter.[73] This will only occur for packets that are intercepted before being transmitted by the network adapter; all packets transmitted by the network adaptor on the wire will have valid checksums.[74] This issue can also occur when monitoring packets being transmitted between virtual machines on the same host, where a virtual device driver may omit the checksum calculation (as an optimization), knowing that the checksum will be calculated later by the VM host kernel or its physical hardware.

RFC documents[edit]

  • RFC 675 – Specification of Internet Transmission Control Program, December 1974 Version
  • RFC 793 – TCP v4
  • RFC 1122 – includes some error corrections for TCP
  • RFC 1323 – TCP Extensions for High Performance [Obsoleted by RFC 7323]
  • RFC 1379 – Extending TCP for Transactions—Concepts [Obsoleted by RFC 6247]
  • RFC 1948 – Defending Against Sequence Number Attacks
  • RFC 2018 – TCP Selective Acknowledgment Options
  • RFC 5681 – TCP Congestion Control
  • RFC 6247 – Moving the Undeployed TCP Extensions RFC 1072, 1106, 1110, 1145, 1146, 1379, 1644 and 1693 to Historic Status
  • RFC 6298 – Computing TCP’s Retransmission Timer
  • RFC 6824 – TCP Extensions for Multipath Operation with Multiple Addresses
  • RFC 7323 – TCP Extensions for High Performance
  • RFC 7414 – A Roadmap for TCP Specification Documents
  • RFC 9293 – Transmission Control Protocol (TCP)

See also[edit]

  • Connection-oriented communication
  • List of TCP and UDP port numbers (a long list of ports and services)
  • Micro-bursting (networking)
  • T/TCP variant of TCP
  • TCP global synchronization
  • TCP pacing
  • Transport layer § Comparison of transport layer protocols
  • WTCP a proxy-based modification of TCP for wireless networks

Notes[edit]

  1. ^ Experimental: see RFC 3540
  2. ^ a b Added to header by RFC 3168
  3. ^ Windows size units are, by default, bytes.
  4. ^ Window size is relative to the segment identified by the sequence number in the acknowledgment field.

References[edit]

  1. ^ Vinton G. Cerf; Robert E. Kahn (May 1974). «A Protocol for Packet Network Intercommunication» (PDF). IEEE Transactions on Communications. 22 (5): 637–648. doi:10.1109/tcom.1974.1092259. Archived from the original (PDF) on March 4, 2016.
  2. ^ Bennett, Richard (September 2009). «Designed for Change: End-to-End Arguments, Internet Innovation, and the Net Neutrality Debate» (PDF). Information Technology and Innovation Foundation. p. 11. Retrieved 11 September 2017.
  3. ^ V. Cerf; Y. Dalal; C. Sunshine (December 1974). SPECIFICATION OF INTERNET TRANSMISSION CONTROL PROGRAM. Network Working Group. doi:10.17487/RFC0698. RFC 698. Obsolete. Obsoleted by RFC 7805. NIC 2. INWG 72.
  4. ^ «Robert E Kahn — A.M. Turing Award Laureate». amturing.acm.org.
  5. ^ «Vinton Cerf — A.M. Turing Award Laureate». amturing.acm.org.
  6. ^ a b c d e f g h i Comer, Douglas E. (2006). Internetworking with TCP/IP: Principles, Protocols, and Architecture. Vol. 1 (5th ed.). Prentice Hall. ISBN 978-0-13-187671-2.
  7. ^ «TCP (Transmission Control Protocol)». Retrieved 2019-06-26.
  8. ^ J. Postel, ed. (September 1981). INTERNET PROTOCOL — DARPA INTERNET PROGRAM PROTOCOL SPECIFICATION. IETF. doi:10.17487/RFC0791. STD 5. RFC 791. IEN 128, 123, 111, 80, 54, 44, 41, 28, 26. Internet Standard. Obsoletes RFC 760. Updated by RFC 1349, 2474 and 6864.
  9. ^ a b c d W. Eddy, ed. (August 2022). Transmission Control Protocol (TCP). Internet Engineering Task Force. doi:10.17487/RFC9293. ISSN 2070-1721. STD 7. RFC 9293. Internet Standard. Obsoletes RFC 793, 879, 2873, 6093, 6429, 6528 and 6691. Updates RFC 1011, 1122 and 5961.
  10. ^ TCP Extensions for High Performance. sec. 2.2. RFC 1323.
  11. ^ a b S. Floyd; J. Mahdavi; M. Mathis; A. Romanow (October 1996). TCP Selective Acknowledgment Options. IETF TCP Large Windows workgroup. doi:10.17487/RFC2018. RFC 2018. Proposed Standard. Obsoletes RFC 1072.
  12. ^ «RFC 1323, TCP Extensions for High Performance, Section 3.2».
  13. ^ «Transmission Control Protocol (TCP) Parameters: TCP Option Kind Numbers». IANA.
  14. ^ W. Eddy, ed. (August 2022). Transmission Control Protocol (TCP). Internet Engineering Task Force. doi:10.17487/RFC9293. ISSN 2070-1721. STD 7. RFC 9293. Internet Standard. sec. 3.3.2.
  15. ^ Kurose, James F. (2017). Computer networking : a top-down approach. Keith W. Ross (7th ed.). Harlow, England. p. 286. ISBN 978-0-13-359414-0. OCLC 936004518.
  16. ^ Tanenbaum, Andrew S. (2003-03-17). Computer Networks (Fourth ed.). Prentice Hall. ISBN 978-0-13-066102-9.
  17. ^ R. Braden, ed. (October 1989). Requirements for Internet Hosts — Communication Layers. Network Working Group. doi:10.17487/RFC1122. STD 3. RFC 1122. Internet Standard. sec. 4.2.2.13.
  18. ^ «TCP Definition». Retrieved 2011-03-12.
  19. ^ Mathis; Mathew; Semke; Mahdavi; Ott (1997). «The macroscopic behavior of the TCP congestion avoidance algorithm». ACM SIGCOMM Computer Communication Review. 27 (3): 67–82. CiteSeerX 10.1.1.40.7002. doi:10.1145/263932.264023. S2CID 1894993.
  20. ^ a b V. Paxson; M. Allman; J. Chu; M. Sargent (June 2011). Computing TCP’s Retransmission Timer. Internet Engineering Task Force. doi:10.17487/RFC6298. ISSN 2070-1721. RFC 6298. Proposed Standard. Obsoletes RFC 2988. Updates RFC 1122.
  21. ^ Stone; Partridge (2000). «When The CRC and TCP Checksum Disagree». ACM SIGCOMM Computer Communication Review: 309–319. CiteSeerX 10.1.1.27.7611. doi:10.1145/347059.347561. ISBN 978-1581132236. S2CID 9547018.
  22. ^ M. Allman; V. Paxson; E. Blanton (September 2009). TCP Congestion Control. IETF. doi:10.17487/RFC5681. RFC 5681. Draft Standard. Obsoletes RFC 2581.
  23. ^ D. Borman; B. Braden; V. Jacobson (September 2014). R. Scheffenegger (ed.). TCP Extensions for High Performance. Internet Engineering Task Force. doi:10.17487/RFC7323. ISSN 2070-1721. RFC 7323. Proposed Standard. Obsoletes RFC 1323.
  24. ^ R. Braden, ed. (October 1989). Requirements for Internet Hosts — Communication Layers. Network Working Group. doi:10.17487/RFC1122. STD 3. RFC 1122. Internet Standard. Updated by RFC 1349, 4379, 5884, 6093, 6298, 6633, 6864, 8029 and 9293.
  25. ^ «TCP window scaling and broken routers». LWN.net.
  26. ^ RFC 3522
  27. ^ «IP sysctl». Linux Kernel Documentation. Retrieved 15 December 2018.
  28. ^ Wang, Eve. «TCP timestamp is disabled». Technet — Windows Server 2012 Essentials. Microsoft. Archived from the original on 2018-12-15. Retrieved 2018-12-15.
  29. ^ David Murray; Terry Koziniec; Sebastian Zander; Michael Dixon; Polychronis Koutsakis (2017). «An Analysis of Changing Enterprise Network Traffic Characteristics» (PDF). The 23rd Asia-Pacific Conference on Communications (APCC 2017). Retrieved 3 October 2017.
  30. ^ Gont, Fernando (November 2008). «On the implementation of TCP urgent data». 73rd IETF meeting. Retrieved 2009-01-04.
  31. ^ Peterson, Larry (2003). Computer Networks. Morgan Kaufmann. p. 401. ISBN 978-1-55860-832-0.
  32. ^ Richard W. Stevens (November 2011). TCP/IP Illustrated. Vol. 1, The protocols. Addison-Wesley. pp. Chapter 20. ISBN 978-0-201-63346-7.
  33. ^ «Security Assessment of the Transmission Control Protocol (TCP)» (PDF). Archived from the original on March 6, 2009. Retrieved 2010-12-23.{{cite web}}: CS1 maint: bot: original URL status unknown (link)
  34. ^ Security Assessment of the Transmission Control Protocol (TCP)
  35. ^ Jakob Lell. «Quick Blind TCP Connection Spoofing with SYN Cookies». Retrieved 2014-02-05.
  36. ^ «Some insights about the recent TCP DoS (Denial of Service) vulnerabilities» (PDF).
  37. ^ «Exploiting TCP and the Persist Timer Infiniteness».
  38. ^ «PUSH and ACK Flood». f5.com.
  39. ^ «Laurent Joncheray, Simple Active Attack Against TCP, 1995″.
  40. ^ John T. Hagen; Barry E. Mullins (2013). TCP veto: A novel network attack and its application to SCADA protocols. Innovative Smart Grid Technologies (ISGT), 2013 IEEE PES. pp. 1–6. doi:10.1109/ISGT.2013.6497785. ISBN 978-1-4673-4896-6. S2CID 25353177.
  41. ^ «TCP Interactive». www.medianet.kent.edu.
  42. ^ J. Iyengar; C. Raiciu; S. Barre; M. Handley; A. Ford (March 2011). Architectural Guidelines for Multipath TCP Development. Internet Engineering Task Force (IETF). doi:10.17487/RFC6182. RFC 6182. Informational.
  43. ^ Alan Ford; C. Raiciu; M. Handley; O. Bonaventure (January 2013). TCP Extensions for Multipath Operation with Multiple Addresses. Internet Engineering Task Force. doi:10.17487/RFC6824. ISSN 2070-1721. RFC 6824. Experimental. Obsoleted by RFC 8624.
  44. ^ Raiciu; Barre; Pluntke; Greenhalgh; Wischik; Handley (2011). «Improving datacenter performance and robustness with multipath TCP». ACM SIGCOMM Computer Communication Review. 41 (4): 266. CiteSeerX 10.1.1.306.3863. doi:10.1145/2043164.2018467. Archived from the original on 2020-04-04. Retrieved 2011-06-29.
  45. ^ «MultiPath TCP — Linux Kernel implementation».
  46. ^ Raiciu; Paasch; Barre; Ford; Honda; Duchene; Bonaventure; Handley (2012). «How Hard Can It Be? Designing and Implementing a Deployable Multipath TCP». Usenix NSDI: 399–412.
  47. ^ Bonaventure; Seo (2016). «Multipath TCP Deployments». IETF Journal.
  48. ^ Michael Kerrisk (2012-08-01). «TCP Fast Open: expediting web services». LWN.net.
  49. ^ Yuchung Cheng; Jerry Chu; Sivasankar Radhakrishnan & Arvind Jain (December 2014). «TCP Fast Open». IETF. Retrieved 10 January 2015.
  50. ^ Mathis, Matt; Dukkipati, Nandita; Cheng, Yuchung (May 2013). «RFC 6937 — Proportional Rate Reduction for TCP». Retrieved 6 June 2014.
  51. ^ Grigorik, Ilya (2013). High-performance browser networking (1. ed.). Beijing: O’Reilly. ISBN 978-1449344764.
  52. ^ W. Simpson (January 2011). TCP Cookie Transactions (TCPCT). IETF. doi:10.17487/RFC6013. ISSN 2070-1721. RFC 6013. Obsolete. Obsoleted by RFC 7805.
  53. ^ A. Zimmermann; W. Eddy; L. Eggert (April 2016). Moving Outdated TCP Extensions and TCP-Related Documents to Historic or Informational Status. IETF. doi:10.17487/RFC7805. ISSN 2070-1721. RFC 7805. Informational. Obsoletes RFC 675, 721, 761, 813, 816, 879, 896 and 6013. Updates RFC 7414, 4291, 4338, 4391, 5072 and 5121.
  54. ^ a b «TCP performance over CDMA2000 RLP». Archived from the original on 2011-05-03. Retrieved 2010-08-30.
  55. ^ Muhammad Adeel & Ahmad Ali Iqbal (2004). TCP Congestion Window Optimization for CDMA2000 Packet Data Networks. International Conference on Information Technology (ITNG’07). pp. 31–35. doi:10.1109/ITNG.2007.190. ISBN 978-0-7695-2776-5. S2CID 8717768.
  56. ^ Trammell & Kuehlewind 2019, p. 6.
  57. ^ Hardie 2019, p. 3.
  58. ^ Fairhurst & Perkins 2021, 3. Research, Development, and Deployment.
  59. ^ Hardie 2019, p. 8.
  60. ^ Thomson & Pauly 2021, 2.3. Multi-party Interactions and Middleboxes.
  61. ^ Thomson & Pauly 2021, A.5. TCP.
  62. ^ Papastergiou et al. 2017, p. 620.
  63. ^ Edeline & Donnet 2019, p. 175-176.
  64. ^ Raiciu et al. 2012, p. 1.
  65. ^ Hesmans et al. 2013, p. 1.
  66. ^ Rybczyńska 2020.
  67. ^ Papastergiou et al. 2017, p. 621.
  68. ^ Corbet 2015.
  69. ^ Briscoe et al. 2006, p. 29-30.
  70. ^
    Yunhong Gu, Xinwei Hong, and Robert L. Grossman.
    «An Analysis of AIMD Algorithm with Decreasing Increases».
    2004.
  71. ^ S. Deering; R. Hinden (July 2017). Internet Protocol, Version 6 (IPv6) Specification. IETF. doi:10.17487/RFC8200. STD 86. RFC 8200. Internet Standard. Obsoletes RFC 2460.
  72. ^ «Wireshark: Offloading». Wireshark captures packets before they are sent to the network adapter. It won’t see the correct checksum because it has not been calculated yet. Even worse, most OSes don’t bother initialize this data so you’re probably seeing little chunks of memory that you shouldn’t. New installations of Wireshark 1.2 and above disable IP, TCP, and UDP checksum validation by default. You can disable checksum validation in each of those dissectors by hand if needed.
  73. ^ «Wireshark: Checksums». Checksum offloading often causes confusion as the network packets to be transmitted are handed over to Wireshark before the checksums are actually calculated. Wireshark gets these «empty» checksums and displays them as invalid, even though the packets will contain valid checksums when they leave the network hardware later.

Bibliography[edit]

  • Trammell, Brian; Kuehlewind, Mirja (April 2019). The Wire Image of a Network Protocol. doi:10.17487/RFC8546. RFC 8546.
  • Hardie, Ted, ed. (April 2019). Transport Protocol Path Signals. doi:10.17487/RFC8558. RFC 8558.
  • Fairhurst, Gorry; Perkins, Colin (July 2021). Considerations around Transport Header Confidentiality, Network Operations, and the Evolution of Internet Transport Protocols. doi:10.17487/RFC9065. RFC 9065.
  • Thomson, Martin; Pauly, Tommy (December 2021). Long-Term Viability of Protocol Extension Mechanisms. doi:10.17487/RFC9170. RFC 9170.
  • Hesmans, Benjamin; Duchene, Fabien; Paasch, Christoph; Detal, Gregory; Bonaventure, Olivier (2013). Are TCP extensions middlebox-proof?. HotMiddlebox ’13. doi:10.1145/2535828.2535830.
  • Corbet, Jonathan (8 December 2015). «Checksum offloads and protocol ossification». LWN.net.
  • Briscoe, Bob; Brunstrom, Anna; Petlund, Andreas; Hayes, David; Ros, David; Tsang, Ing-Jyh; Gjessing, Stein; Fairhurst, Gorry; Griwodz, Carsten; Welzl, Michael (2016). «Reducing Internet Latency: A Survey of Techniques and Their Merits». IEEE Communications Surveys & Tutorials. 18 (3): 2149–2196. doi:10.1109/COMST.2014.2375213. hdl:2164/8018. S2CID 206576469.
  • Papastergiou, Giorgos; Fairhurst, Gorry; Ros, David; Brunstrom, Anna; Grinnemo, Karl-Johan; Hurtig, Per; Khademi, Naeem; Tüxen, Michael; Welzl, Michael; Damjanovic, Dragana; Mangiante, Simone (2017). «De-Ossifying the Internet Transport Layer: A Survey and Future Perspectives». IEEE Communications Surveys & Tutorials. doi:10.1109/COMST.2016.2626780.
  • Edeline, Korian; Donnet, Benoit (2019). A Bottom-Up Investigation of the Transport-Layer Ossification. 2019 Network Traffic Measurement and Analysis Conference (TMA). doi:10.23919/TMA.2019.8784690.
  • Rybczyńska, Marta (13 March 2020). «A QUIC look at HTTP/3». LWN.net.

Further reading[edit]

  • Stevens, W. Richard (1994-01-10). TCP/IP Illustrated, Volume 1: The Protocols. Addison-Wesley Pub. Co. ISBN 978-0-201-63346-7.
  • Stevens, W. Richard; Wright, Gary R (1994). TCP/IP Illustrated, Volume 2: The Implementation. ISBN 978-0-201-63354-2.
  • Stevens, W. Richard (1996). TCP/IP Illustrated, Volume 3: TCP for Transactions, HTTP, NNTP, and the UNIX Domain Protocols. ISBN 978-0-201-63495-2.**

External links[edit]

