1. Components of Timestamps

Timestamp option takes 10 bytes = kind(1 byte) + length(1 byte) + info (8 bytes), where kind=8, length=10, Info consists of timestamp (TS value) and timestamp echo (TS echo Reply), each four bytes long.

2. Timestamps work

Take a packet capture as an example:

  1. When the sender sends data, a send timestamp 1590508660 is placed in the sender timestamp TSval
  2. After receiving the packet, the receiver returns the received timestamp 1590508660 to the sender intact and puts it in the TSecr field, and at the same time puts its own timestamp 1499872733 in TSval

3. Timestamps

The timestamp option has two main functions:

3.1 Used to calculate the round-trip time RTT.

When sending a packet segment, the sender puts the time value of the current clock into the timestamp field, and when the receiver acknowledges the packet segment, the timestamp field value is copied to the timestamp echo reply field. Therefore, after receiving the acknowledgement packet, the sender can accurately calculate the RTT. The timestamp is a monotonously increasing value, and the receiver only needs to echo back what it received, so it does not need to care what the timestamp unit is, nor does it need to connect the clock synchronization of the two.

For example, host A sends a packet S1 to host B, and the kernel time TA1 is recorded in the timestamp area of the option field of packet S1. After receiving packet S1, host B extracts TA1 from the timestamp area of S1 and copies it to the timestamp timestampecho area of reply packet S2.So, when host A receives S2, the kernel time is ta2, so RTT = ta2-ta1. That, to some extent, reflects the congestion on the network.

Why do I need Timestamps to compute RTT

When TCP sends a packet, it records the sending time t1 of the packet. The RTT can be obtained by subtracting T1 from T2 when the acknowledgement packet is received. One problem is that the calculation becomes complicated if the outgoing packet is retransmitted. It is not known whether the acknowledgement ACK received is an acknowledgement of the first or retransmitted packet.

3.2 PAWS: Serial number for preventing winding.

We know that the sequence number is only 32 bits, and that each additional 2^32 sequence number will reuse the old sequence number. Suppose we have a high-speed network, and the hosts communicating have enough bandwidth to transmit data quickly. For example, if a packet segment is sent at a rate of 1Gb/s (TCP Windows can be scaled up to 1Gb (2^30)), the sequence number of data bytes will be repeated in less than 35 seconds. This creates confusion for TCP transport. This situation occurs on high-speed links. With the timestamp option, it is easy to tell which datagrams with the same serial number were sent recently and which were sent previously.

4. RST caused by Timestamps in three handshakes

In the second step of the three-way handshake, if the server replies with TSecr in the SYN+ACK packet that is not equal to the TSval in the first step of the handshake, the client replies with RST in the SYN+ACK packet. The sample package is shown below.

5. Notes about using Timestamps

  • Timestamps are two-way and must be enabled on both sides to be valid
  • Timestamps also overflow and wrap
  • A timestamps value is monotonically increasing, but it is possible to increase timestamps out of step