Understanding the TCP/IP protocol suite

本文是阅读《Understanding the TCP/IP protocol suite》 的读书笔记,文章来自Nassos Katsaounis在serverdensity上发布的博客。


  • TCP/IP: Transmission Control Protocol/Internet Protocol
  • Developed in the mid 1970’s and widely adopted in the early 1980’s, it has been the standard of computer networking for over 35 years.

TCP/IP basics

TCPIP Protocal Suite

  • TCP/IP plays a particularly important role in two specific layers:
  1. In the Transport Layer, where correct delivery of data is ensured
  2. In the Network Layer, where the correct recipient is located

Application Layer

  • This layer provides applications the ability to access the services of the other layers
  • Defines the protocols that applications use to exchange data.
  • This layer adds it’s own header and sends down to the Transport layer.
  • Some of the popular protocols of this layer are :HTTP, FTP, SMTP, Telnet, NFS, RIP, etc.

Transport Layer

  • It is mainly responsible for providing the application layer with session and datagram communication services. 下层为上层提供服务
  • This layer adds it’s own headers and sends down to the Network layer.
  • ensure that all the split pieces arrive correctly at the other end.
  • It is concerned with end-to-end transportation of data and setups up a logical connection between the hosts.数据端到端传输,建立主机间逻辑连接。
  • There are two protocols available in this layer:TCP and UDP

TCP in Transport Layer (“How”)

  • establishing reliable data exchange between applications.
  • This ensures that data is not lost or misinterpreted along the way: TCP confirms that the message sent is the message actually received.
  • open a channel of communication between the two computers.
  • breaks the data into small units of information (“segments” or “packets”) as required, confirms correct delivery and reassembles them at the destination.

Network Layer

  • The segments sent by the above layers are received here.
  • send this segment of data to a destination host which could be anywhere ( in the same network or may be external network).
  • It provides logical addressing, path determination for the segments to be sent and forwarding .
  • This layer also adds it’s own headers and convert and send the received segments in form of packets.网络层以包的形式传递报文段
  • Some of the popular protocols of this layer are :Internet Protocol (IP), ICMP, etc.


IP in Network Layer (“Where”)

  • send the data to the correct recipient.
  • determines how data will find its intended destination through interconnected networks.
  • dictates the roadmap that data will have to follow.
  • ensures that all packets include the information necessary for each node to be able to forward them to the next.

  • This layer defines the protocols and hardware required to connect a host to a physical network and to deliver data across it.
  • For delivery within a given physical network, packets are sent from the above layer to this layer.

  • The destination can be another host in the network, itself, or a router for further forwarding.

  • So the Network layer has a view of the entire Network whereas the Network Access layer is limited to the physical layer boundary that is often defined by a layer 3 device such as a router.

  • When the physical network is LAN, Ethernet(802.3) ; if the physical network is a WAN, protocols such as Point to Point Protocol (PPP) and Frame relay are common.

How it works

  1. TCP is activated with every network request/response.For example:

    1. In an HTTP request,
    2. TCP takes over as soon as the browser knows where the request should be routed, i.e. after DNS resolution has been completed.
    3. Based on the socket provided (combination of IP address and server port), the request will reach the target computer and application through the network.
    4. The necessary communication channel will open up.
    5. data will be broken down to appropriately sized packets.
    6. Then, they will be sent over to the server.
    7. While the server handles the request and prepares the response accordingly, TCP makes sure that this particular connection channel remains open until the response reaches the source of the request successfully.
  2. While moving data around, TCP/IP protocols annotate segments with extra information (headers) in order to be able to perform all the above tasks successfully. Headers include:

    1. information regarding the segment sequence number,
    2. a number (checksum) to allow confirmation of data validity
    3. information about sender and recipient.
  3. This added information allows data to be segmented and transmitted as efficiently as possible, making sure it is correctly restructured at the destination, without worrying about structure during transportation. But it also plays an important role in the Three-Way Handshake.

Three-way handshake(!important)

  • Unlike User Datagram Protocol (UDP), reliability is a top priority for TCP/IP. UDP serves as an alternative to TCP for different types of communication services where there is no time or need for confirmation that the correct message was successfully received by the intended party. An example of a case like that is a voice call over IP.
  • But in most cases, such confirmation is absolutely necessary.
  • To ensure reliability in communications, TCP establishes a verified connection between the client and the server computer before actual data is transmitted. This is done through the Three-Way Handshake using three segments (hence the “three-way”).

How it works(!important)

  1. C. SYN(seq:100) to S.
    1. SYN : Synchronization
    2. requests that the server synchronizes with the sequence numbers that the client will use.(seq:100)
    3. new sequence numbers are generated with every new transaction
    4. Client state changes to SYN-SENT
  2. S. ACK-SYN(ack:101,seq:200) to C.
    1. acknowledges (ACK) the request by confirming the Sequence Numbers sent by the client.(ack:101)
    2. requests synchronization (SYN) of the client’s Sequence Numbers with its(server) own.(seq:200)
    3. Server state changes to SYN-RECEVED
  3. C. ACK(ack:201,seq:101) to S.
    1. acknowledges (ACK) the Sequence Numbers sent by the server. (ack:201)
    2. Client state changes to EATABLISHED
    3. Server state changes to EATABLISHED
    4. Transmission is ready to begin.

Click here to read more about the Three-Way Handshake.

three way handshake

The Traceroute utility

  • TCP/IP comes with utilities that assist admins diagnose and understand problems in network performance.
  • The most well-known of these utilities is probably Ping, that allows you to test whether your computer can open a communication channel with a certain host to exchange data, and how fast.
  • In a way, Traceroute takes the Ping utility a few steps further.
  • Data transmitted through networks almost always goes through intermediate nodes before reaching its destination.
  • Traceroute is especially designed to identify all the routers or other network devices (“hops”) between the source and the destination and measure the rate at which data is exchanged with each router. So the purpose of Traceroute is twofold:

    • To determine the path to a destination, complete with intermediate stops
    • To identify possible delay points in this path
  • Using specific switches, the Traceroute command can be configured with regard to maximum hops最大跃点数, timeouts for each reply, hostname resolution and other options.

  • TRACERT可用于对大型网络进行故障排除,其中多个路径可能导致相同的点或涉及许多中间组件(路由器或网桥)
  • To read more about how to use Traceroute click here (for Windows) or here(for Linux).

How it works

to be continued….


  1. Learning the TCP/IP Protocol Suite,codeburst.io.
  2. Building Blocks of TCP,hpbn.co.
  3. Learning the OSI Model,codeburst.io.
  4. TCP/IP vs. OSI: What’s the Difference Between the Two Models?
  5. Computer network tutorials,geeksforgeeks.
Thanks for Support.