  • Oral history interview with Robert E. Kahn
  • IANA Port Assignments
  • IANA TCP Parameters
  • John Kristoff’s Overview of TCP (Fundamental concepts behind TCP and how it is used to transport data between two endpoints)
  • Checksum example
  • TCP tutorial
Источник
Port TCP UDP SCTP DCCP Description 1024 Reserved Reserved Reserved 1025 Yes Yes Teradata database management system (Teradata) server 1027 Reserved Reserved Yes Native IPv6 behind IPv4-to-IPv4 NAT Customer Premises Equipment (6a44)[121] 1028 Reserved[2] 1029 Unofficial Microsoft DCOM services 1058 Yes Yes nim, IBM AIX Network Installation Manager (NIM) 1059 Yes Yes nimreg, IBM AIX Network Installation Manager (NIM) 1080 Yes Yes SOCKS proxy 1085 Yes Yes WebObjects[11] 1098 Yes Yes rmiactivation, Java remote method invocation (RMI) activation 1099 Yes Assigned rmiregistry, Java remote method invocation (RMI) registry 1109 Reserved Reserved Reserved 1113 Assigned
[note 2][122] Yes[123] Licklider Transmission Protocol (LTP) delay tolerant networking protocol 1119 Yes Yes Battle.net chat/game protocol, used by Blizzard’s games[124] 1167 Yes Yes Yes Cisco IP SLA (Service Assurance Agent) 1194 Yes Yes OpenVPN 1198 Yes Yes The cajo project Free dynamic transparent distributed computing in Java 1212 Unofficial Unofficial Equalsocial Fediverse protocol 1214 Yes Yes Kazaa 1220 Yes Assigned QuickTime Streaming Server administration[11] 1234 Yes Yes Infoseek search agent Unofficial VLC media player default port for UDP/RTP stream 1241 Unofficial Unofficial Nessus Security Scanner 1270 Yes Yes Microsoft System Center Operations Manager (SCOM) (formerly Microsoft Operations Manager (MOM)) agent 1293 Yes Yes Internet Protocol Security (IPSec) 1311 Yes Yes Windows RxMon.exe Unofficial Dell OpenManage HTTPS[125] 1314 Unofficial Festival Speech Synthesis System server[126] 1319 Yes Yes AMX ICSP (Protocol for communications with AMX control systems devices) 1337 Yes Yes Men&Mice DNS[127] Unofficial Strapi[128] Unofficial Sails.js default port[129] 1341 Yes Yes Qubes (Manufacturing Execution System) 1344 Yes Yes Internet Content Adaptation Protocol 1352 Yes Yes IBM Lotus Notes/Domino (RPC) protocol 1360 Yes Yes Mimer SQL 1414 Yes Yes IBM WebSphere MQ (formerly known as MQSeries) 1417 Yes Yes Timbuktu Service 1 Port 1418 Yes Yes Timbuktu Service 2 Port 1419 Yes Yes Timbuktu Service 3 Port 1420 Yes Yes Timbuktu Service 4 Port 1431 Yes Reverse Gossip Transport Protocol (RGTP), used to access a General-purpose Reverse-Ordered Gossip Gathering System (GROGGS) bulletin board, such as that implemented on the Cambridge University’s Phoenix system 1433 Yes Yes Microsoft SQL Server database management system (MSSQL) server 1434 Yes Yes Microsoft SQL Server database management system (MSSQL) monitor 1476 Yes Yes WiFi Pineapple Hak5. 1481 Yes Yes AIRS data interchange. 1492 Unofficial Sid Meier’s CivNet, a multiplayer remake of the original Sid Meier’s Civilization game[citation needed] 1494 Unofficial Unofficial Citrix Independent Computing Architecture (ICA)[130] 1500 Unofficial IBM Tivoli Storage Manager server[131] 1501 Unofficial IBM Tivoli Storage Manager client scheduler[131] 1503 Unofficial Unofficial Windows Live Messenger (Whiteboard and Application Sharing)[132] 1512 Yes Yes Microsoft’s Windows Internet Name Service (WINS) 1513 Unofficial Unofficial Garena game client[citation needed] 1521 Yes Yes nCUBE License Manager Unofficial Oracle database default listener, in future releases[when?][133] official port 2483 (TCP/IP) and 2484 (TCP/IP with SSL) 1524 Yes Yes ingreslock, ingres 1527 Yes Yes Oracle Net Services, formerly known as SQL*Net[134] Unofficial Apache Derby Network Server[135] 1533 Yes Yes IBM Sametime Virtual Places Chat 1534 No Unofficial Eclipse Target Communication Framework[136] 1540 Unofficial Unofficial 1C:Enterprise server agent (ragent)[137][138] 1541 Unofficial Unofficial 1C:Enterprise master cluster manager (rmngr)[137] 1542 Unofficial Unofficial 1C:Enterprise configuration repository server[137] 1545 Unofficial Unofficial 1C:Enterprise cluster administration server (RAS)[137] 1547 Yes Yes Laplink 1550 Unofficial Unofficial 1C:Enterprise debug server[137] Unofficial Gadu-Gadu (direct client-to-client)[citation needed] 1560–1590 Unofficial Unofficial 1C:Enterprise cluster working processes[137] 1581 Yes Yes MIL STD 2045-47001 VMF Unofficial IBM Tivoli Storage Manager web client[131] 1582–1583 Unofficial IBM Tivoli Storage Manager server web interface[131] 1583 Unofficial Pervasive PSQL[139] 1589 Yes Yes Cisco VLAN Query Protocol (VQP) 1604 Unofficial Unofficial DarkComet remote administration tool (RAT)[citation needed] 1626 Unofficial iSketch[140] 1627 Unofficial iSketch[140] 1628 Yes Yes LonTalk normal 1629 Yes Yes LonTalk urgent 1645 No Unofficial Early deployment of RADIUS before RFC standardization was done using UDP port number 1645. Enabled for compatibility reasons by default on Cisco[citation needed] and Juniper Networks RADIUS servers.[141] Official port is 1812. TCP port 1645 must not be used.[142] 1646 No Unofficial Old radacct port,[when?] RADIUS accounting protocol. Enabled for compatibility reasons by default on Cisco[citation needed] and Juniper Networks RADIUS servers.[141] Official port is 1813. TCP port 1646 must not be used.[142] 1666 Unofficial Perforce[143] 1677 Yes Yes Novell GroupWise clients in client/server access mode 1688 Unofficial Microsoft Key Management Service (KMS) for Windows Activation[144] 1701 Yes Yes Layer 2 Forwarding Protocol (L2F) Assigned Yes Layer 2 Tunneling Protocol (L2TP)[11] 1707 Yes Yes Windward Studios games (vdmplay) Unofficial L2TP/IPsec, for establish an initial connection[145] 1714–1764 Unofficial Unofficial KDE Connect[146] 1716 Unofficial America’s Army, a massively multiplayer online game (MMO)[147] 1719 Yes Yes H.323 registration and alternate communication 1720 Yes Yes H.323 call signaling 1723 Yes Assigned Point-to-Point Tunneling Protocol (PPTP)[11] 1755 Yes Yes Microsoft Media Services (MMS, ms-streaming) 1761 Unofficial Unofficial Novell ZENworks[148][149] 1776 Yes Emergency management information system 1783 Reserved «Decomissioned [sic] Port 04/14/00, ms»[2] 1801 Yes Yes Microsoft Message Queuing 1812 Yes Yes RADIUS authentication protocol, radius 1813 Yes Yes RADIUS accounting protocol, radius-acct 1863 Yes Yes Microsoft Notification Protocol (MSNP), used by the Microsoft Messenger service and a number of instant messaging Messenger clients 1880 Unofficial Node-RED[150] 1883 Yes Yes MQTT (formerly MQ Telemetry Transport) 1900 Assigned Yes Simple Service Discovery Protocol (SSDP),[11] discovery of UPnP devices 1935 Yes Yes Macromedia Flash Communications Server MX, the precursor to Adobe Flash Media Server before Macromedia’s acquisition by Adobe on December 3, 2005 Unofficial Unofficial Real Time Messaging Protocol (RTMP)[citation needed], primarily used in Adobe Flash[151] 1965 Unofficial No Gemini, a lightweight, collaboratively designed protocol, striving to fill the gap between Gopher and HTTP[152] 1967 Unofficial Cisco IOS IP Service Level Agreements (IP SLAs) Control Protocol[citation needed] 1972 Yes Yes InterSystems Caché 1984 Yes Yes Big Brother 1985 Assigned Yes Cisco Hot Standby Router Protocol (HSRP)[153][self-published source] 1998 Yes Yes Cisco X.25 over TCP (XOT) service 2000 Yes Yes Cisco Skinny Client Control Protocol (SCCP) 2010 Unofficial Artemis: Spaceship Bridge Simulator[154] 2033 Unofficial Unofficial Civilization IV multiplayer[155] 2049 Yes Yes Yes Network File System (NFS)[11] 2056 Unofficial Unofficial Civilization IV multiplayer[155] 2080 Yes Yes Autodesk NLM (FLEXlm) 2082 Unofficial cPanel default[156] 2083 Yes Yes Secure RADIUS Service (radsec) Unofficial cPanel default SSL[156] 2086 Yes Yes GNUnet Unofficial WebHost Manager default[156] 2087 Unofficial WebHost Manager default SSL[156] 2095 Yes cPanel default web mail[156] 2096 Unofficial cPanel default SSL web mail[156] 2100 Unofficial Warzone 2100 multiplayer[citation needed] 2101 Unofficial Networked Transport of RTCM via Internet Protocol (NTRIP)[citation needed] 2102 Yes Yes Zephyr Notification Service server 2103 Yes Yes Zephyr Notification Service serv-hm connection 2104 Yes Yes Zephyr Notification Service hostmanager 2123 Yes Yes GTP control messages (GTP-C) 2142 Yes Yes TDMoIP (TDM over IP) 2152 Yes Yes GTP user data messages (GTP-U) 2159 Yes Yes GDB remote debug port 2181 Yes Yes EForward-document transport system Unofficial Apache ZooKeeper default client port[citation needed] 2195 Unofficial Apple Push Notification Service, binary, gateway.[11][157] Deprecated March 2021.[158] 2196 Unofficial Apple Push Notification Service, binary, feedback.[11][157] Deprecated March 2021.[158] 2197 Unofficial Apple Push Notification Service, HTTP/2, JSON-based API. 2210 Yes Yes NOAAPORT Broadcast Network 2211 Yes Yes EMWIN 2221 Unofficial ESET anti-virus updates[159] 2222 Yes Yes EtherNet/IP implicit messaging for IO data Unofficial DirectAdmin Access[160] 2222–2226 Yes ESET Remote administrator[159] 2240 Yes Yes General Dynamics Remote Encryptor Configuration Information Protocol (RECIPe) 2261 Yes Yes CoMotion master 2262 Yes Yes CoMotion backup 2302 Unofficial ArmA multiplayer[161] Unofficial Halo: Combat Evolved multiplayer host[162] 2303 Unofficial ArmA multiplayer (default port for game +1)[161] Unofficial Halo: Combat Evolved multiplayer listener[162] 2305 Unofficial ArmA multiplayer (default port for game +3)[161] 2351 Unofficial AIM game LAN network port[citation needed] 2368 Unofficial Ghost (blogging platform)[163] 2369 Unofficial Default for BMC Control-M/Server Configuration Agent 2370 Unofficial Default for BMC Control-M/Server, to allow the Control-M/Enterprise Manager to connect to the Control-M/Server 2372 Unofficial Default for K9 Web Protection/parental controls, content filtering agent[citation needed] 2375 Yes Reserved Docker REST API (plain) 2376 Yes Reserved Docker REST API (SSL) 2377 Yes Reserved Docker Swarm cluster management communications[164][self-published source] 2379 Yes Reserved CoreOS etcd client communication Unofficial KGS Go Server[165] 2380 Yes Reserved CoreOS etcd server communication 2389 Assigned OpenView Session Mgr 2399 Yes Yes FileMaker Data Access Layer (ODBC/JDBC) 2401 Yes Yes CVS version control system password-based server 2404 Yes Yes IEC 60870-5-104, used to send electric power telecontrol messages between two systems via directly connected data circuits 2424 Unofficial OrientDB database listening for binary client connections[166] 2427 Yes Yes Media Gateway Control Protocol (MGCP) media gateway 2447 Yes Yes ovwdb—OpenView Network Node Manager (NNM) daemon 2456 Unofficial Unofficial Valheim 2459 Yes Yes XRPL 2480 Unofficial OrientDB database listening for HTTP client connections[166] 2483 Yes Yes Oracle database listening for insecure client connections to the listener, replaces port 1521[when?] 2484 Yes Yes Oracle database listening for SSL client connections to the listener 2500 Unofficial Unofficial NetFS communication[167] 2501 Unofficial NetFS probe 2535 Yes Yes Multicast Address Dynamic Client Allocation Protocol (MADCAP).[168] All standard messages are UDP datagrams.[169] 2541 Yes Yes LonTalk/IP 2546–2548 Yes Yes EVault data protection services 2593 Unofficial Unofficial Ultima Online servers[citation needed] 2598 Unofficial Citrix Independent Computing Architecture (ICA) with Session Reliability; port 1494 without session reliability[130] 2599 Unofficial Unofficial Ultima Online servers[citation needed] 2628 Yes Yes DICT[170] 2638 Yes Yes SQL Anywhere database server[171][172] 2710 Unofficial Unofficial XBT Tracker.[173] UDP tracker extension is considered experimental.[174] 2727 Yes Yes Media Gateway Control Protocol (MGCP) media gateway controller (call agent) 2775 Yes Yes Short Message Peer-to-Peer (SMPP)[citation needed] 2809 Yes Yes corbaloc:iiop URL, per the CORBA 3.0.3 specification 2811 Yes Yes gsi ftp, per the GridFTP specification 2827 Unofficial I2P BOB Bridge[175] 2944 Yes Yes Megaco text H.248 2945 Yes Yes Megaco binary (ASN.1) H.248 2947 Yes Yes gpsd, GPS daemon 2948–2949 Yes Yes WAP push Multimedia Messaging Service (MMS) 2967 Yes Yes Symantec System Center agent (SSC-AGENT) 3000 Unofficial Ruby on Rails development default[176] Unofficial Meteor development default[177][failed verification] Unofficial Unofficial Resilio Sync,[178] spun from BitTorrent Sync. Unofficial Create React App, script to create single-page React applications[179] Unofficial Gogs (self-hosted GIT service) [180] Unofficial Grafana[181] 3001 Yes No Honeywell Prowatch[182] 3004 Unofficial iSync[11] 3010 Yes Yes KWS Connector 3020 Yes Yes Common Internet File System (CIFS). See also port 445 for Server Message Block (SMB), a dialect of CIFS. 3050 Yes Yes gds-db (Interbase/Firebird databases) 3052 Yes Yes APC PowerChute Network 3074 Yes Yes Xbox LIVE and Games for Windows – Live 3101 Unofficial BlackBerry Enterprise Server communication protocol[183] 3128 Unofficial No Squid caching web proxy[184] 3225 Yes Yes Fibre Channel over IP (FCIP) 3233 Yes Yes WhiskerControl research control protocol 3260 Yes Yes iSCSI 3268 Yes Yes msft-gc, Microsoft Global Catalog (LDAP service which contains data from Active Directory forests) 3269 Yes Yes msft-gc-ssl, Microsoft Global Catalog over SSL (similar to port 3268, LDAP over SSL) 3283 Yes Yes Net Assistant,[11] a predecessor to Apple Remote Desktop Unofficial Unofficial Apple Remote Desktop 2.0 or later[11] 3290 Unofficial Virtual Air Traffic Simulation (VATSIM) network voice communication[citation needed] 3305 Yes Yes Odette File Transfer Protocol (OFTP) 3306 Yes Assigned MySQL database system[11] 3323 Unofficial Unofficial DECE GEODI Server 3332 Unofficial Thundercloud DataPath Overlay Control 3333 Unofficial Eggdrop, an IRC bot default port[185] Unofficial Network Caller ID server Unofficial CruiseControl.rb[186] Unofficial OpenOCD (gdbserver)[187] 3351 Unofficial Pervasive PSQL[139] 3386 Yes Yes GTP’ 3GPP GSM/UMTS CDR logging protocol 3389 Yes Yes Microsoft Terminal Server (RDP) officially registered as Windows Based Terminal (WBT)[188] 3396 Yes Yes Novell NDPS Printer Agent 3412 Yes Yes xmlBlaster 3423 Yes Xware xTrm Communication Protocol 3424 Yes Xware xTrm Communication Protocol over SSL 3435 Yes Yes Pacom Security User Port 3455 Yes Yes Resource Reservation Protocol (RSVP) 3478 Yes Yes STUN, a protocol for NAT traversal[189] Yes Yes TURN, a protocol for NAT traversal[190] (extension to STUN) Yes Yes STUN Behavior Discovery.[191] See also port 5349. 3479 Unofficial Unofficial PlayStation Network[192] 3480 Unofficial Unofficial PlayStation Network[192] 3483 Yes Slim Devices discovery protocol Yes Slim Devices SlimProto protocol 3493 Yes Yes Network UPS Tools (NUT) 3503 Yes Yes MPLS LSP-echo Port 3516 Yes Yes Smartcard Port 3527 Yes Microsoft Message Queuing 3535 Unofficial SMTP alternate[193] 3544 Yes Teredo tunneling 3551 Yes Yes Apcupsd Information Port [194] 3601 Yes SAP Message Server Port[195] 3632 Yes Assigned Distcc, distributed compiler[11] 3645 Yes Yes Cyc 3659 Yes Yes Apple SASL, used by macOS Server Password Server[11] Unofficial Battlefield 4 3667 Yes Yes Information Exchange 3671 Yes Yes KNXnet/IP(EIBnet/IP) 3689 Yes Assigned Digital Audio Access Protocol (DAAP), used by Apple’s iTunes and AirPlay[11] 3690 Yes Yes Subversion (SVN)[11] version control system 3702 Yes Yes Web Services Dynamic Discovery (WS-Discovery), used by various components of Windows Vista and later 3724 Yes Yes Some Blizzard games[124] Unofficial Club Penguin Disney online game for kids 3725 Yes Yes Netia NA-ER Port 3749 Yes Yes CimTrak registered port 3768 Yes Yes RBLcheckd server daemon 3784 Yes Bidirectional Forwarding Detection (BFD)for IPv4 and IPv6 (Single Hop) (RFC 5881) 3785 Unofficial VoIP program used by Ventrilo 3799 Yes RADIUS change of authorization 3804 Yes Yes Harman Professional HiQnet protocol 3825 Unofficial RedSeal Networks client/server connection[citation needed] 3826 Yes Yes WarMUX game server Unofficial RedSeal Networks client/server connection[citation needed] 3835 Unofficial RedSeal Networks client/server connection[citation needed] 3830 Yes Yes System Management Agent, developed and used by Cerner to monitor and manage solutions 3856 Unofficial Unofficial ERP Server Application used by F10 Software 3880 Yes Yes IGRS 3868 Yes Yes Diameter base protocol (RFC 3588) 3872 Yes Oracle Enterprise Manager Remote Agent 3900 Yes udt_os, IBM UniData UDT OS[196] 3960 Unofficial Warframe online interaction[citation needed] 3962 Unofficial Warframe online interaction[citation needed] 3978 Unofficial Unofficial OpenTTD game (masterserver and content service) 3978 Unofficial Palo Alto Networks’ Panorama management of firewalls and log collectors & pre-PAN-OS 8.0 Panorama-to-managed devices software updates.