Abhik Sarkar's avatar
Back to Concepts
networkingprotocolsinternetcommunication

Understanding TCP/IP Protocol Stack

Explore the TCP/IP protocol stack, packet encapsulation, and how data travels through network layers from application to physical transmission.

Best viewed on desktop for optimal interactive experience

What is TCP/IP?

TCP/IP (Transmission Control Protocol/Internet Protocol) is the fundamental communication protocol suite that powers the Internet. It's a layered architecture that breaks down the complex task of network communication into manageable layers, each with specific responsibilities.

Think of TCP/IP as a postal service for digital data: your message gets packaged (encapsulated), addressed, routed through various intermediaries, and finally delivered to the recipient, who unpacks it layer by layer.

The Four-Layer Model

Unlike the theoretical OSI 7-layer model, TCP/IP uses a practical four-layer architecture:

  1. Application Layer: Where user applications interact with the network (HTTP, FTP, SMTP, DNS)
  2. Transport Layer: Manages end-to-end communication and data flow (TCP, UDP)
  3. Internet Layer: Handles logical addressing and routing across networks (IP, ICMP, ARP)
  4. Network Access Layer: Deals with physical transmission over network hardware (Ethernet, Wi-Fi)
TCP/IP Protocol Stack VisualizationDiagram illustrating the TCP/IP protocol stack with packet encapsulation process. Shows the four layers (Application, Transport, Internet, Network Access) and how data is wrapped with headers at each layer during transmission.TCP/IP Protocol StackPacket Encapsulation ProcessProtocol LayersApplication LayerHTTP, FTP, SMTP, DNSUser data and application protocolsData: "GET /index.html HTTP/1.1"Transport LayerTCP, UDPPorts, reliability, flow controlTCP Header + Application DataInternet LayerIP, ICMP, ARPIP addressing and routingIP Header + TCP SegmentNetwork Access LayerEthernet, Wi-FiPhysical transmissionEthernet Frame (with FCS)Encapsulation ProcessApplication Data"GET /index.html"TCP HeaderPort: 443Seq: 1234Application DataIP HeaderSrc: 192.168.1.100Dst: 93.184.216.34TCP SegmentEthernetHeaderMAC SrcMAC DstIP PacketFCSAdd HeaderAdd HeaderAdd Header + TrailerPhysical MediumBits transmitted as electrical signals, light, or radio wavesTransmission

How Data Travels Through the Stack

Encapsulation Process (Sending Data)

When you send data over a network, it travels down the protocol stack, with each layer adding its own header information:

1. Application Layer

Your application creates the data. For example:

  • Web browser generates an HTTP request
  • Email client creates an SMTP message
  • File transfer starts with an FTP command

Data at this stage: Raw application data (e.g., "GET /index.html HTTP/1.1")

2. Transport Layer (TCP/UDP)

The transport protocol adds:

  • Source Port: Where the data is coming from (e.g., 54321)
  • Destination Port: Where it's going (e.g., 80 for HTTP, 443 for HTTPS)
  • Sequence Numbers: For TCP, to ensure ordered delivery
  • Checksums: To detect data corruption
  • Flow Control Information: TCP window size for congestion control

TCP Segment Format:

[TCP Header: Source Port | Dest Port | Seq# | Ack# | Flags | Window | Checksum]
[Application Data]

Data at this stage: TCP Segment or UDP Datagram

3. Internet Layer (IP)

The IP protocol adds:

  • Source IP Address: Your device's IP (e.g., 192.168.1.100)
  • Destination IP Address: Where the data is going (e.g., 93.184.216.34)
  • TTL (Time To Live): Hop limit to prevent infinite routing loops
  • Protocol Type: Indicates TCP (6) or UDP (17)
  • Fragmentation Info: If the packet needs to be split

IP Packet Format:

[IP Header: Version | Length | TTL | Protocol | Source IP | Dest IP]
[TCP Segment]

Data at this stage: IP Packet

4. Network Access Layer (Ethernet)

The data link protocol adds:

