Tcphdr

tcphdr is a struct (structure) in the C programming language. The tcphdr struct is used as a template to form a TCP header in a raw socket. The structure can be found in the default include files of most Unix distributions. It is most commonly located in the "" header file. The tcphdr struct is unique in that it was written in two different formats, a BSD format and a Linux format. If you have a hybrid Linux/BSD header file, to use the BSD format, add "#define __USE_BSD" at the very top of your definitions and "#define __FAVOR_BSD" directly before the line "#include " (otherwise the format will default to Linux).

Definition

Linux Format

struct tcphdr { unsigned short source; unsigned short dest; unsigned long seq; unsigned long ack_seq; unsigned short doff:4; unsigned char flags; unsigned short window; unsigned short check; unsigned short urg_ptr;};

BSD Format

struct tcphdr { u_short th_sport; u_short th_dport; tcp_seq th_seq; tcp_seq th_ack; u_int th_x2:4, th_off:4; u_char th_flags; u_short th_win; u_short th_sum; u_short th_urp; };

Fields

u_short th_sport unsigned short sourceThe source port. u_short th_dport unsigned short dest;The destination port. tcp_seq th_seq unsigned long seqThe sequence number is used to enumerate the TCP segments. The data in a TCP connection can be contained in any amount of segments (=single tcp datagrams), which will be put in order and acknowledged. For example, if you send 3 segments, each containing 32 bytes of data, the first sequence would be (N+)1, the second one (N+)33 and the third one (N+)65. "N+" because the initial sequence is random. tcp_seq th_ack unsigned long ack_seqEvery packet that is sent and a valid part of a connection is acknowledged with an empty TCP segment with the ACK flag set (see below), and the th_ack field containing the previous th_seq number. u_int th_x2Variable in 4 byte blocks. The x2 variable is deprecated, it should be set to all binary zeros.

u_int th_off unsigned short doffThe segment offset specifies the length of the TCP header in 32bit/4byte blocks. Without tcp header options, the value is 5.

u_char th_flags unsigned char flagsThis field consists of six binary flags. Using bsd headers, they can be combined like this: th_flags = FLAG1 | FLAG2 | FLAG3...:TH_URG: Urgent. Segment will be routed faster, used for termination of a connection or to stop processes (using telnet protocol).:TH_ACK: Acknowledgement. Used to acknowledge data and in the second and third stage of a TCP connection initiation (see IV.).:TH_PUSH: Push. The systems IP stack will not buffer the segment and forward it to the application immediately (mostly used with telnet).:TH_RST: Reset. Tells the peer that the connection has been terminated.:TH_SYN: Synchronization. A segment with the SYN flag set indicates that client wants to initiate a new connection to the destination port.:TH_FIN: Final. The connection should be closed, the peer is supposed to answer with one last segment with the FIN flag set as well. u_short th_win unsigned short windowThe TCP window - the amount of bytes that can be sent before the data should be acknowledged with an ACK before sending more segments. u_short th_sum unsigned short checkThe checksum of pseudo header, tcp header and payload. The pseudo is a structure containing IP source and destination address, 1 byte set to zero, the protocol (1 byte with a decimal value of 6), and 2 bytes (unsigned short) containing the total length of the tcp segment. u_short th_urp unsigned short urg_ptrUrgent pointer. Only used if the urgent flag is set, else zero. It points to the end of the payload data that should be sent with priority.

See also

*ip (struct)