[197] 3979 Unofficial Unofficial OpenTTD game 3999 Yes Yes Norman distributed scanning service 4000 Unofficial Unofficial Diablo II game 4001 Unofficial Microsoft Ants game Unofficial CoreOS etcd client communication 4018 Yes Yes Protocol information and warnings[clarification needed] 4035 Unofficial IBM Rational Developer for System z Remote System Explorer Daemon 4045 Unofficial Unofficial Solaris lockd NFS lock daemon/manager 4050 Unofficial Mud Master Chat protocol (MMCP) — Peer-to-peer communications between MUD clients.[198] 4069 Yes Minger Email Address Verification Protocol[199] 4070 Unofficial Unofficial Amazon Echo Dot (Amazon Alexa) streaming connection with Spotify[200] 4089 Yes Yes OpenCORE Remote Control Service 4090 Yes Yes Kerio 4093 Yes Yes PxPlus Client server interface ProvideX 4096 Yes Yes Ascom Timeplex Bridge Relay Element (BRE) 4105 Yes Yes Shofar (ShofarNexus) 4111 Yes Assigned Xgrid[11] 4116 Yes Yes Smartcard-TLS 4125 Unofficial Microsoft Remote Web Workplace administration 4172 Yes Yes Teradici PCoIP 4190 Yes ManageSieve[201] 4195 Yes Yes Yes Yes AWS protocol for cloud remoting solution 4197 Yes Yes Harman International’s HControl protocol for control and monitoring of Audio, Video, Lighting and Control equipment 4198 Unofficial Unofficial Couch Potato Android app[202] 4200 Unofficial Angular app 4201 Unofficial TinyMUD and various derivatives 4222 Unofficial NATS server default port[203] 4226 Unofficial Unofficial Aleph One, a computer game 4242 Unofficial Orthanc – DICOM server[204] Unofficial Quassel distributed IRC client 4243 Unofficial Docker implementations, redistributions, and setups default[205][needs update?] Unofficial CrashPlan 4244 Unofficial Unofficial Viber[206] 4303 Yes Yes Simple Railroad Command Protocol (SRCP) 4307 Yes TrueConf Client — TrueConf Server media data exchange[207] 4321 Yes Referral Whois (RWhois) Protocol[208] 4444 Unofficial Unofficial Oracle WebCenter Content: Content Server—Intradoc Socket port. (formerly known as Oracle Universal Content Management). Unofficial Metasploit’s default listener port[209] Unofficial Unofficial Xvfb X server virtual frame buffer service Unofficial OpenOCD (Telnet)[187] 4444–4445 Unofficial I2P HTTP/S proxy 4486 Yes Yes Integrated Client Message Service (ICMS) 4488 Yes Assigned Apple Wide Area Connectivity Service, used by Back to My Mac[11] 4500 Assigned Yes IPSec NAT Traversal[11] (RFC 3947, RFC 4306) 4502–4534 Yes Microsoft Silverlight connectable ports under non-elevated trust 4505–4506 Unofficial Salt master 4534 Unofficial Armagetron Advanced server default 4560 Unofficial default Log4j socketappender port 4567 Unofficial Sinatra default server port in development mode (HTTP) 4569 Yes Inter-Asterisk eXchange (IAX2) 4604 Yes Identity Registration Protocol 4605 Yes Direct End to End Secure Chat Protocol 4610–4640 Unofficial QualiSystems TestShell Suite Services 4662 Yes Yes OrbitNet Message Service Unofficial Default for older versions of eMule[210] 4664 Unofficial Google Desktop Search 4672 Unofficial Default for older versions of eMule[210] 4711 Unofficial eMule optional web interface[210] 4713 Unofficial PulseAudio sound server 4723 Unofficial Appium open source automation tool 4724 Unofficial Default bootstrap port to use on device to talk to Appium 4728 Yes Computer Associates Desktop and Server Management (DMP)/Port Multiplexer[211] 4730 Yes Yes Gearman’s job server 4739 Yes Yes IP Flow Information Export 4747 Unofficial Apprentice 4753 Yes Yes SIMON (service and discovery) 4789 Yes Virtual eXtensible Local Area Network (VXLAN) 4791 Yes IP Routable RocE (RoCEv2) 4840 Yes Yes OPC UA Connection Protocol (TCP) and OPC UA Multicast Datagram Protocol (UDP) for OPC Unified Architecture from OPC Foundation 4843 Yes Yes OPC UA TCP Protocol over TLS/SSL for OPC Unified Architecture from OPC Foundation 4847 Yes Yes Web Fresh Communication, Quadrion Software & Odorless Entertainment 4848 Unofficial Java, Glassfish Application Server administration default 4894 Yes Yes LysKOM Protocol A 4944 No Unofficial DrayTek DSL Status Monitoring[212] 4949 Yes Munin Resource Monitoring Tool 4950 Yes Yes Cylon Controls UC32 Communications Port 5000 Unofficial UPnP—Windows network device interoperability Unofficial Unofficial VTun, VPN Software Unofficial ASP.NET Core — Development Webserver Unofficial FlightGear multiplayer[213] Unofficial Synology Inc. Management Console, File Station, Audio Station Unofficial Flask Development Webserver Unofficial Heroku console access Unofficial Docker Registry[214] Unofficial AT&T U-verse public, educational, and government access (PEG) streaming over HTTP[215] Unofficial High-Speed SECS Message Services[citation needed] Unofficial 3CX Phone System Management Console/Web Client (HTTP) Unofficial RidgeRun GStreamer Daemon (GSTD) [216] Unofficial Apple’s AirPlay Receiver[217] 5000–5500 No Unofficial League of Legends, a multiplayer online battle arena video game[218] 5001 Unofficial Slingbox and Slingplayer Unofficial Unofficial Iperf (Tool for measuring TCP and UDP bandwidth performance) Unofficial Synology Inc. Secured Management Console, File Station, Audio Station Unofficial 3CX Phone System Management Console/Web Client (HTTPS) 5002 Unofficial ASSA ARX access control system[219] 5003 Yes Assigned FileMaker – name binding and transport[11] 5004 Yes Yes Yes Real-time Transport Protocol media data (RTP) (RFC 3551, RFC 4571) 5005 Yes Yes Yes Real-time Transport Protocol control protocol (RTCP) (RFC 3551, RFC 4571) 5007 Unofficial Palo Alto Networks — User-ID agent 5010 Yes Yes Registered to: TelePath (the IBM FlowMark workflow-management system messaging platform)[220]
The TCP port is now used for: IBM WebSphere MQ Workflow 5011 Yes Yes TelePath (the IBM FlowMark workflow-management system messaging platform)[220] 5022 Unofficial MSSQL Server Replication and Database mirroring endpoints[221] 5025 Yes Yes scpi-raw Standard Commands for Programmable Instruments 5029 Unofficial Sonic Robo Blast 2 and Sonic Robo Blast 2 Kart servers 5031 Unofficial Unofficial AVM CAPI-over-TCP (ISDN over Ethernet tunneling)[citation needed] 5037 Unofficial Android ADB server 5044 Yes Standard port in Filebeats/Logstash implementation of Lumberjack protocol. 5048 Yes Texai Message Service 5050 Unofficial Yahoo! Messenger 5051 Yes ita-agent Symantec Intruder Alert[222] 5060 Yes Yes Session Initiation Protocol (SIP)[11] 5061 Yes[223] Session Initiation Protocol (SIP) over TLS 5062 Yes Yes Localisation access 5064 Yes Yes EPICS Channel Access server[224] 5065 Assigned Yes EPICS Channel Access repeater beacon[224] 5070 Unofficial No Binary Floor Control Protocol (BFCP)[225] 5080 Unofficial Unofficial List of telephone switches#NEC[NEC Phone System] NEC SV8100 and SV9100 MLC Phones Default iSIP Port 5084 Yes Yes EPCglobal Low Level Reader Protocol (LLRP) 5085 Yes Yes EPCglobal Low Level Reader Protocol (LLRP) over TLS 5090 Unofficial Unofficial 3CX Phone System 3CX Tunnel Protocol, 3CX App API, 3CX Session Border Controller 5093 Yes SafeNet, Inc Sentinel LM, Sentinel RMS, License Manager, client-to-server 5099 Yes Yes SafeNet, Inc Sentinel LM, Sentinel RMS, License Manager, server-to-server 5104 Unofficial IBM Tivoli Framework NetCOOL/Impact[226] HTTP Service 5121 Unofficial Neverwinter Nights 5124 Unofficial Unofficial TorgaNET (Micronational Darknet) 5125 Unofficial Unofficial TorgaNET (Micronational Intelligence Darknet) 5150 Yes Yes ATMP Ascend Tunnel Management Protocol[227] 5151 Yes ESRI SDE Instance Yes ESRI SDE Remote Start 5154 Yes Yes BZFlag 5172 Yes PC over IP Endpoint Management[228] 5173 Unofficial Vite 5190 Yes Yes AOL Instant Messenger protocol.[11] The chat app is defunct as of 15 December 2017.[229] 5198 Unofficial EchoLink VoIP Amateur Radio Software (Voice) 5199 Unofficial EchoLink VoIP Amateur Radio Software (Voice) 5200 Unofficial EchoLink VoIP Amateur Radio Software (Information) 5201 Unofficial Unofficial Iperf3 (Tool for measuring TCP and UDP bandwidth performance) 5222 Yes Reserved Extensible Messaging and Presence Protocol (XMPP) client connection[11][230][231] 5223 Unofficial Apple Push Notification Service[11][157] Unofficial Extensible Messaging and Presence Protocol (XMPP) client connection over SSL 5228 Yes HP Virtual Room Service Unofficial Google Play, Android Cloud to Device Messaging Service, Google Cloud Messaging 5242 Unofficial Unofficial Viber[206] 5243 Unofficial Unofficial Viber[206] 5246 Yes Control And Provisioning of Wireless Access Points (CAPWAP) CAPWAP control[232] 5247 Yes Control And Provisioning of Wireless Access Points (CAPWAP) CAPWAP data[232] 5269 Yes Extensible Messaging and Presence Protocol (XMPP) server-to-server connection[11][230][231] 5280 Yes Extensible Messaging and Presence Protocol (XMPP)[233] 5281 Unofficial Extensible Messaging and Presence Protocol (XMPP)[234] 5298 Yes Yes Extensible Messaging and Presence Protocol (XMPP)[235] 5310 Assigned Yes Outlaws, a 1997 first-person shooter video game[236] 5318 Yes Reserved Certificate Management over CMS[237] 5349 Yes Yes STUN over TLS/DTLS, a protocol for NAT traversal[189] Yes Yes TURN over TLS/DTLS, a protocol for NAT traversal[190] Yes Reserved STUN Behavior Discovery over TLS.[191] See also port 3478. 5351 Reserved Yes NAT Port Mapping Protocol and Port Control Protocol—client-requested configuration for connections through network address translators and firewalls 5353 Assigned Yes Multicast DNS (mDNS)[11] 5355 Yes Yes Link-Local Multicast Name Resolution (LLMNR), allows hosts to perform name resolution for hosts on the same local link (only provided by Windows Vista and Server 2008) 5357 Unofficial Unofficial Web Services for Devices (WSDAPI) (only provided by Windows Vista, Windows 7 and Server 2008) 5358 Unofficial Unofficial WSDAPI Applications to Use a Secure Channel (only provided by Windows Vista, Windows 7 and Server 2008) 5394 Unofficial Kega Fusion, a Sega multi-console emulator[238][239] 5402 Yes Yes Multicast File Transfer Protocol (MFTP)[240][importance?] 5405 Yes Yes NetSupport Manager 5412 Yes Yes IBM Rational Synergy (Telelogic Synergy) (Continuus CM) Message Router 5413 Yes Yes Wonderware SuiteLink service 5417 Yes Yes SNS Agent 5421 Yes Yes NetSupport Manager 5432 Yes Assigned PostgreSQL[11] database system 5433 Unofficial Bouwsoft file/webserver[241] 5445 Unofficial Cisco Unified Video Advantage[citation needed] 5450 Unofficial Unofficial OSIsoft PI Server Client Access [242] 5457 Unofficial OSIsoft PI Asset Framework Client Access [243] 5458 Unofficial OSIsoft PI Notifications Client Access [244] 5480 Unofficial VMware VAMI (Virtual Appliance Management Infrastructure)—used for initial setup of various administration settings on Virtual Appliances designed using the VAMI architecture. 5481 Unofficial Schneider Electric’s ClearSCADA (SCADA implementation for Windows) — used for client-to-server communication.[245] 5495 Unofficial IBM Cognos TM1 Admin server 5498 Unofficial Hotline tracker server connection 5499 Unofficial Hotline tracker server discovery 5500 Unofficial Hotline control connection Unofficial VNC Remote Frame Buffer RFB protocol—for incoming listening viewer 5501 Unofficial Hotline file transfer connection 5517 Unofficial Setiqueue Proxy server client for SETI@Home project 5550 Unofficial Hewlett-Packard Data Protector[citation needed] 5554 Unofficial Unofficial Fastboot default wireless port 5555 Unofficial Unofficial Oracle WebCenter Content: Inbound Refinery—Intradoc Socket port. (formerly known as Oracle Universal Content Management). Port though often changed during installation Unofficial Freeciv versions up to 2.0, Hewlett-Packard Data Protector, McAfee EndPoint Encryption Database Server, SAP, Default for Microsoft Dynamics CRM 4.0, Softether VPN default port 5556 Yes Yes Freeciv, Oracle WebLogic Server Node Manager[246] 5568 Yes Yes Session Data Transport (SDT), a part of Architecture for Control Networks (ACN)[247][full citation needed] 5601 Unofficial Kibana[248] 5631 Yes pcANYWHEREdata, Symantec pcAnywhere (version 7.52 and later[249])[250] data 5632 Yes pcANYWHEREstat, Symantec pcAnywhere (version 7.52 and later) status 5656 Unofficial IBM Lotus Sametime p2p file transfer 5666 Unofficial NRPE (Nagios) 5667 Unofficial NSCA (Nagios) 5670 Yes FILEMQ ZeroMQ File Message Queuing Protocol Yes ZRE-DISC ZeroMQ Realtime Exchange Protocol (Discovery) 5671 Yes Assigned Advanced Message Queuing Protocol (AMQP)[251] over TLS 5672 Yes Assigned Yes Advanced Message Queuing Protocol (AMQP)[251] 5683 Yes Yes Constrained Application Protocol (CoAP) 5684 Yes Yes Constrained Application Protocol Secure (CoAPs) 5693 Unofficial Nagios Cross Platform Agent (NCPA)[252] 5701 Unofficial Hazelcast default communication port[253] 5718 Unofficial Microsoft DPM Data Channel (with the agent coordinator) 5719 Unofficial Microsoft DPM Data Channel (with the protection agent) 5722 Yes Yes Microsoft RPC, DFSR (SYSVOL) Replication Service[citation needed] 5723 Unofficial System Center Operations Manager[254] 5724 Unofficial Operations Manager Console 5741 Yes Yes IDA Discover Port 1 5742 Yes Yes IDA Discover Port 2 5800 Unofficial VNC Remote Frame Buffer RFB protocol over HTTP Unofficial ProjectWise Server[255] 5900 Yes Yes Remote Frame Buffer protocol (RFB) Unofficial Virtual Network Computing (VNC) Remote Frame Buffer RFB protocol[11][256] 5905 Unofficial Windows service «C:Program FilesIntelIntel(R) Online Connect AccessIntelTechnologyAccessService.exe» that listens on 127.0.0.1 5931 Yes Yes AMMYY admin Remote Control 5938 Unofficial Unofficial TeamViewer remote desktop protocol[257] 5984 Yes Yes CouchDB database server 5985 Yes Windows PowerShell Default psSession Port[258] Windows Remote Management Service (WinRM-HTTP)[259] 5986 Yes Windows PowerShell Default psSession Port[258] Windows Remote Management Service (WinRM-HTTPS)[259] 5988–5989 Yes CIM-XML (DMTF Protocol)[260] 6000–6063 Yes Yes X11—used between an X client and server over the network 6005 Unofficial Default for BMC Software Control-M/Server—Socket used for communication between Control-M processes—though often changed during installation Unofficial Default for Camfrog chat & cam client 6009 Unofficial JD Edwards EnterpriseOne ERP system JDENet messaging client listener 6050 Unofficial Arcserve backup 6051 Unofficial Arcserve backup 6086 Yes Peer Distributed Transfer Protocol (PDTP), FTP like file server in a P2P network 6100 Unofficial Vizrt System Unofficial Ventrilo authentication for version 3 6101 Unofficial Backup Exec Agent Browser[citation needed] 6110 Yes Yes softcm, HP Softbench CM 6111 Yes Yes spc, HP Softbench Sub-Process Control 6112 Yes Yes dtspcd, execute commands and launch applications remotely Unofficial Unofficial Blizzard’s Battle.net gaming service and some games,[124] ArenaNet gaming service, Relic gaming service Unofficial Club Penguin Disney online game for kids 6113 Unofficial Club Penguin Disney online game for kids, Used by some Blizzard games[124] 6136 Unofficial ObjectDB database server[261] 6159 Yes ARINC 840 EFB Application Control Interface 6160 Unofficial Veeam Installer Service 6161 Unofficial Veeam vPower NFS Service 6162 Unofficial Veeam Data Mover 6163 Unofficial Veeam Hyper-V Integration Service 6164 Unofficial Veeam WAN Accelerator 6165 Unofficial Veeam WAN Accelerator Data Transfer 6167 Unofficial Veeam Log Shipping Service 6170 Unofficial Veeam Mount Server 6200 Unofficial Oracle WebCenter Content Portable: Content Server (With Native UI) and Inbound Refinery 6201 Assigned Thermo-Calc Software AB: Management of service nodes in a processing grid for thermodynamic calculations Unofficial Oracle WebCenter Content Portable: Admin 6225 Unofficial Oracle WebCenter Content Portable: Content Server Web UI 6227 Unofficial Oracle WebCenter Content Portable: JavaDB 6240 Unofficial Oracle WebCenter Content Portable: Capture 6244 Unofficial Unofficial Oracle WebCenter Content Portable: Content Server—Intradoc Socket port 6255 Unofficial Unofficial Oracle WebCenter Content Portable: Inbound Refinery—Intradoc Socket port 6257 Unofficial WinMX (see also 6699) 6260 Unofficial Unofficial planet M.U.L.E. 6262 Unofficial Sybase Advantage Database Server 6343 Yes SFlow, sFlow traffic monitoring 6346 Yes gnutella-svc, gnutella (FrostWire, Limewire, Shareaza, etc.) 6347 Yes gnutella-rtr, Gnutella alternate 6350 Yes App Discovery and Access Protocol 6379 Yes Redis key-value data store 6389 Unofficial EMC CLARiiON 6432 Yes PgBouncer—A connection pooler for PostgreSQL 6436 Unofficial Leap Motion Websocket Server TLS 6437 Unofficial Leap Motion Websocket Server 6443 Yes Kubernetes API server [262] 6444 Yes Sun Grid Engine Qmaster Service 6445 Yes Sun Grid Engine Execution Service 6454 Unofficial Art-Net protocol 6463–6472 Unofficial Discord RPC[263] 6464 Yes Port assignment for medical device communication in accordance to IEEE 11073-20701 6513 Yes NETCONF over TLS 6514 Yes Syslog over TLS[264] 6515 Yes Elipse RPC Protocol (REC) 6516 Unofficial Windows Admin Center 6543 Unofficial Pylons project#Pyramid Default Pylons Pyramid web service port 6556 