Learn Networking in 10 DaysDay 3: The TCP/IP Protocol Suite
books.chapter 3Learn Networking in 10 Days

Day 3: The TCP/IP Protocol Suite

What You'll Learn Today

  • The TCP/IP 4-layer model in detail
  • IP (Internet Protocol) β€” IPv4 header fields and fragmentation
  • TCP β€” the three-way handshake, flow control, and congestion control
  • UDP β€” connectionless communication and its use cases
  • TCP vs. UDP comparison, ports, and sockets

The TCP/IP 4-Layer Model

The TCP/IP model is the protocol suite that powers the Internet. Unlike the theoretical OSI model, TCP/IP was designed around practical implementations.

flowchart TB
    subgraph TCPIP["TCP/IP Model"]
        L4["Application Layer\nHTTP, DNS, FTP, SMTP, SSH"]
        L3["Transport Layer\nTCP, UDP"]
        L2["Internet Layer\nIP, ICMP, ARP"]
        L1["Network Access Layer\nEthernet, Wi-Fi"]
    end
    L4 --> L3 --> L2 --> L1
    style L4 fill:#ef4444,color:#fff
    style L3 fill:#22c55e,color:#fff
    style L2 fill:#3b82f6,color:#fff
    style L1 fill:#8b5cf6,color:#fff
Layer Name Responsibility Key Protocols
4 Application User-facing services and data formatting HTTP, HTTPS, FTP, DNS, SMTP, SSH
3 Transport End-to-end communication, reliability TCP, UDP
2 Internet Logical addressing, routing IP, ICMP, ARP, IGMP
1 Network Access Physical transmission, framing Ethernet, Wi-Fi, PPP

IP β€” The Internet Protocol

IP (Internet Protocol) operates at the Internet layer and is responsible for addressing and routing packets from source to destination. IPv4 is the most widely deployed version.

IPv4 Header

The IPv4 header is 20 bytes minimum (without options).

flowchart TB
    subgraph IPv4["IPv4 Header (20 bytes minimum)"]
        R1["Version (4) | IHL | DSCP | ECN | Total Length"]
        R2["Identification | Flags | Fragment Offset"]
        R3["TTL | Protocol | Header Checksum"]
        R4["Source IP Address (32 bits)"]
        R5["Destination IP Address (32 bits)"]
    end
    R1 --> R2 --> R3 --> R4 --> R5
    style IPv4 fill:#3b82f6,color:#fff
Field Size Purpose
Version 4 bits IP version (4 for IPv4)
IHL 4 bits Header length in 32-bit words
DSCP / ECN 8 bits Quality of Service / congestion notification
Total Length 16 bits Total packet size (header + data), max 65,535 bytes
Identification 16 bits Unique ID for fragmentation reassembly
Flags 3 bits Control fragmentation (DF = Don't Fragment, MF = More Fragments)
Fragment Offset 13 bits Position of this fragment in the original packet
TTL 8 bits Hop limit β€” decremented by 1 at each router
Protocol 8 bits Upper-layer protocol (6 = TCP, 17 = UDP, 1 = ICMP)
Header Checksum 16 bits Error detection for the header
Source IP 32 bits Sender's IP address
Destination IP 32 bits Recipient's IP address

IP Fragmentation

When a packet is larger than the Maximum Transmission Unit (MTU) of a link (typically 1500 bytes for Ethernet), the router fragments the packet into smaller pieces.

flowchart LR
    subgraph Original["Original Packet (4000 bytes)"]
        OP["Data: 3980 bytes\nHeader: 20 bytes"]
    end
    subgraph Fragments["After Fragmentation (MTU=1500)"]
        F1["Fragment 1\n1480 bytes data\nMF=1, Offset=0"]
        F2["Fragment 2\n1480 bytes data\nMF=1, Offset=185"]
        F3["Fragment 3\n1020 bytes data\nMF=0, Offset=370"]
    end
    OP --> F1
    OP --> F2
    OP --> F3
    style Original fill:#f59e0b,color:#fff
    style Fragments fill:#22c55e,color:#fff

Key points about fragmentation:

  • Each fragment gets its own IP header.
  • The Identification field is the same across all fragments of a packet.
  • The MF (More Fragments) flag is 1 for all fragments except the last.
  • The Fragment Offset indicates where this fragment belongs in the original data.
  • Reassembly happens at the destination, not at intermediate routers.