  • Source MAC Address: Your network card's hardware address
  • Destination MAC Address: Next hop's MAC (router or destination)
  • Frame Check Sequence (FCS): Error detection for the frame
  • VLAN Tags: If using VLANs

Ethernet Frame Format:

[Ethernet Header: Dest MAC | Source MAC | Type]
[IP Packet]
[Frame Check Sequence]

Data at this stage: Ethernet Frame, ready for physical transmission

De-encapsulation Process (Receiving Data)

When data arrives at the destination, it travels up the stack, with each layer removing its header:

  1. Network Access Layer: Verifies frame integrity, strips Ethernet header, passes to IP layer
  2. Internet Layer: Checks destination IP, strips IP header, passes to transport layer
  3. Transport Layer: Verifies checksum, reorders segments (TCP), strips TCP/UDP header, passes to application
  4. Application Layer: Application receives the raw data and processes it

TCP vs UDP: Choosing the Right Protocol

TCP (Transmission Control Protocol)

Characteristics:

  • Connection-Oriented: Establishes a connection before data transfer (3-way handshake)
  • Reliable: Guarantees delivery through acknowledgments and retransmissions
  • Ordered: Data arrives in the same order it was sent
  • Flow Control: Prevents overwhelming the receiver
  • Congestion Control: Adapts to network conditions

Use Cases:

  • Web browsing (HTTP/HTTPS)
  • Email (SMTP, IMAP, POP3)
  • File transfers (FTP, SFTP)
  • Remote access (SSH)

TCP Three-Way Handshake:

Client                    Server
  |                         |
  |-------- SYN ----------->|  (I want to connect)
  |<---- SYN-ACK -----------|  (OK, I'm ready)
  |-------- ACK ----------->|  (Great, let's start)
  |                         |
  [Connection Established]

UDP (User Datagram Protocol)

Characteristics:

  • Connectionless: No connection setup, just send data
  • Unreliable: No delivery guarantees, no retransmissions
  • Unordered: Packets may arrive out of order
  • Low Overhead: Minimal header, faster than TCP
  • No Flow Control: Sends at maximum rate

Use Cases:

  • Live video/audio streaming
  • Online gaming
  • DNS queries
  • VoIP (Voice over IP)
  • IoT sensor data

When to Use UDP:

  • Speed is more important than reliability
  • Real-time data where old packets are useless (live video)
  • Small transactions (DNS: one query, one response)
  • Broadcast/multicast scenarios

IP Addressing and Routing

IPv4 Addresses

  • Format: Four octets (0-255) separated by dots
  • Example: 192.168.1.100
  • Size: 32 bits (≈4.3 billion addresses)
  • Special Ranges:
    • 10.0.0.0/8: Private network (16.7M addresses)
    • 172.16.0.0/12: Private network (1M addresses)
    • 192.168.0.0/16: Private network (65K addresses)
    • 127.0.0.0/8: Loopback (localhost)
    • 0.0.0.0/8: Default route

IPv6 Addresses

  • Format: Eight groups of hexadecimal, separated by colons
  • Example: 2001:0db8:85a3:0000:0000:8a2e:0370:7334
  • Size: 128 bits (≈340 undecillion addresses)
  • Why IPv6?: IPv4 address exhaustion

Routing

How Packets Find Their Way:

  1. Local Network: If destination IP is on the same subnet, send directly via ARP
  2. Default Gateway: Otherwise, send to the router (default gateway)
  3. Routing Tables: Routers maintain tables of network paths
  4. Hop-by-Hop: Each router forwards to the next best hop
  5. TTL Decrement: Each hop decreases TTL by 1 (prevents loops)

Example Route:

Your Computer (192.168.1.100)
Home Router (192.168.1.1)
ISP Router 1 (10.20.30.1)
ISP Router 2 (10.20.40.1)
Internet Backbone Router
Destination Network Router
Destination Server (93.184.216.34)

Common Ports and Protocols

Well-Known Ports (0-1023)

  • 20/21: FTP (File Transfer Protocol)
  • 22: SSH (Secure Shell)
  • 23: Telnet (Unencrypted remote access)
  • 25: SMTP (Email sending)
  • 53: DNS (Domain Name System)
  • 80: HTTP (Web traffic)
  • 110: POP3 (Email retrieval)
  • 143: IMAP (Email access)
  • 443: HTTPS (Secure web traffic)
  • 3306: MySQL
  • 5432: PostgreSQL
  • 6379: Redis
  • 27017: MongoDB

Ephemeral Ports (32768-65535)

Used by client applications for temporary connections. When you browse a website, your browser picks a random high port (e.g., 54321) as the source port.

