TCP
What is TCP?
TCPA connection-oriented transport protocol (RFC 9293) that delivers an ordered, reliable, congestion-controlled byte stream between two endpoints over IP.
The Transmission Control Protocol, standardized in RFC 9293 (which obsoletes RFC 793), provides reliable, in-order delivery of bytes between two IP endpoints identified by a four-tuple of source/destination IP and port. Connections begin with a three-way handshake (SYN, SYN-ACK, ACK) and end with FIN/FIN-ACK or RST. TCP numbers each byte with a 32-bit sequence number, uses cumulative ACKs and retransmission timers, and runs congestion-control algorithms such as Reno, CUBIC, or BBR. Most application protocols on the modern Internet (HTTP/1.1, HTTPS, SSH, SMTP, IMAP) run over TCP. Security-relevant attacks include SYN floods, RST injection, sequence-number guessing, and off-path hijacking.
● Examples
- 01
An HTTPS request opens TCP to port 443, completes the three-way handshake, then negotiates TLS.
- 02
A SYN flood exhausts a server's half-open connection table by never sending the final ACK.
● Frequently asked questions
What is TCP?
A connection-oriented transport protocol (RFC 9293) that delivers an ordered, reliable, congestion-controlled byte stream between two endpoints over IP. It belongs to the Network Security category of cybersecurity.
What does TCP mean?
A connection-oriented transport protocol (RFC 9293) that delivers an ordered, reliable, congestion-controlled byte stream between two endpoints over IP.
How does TCP work?
The Transmission Control Protocol, standardized in RFC 9293 (which obsoletes RFC 793), provides reliable, in-order delivery of bytes between two IP endpoints identified by a four-tuple of source/destination IP and port. Connections begin with a three-way handshake (SYN, SYN-ACK, ACK) and end with FIN/FIN-ACK or RST. TCP numbers each byte with a 32-bit sequence number, uses cumulative ACKs and retransmission timers, and runs congestion-control algorithms such as Reno, CUBIC, or BBR. Most application protocols on the modern Internet (HTTP/1.1, HTTPS, SSH, SMTP, IMAP) run over TCP. Security-relevant attacks include SYN floods, RST injection, sequence-number guessing, and off-path hijacking.
How do you defend against TCP?
Defences for TCP typically combine technical controls and operational practices, as detailed in the full definition above.
What are other names for TCP?
Common alternative names include: Transmission Control Protocol.
● Related terms
- network-security№ 1136
TCP/IP
The four-layer Internet Protocol Suite that defines how packets are addressed, routed, fragmented, and reliably delivered between hosts across interconnected networks.
- network-security№ 1188
UDP
A connectionless transport protocol (RFC 768) that delivers individual datagrams between ports with minimal overhead but no reliability or ordering guarantees.
- network-security№ 553
IP Address
A numeric identifier assigned to a network interface for routing across IP networks: 32 bits in IPv4 (RFC 791) or 128 bits in IPv6 (RFC 8200).
- network-security№ 1160
TLS Handshake
The initial protocol exchange in Transport Layer Security that authenticates the server (and optionally the client) and derives the symmetric keys used to encrypt the rest of the session.
- attacks№ 555
IP Spoofing
Forging the source IP address of network packets to impersonate another host, bypass filters, or amplify denial-of-service attacks.
- attacks№ 1016
Session Hijacking
An attack that takes over a victim's authenticated session by stealing or forging the session identifier so the attacker can act as the user without their credentials.
● See also
- № 1087SSH
- № 437FTP
- № 1022SFTP
- № 508ICMP
- № 499HTTP/3 / QUIC