28 Diagrams That Explain TCP From Basics to Advanced Concepts

Network Layering Overview

Physical layer connects two hosts with a cable. Adding a switch creates a LAN (Ethernet) where devices are addressed by MAC addresses. Routers interconnect LANs and introduce IP addresses, allowing routing without knowledge of every MAC address. The network layer provides logical host communication via IP, while the data‑link layer handles local addressing.

Transport Layer and Sockets

Transport layer sits above the network layer and offers process‑to‑process communication using socket objects. A socket is identified by a four‑tuple: source IP, source port, destination IP, destination port. UDP defines a socket with destination IP + port; TCP adds source IP + port to make each connection unique.

TCP Header Structure

TCP adds a fixed 20‑byte header (plus optional fields) to the payload. Key fields include source port, destination port, sequence number, acknowledgment number, window size, flags (SYN, ACK, FIN, etc.).

Byte‑Stream Transmission

TCP reads data from the application into a send buffer and assigns a sequence number to each byte.

It selects an appropriate amount of data to form a TCP segment and passes it to the network layer.

The receiver stores incoming bytes in a receive buffer and delivers them to the application when ordered.

This design avoids large memory usage but requires handling packet loss, reordering, and duplication.

Reliable Transmission Mechanisms

Stop‑and‑Wait (ARQ) : send one segment, wait for an ACK, then send the next.

Timeout Retransmission : if an ACK is not received within a timeout, retransmit the segment.

Sequence Numbers : identify each byte to distinguish new data from retransmissions.

Sliding Window : allow multiple unacknowledged segments; the receiver advertises the window size (flow control).

Cumulative ACK : acknowledge the highest contiguous byte received.

Selective ACK (SACK) : report non‑contiguous blocks that have arrived, enabling retransmission of only missing segments.

Congestion Control

Slow Start : start with a small congestion window and double each round‑trip time.

Congestion Avoidance : after reaching the slow‑start threshold (ssthresh), increase the window by one segment per RTT.

Fast Retransmit & Fast Recovery : on three duplicate ACKs, halve ssthresh and retransmit the missing segment without waiting for a timeout.

Timeout : on timeout, reset to slow start.

These algorithms limit the sender’s rate based on perceived network conditions, reducing loss and improving throughput.

Connection Management

Client sends SYN with its initial sequence number.

Server replies with SYN‑ACK, acknowledging the client’s SYN and providing its own sequence number.

Client sends ACK, completing the three‑way handshake and entering the ESTABLISHED state.

Termination uses a four‑step exchange (FIN, ACK, FIN, ACK) followed by a TIME_WAIT period to ensure stray packets are discarded before final closure.

UDP Protocol

UDP adds only source/destination ports, a checksum, and length. Its header is 8 bytes. UDP provides lower latency, no connection setup, no congestion control, and smaller overhead, making it suitable for streaming, DNS, and broadcast. However, UDP lacks reliability, ordering, and flow control.

TCP Flow Control and Sliding Window

TCP uses the window size field in the header to convey the receiver’s remaining buffer space. The sender adjusts its sending window accordingly, ensuring it does not overwhelm the receiver.

Stop‑and‑Wait ARQ Example

Sender transmits a segment and waits for an ACK. If the ACK is not received before the timeout, the segment is retransmitted. Sequence numbers allow the receiver to distinguish retransmitted data from new data.

Continuous ARQ (Go‑Back‑N) and Selective ACK

Continuous ARQ allows the sender to transmit multiple segments without waiting for each ACK. The receiver sends cumulative ACKs; on loss, the sender may need to retransmit from the missing segment (Go‑Back‑N). Selective ACK (SACK) lets the receiver inform the sender exactly which blocks were received, so only the missing segment(s) are retransmitted.

Congestion Control Details

Initial window is small; each RTT doubles the window (slow start).

When cwnd reaches ssthresh, increase cwnd by one segment per RTT (congestion avoidance).

Three duplicate ACKs trigger fast retransmit and fast recovery: ssthresh ← cwnd/2, cwnd ← ssthresh + 3.

Timeout resets cwnd to 1 MSS and ssthresh ← cwnd/2.

The sender never exceeds the receiver’s advertised window.

TCP Connection Establishment State Diagram

Client in SYN_SEND after sending SYN.

Server in SYN_RECV after replying with SYN‑ACK.

Client moves to ESTABLISHED after sending ACK.

Server moves to ESTABLISHED after receiving the ACK.

TCP Connection Termination State Diagram

Client enters FIN_WAIT_1 after sending FIN.

Server enters CLOSE_WAIT after receiving FIN and acknowledges it.

Server sends its own FIN and enters LAST_ACK.

Client enters TIME_WAIT after ACKing the server’s FIN, waiting for 2 MSL before closing.

Sticky Packets and Packet Splitting

Because TCP is a byte‑stream, application data may be concatenated (sticky packets) or split across multiple segments. Applications must delimit messages (e.g., newline, length prefix) or use fixed‑size framing to recover original boundaries.

Security: SYN Flood

Attackers can send large numbers of SYN packets with forged source addresses, causing the server to allocate half‑open connections and exhaust resources. Mitigations include limiting half‑open connections, shortening the SYN‑RECEIVED timer, and using SYN cookies.

Long‑Lived Connections

Reusing a TCP connection for multiple requests avoids the overhead of repeated three‑way handshakes, but connections must be managed to prevent resource exhaustion.

Code example

-End-