Tcphdr
tcphdr is a struct (structure) in the C programming language. The tcphdr struct is used as a template to form a TCP header in a raw socket. The structure can be found in the default include files of most Unix distributions. It is most commonly located in the <netinet/tcp.h> header file. The tcphdr struct is unique in that it was written in two different formats, a BSD format and a Linux format. If you have a hybrid Linux/BSD header file, to use the BSD format, add #define __USE_BSD at the very top of your definitions and #define __FAVOR_BSD directly before the line #include <netinet/tcp.h> (otherwise the format will default to Linux).
Definition
Linux Format
struct tcphdr {
unsigned short source;
unsigned short dest;
unsigned long seq;
unsigned long ack_seq;
unsigned short doff:4;
unsigned char flags;
unsigned short window;
unsigned short check;
unsigned short urg_ptr;
};
BSD Format
struct tcphdr {
u_short th_sport;
u_short th_dport;
tcp_seq th_seq;
tcp_seq th_ack;
u_int th_x2:4,
th_off:4;
u_char th_flags;
u_short th_win;
u_short th_sum;
u_short th_urp;
};
Fields
u_short th_sport
unsigned short source
The source port.
u_short th_dport
The destination port.
tcp_seq th_seq
unsigned long seq
The sequence number is used to enumerate the TCP segments. The data in a TCP connection can be contained in any amount of segments (=single tcp datagrams), which will be put in order and acknowledged. For example, if you send 3 segments, each containing 32 bytes of data, the first sequence would be (N+)1, the second one (N+)33 and the third one (N+)65. "N+" because the initial sequence is random.
tcp_seq th_ack
unsigned long ack_seq
Every packet that is sent and a valid part of a connection is acknowledged with an empty TCP segment with the ACK flag set (see below), and the th_ack field containing the previous the_seq number.
u_int th_x2
Variable in 4 byte blocks. The x2 variable is deprecated, it should be set to all binary zeros.
u_int th_off
unsigned short doff
The segment offset specifies the length of the TCP header in 32bit/4byte blocks. Without tcp header options, the value is 5.
u_char th_flags
unsigned char flags
This field consists of six binary flags. Using bsd headers, they can be combined like this: th_flags = FLAG1 | FLAG2 | FLAG3...
- TH_URG: Urgent. Segment will be routed faster, used for termination of a connection or to stop processes (using telnet protocol).
- TH_ACK: Acknowledgement. Used to acknowledge data and in the second and third stage of a TCP connection initiation (see IV.).
- TH_PUSH: Push. The systems IP stack will not buffer the segment and forward it to the application immediately (mostly used with telnet).
- TH_RST: Reset. Tells the peer that the connection has been terminated.
- TH_SYN: Synchronization. A segment with the SYN flag set indicates that client wants to initiate a new connection to the destination port.
- TH_FIN: Final. The connection should be closed, the peer is supposed to answer with one last segment with the FIN flag set as well.
u_short th_win
unsigned short window
The TCP window - the amount of bytes that can be sent before the data should be acknowledged with an ACK before sending more segments.
u_short th_sum
unsigned short check
The checksum of pseudo header, tcp header and payload. The pseudo is a structure containing IP source and destination address, 1 byte set to zero, the protocol (1 byte with a decimal value of 6), and 2 bytes (unsigned short) containing the total length of the tcp segment.
u_short th_urp
unsigned short urg_ptr
Urgent pointer. Only used if the urgent flag is set, else zero. It points to the end of the payload data that should be sent with priority.
See also
- ip (struct)