Here’s a breakdown of each TCP flag with its purpose and for what’s used.
- SYN (Synchronize) – Initiates a connection between two hosts. It’s the first step in the 3-way handshake, signalling the desire to establish communication.
- ACK (Acknowledgment) – Confirms the receipt of packages. After receiving a packet, a host sends back an ACK to confirm successful delivery.
- FIN (Finish) – Requests the termination of a connection. Both sides must send FIN flags to close the connection properly.
- PSH (Push) – Instructs the receiver to process the data immediately rather than buffering it. Often used in real-time applications where data needs to be processed as it arrives.
- RST (Reset) – It’s used to indicate an immediate termination of the connection. It’s sent by a device to signify something has gone wrong, such as when a connection is refused or abruptly terminated. It can also occur due to security mechanisms or application-level resets.
- URG (Urgent) – Prioritizes certain data in a packet, telling the receiving host to process it immediately. This is rarely used in modern applications but is part of the standard.
- ECE (Explicit Congestion Notification Echo) – Used for network congestion management. If the network supports ECN*, the ECE flag helps manage data flow to avoid congestion.
- CWR (Congestion Window Reduced) – Works with ECE, indicating the sender has reduced its transmission rate due to congestion.
ECN (Explicid Congestion Notification)* – Mechanism within TCP/IP protocol that helps manage network congestion without dropping packages.
How ECN works? When a router detects congestion (buffer nearly full), it marks the IP header of a packet with ECN flag instead of discarding it. Once the packet reaches the receiver, it sees the congestion notification and acknowledges it to the sender. Then the sender, upon receiving the congestion feedback, reduces its transmission rate to alleviate congestion, thus preventing potential packet loss.