Unofficial Check MK Agent 6566 Yes SANE (Scanner Access Now Easy)—SANE network scanner daemon[265] 6560–6561 Unofficial Speech-Dispatcher daemon[citation needed] 6571 Unofficial Windows Live FolderShare client 6600 Yes Microsoft Hyper-V Live Unofficial Music Player Daemon (MPD) 6601 Yes Microsoft Forefront Threat Management Gateway 6602 Yes Microsoft Windows WSS Communication 6619 Yes odette-ftps, Odette File Transfer Protocol (OFTP) over TLS/SSL 6622 Yes Multicast FTP 6653 Yes Assigned OpenFlow[citation needed] 6660–6664 Unofficial Internet Relay Chat (IRC) 6665–6669 Yes Internet Relay Chat (IRC) 6679 Yes Osorno Automation Protocol (OSAUT) Unofficial Internet Relay Chat (IRC) SSL (Secure Internet Relay Chat)—often used 6690 Unofficial Synology Cloud station 6697 Yes IRC SSL (Secure Internet Relay Chat)—often used 6699 Unofficial WinMX (see also 6257) 6715 Unofficial AberMUD and derivatives default port 6771 Unofficial BitTorrent Local Peer Discovery 6783–6785 Unofficial Splashtop Remote server broadcast 6801 Yes ACNET Control System Protocol 6881–6887 Unofficial Unofficial BitTorrent beginning of range of ports used most often 6888 Yes MUSE Unofficial Unofficial BitTorrent continuation of range of ports used most often 6889–6890 Unofficial Unofficial BitTorrent continuation of range of ports used most often 6891–6900 Unofficial Unofficial BitTorrent continuation of range of ports used most often 6891–6900 Unofficial Unofficial Windows Live Messenger (File transfer) 6901 Unofficial Unofficial Windows Live Messenger (Voice) Unofficial Unofficial BitTorrent continuation of range of ports used most often 6902–6968 Unofficial Unofficial BitTorrent continuation of range of ports used most often 6924 Yes split-ping, ping with RX/TX latency/loss split 6969 Yes acmsoda Unofficial BitTorrent tracker 6970–6999 Unofficial Unofficial BitTorrent end of range of ports used most often Unofficial QuickTime Streaming Server[11] 6980 Unofficial Voicemeeter VBAN network audio protocol[266] 7000 Unofficial Default for Vuze’s built-in HTTPS Bittorrent tracker Unofficial Avira Server Management Console 7001 Unofficial Avira Server Management Console Unofficial Default for BEA WebLogic Server’s HTTP server, though often changed during installation 7002 Unofficial Default for BEA WebLogic Server’s HTTPS server, though often changed during installation 7005 Unofficial Default for BMC Software Control-M/Server and Control-M/Agent for Agent-to-Server, though often changed during installation 7006 Unofficial Default for BMC Software Control-M/Server and Control-M/Agent for Server-to-Agent, though often changed during installation 7010 Unofficial Default for Cisco AON AMC (AON Management Console)[267] 7022 Unofficial Database mirroring endpoints[221] 7023 Yes Bryan Wilcutt T2-NMCS Protocol for SatCom Modems 7025 Unofficial Zimbra LMTP [mailbox]—local mail delivery 7047 Unofficial Zimbra conversion server 7070 Unofficial Unofficial Real Time Streaming Protocol (RTSP), used by QuickTime Streaming Server. TCP is used by default, UDP is used as an alternate.[11] 7077 Yes Development-Network Authentification-Protocol 7133 Unofficial Enemy Territory: Quake Wars 7144 Unofficial Peercast[citation needed] 7145 Unofficial Peercast[citation needed] 7171 Unofficial Tibia 7262 Yes CNAP (Calypso Network Access Protocol) 7272 Yes WatchMe — WatchMe Monitoring 7306 Unofficial Zimbra mysql [mailbox][citation needed] 7307 Unofficial Zimbra mysql [logger][citation needed] 7312 Unofficial Sibelius License Server 7396 Unofficial Web control interface for Folding@home v7.3.6 and later[268] 7400 Yes RTPS (Real Time Publish Subscribe) DDS Discovery 7401 Yes RTPS (Real Time Publish Subscribe) DDS User-Traffic 7402 Yes RTPS (Real Time Publish Subscribe) DDS Meta-Traffic 7471 Unofficial Stateless Transport Tunneling (STT) 7473 Yes Rise: The Vieneo Province 7474 Yes Neo4J Server webadmin[269] 7478 Yes Default port used by Open iT Server.[270] 7542 Yes Saratoga file transfer protocol[271][272] 7547 Yes CPE WAN Management Protocol (CWMP) Technical Report 069 7575 Unofficial Populous: The Beginning server 7624 Yes Instrument Neutral Distributed Interface 7631 Yes ERLPhase 7634 Unofficial hddtemp—Utility to monitor hard drive temperature 7652–7654 Unofficial I2P anonymizing overlay network 7655 Unofficial I2P SAM Bridge Socket API 7656–7660 Unofficial I2P anonymizing overlay network 7670 Unofficial BrettspielWelt BSW Boardgame Portal 7680 Unofficial Delivery Optimization for Windows 10[273] 7687 Yes Bolt database connection 7707–7708 Unofficial Killing Floor 7717 Unofficial Killing Floor 7777 Unofficial iChat server file transfer proxy[11] Unofficial Oracle Cluster File System 2[citation needed] Unofficial Windows backdoor program tini.exe default[citation needed] Unofficial Just Cause 2: Multiplayer Mod Server[citation needed] Unofficial Terraria default server Unofficial San Andreas Multiplayer (SA-MP) default port server Unofficial SCP: Secret Laboratory Multiplayer Server 7777–7788 Unofficial Unofficial Unreal Tournament series default server[citation needed] 7831 Unofficial Default used by Smartlaunch Internet Cafe Administration[274] software 7880 Unofficial Unofficial PowerSchool Gradebook Server[citation needed] 7890 Unofficial Default that will be used by the iControl Internet Cafe Suite Administration software 7915 Unofficial Default for YSFlight server[275] 7935 Unofficial Fixed port used for Adobe Flash Debug Player to communicate with a debugger (Flash IDE, Flex Builder or fdb).[276] 7946 Unofficial Unofficial Docker Swarm communication among nodes[164] 7979 Unofficial Used by SilverBluff Studios for communication between servers and clients.[citation needed] 7990 Unofficial Atlassian Bitbucket (default port)[citation needed] 8000 Unofficial Commonly used for Internet radio streams such as SHOUTcast[citation needed], Icecast[citation needed] and iTunes Radio[11] Unofficial DynamoDB Local[277] Unofficial Django Development Webserver[278] Unofficial Python 3 http.server[279] 8005 Unofficial Tomcat remote shutdown[11] Unofficial PLATO ASCII protocol (RFC 600) Unofficial Windows SCCM HTTP listener service[280] 8006 Unofficial Quest AppAssure 5 API[281] Unofficial No Proxmox Virtual Environment admin web interface[282] 8007 Unofficial Quest AppAssure 5 Engine[281] 8007 Yes Proxmox Backup Server admin web interface 8008 Unofficial Unofficial Alternative port for HTTP. See also ports 80 and 8080. Unofficial IBM HTTP Server administration default[importance?] Unofficial iCal, a calendar application by Apple[11] Unofficial No Matrix homeserver federation over HTTP[283] 8009 Unofficial Apache JServ Protocol (ajp13)[citation needed] 8010 Unofficial No Buildbot web status page[citation needed] 8042 Unofficial Orthanc – REST API over HTTP[204] 8069 Unofficial OpenERP 5.0 XML-RPC protocol[284] 8070 Unofficial OpenERP 5.0 NET-RPC protocol[284] 8074 Yes Gadu-Gadu 8075 Unofficial Killing Floor web administration interface[citation needed] 8080 Yes Alternative port for HTTP. See also ports 80 and 8008. Unofficial Apache Tomcat[285] Unofficial Atlassian JIRA applications[286] 8081 Yes Yes Sun Proxy Admin Service[287] 8088 Unofficial Asterisk management access via HTTP[citation needed] 8089 Unofficial No Splunk daemon management[288] Unofficial Fritz!Box automatic TR-069 configuration[289] 8090 Unofficial Atlassian Confluence[290] Unofficial Coral Content Distribution Network (legacy; 80 and 8080 now supported)[291] Unofficial Matrix identity server[citation needed] 8091 Unofficial CouchBase web administration[292] 8092 Unofficial CouchBase API[292] 8096 Unofficial Emby and Jellyfin HTTP port[293] 8111 Unofficial JOSM Remote Control 8112 Unofficial PAC Pacifica Coin 8116 Unofficial Check Point Cluster Control Protocol 8118 Yes Privoxy—advertisement-filtering Web proxy 8123 Unofficial Polipo Web proxy Unofficial Home Assistant Home automation Unofficial BURST P2P[294] 8124 Unofficial Standard BURST Mining Pool Software Port 8125 Unofficial BURST Web Interface 8139 Unofficial Puppet (software) Client agent 8140 Yes Puppet (software) Master server 8172 Unofficial Microsoft Remote Administration for IIS Manager[295] 8184 Unofficial NCSA Brown Dog Data Access Proxy 8194–8195 Yes Bloomberg Terminal[296] 8200 Unofficial GoToMyPC Unofficial MiniDLNA media server Web Interface 8222 Unofficial VMware VI Web Access via HTTP[297] 8243 Yes HTTPS listener for Apache Synapse[298] 8245 Unofficial Dynamic DNS for at least No-IP and DynDNS[299] 8280 Yes HTTP listener for Apache Synapse[298] 8281 Unofficial HTTP Listener for Gatecraft Plugin 8291 Unofficial Winbox—Default on a MikroTik RouterOS for a Windows application used to administer MikroTik RouterOS[300] 8303 Unofficial Teeworlds Server 8332 Unofficial Bitcoin JSON-RPC server[301] 8333 Unofficial Bitcoin[302] Unofficial VMware VI Web Access via HTTPS[297] 8334 Unofficial Filestash server (default) [303] 8337 Unofficial VisualSVN Distributed File System Service (VDFS)[304] 8384 Unofficial Syncthing web GUI 8388 Unofficial Shadowsocks proxy server[citation needed] 8400 Yes Commvault Communications Service (GxCVD, found in all client computers) 8401 Yes Commvault Server Event Manager (GxEvMgrS, available in CommServe) 8403 Yes Commvault Firewall (GxFWD, tunnel port for HTTP/HTTPS) 8443 Unofficial SW Soft Plesk Control Panel Unofficial Apache Tomcat SSL Unofficial Promise WebPAM SSL Unofficial iCal over SSL[11] Unofficial MineOs WebUi 8444 Unofficial Bitmessage 8448 Unofficial No Matrix homeserver federation over HTTPS[283] 8484 Unofficial MapleStory Login Server 8500 Unofficial Adobe ColdFusion built-in web server[305] 8530 Unofficial Windows Server Update Services over HTTP, when using the default role installation settings in Windows Server 2012 and later versions.[306][307] 8531 Unofficial Windows Server Update Services over HTTPS, when using the default role installation settings in Windows Server 2012 and later versions.[306][307] 8555 Unofficial Symantec DLP OCR Engine [308] 8580 Unofficial Freegate, an Internet anonymizer and proxy tool[309] 8629 Unofficial Tibero database[citation needed] 8642 Unofficial Lotus Notes Traveler auto synchronization for Windows Mobile and Nokia devices[310] 8691 Unofficial Ultra Fractal, a fractal generation and rendering software application – distributed calculations over networked computers[311][312] 8765 Unofficial No Default port of a local GUN relay peer that the Internet Archive[313] and others use as a decentralized mirror for censorship resistance.[314] 8767 Unofficial Voice channel of TeamSpeak 2,[315] a proprietary Voice over IP protocol targeted at gamers[citation needed] 8834 Unofficial Nessus, a vulnerability scanner – remote XML-RPC web server[316][third-party source needed] 8840 Unofficial Opera Unite, an extensible framework for web applications[317][318] 8880 Yes Alternate port of CDDB (Compact Disc Database) protocol, used to look up audio CD (compact disc) information over the Internet.[319] See also port 888. Unofficial IBM WebSphere Application Server SOAP connector[320][jargon] 8883 Yes Secure MQTT (MQTT over TLS)[321][322] 8887 Unofficial HyperVM over HTTP[citation needed] 8888 Unofficial HyperVM over HTTPS[citation needed] Unofficial No Freenet web UI (localhost only)[citation needed] Unofficial Default for IPython[323] / Jupyter[324] notebook dashboards Unofficial MAMP[325] 8889 Unofficial MAMP[325] 8920 Unofficial Jellyfin HTTPS port[293] 8983 Unofficial Apache Solr[326] 8997 Unofficial Alternate port for I2P Monotone Proxy[175][jargon] 8998 Unofficial I2P Monotone Proxy[175][jargon] 8999 Unofficial Alternate port for I2P Monotone Proxy[175][jargon] 9000 Unofficial SonarQube Web Server[327] Unofficial ClickHouse default port Unofficial DBGp Unofficial SqueezeCenter web server & streaming Unofficial UDPCast Unofficial Play Framework web server[328] Unofficial Hadoop NameNode default port Unofficial PHP-FPM default port Unofficial QBittorrent’s embedded torrent tracker default port[329] 9001 Yes ETL Service Manager[330] Unofficial Microsoft SharePoint authoring environment Unofficial cisco-xremote router configuration[citation needed] Unofficial Tor network default Unofficial DBGp Proxy Unofficial HSQLDB default port 9002 Unofficial Newforma Server comms 9006 Reserved[2] Unofficial Tomcat in standalone mode[11] 9030 Unofficial Tor often used 9042 Unofficial Apache Cassandra native protocol clients 9043 Unofficial WebSphere Application Server Administration Console secure 9050–9051 Unofficial Tor (SOCKS-5 proxy client) 9060 Unofficial WebSphere Application Server Administration Console 9080 Yes glrpc, Groove Collaboration software GLRPC Unofficial WebSphere Application Server HTTP Transport (port 1) default Unofficial Remote Potato by FatAttitude, Windows Media Center addon Unofficial ServerWMC, Windows Media Center addon 9081 Unofficial Zerto ZVM to ZVM communication 9090 Unofficial Prometheus metrics server Unofficial Openfire Administration Console Unofficial SqueezeCenter control (CLI) Unofficial Cherokee Admin Panel 9091 Unofficial Openfire Administration Console (SSL Secured) Unofficial Transmission (BitTorrent client) Web Interface 9092 Unofficial H2 (DBMS) Database Server Unofficial Apache Kafka A Distributed Streaming Platform[331] 9100 Yes Assigned PDL Data Stream, used for printing to certain network printers[11] 9101 Yes Bacula Director 9102 Yes Bacula File Daemon 9103 Yes Bacula Storage Daemon 9119 Yes MXit Instant Messenger 9150 Unofficial Tor Browser 9191 Unofficial Sierra Wireless Airlink 9199 Unofficial Avtex LLC—qStats 9200 Unofficial Elasticsearch[332]—default Elasticsearch port 9217 Unofficial iPass Platform Service 9293 Unofficial Sony PlayStation RemotePlay[333] 9295 Unofficial Unofficial Sony PlayStation Remote Play Session creation communication port 9296 Unofficial Sony PlayStation Remote Play 9897 Unofficial Sony PlayStation Remote Play Video stream 9300 Unofficial IBM Cognos BI[citation needed] 9303 Unofficial D-Link Shareport Share storage and MFP printers[citation needed] 9306 Yes Sphinx Native API 9309 Unofficial Unofficial Sony PlayStation Vita Host Collaboration WiFi Data Transfer[334] 9312 Yes Sphinx SphinxQL 9332 Unofficial Litecoin JSON-RPC server 9333 Unofficial Litecoin 9339 Unofficial Used by all Supercell games such as Brawl Stars and Clash of Clans, mobile freemium strategy video games 9389 Yes adws, Microsoft AD DS Web Services, Powershell uses this port 9392 Unofficial No OpenVAS Greenbone Security Assistant web interface 9418 Yes git, Git pack transfer service 9419 Unofficial MooseFS distributed file system – master control port[335] 9420 Unofficial MooseFS distributed file system – master command port[335] 9421 Unofficial MooseFS distributed file system – master client port[335] 9422 Unofficial MooseFS distributed file system – Chunkservers[335] 9425 Unofficial MooseFS distributed file system – CGI server[335] 9443 Unofficial VMware Websense Triton console (HTTPS port used for accessing and administrating a vCenter Server via the Web Management Interface) Unofficial NCSA Brown Dog Data Tilling Service 9535 Yes mngsuite, LANDesk Management Suite Remote Control 9536 Yes laes-bf, IP Fabrics Surveillance buffering function 9600 No Unofficial Factory Interface Network Service (FINS), a network protocol used by Omron programmable logic controllers[citation needed] 9669 Unofficial No VGG Image Search Engine VISE 9675 Unofficial Unofficial Spiceworks Desktop, IT Helpdesk Software 9676 Unofficial Unofficial Spiceworks Desktop, IT Helpdesk Software 9695 Yes Content centric networking (CCN, CCNx)[citation needed] 9735 Unofficial Bitcoin Lightning Network[336] 9785 Unofficial Unofficial Viber[206] 9800 Yes WebDAV Source Unofficial WebCT e-learning portal 9875 Unofficial Club Penguin Disney online game for kids 9898 Unofficial Tripwire—File Integrity Monitoring Software[337] 9899 Yes SCTP tunneling (port number used in SCTP packets encapsulated in UDP, RFC 6951) 9901 Unofficial Banana for Apache Solr 9981 Unofficial Tvheadend HTTP server (web interface)[338] 9982 Unofficial Tvheadend HTSP server (Streaming protocol)[338] 9987 Unofficial No TeamSpeak 3 server default (voice) port (for the conflicting service see the IANA list)[339] 9993 Unofficial ZeroTier Default port for ZeroTier 9997 Unofficial Splunk port for communication between the forwarders and indexers 9999 Unofficial Urchin Web Analytics[citation needed] 9999 Unofficial Dash (cryptocurrency)[340] 10000 Yes Network Data Management Protocol (NDMP) Control stream for network backup and restore. Unofficial BackupExec Unofficial Webmin, Web-based Unix/Linux system administration tool (default port) 10000–20000 No Unofficial Used on VoIP networks for receiving and transmitting voice telephony traffic which includes Google Voice via the OBiTalk ATA devices as well as on the MagicJack and Vonage ATA network devices.