Understanding the TCP Header: A Deep Dive into Its Fields

When you send or receive data over the internet, the Transmission Control Protocol (TCP) ensures that every byte reaches its destination reliably and in order. TCP achieves this reliability through a well-defined header that accompanies each segment of data.

In this post, we’ll explore each field of the TCP header — its size, purpose, and role in connection management and data delivery.

TCP Header Overview

A standard TCP header is 20 bytes, but can extend up to 60 bytes if TCP Options are present. Below is a simplified layout:

TCP Header Structure Overview

Every TCP segment begins with a header — a structured set of fields that help in managing connections, sequencing data, and ensuring reliable transmission.

Here’s a breakdown of the standard TCP header fields:

Field	Size (bytes)	Description
Source Port	2	Identifies the sender’s port number. This helps the receiver know which application or service on the sender’s side initiated the communication.
Destination Port	2	Specifies the receiver’s port number. This determines which process or service on the receiving host should handle the data (e.g., port 80 for HTTP, port 443 for HTTPS).
Sequence Number	4	Indicates the position of the first byte of data in this segment within the overall byte stream. Essential for reliable, ordered delivery.
Acknowledgment Number	4	Represents the next byte expected from the sender. Used by the ACK mechanism to confirm successful receipt of previous bytes.
Data Offset + Reserved + Flags	2	The Data Offset specifies where the data begins (i.e., the header length). The Flags include control bits like SYN, ACK, FIN, RST, PSH, and URG, which manage connection setup, teardown, and data flow.
Window Size	2	A key part of flow control. It indicates how many bytes the receiver is currently able to accept, helping prevent buffer overflow.
Checksum	2	Used for error detection. This 16-bit checksum covers both the TCP header and data, ensuring that the segment hasn’t been corrupted in transit.
Urgent Pointer	2	Used when the URG flag is set. It points to the last byte of urgent data in the segment. Although part of the TCP standard, it’s rarely used in modern applications.

How These Fields Work Together

• Each TCP header field serves a specific purpose, but together they create a robust and adaptive communication channel. For example:
• Sequence and Acknowledgment Numbers ensure reliable and ordered delivery of data.
• Window Size dynamically manages the flow of data between sender and receiver.
• Flags coordinate connection setup (SYN), data transfer (ACK/PSH), and teardown (FIN/RST).
• Checksum adds a layer of integrity checking across networks.

Data Offset + Reserved + Flags (2 bytes / 16 bits)

This 16-bit field controls how to interpret the segment and what action to take in the TCP connection.

1. Data Offset (4 bits)

• Defines the length of the TCP header in 32-bit words.
• Minimum value is 5 (20 bytes header without options).
• Maximum value is 15 (60 bytes header including options).
• Tells the receiver where the payload begins within the segment.

2. Reserved (6 bits)

• Reserved for future use.
• Must always be set to zero when sending and ignored on receipt.
• Ensures forward compatibility for future TCP extensions.

3. Control Flags (6 bits)

These 6 control bits define the state and purpose of the TCP segment:

 

Flag	Meaning
URG	Urgent Pointer field is valid — indicates urgent data.
ACK	Acknowledgment field is valid — confirms receipt of data.
PSH	Push Function — deliver data immediately to the application.
RST	Reset — aborts the connection due to error or invalid state.
SYN	Synchronize — initiates a connection and synchronizes sequence numbers.
FIN	Finish — requests graceful connection termination.

🔹 Later RFCs (like RFC 3168) introduced additional bits (ECE, CWR, NS) by repurposing some of the reserved bits — which is why modern diagrams often show 9 flag bits instead of 6. But the base RFC 793 layout you quoted (4 + 6 + 6) is the original and still core design. 

🔍 Checksum (2 bytes)

• The Checksum verifies the integrity of both TCP header and data.
• Calculated using 1’s complement arithmetic over:
• The TCP header
• The TCP payload
• A pseudo-header from IP (source/destination IP, protocol number, segment length)
• The receiver recomputes the same checksum — if it doesn’t match, the segment is discarded.
• Ensures detection of transmission errors and corruption.