TCP β€” Transmission Control Protocol

TCP is a connection-oriented, reliable transport protocol. It guarantees that data arrives in order, without errors, and without duplicates.

The Three-Way Handshake

Before any data is exchanged, TCP establishes a connection using a three-step process.

sequenceDiagram
    participant C as Client
    participant S as Server
    C->>S: SYN (seq=x)
    S->>C: SYN-ACK (seq=y, ack=x+1)
    C->>S: ACK (seq=x+1, ack=y+1)
    Note over C,S: Connection Established
    C->>S: Data Transfer
    S->>C: ACK
Step Flag Description
1 SYN Client sends SYN with an initial sequence number (ISN)
2 SYN-ACK Server responds with its own ISN and acknowledges the client's ISN
3 ACK Client acknowledges the server's ISN β€” connection is now open

Connection Termination (Four-Way Handshake)

TCP closes a connection gracefully using a four-step process.

sequenceDiagram
    participant C as Client
    participant S as Server
    C->>S: FIN (seq=u)
    S->>C: ACK (ack=u+1)
    Note over S: Server finishes sending data
    S->>C: FIN (seq=v)
    C->>S: ACK (ack=v+1)
    Note over C,S: Connection Closed

Flow Control

TCP uses a sliding window mechanism to prevent the sender from overwhelming the receiver. The receiver advertises a window size β€” the amount of data it can accept before its buffer fills up.

flowchart LR
    subgraph Window["Sliding Window (Window Size = 3)"]
        S1["Sent &\nACKed"]
        S2["Sent, not\nyet ACKed"]
        S3["Can send\nnow"]
        S4["Cannot send\n(outside window)"]
    end
    S1 --> S2 --> S3 --> S4
    style S1 fill:#22c55e,color:#fff
    style S2 fill:#f59e0b,color:#fff
    style S3 fill:#3b82f6,color:#fff
    style S4 fill:#ef4444,color:#fff
Concept Description
Window Size Maximum bytes the receiver can buffer
Window Scaling TCP option that allows window sizes larger than 65,535 bytes
Zero Window Receiver sets window to 0, telling sender to stop
Window Probe Sender periodically checks if the receiver is ready again

Congestion Control

While flow control prevents overwhelming the receiver, congestion control prevents overwhelming the network. TCP uses several algorithms:

Algorithm Purpose Mechanism
Slow Start Begin cautiously Start with a small congestion window (cwnd); double it every RTT
Congestion Avoidance Grow steadily After threshold (ssthresh), increase cwnd by 1 MSS per RTT
Fast Retransmit Quick loss recovery Retransmit after 3 duplicate ACKs (don't wait for timeout)
Fast Recovery Avoid restarting After fast retransmit, halve cwnd instead of resetting to 1

UDP β€” User Datagram Protocol

UDP is a connectionless, unreliable transport protocol. It sends datagrams without establishing a connection, providing no guarantees about delivery, order, or duplication.

UDP Header

The UDP header is only 8 bytes β€” much simpler than TCP's 20-byte header.

Field Size Purpose
Source Port 16 bits Sender's port number
Destination Port 16 bits Recipient's port number
Length 16 bits Total datagram size (header + data)
Checksum 16 bits Optional error detection

Why Use UDP?

UDP is preferred when speed matters more than reliability:

  • DNS queries β€” Small, single-request/response exchanges
  • Video streaming β€” A dropped frame is acceptable; retransmission would cause lag
  • Online gaming β€” Low latency is critical; stale data is useless
  • VoIP β€” Real-time voice; retransmitted audio arrives too late

TCP vs. UDP

flowchart LR
    subgraph TCP_Box["TCP"]
        T1["Connection-oriented"]
        T2["Reliable delivery"]
        T3["Ordered data"]
        T4["Flow & congestion control"]
        T5["Higher overhead"]
    end
    subgraph UDP_Box["UDP"]
        U1["Connectionless"]
        U2["No delivery guarantee"]
        U3["No ordering"]
        U4["No flow control"]
        U5["Lower overhead"]
    end
    style TCP_Box fill:#3b82f6,color:#fff
    style UDP_Box fill:#f59e0b,color:#fff
Feature TCP UDP
Connection Connection-oriented (3-way handshake) Connectionless
Reliability Guaranteed delivery with ACKs Best effort β€” no acknowledgments
Ordering Data delivered in order No ordering guarantee
Flow control Yes (sliding window) No
Congestion control Yes (slow start, AIMD) No
Header size 20 bytes minimum 8 bytes
Speed Slower (overhead from reliability) Faster (minimal overhead)
Use cases HTTP, HTTPS, FTP, SMTP, SSH DNS, video streaming, gaming, VoIP

Ports and Sockets

A port number is a 16-bit integer (0–65535) that identifies a specific process or service on a host. Combined with an IP address, it forms a socket β€” a unique endpoint for communication.

