28 Diagrams That Explain TCP Fundamentals in One Go

Layered Network Model

Physical layer defines the hardware interface (e.g., USB, voltage, frequency) and the transmission medium.

Data link layer uses MAC addresses for addressing devices within a LAN; switches forward frames based on MAC.

Network layer introduces IP addresses as logical host identifiers, enabling routing between LANs. The postal‑letter analogy illustrates how a sender writes the destination IP address, the router forwards the packet, and the destination LAN resolves the IP to a MAC address via ARP.

Transport layer provides process‑to‑process communication via sockets (source IP, source port, destination IP, destination port). Ports differentiate multiple processes on the same host.

Application layer hosts protocols such as HTTP and FTP; presentation and session functions are often folded into this layer.

Transport‑Layer Protocols

TCP – connection‑oriented, reliable, flow‑controlled, congestion‑controlled. Implements byte‑stream transmission, sliding windows, timeout retransmission, cumulative ACK, selective ACK (SACK), and various ARQ schemes.

UDP – connection‑less, minimal 8‑byte header (source port, destination port, length, checksum). Faster but unreliable; suitable for live video, DNS, RIP, broadcast.

TCP Header

The fixed part of the TCP header is 20 bytes; an optional 4‑byte field may be present. Key fields include source port, destination port, sequence number, acknowledgment number, window size, and flags (SYN, ACK, FIN, etc.).

Reliable Transmission Mechanisms

Stop‑and‑Wait – sender transmits one segment and waits for an ACK before sending the next.

Timeout retransmission – if no ACK arrives within a timeout, the segment is resent.

Sequence numbers – allow the receiver to detect duplicate or out‑of‑order segments.

Sliding window (flow control) – sender may transmit multiple segments up to the advertised window size; the window slides forward as ACKs are received.

Cumulative ACK – receiver acknowledges the highest contiguous sequence number received.

Selective ACK (SACK) – receiver reports non‑contiguous blocks that have arrived, enabling the sender to retransmit only missing data.

Go‑Back‑N (continuous ARQ) – sender can send a burst of segments; on loss, the sender may need to retransmit from the missing segment onward.

Connection Management

Three‑Way Handshake (SYN → SYN‑ACK → ACK) establishes a full‑duplex connection and synchronizes initial sequence numbers.

Four‑Way Termination (FIN → ACK → FIN → ACK) gracefully closes the connection; the initiator enters TIME_WAIT to ensure delayed packets are discarded.

Congestion Control

TCP limits its sending rate to avoid network congestion. The classic algorithm consists of:

Slow start – exponential growth of the congestion window (cwnd) until a loss threshold (ssthresh) is reached.

Congestion avoidance – linear increase of cwnd per RTT after ssthresh.

Fast retransmit – resend a segment after receiving three duplicate ACKs.

Fast recovery – halve ssthresh and cwnd, then continue in congestion‑avoidance mode.

Active Queue Management (AQM) can signal impending congestion before packet loss occurs.

Socket and Port Model

In the transport layer, a socket is the logical endpoint of a process. TCP sockets are identified by four tuple values: source IP, source port, destination IP, destination port. UDP sockets use only destination IP and port.

Byte‑Stream Transmission

TCP treats the data from the application as a continuous byte stream. The sender reads data into a send buffer, assigns a sequence number to each byte, and segments the stream into TCP packets. The receiver reassembles bytes into a receive buffer and delivers ordered data to the application.

Because TCP does not preserve message boundaries, applications must implement framing (e.g., delimiters, length prefixes) to avoid sticky packets (concatenated data) and packet loss (incomplete data).

Fragmentation and Routing

Large payloads are split into multiple TCP segments to avoid retransmitting huge data blocks. Routers forward packets based on IP addresses; multiple paths increase fault tolerance. Core routers must be protected because their failure can disconnect the entire network.

Security Considerations

SYN‑flood attacks exploit the three‑way handshake by sending a large number of SYN packets with spoofed source addresses, causing the server to allocate half‑open connection state and exhaust resources. Mitigations include limiting the number of half‑open connections, reducing the SYN‑RECEIVED timeout, and early buffer release.

Long‑Lived Connections

Reusing an established TCP connection avoids the overhead of repeated handshakes. However, connection pools must be managed to prevent resource exhaustion (e.g., too many idle sockets).

UDP Characteristics

Header size: 8 bytes (source port, destination port, length, checksum).

No reliability, ordering, or congestion control.

Higher throughput and lower latency, making it suitable for live streaming, DNS, RIP, and broadcast.

Summary of Reliable Transmission

Continuous ARQ (Go‑Back‑N) combined with cumulative ACK and SACK ensures each segment reaches the receiver.

Sequence numbers distinguish new data from retransmissions.

Timeout retransmission recovers from lost packets.

Sliding window implements flow control based on the receiver’s advertised window.

Cumulative ACK reduces ACK traffic; SACK further reduces unnecessary retransmissions.

Additional Topics

Fragmentation – transport layer splits large data to avoid retransmitting huge payloads.

Routing resilience – multiple paths provide fault tolerance; core router failure is catastrophic.

Sticky packets & packet loss – application‑level framing is required to separate logical messages from the byte stream.

SYN flood mitigation – limit half‑open connections, shorten SYN‑RECEIVED timeout, early buffer allocation.

Connection reuse – keep connections alive for multiple requests but monitor resource usage.