28 Diagrams That Instantly Clarify How TCP Works

Physical and Data‑Link Layers

Two hosts connected by a single cable communicate at the physical layer, which defines hardware signals such as voltage and frequency. Adding a switch creates a LAN (Ethernet); each host has a permanent MAC address that the switch uses to forward frames.

Network Layer

When multiple LANs are interconnected, IP addresses replace MAC addresses as logical identifiers. The letter‑mail analogy shows that the destination IP address lets routers deliver packets without knowing the underlying hardware. Within a LAN, ARP maps IP to MAC.

Transport Layer

The transport layer introduces sockets, which combine an IP address with a port number to give each process a unique communication endpoint. Ports enable multiple applications on the same host to exchange data independently.

TCP vs UDP

TCP provides reliable, connection‑oriented communication; UDP offers a lightweight, connectionless service.

TCP Header

TCP adds a fixed 20‑byte header (optional 4‑byte options). Fields include source/destination ports, sequence number, acknowledgment number, window size, flags, and checksum.

Reliability Mechanisms

Byte‑stream segmentation and numbering.

Stop‑and‑wait (send one segment, wait for ACK).

Timeout‑based retransmission.

Sliding‑window flow control (receiver advertises window size).

Continuous ARQ (Go‑Back‑N) and selective acknowledgment (SACK) to avoid unnecessary retransmissions.

Congestion Control

TCP limits the sending rate to avoid network congestion. The classic algorithm consists of:

Slow start – exponential growth of the congestion window (cwnd) until a threshold (ssthresh) is reached.

Congestion avoidance – linear increase of cwnd per RTT.

Fast retransmit – on three duplicate ACKs, retransmit the missing segment.

Fast recovery – halve ssthresh, set cwnd to ssthresh + 3 MSS, then resume congestion avoidance.

Connection Management

Three‑way handshake (SYN → SYN‑ACK → ACK) establishes a TCP connection; four‑way termination (FIN → ACK → FIN → ACK) gracefully closes it, ensuring all data are exchanged before release.

UDP Overview

UDP adds an 8‑byte header (source port, destination port, length, checksum) and provides best‑effort delivery without reliability, flow control, or congestion control. Advantages are lower latency and smaller overhead; typical uses include video streaming, DNS, and RIP.

Pros: faster, connection‑less, smaller header.

Cons: no delivery guarantee, no congestion control.

Additional TCP Topics

TCP fragments large payloads into multiple segments; excessive fragmentation increases header overhead. Routing provides path redundancy, allowing packets to be rerouted if a router fails. Application‑layer issues such as sticky packets (粘包) and packet splitting (拆包) must be handled by delimiters or fixed‑size framing. SYN‑flood attacks overwhelm a server with half‑open connections; mitigations include limiting per‑IP connection counts, shortening half‑open timeouts, and delaying buffer allocation. Long‑lived TCP connections reduce the overhead of repeatedly opening and closing sockets but require management to avoid resource exhaustion.

Socket Definition

A TCP socket is defined by four fields: source IP, source port, destination IP, and destination port. This four‑tuple uniquely identifies a connection.

TCP Header Fields

TCP Options

Byte‑Stream Model

TCP treats the data from the application as a continuous byte stream, assigns sequence numbers, and transmits segments in order.

Stop‑and‑Wait Protocol

Send one segment, wait for an ACK before sending the next. If the ACK is not received within a timeout, retransmit.

Go‑Back‑N (Continuous ARQ)

Send multiple segments without waiting; on loss, the sender retransmits the missing segment and all subsequent ones.

Sliding‑Window Flow Control

The receiver advertises a window size indicating available buffer space; the sender may transmit any data within that window. As ACKs arrive, the window slides forward.

Connection Establishment Steps

Client sends SYN with its initial sequence number and receive‑window size; enters SYN_SENT.

Server replies with SYN‑ACK (its own sequence number and acknowledgment of the client’s SYN); enters SYN_RECEIVED.

Client sends ACK acknowledging the server’s SYN; enters ESTABLISHED.

Server receives the ACK and also enters ESTABLISHED.

Connection Termination Steps

Client sends FIN; enters FIN_WAIT_1.

Server acknowledges FIN with ACK; enters CLOSE_WAIT.

Server sends its own FIN after sending remaining data; enters LAST_ACK.

Client acknowledges server’s FIN with ACK; enters TIME_WAIT to ensure delayed packets are discarded.

After 2 MSL, both sides enter CLOSED.

Sticky Packets and Packet Splitting

Because TCP delivers a byte stream, application data boundaries are lost. When two logical messages (e.g., audio and text) are sent, the receiver may see a mixed stream (sticky packet) and must reconstruct the original messages (packet splitting) using delimiters, length fields, or fixed‑size frames.

Security Considerations

SYN‑flood attacks create many half‑open connections, exhausting server resources. Countermeasures include limiting the number of simultaneous connections per IP, reducing the SYN‑RECEIVED timeout, and allocating buffers lazily.

Long‑Lived Connections

Reusing an established TCP connection for multiple requests reduces the overhead of repeated three‑way handshakes, but the server must enforce limits on connection duration and count to prevent resource exhaustion.

Code example

-End-
读到这里说明你
喜欢
本公众号的文章，欢迎
置顶（标星）
本公众号 Linux技术迷，这样就可以第一时间获取推送了~