The Ultimate Guide to TCP/IP

The Ultimate Guide to TCP/IP image

TCP/IP, also known as the Transmission Control Protocol/Internet Protocol, is one of the bedrocks of a modern network monitoring toolkit. This protocol is the main method by which network devices are connected via the internet. It is thus crucial that any network administrator has a thorough understanding of what TCP/IP is and how to apply it. In a nutshell, this protocol determines the means by which data is transferred over the internet.

At some point or another, almost every tech savvy person has heard of TCP/IP. In fact, anybody who has ever used a web browser has used the TCP/IP protocol. There is an attitude among many that this protocol is past its best days as people switch to alternative transfer protocols like UDP. Still, TCP/IP has come a long way since it was developed by the Advanced Research Projects Agency (ARPA) back in the 1970s.

The main reason for negative perceptions of TCP/IP is that our data usage is growing astronomically each year. This is even more true of large organizations who are often pushing TCP/IP to the limit with the sheer volume of transfer needs. Now that TCP/IP is only a few years off from being 50 years old, it’s starting to show its age. For many TCP/IP has become a bottleneck.

Yet for now, it remains relevant as a massive number of us still use TCP/IP to transfer information everyday. In this article, we break down what TCP/IP is, what it does and how it works.

History of TCP/IP

Before TCP/IP was the go-to protocol for internet connections we used to use another protocol called the Network Control Protocol (NCP). The NCP was the main protocol for the ARPAnet. The ARPAnet was the precursor to the modern day internet and originates from 1969. The NCP laster for a few years but it was struggling to keep up with the demands of users. It wasn’t until 1974 that a paper emerged outlining the concept of “A Protocol for Packet Network Interconnection”. This paper, written by Vint Cerf and Bob Kahn outlined the idea of TCP.

It would take until 1978 before TCP/IP came to fruition and until 1983 to completely replace NCP. Seven years later ARPAnet ground to a halt. Yet TCP/IP persisted, undergoing tweaks to keep up with the demands of the future.

What do TCP and IP do?

Nine out of ten times, you’ll hear TCP and IP mentioned together. Even though these two protocols are listed together, they do have distinct differences. TCP is used to dictate how devices communicate across a network. Part of this involves structuring messages into smaller packets before they reach their destination. On the other hand, IP determines the route that the packet takes. IP sets the route for the packet transfer.

In other words, TCP has the responsibility for separating the packets and IP has to ensure that they reach their destination. There are four layers that comprise TCP/IP: the Network Access Layer, the Internet Layer, the Transport Layer and the Application Layer (which we discuss later in this guide). TCP sets up connections via a three-way handshake.

TCP and the Three-Way Handshake

TCP’s three-way handshake (also referred to as SYN-SYN-ACK) is the technique that TCP uses to set up a TCP/IP connection. It is named after a three-way handshake because three messages are required to start the connection between two network devices. The three-way handshake works as follows:

  • The first host sends a SYN packet to another computer.

  • The second computer receives the SYN packet and sends a SYN-ACK to the first computer (an acknowledgement of the SYN packet).

  • The first computer receives the SYN-ACK and responds with an ACK. This establishes the connection.

This handshake allows TCP to ensure that a connection is up and running before sending data. The handshaking process is why TCP is considered to be a reliable transfer protocol. A connectionless protocol like UDP has no such handshake process and is thus less reliable than TCP (but more lightweight). However, protocols such as FTP, HTTP, HTTPS, SMTP, Telnet, and SSH all have their own three-way handshakes.

How TCP Packages Data

One of the most important things to know about TCP is that it takes application data from applications in the form of bytes, and chops it up into TCP segments. A segment is a complicated word for a message. IP then takes these messages from TCP and sends them to the final destination. Once the final device receives this data it is then processed and passed back to TCP where it is converted back into bytes. It is then sent to the application.

The size of a segment is limited by TCP’s maximum segment size and how much data the end destination can take at one time (the device tells TCP this information once a connection is made). TCP’s data packaging is one of its main selling points. It allows applications to send data of various sizes without having to manage data packaging themselves.

