TCP/IP Stack
Introduction[edit | edit source]
- Purpose
- The TCP/IP stack shows how data travels through a network, from a software application to the physical wire or Wi-Fi signal.
- Understanding this structure is key to reading, analyzing, and shaping network traffic with intention.
1. The Four TCP/IP Layers[edit | edit source]
Each layer plays a specific role. Together, they handle everything from human-readable data to raw electrical signals.
| TCP/IP Layer | Similar OSI Layers | What It Does | Example Protocols | Tools Worth Exploring |
|---|---|---|---|---|
| Application | OSI 7–5 | Handles what users interact with — text, websites, commands | HTTP, DNS, SSH | curl, dig, browser dev tools |
| Transport | OSI 4 | Ensures data gets there correctly and in order | TCP, UDP | Netcat, Scapy, Wireshark |
| Internet | OSI 3 | Adds IP addresses and finds the best route | IPv4, ICMP | traceroute, ping, nmap |
| Link | OSI 2–1 | Talks directly to network hardware | Ethernet, Wi-Fi | arp, ifconfig, ettercap |
2. Encapsulation and Decapsulation[edit | edit source]
- Encapsulation
- As data moves down the layers, each one adds its own header — like envelopes inside envelopes.
- Decapsulation
- On the receiving side, each layer removes its envelope, revealing the data step by step.
3. Why TCP Matters[edit | edit source]
TCP is one of the most important protocols for controlling communication.
- Reliable
- Data arrives complete and in order, even if the network drops some packets.
- Connection-Based
- Before sending anything, TCP sets up a connection so both sides are ready.
- Acknowledged
- Every sent piece of data must be confirmed — otherwise, it gets resent.
4. Anatomy of a TCP Packet[edit | edit source]
Every TCP segment contains control fields in the header and a chunk of data. These fields help manage the flow and structure.
| Header Field | What It Does |
|---|---|
| Source Port | Chosen by the sender to identify its own app |
| Destination Port | Tells the receiver which service should handle the data (e.g. port 80 for web) |
| Source IP | The sender’s IP address |
| Destination IP | The target machine’s IP address |
| Sequence Number | Tracks where this data fits in the overall stream |
| Acknowledgment Number | Confirms what data has been received so far |
| Flags | Signal events like start (SYN), end (FIN), or errors (RST) |
| Window Size | Controls how much data can be sent before pausing |
| Checksum | Used to detect if the packet was changed during transit |
| Payload | The actual content — like text, commands, files, etc. |
5. Starting a TCP Session (Three-Way Handshake)[edit | edit source]
To make sure both devices are ready to talk, TCP performs a short ritual:
- SYN – The client says "I want to start a connection"
- SYN-ACK – The server replies "Okay, let’s sync"
- ACK – The client confirms and starts sending data
This setup ensures both sides know the starting point for data exchange using sequence numbers.
Example[edit | edit source]
- Client sends SYN with sequence 0
- Server responds with SYN-ACK, sequence 5000, acknowledging 0
- Client sends ACK, acknowledging 5000, and starts with sequence 1
6. TCP in Action[edit | edit source]
- Sending
- Data is divided into numbered chunks (segments).
- Receiving
- The receiver reorders chunks using sequence numbers and sends ACKs as confirmation.
This flow repeats as long as data is being sent.
7. Ending a TCP Session[edit | edit source]
When a device finishes sending, it politely closes the session:
- One side sends a FIN
- The other replies with ACK + FIN
- The first side sends a final ACK
This avoids wasting system resources. If something goes wrong mid-session, a RST (reset) is used to shut it down instantly.
8. TCP: Strengths and Limits[edit | edit source]
| Strengths | Trade-Offs |
|---|---|
| Ensures all data arrives | Slower because of checks and confirmations |
| Keeps order even if packets take different paths | Needs more system resources |
| Detects and resends lost data | Takes time to set up before use |