[341] 10001 Unofficial Ubiquiti UniFi access points broadcast to 255.255.255.255:10001 (UDP) to locate the controller(s) 10009 Unofficial Unofficial Crossfire, a multiplayer online First Person Shooter[citation needed] 10011 Unofficial No TeamSpeak 3 ServerQuery[339] 10022 Unofficial No TeamSpeak 3 ServerQuery over SSH 10024 Unofficial Zimbra smtp [mta]—to amavis from postfix[citation needed] 10025 Unofficial Zimbra smtp [mta]—back to postfix from amavis[citation needed] 10042 Unofficial Mathoid server [342] 10050 Yes Zabbix agent 10051 Yes Zabbix trapper 10110 Yes NMEA 0183 Navigational Data. Transport of NMEA 0183 sentences over TCP or UDP 10172 Unofficial Intuit Quickbooks client 10200 Unofficial FRISK Software International’s fpscand virus scanning daemon for Unix platforms[343] Unofficial FRISK Software International’s f-protd virus scanning daemon for Unix platforms[344] 10201–10204 Unofficial FRISK Software International’s f-protd virus scanning daemon for Unix platforms[344] 10212 Yes GE Intelligent Platforms Proficy HMI/SCADA – CIMPLICITY WebView[345] 10308 Unofficial Digital Combat Simulator Dedicated Server [346] 10480 Unofficial SWAT 4 Dedicated Server[citation needed] 10505 Unofficial BlueStacks (android simulator) broadcast[347] 10514 Unofficial Unofficial TLS-enabled Rsyslog (default by convention) 10578 Unofficial No Skyrim Together multiplayer server for The Elder Scrolls V: Skyrim mod. 10800 Unofficial Touhou fight games (Immaterial and Missing Power, Scarlet Weather Rhapsody, Hisoutensoku, Hopeless Masquerade and Urban Legend in Limbo) 10823 Unofficial Farming Simulator 2011[citation needed] 10891 Unofficial Jungle Disk (this port is opened by the Jungle Disk Monitor service on the localhost)[citation needed] 10933 Yes No Octopus Deploy Tentacle deployment agent[348] 11001 Yes metasys ( Johnson Controls Metasys java AC control environment ) 11100 No Unofficial Risk of Rain multiplayer server 11111 Unofficial RiCcI, Remote Configuration Interface (Redhat Linux) 11112 Yes ACR/NEMA Digital Imaging and Communications in Medicine (DICOM) 11211 Unofficial Unofficial memcached[11] 11214 Unofficial Unofficial memcached incoming SSL proxy 11215 Unofficial Unofficial memcached internal outgoing SSL proxy 11235 Yes XCOMPUTE numerical systems messaging (Xplicit Computing)[349] 11311 Unofficial Unofficial Robot Operating System master 11371 Yes OpenPGP HTTP key server 11753 Unofficial OpenRCT2 multiplayer[350] 12000 Unofficial Unofficial CubeForm, Multiplayer SandBox Game 12012 Unofficial Audition Online Dance Battle, Korea Server—Status/Version Check 12013 Unofficial Unofficial Audition Online Dance Battle, Korea Server 12035 Unofficial Second Life, used for server UDP in-bound[351] 12043 Unofficial Second Life, used for LSL HTTPS in-bound[352] 12046 Unofficial Second Life, used for LSL HTTP in-bound[352] 12201 Unofficial Unofficial Graylog Extended Log Format (GELF)[353][importance?] 12222 Yes Light Weight Access Point Protocol (LWAPP) LWAPP data (RFC 5412) 12223 Yes Light Weight Access Point Protocol (LWAPP) LWAPP control (RFC 5412) 12307 Unofficial Makerbot UDP Broadcast (client to printer) (JSON-RPC)[354] 12308 Unofficial Makerbot UDP Broadcast (printer to client) (JSON-RPC)[354] 12345 Unofficial Unofficial Cube World[355] Unofficial Little Fighter 2 Unofficial NetBus remote administration tool (often Trojan horse). 12443 Unofficial IBM HMC web browser management access over HTTPS instead of default port 443[356] 12489 Unofficial NSClient/NSClient++/NC_Net (Nagios) 12975 Unofficial LogMeIn Hamachi (VPN tunnel software; also port 32976)—used to connect to Mediation Server (bibi.hamachi.cc); will attempt to use SSL (TCP port 443) if both 12975 & 32976 fail to connect 13000–13050 Unofficial Second Life, used for server UDP in-bound[357] 13008 Unofficial Unofficial Crossfire, a multiplayer online First Person Shooter[citation needed] 13075 Yes Default[358] for BMC Software Control-M/Enterprise Manager Corba communication, though often changed during installation 13400 Yes ISO 13400 Road vehicles — Diagnostic communication over Internet Protocol(DoIP) 13720 Yes Symantec NetBackup—bprd (formerly VERITAS) 13721 Yes Symantec NetBackup—bpdbm (formerly VERITAS) 13724 Yes Symantec Network Utility—vnetd (formerly VERITAS) 13782 Yes Symantec NetBackup—bpcd (formerly VERITAS) 13783 Yes Symantec VOPIED protocol (formerly VERITAS) 13785 Yes Symantec NetBackup Database—nbdb (formerly VERITAS) 13786 Yes Symantec nomdb (formerly VERITAS) 14550 Unofficial MAVLink Ground Station Port 14567 Unofficial Battlefield 1942 and mods 14652 Unofficial Repgen DoxBox reporting tool 14800 Unofficial Age of Wonders III p2p port[359] 15000 Unofficial psyBNC Unofficial Wesnoth Unofficial Kaspersky Network Agent[360] Unofficial Teltonika networks remote management system (RMS) 15009 Unofficial Unofficial Teltonika networks remote management system (RMS) 15010 Unofficial Unofficial Teltonika networks remote management system (RMS) 15441 Unofficial ZeroNet fileserver[citation needed] 15567 Unofficial Battlefield Vietnam and mods 15345 Yes XPilot Contact 15672 Unofficial No RabbitMQ management plugin[361] 16000 Unofficial Oracle WebCenter Content: Imaging (formerly known as Oracle Universal Content Management). Port though often changed during installation Unofficial shroudBNC 16080 Unofficial macOS Server Web (HTTP) service with performance cache[362] 16200 Unofficial Oracle WebCenter Content: Content Server (formerly known as Oracle Universal Content Management). Port though often changed during installation 16225 Unofficial Oracle WebCenter Content: Content Server Web UI. Port though often changed during installation 16250 Unofficial Oracle WebCenter Content: Inbound Refinery (formerly known as Oracle Universal Content Management). Port though often changed during installation 16261 Unofficial Unofficial Project Zomboid multiplayer. Additional sequential ports used for each player connecting to server.[citation needed] 16300 Unofficial Oracle WebCenter Content: Records Management (formerly known as Oracle Universal Records Management). Port though often changed during installation 16384 Unofficial CISCO Default RTP MIN 16384–16403 Unofficial Real-time Transport Protocol (RTP), RTP Control Protocol (RTCP), used by Apple’s iChat for audio and video[11] 16384–16387 Unofficial Real-time Transport Protocol (RTP), RTP Control Protocol (RTCP), used by Apple’s FaceTime and Game Center[11] 16393–16402 Unofficial Real-time Transport Protocol (RTP), RTP Control Protocol (RTCP), used by Apple’s FaceTime and Game Center[11] 16403–16472 Unofficial Real-time Transport Protocol (RTP), RTP Control Protocol (RTCP), used by Apple’s Game Center[11] 16400 Unofficial Oracle WebCenter Content: Capture (formerly known as Oracle Document Capture). Port though often changed during installation 16567 Unofficial Battlefield 2 and mods 16666 Unofficial Unofficial SITC Port for mobile web traffic 16677 Unofficial Unofficial SITC Port for mobile web traffic 17000 Unofficial M17 — Digital RF voice and data protocol with Internet (UDP) gateways (reflectors).[363] 17011 Unofficial Worms multiplayer 17224 Yes Train Realtime Data Protocol (TRDP) Process Data, network protocol used in train communication.[2][364] 17225 Yes Train Realtime Data Protocol (TRDP) Message Data, network protocol used in train communication.[2][365] 17333 Unofficial CS Server (CSMS), default binary protocol port 17472 Yes Tanium Communication Port 17474 Unofficial DMXControl 3 Network Discovery 17475 Unofficial Unofficial DMXControl 3 Network Broker 17500 Yes Dropbox LanSync Protocol (db-lsp); used to synchronize file catalogs between Dropbox clients on a local network. 17777 Unofficial Unofficial SITC Port for mobile web traffic 18080 Unofficial No Monero P2P network communications[citation needed] 18081 Unofficial No Monero incoming RPC calls[citation needed] 18091 Unofficial Unofficial memcached Internal REST HTTPS for SSL 18092 Unofficial Unofficial memcached Internal CAPI HTTPS for SSL 18104 Yes RAD PDF Service 18200 Unofficial Unofficial Audition Online Dance Battle, AsiaSoft Thailand Server status/version check 18201 Unofficial Unofficial Audition Online Dance Battle, AsiaSoft Thailand Server 18206 Unofficial Unofficial Audition Online Dance Battle, AsiaSoft Thailand Server FAM database 18300 Unofficial Unofficial Audition Online Dance Battle, AsiaSoft SEA Server status/version check 18301 Unofficial Unofficial Audition Online Dance Battle, AsiaSoft SEA Server 18306 Unofficial Unofficial Audition Online Dance Battle, AsiaSoft SEA Server FAM database 18333 Unofficial Bitcoin testnet[302] 18400 Unofficial Unofficial Audition Online Dance Battle, KAIZEN Brazil Server status/version check 18401 Unofficial Unofficial Audition Online Dance Battle, KAIZEN Brazil Server 18505 Unofficial Unofficial Audition Online Dance Battle R4p3 Server, Nexon Server status/version check 18506 Unofficial Unofficial Audition Online Dance Battle, Nexon Server 18605 Unofficial Unofficial X-BEAT status/version check 18606 Unofficial Unofficial X-BEAT 18676 Unofficial Unofficial YouView 19000 Unofficial Unofficial Audition Online Dance Battle, G10/alaplaya Server status/version check Unofficial JACK sound server 19001 Unofficial Unofficial Audition Online Dance Battle, G10/alaplaya Server 19132 Unofficial Minecraft: Bedrock Edition multiplayer server[366] 19133 Unofficial Minecraft: Bedrock Edition IPv6 multiplayer server[366] 19150 Unofficial Unofficial Gkrellm Server 19226 Unofficial Panda Software AdminSecure Communication Agent 19294 Unofficial Google Talk Voice and Video connections[367] 19295 Unofficial Google Talk Voice and Video connections[367] 19302 Unofficial Google Talk Voice and Video connections[367] 19531 Unofficial No systemd-journal-gatewayd[368] 19532 Unofficial No systemd-journal-remote[369] 19788 No Yes Mesh Link Establishment protocol for IEEE 802.15.4 radio mesh networks[370] 19812 Yes No 4D database SQL Communication[371] 19813 Yes 4D database Client Server Communication[371] 19814 Yes 4D database DB4D Communication[371] 19999 Yes Distributed Network Protocol—Secure (DNP—Secure), a secure version of the protocol used in SCADA systems between communicating RTU’s and IED’s 20000 Yes Distributed Network Protocol (DNP), a protocol used in SCADA systems between communicating RTU’s and IED’s Unofficial Usermin, Web-based Unix/Linux user administration tool (default port) Unofficial Used on VoIP networks for receiving and transmitting voice telephony traffic which includes Google Voice via the OBiTalk ATA devices as well as on the MagicJack and Vonage ATA network devices.[341] 20560 Unofficial Unofficial Killing Floor 20582 Unofficial HW Development IoT comms 20583 Unofficial HW Development IoT comms 20595 Unofficial 0 A.D. Empires Ascendant 20808 Unofficial Ableton Link 21025 Unofficial Starbound Server (default), Starbound 21064 Unofficial Default Ingres DBMS server 22000 Unofficial Syncthing (default) 22136 Unofficial FLIR Systems Camera Resource Protocol 22222 Unofficial Davis Instruments, WeatherLink IP 23073 Unofficial Soldat Dedicated Server 23399 Unofficial Skype default protocol 23513 Unofficial Duke Nukem 3D source ports 24441 Unofficial Unofficial Pyzor spam detection network 24444 Unofficial NetBeans integrated development environment 24465 Yes Tonido Directory Server for Tonido which is a Personal Web App and P2P platform 24554 Yes BINKP, Fidonet mail transfers over TCP/IP 24800 Unofficial Synergy: keyboard/mouse sharing software 24842 Unofficial StepMania: Online: Dance Dance Revolution Simulator 25565 Unofficial Minecraft (Java Edition) multiplayer server[372][373] Unofficial Minecraft (Java Edition) multiplayer server query[374] 25575 Unofficial Minecraft (Java Edition) multiplayer server RCON[375] 25600-25700 Unofficial Unofficial SamsidParty Operational Ports 25734-25735 Unofficial Unofficial SOLIDWORKS SolidNetworkLicense Manager[376] 25826 Unofficial collectd default port[377] 26000 Yes Yes id Software’s Quake server Unofficial EVE Online Unofficial Xonotic, an open-source arena shooter 26822 Unofficial MSI MysticLight 26900–26901 Unofficial EVE Online 26909–26911 Unofficial Action Tanks Online 27000 Unofficial PowerBuilder SySAM license server 27000–27006 Unofficial id Software’s QuakeWorld master server 27000–27009 Yes Yes FlexNet Publisher’s License server (from the range of default ports) 27000–27015 No Unofficial Steam (game client traffic)[378] 27015 No Unofficial GoldSrc and Source engine dedicated server port[378] 27015–27018 Unofficial Unturned, a survival game 27015–27030 No Unofficial Steam (matchmaking and HLTV)[378] Unofficial Unofficial Steam (downloads)[378] 27016 Unofficial Magicka and Space Engineers server port 27017 Unofficial No MongoDB daemon process (mongod) and routing service (mongos)[379] 27031–27035 No Unofficial Steam (In-Home Streaming)[378] 27036 Unofficial Unofficial Steam (In-Home Streaming)[378] 27374 Unofficial Sub7 default. 27500–27900 Unofficial id Software’s QuakeWorld 27888 Unofficial Kaillera server 27901–27910 Unofficial id Software’s Quake II master server 27950 Unofficial OpenArena outgoing 27960–27969 Unofficial Activision’s Enemy Territory and id Software’s Quake III Arena, Quake III and Quake Live and some ioquake3 derived games, such as Urban Terror (OpenArena incoming) 28000 Yes Yes Siemens Digital Industries Software license server[2] 28001 Unofficial Starsiege: Tribes[citation needed] 28015 Unofficial Rust (video game)[380] 28016 Unofficial Rust (video game) RCON[381] 28260 Unofficial Palo Alto Networks’ Panorama HA-1 backup unencrypted sync port.[26] 28443 Unofficial Palo Alto Networks’ Panorama-to-managed devices software updates, PAN-OS 8.0 and later.[197] 28769 Unofficial Palo Alto Networks’ Panorama HA unencrypted sync port.[26] 28770 Unofficial Palo Alto Networks’ Panorama HA-1 backup sync port.[26] 28770–28771 Unofficial AssaultCube Reloaded, a video game based upon a modification of AssaultCube[citation needed] 28785–28786 Unofficial Cube 2: Sauerbraten[382] 28852 Unofficial Unofficial Killing Floor[citation needed] 28910 Unofficial Unofficial Nintendo Wi-Fi Connection[383] 28960 Unofficial Unofficial Call of Duty; Call of Duty: United Offensive; Call of Duty 2; Call of Duty 4: Modern Warfare[citation needed] Call of Duty: World at War (PC platform)[384] 29000 Unofficial Perfect World, an adventure and fantasy MMORPG[citation needed] 29070 Unofficial Unofficial Jedi Knight: Jedi Academy by Ravensoft[citation needed] 29900–29901 Unofficial Unofficial Nintendo Wi-Fi Connection[383] 29920 Unofficial Unofficial Nintendo Wi-Fi Connection[383] 30000 Unofficial XLink Kai P2P Unofficial Minetest server default port[385] Unofficial Foundry Virtual Tabletop server default port[386] 30033 Unofficial No TeamSpeak 3 File Transfer[339] 30120 Unofficial Fivem (Default Port) GTA V multiplayer[387][373] 30564 Unofficial Multiplicity: keyboard/mouse/clipboard sharing software[citation needed] 31337 Unofficial Back Orifice and Back Orifice 2000 remote administration tools[388][389] Unofficial Unofficial ncat, a netcat alternative[390] 31416 Unofficial BOINC RPC[391] 31438 Unofficial Rocket U2[392] 31457 Yes TetriNET 32137 Unofficial Unofficial Immunet Protect (UDP in version 2.0,[393] TCP since version 3.0[394]) 32400 Yes Plex Media Server[395] 32764 Unofficial A backdoor found on certain Linksys, Netgear and other wireless DSL modems/combination routers[396] 32887 Unofficial Ace of Spades, a multiplayer FPS video game[citation needed] 32976 Unofficial LogMeIn Hamachi, a VPN application; also TCP port 12975 and SSL (TCP 443).[397] 33434 Yes Yes traceroute 33848 Unofficial Jenkins, a continuous integration (CI) tool[398][399] 34000 Unofficial Infestation: Survivor Stories (formerly known as The War Z), a multiplayer zombie video game[verification needed] 34197 No Unofficial Factorio, a multiplayer survival and factory-building game[400] 35357 Yes OpenStack Identity (Keystone) administration[401][self-published source?] 36330 Unofficial Folding@home Control Port 37008 Unofficial TZSP intrusion detection[citation needed] 40000 Yes Yes SafetyNET p – a real-time Industrial Ethernet protocol 41121 Yes Yes Tentacle Server[402] — Pandora FMS 41794 Yes Yes Crestron Control Port[403] — Crestron Electronics 41795 Yes Yes Crestron Terminal Port[404] — Crestron Electronics 41796 Yes No Crestron Secure Control Port[405] — Crestron Electronics 41797 Yes No Crestron Secure Terminal Port[406] — Crestron Electronics 42081-42090 Yes Yes Zippin — Zippin Stores 42590-42595 Yes Yes Glue — MakePro X 42806 Discord[407] 42999 Yes Curiosity [408] 43110 Unofficial ZeroNet web UI default port [409] 43594–43595 Unofficial RuneScape[410] 44405 Unofficial Mu Online Connect Server[citation needed] 44818 Yes Yes EtherNet/IP explicit messaging 47808–47823 Yes Yes BACnet Building Automation and Control Networks (4780810 = BAC016 to 4782310 = BACF16) 48556 Yes Yes drive.web AC/DC Drive Automation and Control Networks [411] 49151 Reserved Reserved Reserved[2]
Источник

