Transmission Control Protocol (TCP)
= ("[Wikipedia](" + wikipedia + ")")
= this.desc
TCP (Transport Control Protocol)🔗
- usually used for three-way handshake
SYN - SYN, ACK - ACK - session can be ended with
FIN, not always acknowledged for efficiency - TCP reset is being abused to end session
Window Size
- used to stream control
- 16 bits in header -> max. size 65535, but window scaling can be used to negotiate a larger size through a multiplier (up to x8)
- missing window scaling info hints at old hardware (Win XP or so) or suspicious port-scanning
- window size 0 usually means busy, don’t send for a moment