TCP phantom byte

When a TCP session is in progress, the sequence numbers are used to keep track of the number of bytes that have been transmitted within the session. When 100 bytes are sent from host A to host B, host B will respond with an ACK that is incremented by 100. If this is the beginning of the transaction and if we assume that we started with a sequence number of 0, then the ACK that host B will send will be 100 indicating that the amount of data that has been received so far is 100 bytes.

Note that initial sequence numbers are randomly chosen, however, 0 is being used here for convenience.

During the three-way handshake, the first SYN packet is sent with an initial sequence number of 0, and has no data payload. That means that the number of bytes sent is 0. Even though the payload is 0, host B responds with an ACK incremented by 1. Because the SEQ and ACK numbers are associated with the number of bytes sent and received, when this occurs, we are actually incrementing the sequence numbers when no bytes have been sent. So this is referred to as the phantom byte, where 1 byte of payload is counted when 0 have been sent.


Links to this page: