TCP Sequence Number is a 4-byte field in the TCP header that indicates the first byte of the outgoing segment. It helps to keep track of how much data has been transferred and received. The TCP Sequence Number field is always set, even when there is no data in the segment.
For example, the sequence number for this packet is X. The length for this packet is Y. If this packet is transferred to another side successfully, then the sequence number for the next packet is X+Y. The sequence number is the first byte of the outgoing segment.
Table of Contents
Purpose of TCP Sequence Number
TCP is a byte-oriented sequencing protocol. Thus, a Sequence Number field is necessary to ensure that missing or misordered packets can be detected and fixed. If data is lost or arrives at the destination out of order, the TCP module is capable of retransmitting or resequencing the data to restore the original order based on the sequence number.
Tip of TCP Sequence Number
TCP supports full-duplex operation, so both client and server will decide on their initial sequence numbers for the connection, even though data may only flow in one direction for that specific connection. We will demonstrate more this with an example.
Check TCP Sequence Number with Tcpdump
At default, tcpdump shows the packets with a relative sequence number. We can use -S option to get the real sequence number.
Command:tcpdump -i any -S port 22
16:05:41.536831 IP 10.79.97.15.61401 > 10.252.8.111.ssh: Flags [S], seq 3739218596, win 65535, options [mss 1350,nop,wscale 6,nop,nop,TS val 968973822 ecr 0,sackOK,eol], length 0
16:05:41.711584 IP 10.252.8.111.ssh > 10.79.97.15.61401: Flags [S.], seq 1322804771, ack 3739218597, win 28960, options [mss 1260,sackOK,TS val 803272772 ecr 968973822,nop,wscale 7], length 0
16:05:41.711656 IP 10.79.97.15.61401 > 10.252.8.111.ssh: Flags [.], ack 1322804772, win 2067, options [nop,nop,TS val 968973997 ecr 803272772], length 0
16:05:41.715127 IP 10.79.97.15.61401 > 10.252.8.111.ssh: Flags [P.], seq 3739218597:3739218618, ack 1322804772, win 2067, options [nop,nop,TS val 968974000 ecr 803272772], length 21
16:05:41.890437 IP 10.252.8.111.ssh > 10.79.97.15.61401: Flags [.], ack 3739218618, win 227, options [nop,nop,TS val 803272951 ecr 968974000], length 0
16:05:41.894555 IP 10.252.8.111.ssh > 10.79.97.15.61401: Flags [P.], seq 1322804772:1322804793, ack 3739218618, win 227, options [nop,nop,TS val 803272956 ecr 968974000], length 21
16:05:41.894610 IP 10.79.97.15.61401 > 10.252.8.111.ssh: Flags [.], ack 1322804793, win 2066, options [nop,nop,TS val 968974178 ecr 803272956], length 0
16:05:41.905007 IP 10.79.97.15.61401 > 10.252.8.111.ssh: Flags [.], seq 3739218618:3739219866, ack 1322804793, win 2066, options [nop,nop,TS val 968974188 ecr 803272956], length 1248
16:05:41.905015 IP 10.79.97.15.61401 > 10.252.8.111.ssh: Flags [P.], seq 3739219866:3739220010, ack 1322804793, win 2066, options [nop,nop,TS val 968974188 ecr 803272956], length 144
16:05:42.071542 IP 10.252.8.111.ssh > 10.79.97.15.61401: Flags [P.], seq 1322804793:1322805553, ack 3739218618, win 227, options [nop,nop,TS val 803273130 ecr 968974178], length 760
16:05:42.071612 IP 10.79.97.15.61401 > 10.252.8.111.ssh: Flags [.], ack 1322805553, win 2054, options [nop,nop,TS val 968974354 ecr 803273130], length 0
Example of TCP Sequence Number
From the above packets, we can see that the sequence number for source: 3739218596 3739218597 3739218618 3739219866
sequence number for destination: 1322804771 1322804772 1322804793
There are 3739219866-3739218596=1270 bytes of data transferred from source to destination and 1322804793-1322804771=22 bytes of data transferred from destination to source.
For the following packet, it has 21 bytes of data (3739218597->739218618). The sequence number is the number of the first byte which should be 3739218597.
16:05:41.715127 IP 10.79.97.15.61401 > 10.252.8.111.ssh: Flags [P.], seq 3739218597:3739218618, ack 1322804772, win 2067, options [nop,nop,TS val 968974000 ecr 803272772], length 21
TCP Sequence Number for Ack segment
As we said at the beginning, every segment has a sequence number. But in the above examples, we can see that some packets don’t have sequence numbers. That is because they are ack segments.
Note that the ACK segment does not consume any sequence numbers if it does not carry data. An ACK segment, if carrying no data, consumes no sequence number.
- the TCP sequence number is 32 bits long
- the most significant byte of the number is sent first
- TCP sequence numbers count bytes rather than packets
- the sequence number in the header is the sequence number of the first byte in the data
- if there is no data, the sequence number is still set to the sequence number of the next byte that could be sent
- since a TCP connection is bidirectional, a different initial sequence number (ISN) is used in each direction: each peer picks the ISN it will use in sending data
TCP vs UDP – Understanding the Difference
Understanding TCP Socket With Examples