Миллион одновременных соединений

Я слышал ошибочные утверждения о том, что сервер может принять только 65 тысяч соединений или что сервер всегда использует по одному порту на каждое принятое подключение. Вот как они примерно выглядят:

Адрес TCP/IP поддерживает только 65000 подключений, поэтому придётся назначить этому серверу примерно 30000 IP-адресов.

Существует 65535 номеров TCP-портов, значит ли это, что к TCP-серверу может подключиться не более 65535 клиентов? Можно решить, что это накладывает строгое ограничение на количество клиентов, которые может поддерживать один компьютер/приложение.

Если есть ограничение на количество портов, которые может иметь одна машина, а сокет можно привязать только к неиспользуемому номеру порта, как с этим справляются серверы, имеющие чрезвычайно большое количество запросов (больше, чем максимальное количество портов)? Эта проблема решается распределением системы, то есть кучей серверов на множестве машин?

Поэтому я написал эту статью, чтобы развеять данный миф с трёх сторон:

  1. Мессенджер WhatsApp и веб-фреймворк Phoenix, построенный на основе Elixir, уже продемонстрировали миллионы подключений, прослушивающих один порт.
  2. Теоретические возможности на основе протокола TCP/IP.
  3. Простой эксперимент с Java, который может провести на своей машине любой, если его всё ещё не убедили мои слова.

Если вы не хотите изучать подробности, то перейдите в раздел «Итоги» в конце статьи.

Эксперименты

Фреймворк Phoenix достиг 2000000 одновременных подключений websocket. В статье разработчики демонстрируют приложение для чата, в котором симулируются 2 миллиона пользователей, а для пересылки сообщений на всех пользователей требуется 1 секунда. Они также рассказывают подробности о технических сложностях, с которыми они столкнулись в фреймворке, пытаясь добиться этого рекорда. Некоторые из изложенных в их статье идей я использовал для написания своего поста, например, назначение множественных IP, чтобы преодолеть ограничение в 65 тысяч клиентских соединений.

WhatsApp тоже достиг показателя в 2000000 подключений. К сожалению, разработчики почти не делятся подробностями. Они рассказали только о «железе» и операционной системе.

Теоретический максимум

Кто-то думает, что предел равен 216=65536, потому что это все порты, доступные по спецификации TCP. Этот предел справедлив для одного клиента создающего исходящие соединения с одной парой IP и порта. Например, мой ноутбук сможет создать только 65536 соединений с 172.217.13.174:443 (google.com:443), но, вероятно, Google заблокирует меня ещё до того, как я установлю 65 тысяч соединений. Итак, если вам нужна связь между двумя машинами с более чем 65 тысяч одновременных подключений, то клиенту нужно будет подключиться со второго IP-адреса или сервер должен сделать доступным второй порт.

У сервера, слушающего порт, каждое входящее подключение НЕ забирает порт сервера. Сервер может использовать только один порт, который он слушает. Кроме того, соединения будут поступать от нескольких IP-адресов. В лучшем случае сервер сможет прослушивать все IP-адреса, поступающие со всех портов.

Каждое TCP-подключение уникальным образом задаётся следующими параметрами:

  1. 32-битным исходного IP (IP-адресом, с которого поступает подключение);
  2. 16-битным исходным портом (портом исходного IP-адреса, с которого поступает подключение);
  3. 32-битным IP получателя (IP-адресом, к которому выполняется подключение);
  4. 16-битным портом получателя (портом IP-адреса получателя, к которому выполняется подключение).

Значит, теоретический предел, который может поддерживать сервер на одном порту — это 248, то есть около 1 квадриллиона, потому что:

  1. Сервер различает подключения от IP-адресов клиентов и исходных портов;
  2. [количество исходных IP-адресов]x[количество исходных портов];
  3. 32 бита на адрес и 16 бит на порт;
  4. Соединяем всё вместе: 232 x 216 = 248;
  5. Это примерно равно квадриллиону (log(248)/log(10)=14,449)!

Практический предел

Чтобы определить оптимистический практический предел, я провёл эксперименты, пытаясь открыть как можно больше TCP-соединений и заставить сервер отправлять и получать сообщение в каждом соединении. По сравнению с нагрузкой Phoenix или WhatsApp эта нагрузка совершенно непрактична, однако её проще реализовать, если вы захотите попробовать сами. Чтобы провести эксперимент, нужно справиться с тремя трудностями: операционной системой, JVM и протоколом TCP/IP.

Эксперимент

Если вам интересен исходный код, его можно изучить здесь.

Псевдокод выглядит так:

Поток 1:
  открыть сокет сервера
  for i from 1 to 1 000 000:
    принять входящее подключение
  for i from 1 to 1 000 000
    отправить число i на сокет i
  for i from 1 to 1 000 000
    получить число j на сокете i
    assert i == j

Поток 2:
  for i from 1 to 1 000 000:
    открыть сокет клиента серверу
  for i from 1 to 1 000 000:
    получить число j на сокете i
    assert i == j
  for i from 1 to 1 000 000
    отправить число i на сокет i

Машины

В качестве машин я использовал свой Mac:

2.5 GHz Quad-Core Intel Core i7
16 GB 1600 MHz DDR3

и свой десктоп с Linux:

AMD FX(tm)-6300 Six-Core Processor
8GiB 1600 MHz

Дескрипторы файлов

Первым делом нам придётся сразиться с операционной системой. Параметры по умолчанию сильно ограничивают дескрипторы файлов. Вы увидите подобную ошибку:

Exception in thread "main" java.lang.ExceptionInInitializerError
  at java.base/sun.nio.ch.SocketDispatcher.close(SocketDispatcher.java:70)
  at java.base/sun.nio.ch.NioSocketImpl.lambda$closerFor$0(NioSocketImpl.java:1203)
  at java.base/jdk.internal.ref.CleanerImpl$PhantomCleanableRef.performCleanup(CleanerImpl.java:178)
  at java.base/jdk.internal.ref.PhantomCleanable.clean(PhantomCleanable.java:133)
  at java.base/sun.nio.ch.NioSocketImpl.tryClose(NioSocketImpl.java:854)
  at java.base/sun.nio.ch.NioSocketImpl.close(NioSocketImpl.java:906)
  at java.base/java.net.SocksSocketImpl.close(SocksSocketImpl.java:562)
  at java.base/java.net.Socket.close(Socket.java:1585)
  at Main.main(Main.java:123)
Caused by: java.io.IOException: Too many open files
  at java.base/sun.nio.ch.FileDispatcherImpl.init(Native Method)
  at java.base/sun.nio.ch.FileDispatcherImpl.<clinit>(FileDispatcherImpl.java:38)
  ... 9 more

Каждому сокету сервера нужно два дескриптора файлов:

  1. Буфер для отправки.
  2. Буфер для получения.

То же относится и к клиентским подключениям. Поэтому для запуска этого эксперимента на одной машине потребуется:

  • 1000000 подключений для клиента;
  • 1000000 подключений для сервера;
  • По 2 дескриптора файлов на каждое подключение;
  • = 4000000 дескрипторов файлов.

На Mac с bigSur 11.4 увеличить ограничение на дескрипторы файлов можно так:

sudo sysctl kern.maxfiles=2000000 kern.maxfilesperproc=2000000
kern.maxfiles: 49152 -> 2000000
kern.maxfilesperproc: 24576 -> 2000000
sysctl -a | grep maxfiles
kern.maxfiles: 2000000
kern.maxfilesperproc: 1000000

ulimit -Hn 2000000
ulimit -Sn 2000000

как рекомендовано в этом ответе на StackOverflow.

В Ubuntu 20.04 быстрее всего будет сделать так:

sudo su
# 2^25 должно быть более чем достаточно
sysctl -w fs.nr_open=33554432
fs.nr_open = 33554432
ulimit -Hn 33554432
ulimit -Sn 33554432

Пределы дескрипторов файлов Java

Мы разобрались с операционной системой, но JVM тоже не понравится то, что мы будем делать в этом эксперименте. При его проведении мы получим такую же или похожую трассировку стека.

В этом ответе на StackOverflow указано решение в виде флага JVM:

-XX:-MaxFDLimit: отключает попытки установки программного ограничения на аппаратное ограничение количества открытых дескрипторов файлов. По умолчанию эта опция включена на всех платформах, но в Windows игнорируется. Отключать её стоит только в Mac OS, где её использование накладывает ограничение в 10240, что меньше, чем действительный максимум системы.

java -XX:-MaxFDLimit Main 6000


Как написано в этой цитате из документации Java, отключить флаг нужно только на Mac.
В Ubuntu мне удалось провести эксперимент без этого флага.

Исходные порты

Но эксперимент всё равно не работает. Я нашёл следующую трассировку стека:

Exception in thread "main" java.net.BindException: Can't assign requested
address
        at java.base/sun.nio.ch.Net.bind0(Native Method)
        at java.base/sun.nio.ch.Net.bind(Net.java:555)
        at java.base/sun.nio.ch.Net.bind(Net.java:544)
        at java.base/sun.nio.ch.NioSocketImpl.bind(NioSocketImpl.java:643)
        at
java.base/java.net.DelegatingSocketImpl.bind(DelegatingSocketImpl.java:94)
        at java.base/java.net.Socket.bind(Socket.java:682)
        at java.base/java.net.Socket.<init>(Socket.java:506)
        at java.base/java.net.Socket.<init>(Socket.java:403)
        at Main.main(Main.java:137)

Последняя битва нам предстоит со спецификацией TCP/IP. На данный момент мы зафиксировали адрес сервера, порт сервера и IP-адрес клиента. При этом у нас остаётся лишь 16 бит свободы, то есть мы можем открыть только 65 тысяч соединений.

Нашему эксперименту этого совершенно недостаточно. Мы не можем поменять ни IP сервера, ни порт сервера, потому что это проблема, которую мы исследуем в этом эксперименте. Остаётся возможность изменить IP клиента, что даёт нам доступ ещё к 32 битам. В результате мы обойдём ограничение, консервативно присваивая клиентский IP-адрес для каждых 5000 клиентских подключений. Ту же технику использовали в эксперименте с Phoenix.

В bigSur 11.4 можно добавить серию фальшивых адресов замыкания на себя (loopback address) следующей командой:

for i in `seq 0 200`; do sudo ifconfig lo0 alias 10.0.0.$i/8 up  ; done

Чтобы протестировать работу IP-адресов, их можно попинговать:

for i in `seq 0 200`; do ping -c 1 10.0.0.$i  ; done

Чтобы удалить, используем такую команду:

for i in `seq 0 200`; do sudo ifconfig lo0 alias 10.0.0.$i  ; done

В Ubuntu 20.04 вместо этого потребуется использовать инструмент ip:

for i in `seq 0 200`; do sudo ip addr add 10.0.0.$i/8 dev lo; done

Чтобы удалить, используем команду:

for i in `seq 0 200`; do sudo ip addr del 10.0.0.$i/8 dev lo; done

Результаты

На Mac мне удалось достигнуть 80000 соединений. Однако спустя несколько минут после завершения эксперимента мой бедный Mac каждый раз загадочным образом вылетал без отчётов о сбое в /Library/Logs/DiagnosticReports, поэтому я не смог диагностировать, что случилось.

Буферы TCP отправки и получения на моём Mac имеют размер 131072 байта:

sysctl net | grep tcp | grep -E '(recv)|(send)'
net.inet.tcp.sendspace: 131072
net.inet.tcp.recvspace: 131072

Поэтому, возможно, это произошло из-за того, что я использовал 80000 подключений *131072 байт на буфер * 2 буфера ввода и вывода * 2 клиентских и серверных подключения байт, что равно примерно 39 ГБ виртуальной памяти. Или, может быть, Mac OS не нравится, что я использую 80000*2*2=320000 дескрипторов файлов. К сожалению, я незнаком с отладкой на Mac без отчётов о сбоях, поэтому если кто-то знает информацию по теме, напишите мне.

В Linux мне удалось достичь 840000 подключений! Однако в процессе проведения эксперимента для регистрации перемещения мыши по экрану требовалось несколько секунд. При увеличении количества подключений Linux начинал зависать и переставал реагировать.

Чтобы понять, какой ресурс вызывает проблемы, я воспользовался sysstat. Посмотреть на сгенерированные sysstat графики можно здесь.

Чтобы sysstat фиксировал статистику по всему оборудованию, а затем генерировал графики, я использовал такую команду:

sar -o out.840000.sar -A 1 3600 2>&1 > /dev/null  &
sadf -g  out.840000.sar -- -w -r -u -n SOCK -n TCP -B -S -W > out.840000.svg

Любопытные факты:

  • MBmemfree показывал меньше всего памяти, 96 МБ;
  • MBavail показывал 1587 МБ;
  • MBmemused показывал всего 1602 МБ (19,6% от моих 8 ГБ);
  • MBswpused на пике показывал 1086 МБ (несмотря на то, что свободная память ещё была);
  • 1680483 сокета (840 тысяч серверных сокетов и 840 тысяч клиентских подключений плюс то, что работало на моём десктопе);
  • Спустя несколько секунд после начала эксперимента операционная система решила задействовать swap, хотя у меня ещё была память.