Network Tools and Diagnostics

ping

Tests connectivity and measures round-trip time:

$ ping google.com
PING google.com (142.250.185.46): 56 data bytes
64 bytes from 142.250.185.46: icmp_seq=0 ttl=117 time=12.3 ms

traceroute

Shows the path packets take to reach a destination:

$ traceroute google.com
1  192.168.1.1 (192.168.1.1)  1.234 ms
2  10.20.30.1 (10.20.30.1)  8.567 ms
3  * * *
4  142.250.185.46 (142.250.185.46)  12.345 ms

netstat

Displays active network connections:

$ netstat -an
Proto  Local Address      Foreign Address     State
tcp4   192.168.1.100:54321  93.184.216.34:443  ESTABLISHED
tcp4   192.168.1.100:54322  172.217.14.206:80  TIME_WAIT

Key Concepts

Maximum Transmission Unit (MTU)

The largest packet size that can be transmitted without fragmentation:

  • Ethernet: 1500 bytes
  • Internet: Typically 1500 bytes
  • Jumbo Frames: Up to 9000 bytes (data centers)

Path MTU Discovery: Finds the smallest MTU along the entire route to avoid fragmentation.

Network Address Translation (NAT)

Allows multiple devices to share a single public IP address:

  • Internal: Devices use private IPs (192.168.x.x)
  • Router: Translates private IPs to public IP
  • Port Mapping: Uses different ports to identify internal devices

Subnetting

Dividing a network into smaller sub-networks:

  • CIDR Notation: 192.168.1.0/24 (last 8 bits for hosts = 254 usable addresses)
  • Subnet Mask: 255.255.255.0 (equivalent to /24)
  • Benefits: Better organization, improved security, efficient IP usage

Quality of Service (QoS)

Prioritizing certain types of traffic:

  • VoIP: Needs low latency, high priority
  • Streaming: Needs consistent bandwidth
  • File Downloads: Can tolerate delays, low priority

Real-World Example: Loading a Web Page

When you type https://www.example.com in your browser:

  1. DNS Resolution (UDP/53):

    • Browser asks DNS server: "What's the IP for www.example.com?"
    • DNS responds: "93.184.216.34"

  2. TCP Connection (TCP/443):

    • Three-way handshake establishes connection
    • TLS/SSL negotiation for encryption

  3. HTTP Request (TCP/443):

    • Browser sends: "GET / HTTP/1.1\r\nHost: www.example.com"
    • Data encapsulated: HTTP → TCP → IP → Ethernet

  4. Routing:

    • Packet travels through multiple routers
    • Each router makes forwarding decisions based on destination IP

  5. Server Processing:

    • Server receives packet, de-encapsulates
    • Processes HTTP request
    • Generates HTML response

  6. HTTP Response (TCP/443):

    • Server sends HTML content
    • May send multiple TCP segments
    • TCP ensures reliable, ordered delivery

  7. Rendering:

    • Browser receives all data
    • Parses HTML, loads resources
    • Displays the web page

Summary

TCP/IP is the foundation of modern networking:

  • Layered Architecture: Separates concerns for easier implementation
  • Encapsulation: Each layer adds its header, creating a nested structure
  • Flexibility: Supports various applications and network types
  • Interoperability: Standardized protocols enable global communication
  • Scalability: Powers networks from home LANs to the global Internet

Understanding TCP/IP helps you troubleshoot network issues, optimize performance, design network architectures, and appreciate the engineering behind every click, tap, and swipe in our connected world.

If you found this explanation helpful, consider sharing it with others.

Mastodon