Socket = IP Address : Port Number (e.g., 192.168.1.10:443)

Port Ranges

Range Name Example
0–1023 Well-known ports HTTP (80), HTTPS (443), SSH (22), DNS (53)
1024–49151 Registered ports MySQL (3306), PostgreSQL (5432)
49152–65535 Dynamic/ephemeral ports Assigned by OS to client connections

Common Port Numbers

Port Protocol Service
20, 21 TCP FTP (data, control)
22 TCP SSH
23 TCP Telnet
25 TCP SMTP
53 TCP/UDP DNS
67, 68 UDP DHCP (server, client)
80 TCP HTTP
110 TCP POP3
143 TCP IMAP
443 TCP HTTPS

How a Connection Is Identified

A TCP connection is uniquely identified by a 4-tuple:

(Source IP, Source Port, Destination IP, Destination Port)

This allows a single server to handle thousands of simultaneous connections on the same port (e.g., port 443 for HTTPS) because each client uses a different source IP and/or source port.

Summary

Summary Table

Concept Key Point
TCP/IP model 4 practical layers: Network Access, Internet, Transport, Application
IPv4 header 20-byte minimum header with source/destination IP, TTL, protocol
Fragmentation Splitting packets that exceed the link MTU; reassembled at destination
TCP Connection-oriented, reliable; uses 3-way handshake, sliding window, congestion control
UDP Connectionless, unreliable; minimal overhead, used for real-time applications
Ports 16-bit numbers identifying processes; 0–1023 are well-known
Socket IP address + port number β€” unique communication endpoint

Key Takeaways

  1. The TCP/IP model has four layers and is the practical foundation of the Internet.
  2. IPv4 packets have a structured header; fragmentation handles MTU mismatches.
  3. TCP provides reliability through handshakes, acknowledgments, and congestion control.
  4. UDP trades reliability for speed β€” ideal for real-time applications.
  5. A socket (IP + port) uniquely identifies a network endpoint; a 4-tuple identifies a connection.

Practice Problems

Beginner

  1. What are the four layers of the TCP/IP model? Name one protocol at each layer.
  2. Describe the TCP three-way handshake. What flags are used in each step?
  3. Why does DNS primarily use UDP instead of TCP?

Intermediate

  1. A 4000-byte IP packet (including the 20-byte header) needs to traverse a link with an MTU of 1500 bytes. Calculate the number of fragments, the size of each fragment, and the Fragment Offset values.
  2. Explain the difference between TCP flow control and congestion control. Which protects the receiver, and which protects the network?
  3. A web server on 10.0.0.5:443 receives connections from two clients: 192.168.1.2:50000 and 192.168.1.3:50000. Can both connections exist simultaneously? Explain using the 4-tuple concept.

Advanced

  1. TCP's Slow Start doubles the congestion window every RTT. If the initial cwnd is 1 MSS (1460 bytes) and ssthresh is 16 MSS, describe cwnd at each RTT until the connection enters Congestion Avoidance. What happens if a packet is lost at cwnd = 20 MSS?
  2. An application needs to send 1 million small messages per second to 10,000 clients. Each message is 50 bytes. Would you choose TCP or UDP? Justify your answer considering connection overhead, header sizes, and reliability requirements.
  3. Examine the IPv4 header's TTL field. Explain why it exists, what value it typically starts at, and what happens when it reaches 0. How does traceroute exploit TTL to discover the path to a destination?

References

  • RFC 791 β€” Internet Protocol (IPv4)
  • RFC 793 β€” Transmission Control Protocol (TCP)
  • RFC 768 β€” User Datagram Protocol (UDP)
  • RFC 5681 β€” TCP Congestion Control
  • Stevens, W. R. β€” TCP/IP Illustrated, Volume 1, 2nd Edition

Next Up

In Day 4, we tackle IP Addressing, NAT & DHCP β€” IPv4 address classes, CIDR notation, subnetting, private vs. public addresses, NAT types, the DHCP DORA process, and an introduction to IPv6.