TCP Segmentation

As we covered briefly above, data is broken down into segments in a process called segmentation. Whenever TCP receives data from an application it chops it up into chunks. Once this is done TCP passes these segments down to IP where it is placed into an IP datagram. The segmentation process allows for TCP to run error checking and to enable data to be transferred separately. Any piece that is lost in transit will be recognised by TCP and resent.

OSI Layers

The most important thing to know about TCP/IP layers is that they are different from the Open Systems Interconnection (OSI) model. OSI has seven layers whereas TCP/IP has four. The Physical Layer, the Data-Link Layer, the Network Layer, the Transport Layer, the Session Layer, the Presentation Layer, and the Application Layer. As previously mentioned, the four layers of TCP/IP are the Network Access Layer, the Internet Layer, the Transport Layer, and the Application Layer.

However before we get into more detail about the TCP/IP layers, let’s look at the OSI layers themselves.

The Physical Layer

This layer is the name given to the physical means of transport the data travels through. This comprises all physical components within a Local Area Network (LAN). Any network hardware comes under this layer. This could be an ethernet cable or a wireless radio signal.

The Datalink Layer

This layer is responsible for organizing bits into frames and sending them across the physical layer. The Data Link Layer consists of two-sub layers referred to as Logical Link Control (LLC) and Media Access Control (MAC). This layer needs to find a physical MAC address to act as the final destination of the data transfer.

The Network Layer

This layer is tasked with finding the best route for the data to take in order to reach its destination. Protocols such as Routing Information Protocol (RIP), Border Gateway Protocol (BGP) and Open Shortest Path First (OPSF) are common at this stage.

The Transport Layer

This layer decides how data is sent and has the ability to perform error detection and validation of the process data. If there are any issues recognised it will correct them at this stage. TCP, User Datagram Protocol (UDP), Name-Binding Protocol (NBP) and Sequenced Packet Exchange (SPX) are all common at this stage.

The Session Layer

This layer (or socket layer) is used to start a session and monitor it so that the sending party can exchange data and the destination can respond. Protocols such as Lightweight Directory Access Protocol (LDAP), NFS, SQL, X Windows and Remote Procedure Call (RPC) are common at this stage.

The Presentation Layer

This layer acts as a translator and encodes the data into a recognised format such as text, jpeg or gif. In addition to those three protocols, you’re also likely to encounter Secure Sockets Layer (SSL), HyperText MarkUp Language (HTML), File Transfer Protocol (FTP) and JAVA.

The Application Layer

This layer is the final layer in the OSI model and is actually the user interface used to send or receive the data. One example of this layer is clicking a webpage to launch the HTTP protocol. Other protocols active at this layer include Secure Shell (SSH), File Transfer Protocol (FTP), Trivial File Transfer Protocol (TFTP) and Dynamic Host Configuration Protocol (DHCP).

TCP/IP Layers

The Network Access LayerThis layer is the first layer of TCP/IP. This layer determines how data is physically transferred through the network. In practice, it decides the protocols that applications use to exchange data. This includes protocols like Ethernet, FDDI, and Token Ring. Generally, most TCP/IPs operating with a LAN using Ethernet.

The Internet Layer

This layer is responsible for putting data into IP datagrams. An IP datagram is a packet which contains the source and destination address. Datagrams are used to send data between hosts and networks. The Internet layer includes IP, ICMP, IGMP, ARP, and RARP.

The Transport Layer

This layer is designed to enable devices on the source and destination hosts to communicate with each other. Protocols on this layer include TCP and UDP. This layer has to make sure the data is put back together correctly once it reaches its destination.

The Application Layer

This layer determines the way that host programs interface with this layer and use the network. This layer acts as a gateway to the other layers and determines which protocols will be used to transfer data. This layer includes protocols HTTP, SSH, Telnet, TFTP, SNMP, and SMTP.