⚡ Urgent Pointer (2 bytes)

• Used only when the URG flag = 1.
• Indicates the end position of urgent data within the segment (relative to the sequence number).
• Tells the receiver to process that portion immediately, even if normal buffering applies.
• Historically used in interactive protocols (e.g., Telnet’s Ctrl+C), but rarely used today.

TCP Header: 20 to 60 Bytes Explained

Base Header = 20 bytes

The minimum TCP header size is 20 bytes — these 20 bytes are fixed fields that are always present in every TCP segment.

Here’s how those 20 bytes break down:

Field	Size (bytes)	Description
Source Port	2	Sender’s port number
Destination Port	2	Receiver’s port number
Sequence Number	4	Position of first byte in this segment
Acknowledgment Number	4	Next byte expected (ACK mechanism)
Data Offset + Reserved + Flags	2	Data offset (header length), control bits (SYN, ACK, FIN, etc.)
Window Size	2	Flow control: how many bytes receiver can accept
Checksum	2	Error detection for header + data
Urgent Pointer	2	Used if URG flag is set (rarely used)

Total = 2 + 2 + 4 + 4 + 2 + 2 + 2 + 2 = 20 bytes

These fields form the core TCP control and flow mechanism.

Options Area (Variable Length, up to 40 bytes)

TCP can include optional fields for additional capabilities — these go after the fixed 20 bytes.

·       Options length = (Data Offset × 4) − 20

·       Since Data Offset is 4 bits and can go up to 15 →
15 × 4 = 60 bytes total header length

·       Thus: Maximum Options = 60 − 20 = 40 bytes

Common TCP Options include:

Option	Typical Length	Purpose
MSS (Maximum Segment Size)	4 bytes	Tells max payload size sender can accept
SACK Permitted	2 bytes	Enables Selective Acknowledgment
Timestamp (TSopt)	10 bytes	Helps with RTT measurement, PAWS
NOP (No-Operation)	1 byte	Padding/Alignment filler
Window Scale (WS)	3 bytes	Expands receive window beyond 64KB

Let’s visualize it:

Examples:

Packet Type	TCP Options	Total Header Length
Simple ACK (no options)	None	20 bytes
SYN (with MSS, WS, SACK, TS)	~32 bytes of options	52 bytes
SYN-ACK (with same options)	~40 bytes of options	60 bytes

 TCP Header Structure (20–60 Bytes Total)

Section	Bytes	Description
Fixed Header	20 bytes	Always present (core TCP fields)
Options Area	0–40 bytes	Optional extensions (MSS, WS, SACK, TS, etc.)
Total Header Length	20–60 bytes	Determined by Data Offset field (in 32-bit words)

• Every TCP segment has a 20-byte fixed header. 
• TCP Options add up to 40 bytes, used during the handshake or feature negotiation. 
• Data Offset field in the header tells how long the total header is (e.g., 5 = 20 bytes, 15 = 60 bytes). 
• The options section is the key region for TCP/IP fingerprinting since it reflects OS-specific patterns.

·    Example SYN Packet with Options (≈52 bytes total)

 

TCP Header Length Must Be a Multiple of 4 Bytes

·       The “Data Offset” field in the TCP header (4 bits) specifies the header length in 32-bit words (i.e., multiples of 4 bytes).

·       Example:

o   Data Offset = 5 → 5 × 4 = 20 bytes (no options)

o   Data Offset = 11 → 11 × 4 = 44 bytes

So the total TCP header (including options) must always end at a 4-byte boundary.

Why Rounding Is Needed

If your total header + options = 41 bytes, it’s not divisible by 4.

·       41 ÷ 4 = 10.25 → ❌ invalid
So TCP adds NOP (No-Operation) bytes (each = 1 byte) as padding until the header length becomes a multiple of 4.

Example Calculation

Now, add 3 padding bytes to make it 44 bytes (divisible by 4). If more options are later added (say, an extra timestamp), it might grow to 48 or 52 bytes — always in steps of 4.