TCP/IP Model 4 Layers 3 Way Handshake: Tutorial, Examples, FAQs & Interview Tips
What is the TCP/IP Model?
The TCP/IP model (also called the Internet model or DoD model) is the practical networking model used by the Internet. It was developed by DARPA in the 1970s. Unlike the OSI model (theoretical), TCP/IP is the actual implementation used in real networks.
The TCP/IP model has 4 layers (some sources say 5):
TCP/IP vs OSI Model
| TCP/IP Layer | OSI Equivalent | Protocols |
|---|
| Application | Application + Presentation + Session (7,6,5) | HTTP, HTTPS, FTP, SMTP, DNS, DHCP, SSH, Telnet, SNMP |
| Transport | Transport (4) | TCP, UDP |
| Internet | Network (3) | IP (IPv4/IPv6), ICMP, ARP, RARP, OSPF, BGP |
| Network Access | Data Link + Physical (2,1) | Ethernet, Wi-Fi, PPP, Frame Relay |
TCP vs UDP
| Feature | TCP | UDP |
|---|
| Connection | Connection-oriented (3-way handshake) | Connectionless |
| Reliability | Reliable (guaranteed delivery) | Unreliable (best effort) |
| Ordering | Ordered delivery | No ordering guarantee |
| Error Checking | Yes (checksum + retransmission) | Checksum only (no retransmission) |
| Flow Control | Yes (sliding window) | No |
| Congestion Control | Yes | No |
| Speed | Slower (overhead) | Faster (less overhead) |
| Header Size | 20-60 bytes | 8 bytes |
| Use Cases | HTTP, FTP, SMTP, SSH (reliability needed) | DNS, DHCP, VoIP, video streaming, gaming |
TCP 3-Way Handshake
Before data transfer, TCP establishes a connection using a 3-way handshake:
- SYN (Synchronize): Client sends a SYN packet to the server with a random sequence number (ISN). "I want to connect, my sequence number is X."
- SYN-ACK (Synchronize-Acknowledge): Server responds with SYN-ACK. Acknowledges client's SYN (ACK = X+1) and sends its own SYN with sequence number Y. "I acknowledge your X, my sequence number is Y."
- ACK (Acknowledge): Client sends ACK (ACK = Y+1). "I acknowledge your Y. Connection established."
After the handshake, data transfer begins. The connection is full-duplex - both sides can send and receive simultaneously.
TCP Connection Termination (4-Way Handshake)
TCP uses a 4-way handshake to close a connection:
- FIN: Client sends FIN to server. "I'm done sending data."
- ACK: Server acknowledges the FIN. "Got it."
- FIN: Server sends its own FIN. "I'm also done sending data."
- ACK: Client acknowledges server's FIN. "Got it. Connection closed."
After the final ACK, the client waits in TIME_WAIT state (2×MSL) before fully closing, to ensure the server received the final ACK.
Port Numbers
| Range | Type | Examples |
|---|
| 0 - 1023 | Well-Known Ports | HTTP(80), HTTPS(443), FTP(21), SSH(22), SMTP(25), DNS(53) |
| 1024 - 49151 | Registered Ports | MySQL(3306), PostgreSQL(5432), MongoDB(27017), Redis(6379) |
| 49152 - 65535 | Dynamic/Ephemeral Ports | Assigned temporarily to client connections |
TCP/IP Model Layers in Detail
Application Layer
The Application layer is where user applications interact with the network. It combines the functionality of OSI's Application, Presentation, and Session layers. This layer provides protocols for specific applications and services.
- HTTP/HTTPS: Web browsing and secure web communication
- FTP/SFTP: File transfer and secure file transfer
- SMTP/POP3/IMAP: Email sending and receiving
- DNS: Domain name resolution
- DHCP: Dynamic IP address assignment
- SSH/Telnet: Remote command-line access
- SNMP: Network management and monitoring
Transport Layer
The Transport layer provides end-to-end communication services between applications running on different hosts. It ensures reliable data delivery and manages multiple simultaneous connections.
- TCP (Transmission Control Protocol): Connection-oriented, reliable delivery
- UDP (User Datagram Protocol): Connectionless, fast delivery
- SCTP (Stream Control Transmission Protocol): Reliable multi-streaming
- DCCP (Datagram Congestion Control Protocol): Congestion control without reliability
Internet Layer
The Internet layer is responsible for logical addressing, routing, and packet forwarding across different networks. It handles the movement of packets across multiple networks.
- IPv4/IPv6: Logical addressing and packet routing
- ICMP: Error reporting and diagnostics (ping, traceroute)
- ARP: Address resolution (IP to MAC address mapping)
- RARP: Reverse address resolution (MAC to IP)
- Routing Protocols: OSPF, BGP, RIP for route determination
Network Access Layer
The Network Access layer (also called Link layer) handles the physical transmission of data over the network medium. It combines OSI's Data Link and Physical layers.
- Ethernet: Most common LAN technology
- Wi-Fi (802.11): Wireless LAN technology
- PPP: Point-to-Point Protocol for dial-up connections
- Frame Relay: Wide area network technology
- ATM: Asynchronous Transfer Mode
TCP Flow Control and Congestion Control
Sliding Window Protocol
TCP uses a sliding window to control the amount of data that can be sent before acknowledgment is required. This prevents the sender from overwhelming the receiver.
