Editing TCP/IP Stack (section)

= Introduction =

; Purpose  
: The TCP/IP stack shows how data travels through a network, from a software application to the physical wire or Wi-Fi signal.  
: Understanding this structure is key to reading, analyzing, and shaping network traffic with intention.

== 1. The Four TCP/IP Layers ==
Each layer plays a specific role. Together, they handle everything from human-readable data to raw electrical signals.

{| class="wikitable"
! TCP/IP Layer !! Similar OSI Layers !! What It Does !! Example Protocols !! Tools Worth Exploring
|-
| '''Application''' || OSI 7–5 || Handles what users interact with — text, websites, commands || HTTP, DNS, SSH || curl, dig, browser dev tools
|-
| '''Transport''' || OSI 4 || Ensures data gets there correctly and in order || TCP, UDP || Netcat, Scapy, Wireshark
|-
| '''Internet''' || OSI 3 || Adds IP addresses and finds the best route || IPv4, ICMP || traceroute, ping, nmap
|-
| '''Link''' || OSI 2–1 || Talks directly to network hardware || Ethernet, Wi-Fi || arp, ifconfig, ettercap
|}

== 2. Encapsulation and Decapsulation ==
; Encapsulation  
: As data moves down the layers, each one adds its own header — like envelopes inside envelopes.  
; Decapsulation  
: On the receiving side, each layer removes its envelope, revealing the data step by step.

== 3. Why TCP Matters ==
TCP is one of the most important protocols for controlling communication.

; Reliable  
: Data arrives complete and in order, even if the network drops some packets.  
; Connection-Based  
: Before sending anything, TCP sets up a connection so both sides are ready.  
; Acknowledged  
: Every sent piece of data must be confirmed — otherwise, it gets resent.

== 4. Anatomy of a TCP Packet ==
Every TCP segment contains control fields in the header and a chunk of data. These fields help manage the flow and structure.

{| class="wikitable"
! Header Field !! What It Does
|-
| Source Port || Chosen by the sender to identify its own app
|-
| Destination Port || Tells the receiver which service should handle the data (e.g. port 80 for web)
|-
| Source IP || The sender’s IP address
|-
| Destination IP || The target machine’s IP address
|-
| Sequence Number || Tracks where this data fits in the overall stream
|-
| Acknowledgment Number || Confirms what data has been received so far
|-
| Flags || Signal events like start (SYN), end (FIN), or errors (RST)
|-
| Window Size || Controls how much data can be sent before pausing
|-
| Checksum || Used to detect if the packet was changed during transit
|-
| Payload || The actual content — like text, commands, files, etc.
|}

== 5. Starting a TCP Session (Three-Way Handshake) ==
To make sure both devices are ready to talk, TCP performs a short ritual:

# '''SYN''' – The client says "I want to start a connection"
# '''SYN-ACK''' – The server replies "Okay, let’s sync"
# '''ACK''' – The client confirms and starts sending data

This setup ensures both sides know the starting point for data exchange using sequence numbers.

=== Example ===
* Client sends SYN with sequence 0  
* Server responds with SYN-ACK, sequence 5000, acknowledging 0  
* Client sends ACK, acknowledging 5000, and starts with sequence 1

== 6. TCP in Action ==
; Sending  
: Data is divided into numbered chunks (segments).  
; Receiving  
: The receiver reorders chunks using sequence numbers and sends ACKs as confirmation.

This flow repeats as long as data is being sent.

== 7. Ending a TCP Session ==
When a device finishes sending, it politely closes the session:

# One side sends a '''FIN'''
# The other replies with '''ACK + FIN'''
# The first side sends a final '''ACK'''

This avoids wasting system resources. If something goes wrong mid-session, a '''RST''' (reset) is used to shut it down instantly.

== 8. TCP: Strengths and Limits ==
{| class="wikitable"
! Strengths !! Trade-Offs
|-
| Ensures all data arrives || Slower because of checks and confirmations
|-
| Keeps order even if packets take different paths || Needs more system resources
|-
| Detects and resends lost data || Takes time to set up before use
|}