Чтобы определить стандартный размер буферов отправки и получения в Linux, можно использовать такую команду:

# минимальное, стандартное и максимальное значения размера памяти (в байтах)
cat /proc/sys/net/ipv4/tcp_rmem
4096    131072  6291456
cat /proc/sys/net/ipv4/tcp_wmem
4096    16384   4194304

sysctl net.ipv4.tcp_rmem
net.ipv4.tcp_rmem = 4096        131072  6291456
sysctl net.ipv4.tcp_wmem
net.ipv4.tcp_wmem = 4096        16384   4194304

Для поддержания всех подключений мне бы потребовалось 247 ГБ виртуальной памяти!

131072 байта для получения
16384 для записи
(131072+16384)*2*840000
=247 ГБ виртуальной памяти

Я подозреваю, что буферы запрашивались, но поскольку из каждого нужно всего по 4 байта, использовалась лишь небольшая доля буферов. Даже если бы загрузил 1 страницу памяти, потому что мне нужно записать лишь 4 байта для записи integer в буфер:

getconf PAGESIZE
4096

Размер страницы 4096 байт
(4096+4096)*2*840000
=13 ГБ


то использовалось бы 13 ГБ, задействуя 2*840000 страниц памяти. Понятия не имею, как всё это работает без сбоев! Однако мне вполне хватает 840000 одновременных подключений.

Вы можете улучшить мой результат, если у вас есть больше памяти или вы ещё сильнее оптимизируете параметры операционной системы, например, уменьшив размеры буферов TCP.

Итоги

  1. Фреймворку Phoenix удалось достичь 2 000 000 подключений.
  2. WhatsApp удалось достичь 2 000 000 подключений.
  3. Теоретический предел примерно равен 1 квадриллиону (1 000 000 000 000 000).
  4. У вас закончатся исходные порты (всего 216).
  5. Это можно исправить, добавив клиентские IP-адреса замыкания на себя.
  6. У вас закончатся дескрипторы файлов.
  7. Это можно исправить, изменив ограничения на дескрипторы файлов операционной системы.
  8. Java тоже ограничит количество дескрипторов файлов.
  9. Это можно исправить, добавив аргумент JVM -XX:MaxFDLimit.
  10. На моём Mac с 16 ГБ практический предел составил 80 000 подключений.
  11. На моём Linux-десктопе с 8 ГБ практический предел составил 840 000 подключений.
Источник

Quick Definition of TCP: Transmission Control Protocol (TCP) is a global communication standard that devices use to reliably transmit data. TCP is defined by being connection-oriented, which means that both the client and the server have to be established before the data gets sent. This means the data is reliable, ordered and error-checked in transit. It is one of the main protocols of the Internet protocol suite — and the entire suite is often referred to as TCP/IP.

Quick Definition of TCP Ports: A «port» is a logical distinction in computer networking. Ports are numbered and used as global standards to identify specific processes or types of network services.

Much like before shipping something to a foreign country, you’d agree where you’d be shipping out of and where you’d have it arriving, TCP ports allow for standardized communication between devices. One device can receive information for many different processes and services, and which port the information flows on helps to keep it organized.

An Overview of TCP Ports [VIDEO]

In this video, Tim Warner covers what TCP ports are as well as where and how TCP port numbers are used. He further describes how you can use the netstat command-line tool to find port use information. He also explains how, on Windows computers, you can use a free GUI-based tool called TCPView to better view and work with this information.

How Do TCP and TCP Ports Work?

Transmission Control Protocol is a key component of the TCP/IP protocol stack. TCP is a connection-oriented protocol that requires a connection or a circuit between the source sending computer and the destination one. TCP is one of the two main ways to transmit data in a TCP/IP network. UDP, which is a best-effort connectionless protocol, is the other one.

For devices to communicate via TCP, they use TCP ports. Generally, a TCP port represents an application or service-specific endpoint identifier.

Think of opening a web browser. When you type in «CBTNuggets.com», your browser translates that to «http://www.cbtnuggets.com». And with that, you’re specifying the hypertext transfer protocol — and hopefully, you get the page without issue. That happens because CBT Nuggets’ web server aka its HTTP server is listening for incoming connections on a particular port address.

The well-known port for HTTP is 80. By contrast, you might download some software from ftp.microsoft.com, their FTP server is going to be listening on the well-known Port 23. And so forth. Protip: If you’re planning to earn an IT certification exam, you may need to have many of the most common TCP ports memorized.

How Many TCP Ports are There?

A TCP port is a 16-bit, unsigned value, so there’s a finite number of TCP ports available in the world. Specifically, there are 65,535 available TCP ports.

You’ve probably heard that the world is moving from IPv4 to IPv6 due to address depletion. It’s also entirely likely that the time will come when we’ll have to expand the port range to accommodate additional services.

That said, the first 1,024 TCP ports are called well-known port numbers, and they’re agreed upon among technology vendors. So if you and I were to go into business and sell a really nice FTP client software, we’d agree to work with the standard, well-known FTP port numbers.

How Do Sockets Work with TCP Connections?

A socket allows for a connection to another system that’s already running some TCP server software. A socket takes a combination of an IP address and a port number. That means a single host can host multiple instances of the same service by using different port numbers.

For instance, we can set up a web server that has «Site 1» listening on the default port of 80 and another web server. That is to say another website on the same server with the same IP address, «Site 2», but listening on Port 8080.

Where and How Do We Use Port Numbers?

One place is during server application configuration. Enterprise apps like Oracle, SQL, SharePoint, all require you to set up services on discrete port numbers. Which is also why working with your network administrator to allow for that traffic to flow on those port IDs are important. Firewalls monitor ports to keep systems secure.

Service addressing is another way to use port numbers. Once we install our enterprise application, we advertise the service using, generally speaking, a hostname and the port number. For example, «http://cbtnuggets:1988». We wouldn’t have to do that if it were a well-known port. If it’s well known, we can leave it off.

We use port numbers for troubleshooting purposes. Specifically, we can troubleshoot malware and identify rogue processes.

Firewall configuration often uses rules that denote both aspects of a socket. You might create allowances or traffic blocks based on IP addresses, port numbers, or both.

How to View TCP Connections on Your Machine

Regardless of your OS, you can always get to the netstat command line tool, although the specific parameters you use will depend on your OS. In Windows, start with a command prompt and type:

This will output a table of all current TCP connections on the system. Unfortunately, you can’t do all that much besides looking at it.

There’s another option, though, and that’s to type:

This outputs a lot more data that’s much more useful. This includes all the parameters.

What’s a Good Tool for Viewing TCP Information?

If you’re working on a Windows machine, TCPView.exe is strongly recommended. A Microsoft property now, it was originally developed by Mark Russinovich. There’s also a command line version of the tool called TCPVcon that’s also free.

What’s great about TCPView is its graphical interface. And the interface is more than just a netstat query on steroids, there’s a lot of context and information in its interface.

Running TCPView, you may discover that you have quite a lot more running on your system in terms of remote connections than you might have otherwise been aware. That’s one of the reasons TCPView is an excellent way to diagnose rogue processes. It could be a trojan horse, some sort of backdoor administrative application that phones home. You can easily identify those tools, by taking a look.

Don’t be surprised if you see many applications running with processes going like Outlook, Chrome, or Dropbox. If you right-click one of these items that’s listed, you’ll get a specific ID of the image or the executable program that’s running. You can also end the process — terminate it from there — by right-clicking and pressing «close application». You can right-click a process and do a WHOIS lookup. There’s a lot of good things to do in TCPView and you should play around with it.

The bottom line with TCPView is that by using it you can see that for each process that you have running on your system, you can see at a glance if it’s TCP or UDP. And you can see the local and remote port. You’ll see that UDP doesn’t have remote ports, that’s because UDP is a connectionless protocol and doesn’t require an end-to-end circuit like TCP does. Which is why TCP tells us on this interface where we’re connected, both locally and to a remote system.

Wrapping Up

TCP is an important concept for any network professional to understand. It’s one of the tools that has made our modern digital age possible. All this information about understanding TCP/IP lends itself to learning much more about IT professions. If you’re looking for more detail, check out our CompTIA A+ training.

Источник
Порт (TCP/UDP)

Сетевой порт — параметр протоколов UDP, определяющий назначение пакетов данных в формате

Это условное число от 0 до 65535, позволяющие различным программам, выполняемым на одном хосте, получать данные независимо друг от друга (предоставляют так называемые сетевые сервисы). Каждая программа обрабатывает данные, поступающие на определённый порт (иногда говорят, что программа «слушает» этот номер порта).

Обычно за некоторыми распространёнными сетевыми протоколами закреплены стандартные номера портов (например, веб-серверы обычно принимают данные по протоколу TCP-порт 80), хотя в большинстве случаев программа может использовать любой порт.

Содержание

  • 1 Номера портов
    • 1.1 Краткий список номеров портов
  • 2 Порты отправителя и получателя
  • 3 Использование портов для различных кодировок
  • 4 Ссылки
  • 5 Примечания

Номера портов

Порты TCP не пересекаются с портами UDP. То есть, порт 1234 протокола TCP не будет мешать обмену по UDP через порт 1234.

Ряд номеров портов стандартизован (см. Список портов TCP и UDP). Список поддерживается некоммерческой организацией операционных систем прослушивание портов с номерами 0—1023 (почти все из которых зарегистрированы) требует особых привилегий. Каждый из остальных портов может быть захвачен первым запросившим его процессом. Однако, зарегистрировано номеров намного больше, чем 1023.

Краткий список номеров портов

Подразумевается использование протокола TCP там, где не оговорено иное.

Порты отправителя и получателя

На самом деле, TCP- или UDP-пакеты всегда содержат два поля номера порта: отправителя и получателя. Тип обслуживающей программы определяется портом получателя поступающих запросов, и этот же номер является портом отправителя ответов. «Обратный» порт (порт отправителя запросов, он же порт получателя ответов) при подключении по TCP определяется клиентом произвольно (хотя номера меньше 1024 и уже занятых портов не назначаются), и для пользователя интереса не представляет. Использование обратных номеров портов в UDP зависит от реализации.

Использование портов для различных кодировок

Разные порты веб-сервера могут использоваться для поддержки различных кодировок текста, отправляемого браузеру посетителя. При этом по стандартному порту (80) находится сплеш-скрин с выбором кодировки, перенаправляющий в зависимости от кодировки на различные порты того же самого хоста. [1]

Эта технология в настоящее время практически не применяется для веб-сайтов в связи с развитием поддержки кодировок в браузерах. У многих

Ссылки

Список портов TCP и UDP

Примечания

  1. Использование разных портов для разных кодировок

Wikimedia Foundation.
2010.

Полезное

Смотреть что такое «Порт (TCP/UDP)» в других словарях:

  • Порт (TCP/IP) — У этого термина существуют и другие значения, см. Порт (значения). В протоколах TCP и UDP (семейства TCP/IP) порт  идентифицируемый номером системный ресурс, выделяемый приложению, выполняемому на некотором сетевом хосте, для связи с… …   Википедия

  • Зарезервированные порты TCP/UDP — Для системных и некоторых популярных программ выделены общепринятые порты с номерами от 0 до 1023, называемые привилегированными или зарезервированными. Порты с номерами 1024 49151 называются зарегистрированными портами. Порты с номерами 1024… …   Википедия

  • UDP — Название: User Datagram Protocol Уровень (по модели OSI): Транспортный Семейство: TCP/IP (иногда называют UDP/IP) Порт/ID: 17 (в IP) Спецификация: RFC 768 / STD 6 Основ …   Википедия

  • TCP/IP — Стек протоколов TCP/IP (англ. Transmission Control Protocol/Internet Protocol)  набор сетевых протоколов разных уровней модели сетевого взаимодействия DOD, используемых в сетях. Протоколы работают друг с другом в стеке (англ. stack, стопка)… …   Википедия

  • TCP — Название: Transport Control Protocol Уровень (по модели OSI): Транспортный Семейство: TCP/IP Порт/ID: 6/IP Спецификация: RFC 793 / STD 7 Основные реализации …   Википедия

  • UDP-пакет — UDP Название: User Datagram Protocol Уровень (по модели OSI): Транспортный Семейство: TCP/IP (иногда называют UDP/IP) Порт/ID: 17 (в IP) Спецификация: RFC 768 / STD 6 Основные реализации (клиенты): Ядро Windows, Linux, UNIX …   Википедия

  • Udp — Название: User Datagram Protocol Уровень (по модели OSI): Транспортный Семейство: TCP/IP (иногда называют UDP/IP) Порт/ID: 17 (в IP) Спецификация: RFC 768 / STD 6 Основные реализации (клиенты): Ядро Windows, Linux, UNIX …   Википедия

  • Tcp — Название: Transmission Control Protocol Уровень (по модели OSI): Транспортный Семейство: TCP/IP Порт/ID: 6/IP Спецификация: RFC 793 / STD 7 Основные реализации: Linux, Windows Расширяемость …   Википедия

  • Порт (значения) — Порт: В Викисловаре есть статья «порт» Порт (лат. portus  «гавань», «пристань») …   Википедия

  • TCP-порт — Сетевой порт параметр протоколов UDP, определяющий назначение пакетов данных в формате Это условное число от 0 до 65535, позволяющие различным программам, выполняемым на одном хосте, получать данные независимо друг от друга (предоставляют так… …   Википедия

Источник

Порт (port) — натуральное число, записываемое в заголовках протоколов транспортного уровня модели OSI (TCP, UDP, SCTP, DCCP).

Номера портов разделены на три диапазона: стандартные, зарегистрированные и динамические или частные:

Подробнее Справочник портов TCP, UDP, типы ICMP — с 0 по 1023

В стеке TCP/IP определены 4 уровня.

Для протокола TCP порт с номером 0 зарезервирован и не может использоваться. Для протокола UDP указание порта процесса-отправителя («обратного» порта) не является обязательным, и порт с номером 0 означает отсутствие порта. Таким образом, номер порта — число в диапазоне от 1 до 216-1=65 535.

Чтобы установить соединение между двумя процессами на разных компьютерах сети, необходимо знать не только интернет-адреса компьютеров, но и номера тех ТСР-портов (sockets), которые процессы используют на этих компьютерах. Любое TCP-соединение в сети Интернет однозначно идентифицируется двумя IP-адресами и двумя номерами ТСР-портов.

Протокол TCP умеет работать с поврежденными, потерянными, дублированными или поступившими с нарушением порядка следования пакетами. Это достигается благодаря механизму присвоения каждому передаваемому пакету порядкового номера и механизму проверки получения пакетов.

Когда протокол TCP передает сегмент данных, копия этих данных помещается в очередь повтора передачи и запускается таймер ожидания подтверждения.

Активные TCP соединения с интернетом (w/o servers) 

# netstat -nt
Proto Recv-Q Send-Q Local Address Foreign Address State      
tcp        0      0 192.26.95.251:56981     10.161.85.55:22        ESTABLISHED
tcp        0      0 10.26.95.251:44596      10.26.95.226:2193       ESTABLISHED

Для сокетов TCP допустимы следующие значения состояния:

TCP RST – это сегмент TCP (обратите внимание, что TCP посылает сообщения сегментами, а НЕ пакетами, что часто неправильно употребляется в среде сетевых администраторов), который показывает, что с соединением что-то не так. RST посылается в следующих случаях:

Читайте также

Источник

  • Максимальный номер в волейболе
  • Максимальное разрешение экрана телефона
  • Максимальное разрешение камеры на телефоне
  • Максимальное количество цифр в номере телефона
  • Максимальное количество оперативной памяти в телефоне