- Window Size: Amount of unacknowledged data that can be sent
- Dynamic Adjustment: Window size changes based on network conditions
- Flow Control: Receiver advertises available buffer space
- Congestion Control: Sender reduces transmission rate when congestion detected
Congestion Control Algorithms
- Slow Start: Exponentially increase window size initially
- Congestion Avoidance: Linear increase after threshold
- Fast Retransmit: Retransmit on duplicate ACKs
- Fast Recovery: Reduce window size but don't enter slow start
IPv4 vs IPv6
| Feature | IPv4 | IPv6 |
|---|
| Address Size | 32 bits (4.3 billion addresses) | 128 bits (340 undecillion addresses) |
| Address Format | Dotted decimal (192.168.1.1) | Hexadecimal (2001:db8::1) |
| Header Size | 20-60 bytes (variable) | 40 bytes (fixed) |
| Fragmentation | Routers and hosts can fragment | Only source can fragment |
| Security | Optional (IPsec) | Built-in (IPsec mandatory) |
| QoS Support | Limited (Type of Service field) | Built-in (Flow Label field) |
| Autoconfiguration | Limited (DHCP required) | Built-in (SLAAC) |
| Compatibility | Universally supported | Requires transition mechanisms |
TCP/IP Protocol Suite Examples
Web Browsing (HTTP over TCP/IP)
| Layer | Protocol | Function | Example Data |
|---|
| Application |
HTTP |
Web page request/response |
GET /index.html HTTP/1.1 |
| Transport |
TCP |
Reliable data transfer |
Source port: 8080, Dest port: 80 |
| Internet |
IPv4 |
Packet routing |
Source: 192.168.1.100, Dest: 93.184.216.34 |
| Network Access |
Ethernet |
Frame transmission |
MAC: 00:1A:2B:3C:4D:5E → AA:BB:CC:DD:EE:FF |
Email (SMTP over TCP/IP)
| Layer | Protocol | Function | Key Operations |
|---|
| Application |
SMTP |
Email transmission |
MAIL FROM, RCPT TO, DATA commands |
| Transport |
TCP |
Reliable email delivery |
Port 25, connection-oriented |
| Internet |
IPv4/IPv6 |
Route to mail server |
MX record lookup, routing |
| Network Access |
Ethernet/Wi-Fi |
Physical transmission |
Local network to ISP |
TCP/IP Security Considerations
Common Security Issues
- IP Spoofing: Forging source IP addresses to hide identity
- TCP Session Hijacking: Taking over established TCP connections
- SYN Flood Attacks: Overwhelming servers with connection requests
- Port Scanning: Discovering open ports and services
- Packet Sniffing: Capturing and analyzing network traffic
Security Solutions
- Firewalls: Filter traffic based on rules and policies
- IPsec: Provide authentication and encryption at IP layer
- TLS/SSL: Encrypt application layer data (HTTPS, SMTPS)
- VPNs: Create secure tunnels over public networks
- Intrusion Detection Systems: Monitor for suspicious activity
TCP/IP Performance Optimization
TCP Optimization Techniques
- TCP Window Scaling: Increase maximum window size for high-latency networks
- Selective Acknowledgments (SACK): Acknowledge non-contiguous blocks
- TCP Timestamps: Improve round-trip time measurement
- Path MTU Discovery: Avoid fragmentation by finding optimal MTU
- TCP Fast Open: Reduce connection setup latency
Application Layer Optimization
- HTTP/2 and HTTP/3: Multiplexing and header compression
- DNS Caching: Reduce DNS lookup latency
- Connection Pooling: Reuse TCP connections
- Content Compression: Reduce data transfer size
- CDN Usage: Serve content from edge locations
TCP/IP Troubleshooting Tools
| Tool | Layer | Purpose | Common Usage |
|---|
| ping |
Internet |
Test basic connectivity |
ping google.com |
| traceroute |
Internet |
Trace packet path |
traceroute google.com |
| netstat |
Transport |
Show connections and ports |
netstat -an |
| nslookup |
Application |
DNS resolution testing |
nslookup google.com |
| telnet |
Application |
Test port connectivity |
telnet google.com 80 |
| Wireshark |
All layers |
Packet capture and analysis |
GUI network analyzer |
| tcpdump |
All layers |
Command-line packet capture |
tcpdump -i eth0 |
TCP/IP Evolution and Future
Historical Development
- 1970s: ARPANET and early TCP/IP development
- 1983: TCP/IP becomes standard for ARPANET
- 1990s: World Wide Web and Internet explosion
- 2000s: IPv6 deployment, mobile networking
- 2010s: Cloud computing, IoT, 5G preparation
- 2020s: 5G deployment, edge computing, QUIC protocol
Emerging Technologies
- QUIC (Quick UDP Internet Connections): UDP-based transport for web
- HTTP/3: HTTP over QUIC instead of TCP
- Segment Routing: Advanced routing techniques
- Programmable Networking: SDN and network automation
- 5G and Beyond: Ultra-low latency, massive connectivity
Related Networking Topics