Advantages of TCP/IP

TCP/IP offers a number of benefits to the user, one of the main benefits is its adept failure recovery. Essentially if a packet fails to reach its destination because one route fails, there is a failsafe feature that attempts to use another route to complete the transfer. TCP recovers segments that get lost or damaged during transfers. Every piece of data transferred is chopped into a segment with a unique number attached to it and monitored with a CRC check. If a segment gets lost then TCP can recognise it and attempt to recover.

Once the data reaches the recipient TCP an acknowledgement message confirming that the data didn’t get lost in transit is received. This means that the user can be sure that the data transfer reaches the end location in the event that part of the network fails. Originally TCP/IP was intended for use by the Department of Defense which is why reliability is so ingrained into the design.

The next biggest advantage is that TCP/IP is lightweight and doesn’t place unnecessary strain on a computer or network. This is great for administrators in fast-paced networking environments as it makes sure that service doesn’t run the risk of poor performance or interrupting. TCP/IP is thus a reliable protocol for transferring data across a LAN network.

Another advantage of TCP/IP is that it can foster connections between disparate types of computers and servers. TCP/IPs interoperability makes it flexible within an enterprise-grade network environment. Many administrators use this protocol when dealing with diverse physical infrastructure.

Disadvantages of TCP

Even though TCP/IP is a very versatile protocol, its not without its issues. One of the main disadvantages of TCP/IP is that it isn’t built for LANs. Most administrators use TCP/IP on a LAN but it was originally designed for WAN connections. As such, using TCP/IP within a LAN can lead to inefficiency and bottlenecks. This is particularly true of small networks with limited bandwidth availability.

Another problem is that of security. TCP/IP is particularly vulnerable to SYN attacks. A SYN attack can be used to interrupt TCP/IP’s three-way handshake by sending connection requests constantly. This makes the computer unable to sustain other connections.


TCP vs UDP? TCP and UDP are often compared with each other when it comes to data transfers. As discussed above, TCP/IP encompasses a range of protocols which communicate through the internet. On the other hand, the User Datagram Protocol (UDP) is used to conduct data transfers from apps without error-checking, resulting in a faster transfer speed. Both of these protocols are used to send data via the internet to an IP address.

When sending data to a server, TCP requests a response from the web server. This is an error-checking technique making sure that the server has received the message. UDP does away with error-checking completely. Information is simply sent straight to the recipient without a request for confirmation. In the event that a UDP packet doesn’t reach the destination, it is lost rather than resent.

The main advantage UDP has over TCP/IP is that it’s faster. Removing error-checking reduces latency and allows devices to communicate much faster. A good example of UDP in action is an online game. If your character is running around a virtual map but the connection lags with UDP the screen will freeze and skip to the next available packet that comes through. Rather than trying to recover past packets that have become irrelevant, UDP moves on to what’s happening now.

However, TCP/IP has the edge on UDP in terms of reliability. Depending on the application you’re using, error-checking can be a vital component of sending information. Whereas it doesn’t matter if you miss a couple of packets on some applications, on others this can be a substantial problem. The error-checking process helps to make sure that everything reaches its destination, which is incredibly useful if you’re looking for reliability.


Since TCP soldiered its way through the ARPAnet era, it has become one of the most widely-used protocols in the world. Even though protocols like UDP are starting to overlap with TCP/IP, the latter remains the go-to network transfer method of most online users. Systems administrators looking to send information across the internet need to be intimately familiar with TCP/IP.

A deep knowledge of TCP/IP not only comes in handy for day-to-day network admin tasks but it is also an integral part of certifications like Cisco’s CCNA. The better you understand TCP/IP the better you’ll be able to understand your physical infrastructure. Knowing TCP/IP inside and out will help to bolster your network infrastructure against external threats and to optimize your network design accordingly. Without a deep understanding of TCP/IP, managing a large network becomes much more difficult.

If you don’t have a deep understanding of TCP/IP don’t worry. It may seem complicated at first as there is a lot of technical jargon being thrown around but TCP/IP is a simple concept once you strip back the complex terms and processes. Whether you’re studying for the CCNA or just trying to get a better understanding of this protocol if you commit to learning about it, you’ll get there eventually.



Leave a Reply