TCP Options

TCP header size varies in the range of 20 to 60 bytes, where 40 bytes is because of option fields which is located at the end of the TCP header.

TCP options are:

  • MSS: Maximum segment size of 4 bytes
  • Window scaling of 3 bytes
  • SACK:Selective Acknowledgment of 2 bytes
  • Timestamp of 10 bytes
  • NOP: No options of 1 byte

MSS: Maximum segment size(4 bytes):

  • Maximum segment size is the maximum size of data, computed in bytes which can be transmitted in one go. Segments are nothing but collection of bytes so maximum number of data bytes which can fit in one segment.
  • It is just the data/payload which is received from the above application, it does not include TCP or IP header and occupies 4 bytes.
untitled image

Thus MTU = MSS + TCP header + IP Header

MTU = 1460 + 20 + 20

MTU = 1500 bytes.

Thus MSS value is chosen such that it not crosses the value of MTU.

The default value of MSS,that is if the option field is not used is 536 bytes so MTU is 536 + 40 = 576 bytes.

  • Choosing the value of MSS: If the value of MSS(data payload) is too small then it would be overhead as we just 1 bytes data + 40 bytes header. So the bandwidth is not used to maximum.
  • If the value of MSS is very large, then the packet need to be fragmented as it may exceed the MTU value. Fragmentation involves good amount of CPU cycle for reassembly and also some packets may be lost.
  • Thus MSS should be chosen with utmost care.

Window Scaling(10 bytes):

  • TCP size of window is 16 bits so the maximum number of bytes which can be transmitted, before an acknowledgement is received is 65535 bytes (64kb).


Receiver window size = 65535 bytes

MSS = 1460

MTU = 1500 (MSS + 20 + 20)

Total number of segments to carry these data is : Window_size / MTU

65535 / 1500 = 4369

  • So this buffer size is too small, when need want to express ‘window size’ values using numbers in the range of thousand to millions e.g 400,000 or 950,000 as in the case of WAN link which has very high latency and packets take some time to reach at the destination.
  • Due to high latency, host would stop transmitting data since there are 64kb of data has been sent and they are not yet been acknowledged leading the CPU cycle wastage. To avoid such scenarios, window scaling is required which improves the performance in such cases.
  • Because of large window size, some packet would have already reached the destination and send the ACK( so window will slide and make way for next bytes), while sender smoothly continues to send data.
  • This is addition of another 14 bits to previous 16 bits, so total of 30 bits and is advertised during 3-way handshake that is during SYN and SYN+ACK.
  • Maximum scaling factor allowed is 14 that is 2^30 bytes(a little over 1GB)

Selective Acknowledgement(SACK-2 bytes):

  • TCP header has a ACK flag and a field called acknowledgment number. If the ACK flag is set, confirms that the data has been received by the receiver and the acknowledgment number states the sequence number of next data expected by the receiver.
  • In case of TCP, acknowledgement number is not send for each bytes as it may lead to network congestion, rather there is a cumulative acknowledgment.
  • In case of cumulative acknowledgement, ack is not send for each bytes rather for a group of bytes at once.

For example:

If the ack number happens to be 1000, this does not indicate that this ack is for data of sequence number 1000, rather it states that all the bytes before 1000(0-999) has been received successfully by the receiver and next expected byte should be of sequence number 1000. This is the basic of cumulative acknowledgement.

Problem with cumulative acknowledgement:

This works well if there is no data loss in bits n pieces that is having multiple packet loss. But if there are many packets loss, there occurs a problem of duplicate ack, which again lead to network congestion and under utilization of bandwidth.


  • Sender has a window size of 10 and sends a frame with these sequence number to server.
  • Server receives all of these packet except for bytes with sequence number 4, that 0-3 and 5-9 are received.
  • Thus receiver send a frame with ACK flag set and acknowledgment number 4
  • Because of cumulative acknowledgement, sender would think that receiver only received frame with 0-3, so it would re transmit all the frames from 4 onward, which is not true.
  • In the case of packet loss, the receiver would send a duplicate ACK with ack no 4, so that sender would re transmit the data, but this would also re transmit the bytes which has already been received is a waste of time and causes network congestion

This is where SACK comes into picture and it only sends the data which was lost and never reached to the receiver. In return, this improves the network’s performance , as fewer packets being transmitted means more efficient use of bandwidth.

The SACK-Permitted option, is only present during the 3-way handshake which is like of negotiation between sender and receiver in support of SACK.

Execution of SACK process:

  • Sender sends 10 segment, each of 100 bytes of data, to a receiver starting with sequence number 1000.
  • The receiver receives segments 1 through 4 and 6 through 10.
  • So there is complete loss of segment 5, ranging from 1400 to 1499.
  • Thus the receiver sends a TCP ACK segment with SACK option specifying a left edge of 1400 and right edge of 1499.
  • The sender then transmits the 5th segment back to the receiver all by self.
  • The receiver receives the 5th segment and sends the acknowledgement packet to the sender informing all the packets have now been received.

SACK Negotiation PCAP:

untitled image


untitled image

SACK is important because it allows for a more robust packet retransmission, allowing the sender to be notified of what pieces of data made it to the receiver when there is packet loss. This promotes less network congestion and better handling of packets, thus allowing a faster rate of data delivery. It occupies 2 bytes.

Timestamp(10 bytes(4 +4 +2) ):

This is used for two purpose:

  • RTTM( Round Trip Time Measurement)
  • PAWS( Protection against wrapped Sequence number)

RTTM( Round Trip Time Measurement)

  • This will help to determine accurately how long the TCP should wait before retransmitting the segment that has not been acknowledged.
  • This is set during the 3-way handshake that is SYN and SYN+ACK and done by including a current timestamp value in Timestamp variable TSval in each segment that is sent and Timestamp Echo Reply value(TSecr) set to 0.
  • Same TSval values are echoed back by the receiver in Timestamp Echo reply TSecr. So, when a ACK segment is received, the sender of the segment can simply subtract the TSecr from the current timestamp to get the accurate round trip Time(RTT) measurement.

Protection against wrapped Sequence number(PAWS)

Timestamp field is also used to discard the packet from the old connection which is received late.

The basic idea is that a segment can be discarded as an old duplicate if it is received with a timestamp TSval less than some timestamp recently received on this connection.

This is called protection against wrapped Sequence number.The sequence number field in TCP is only 32-bits, so after 2^32 bytes have been transmitted, the sequence number wraps around back to the beginning( that is new connection has started).


This is used for padding the TCP header to make it multiple of 4.

Header length(HLEN) field in TCP header is 4 bits that is value can range from 0 – 15

but the total length of the TCP header varies from 20 – 60

So the total length = HLEN * 4 Hence to make TCP header, multiple of 4, NOP field is used.


Mandatory header length = 20

SACK = 2

So here 2 NOP of 1 bytes each is added to make it 24, that is multiple of 4.

Categories: Networking

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: