Computer Network Fundamentals: OSI/TCP‑IP Layers, TCP/UDP Differences, Handshakes, and Related Mechanisms

Computer networking is a core topic in technical interviews; this guide summarizes essential concepts.

1. Layered Protocols and Their Functions

Three common models are described: the OSI 7‑layer model, the TCP/IP 4‑layer model, and a simplified 5‑layer model used in teaching.

OSI 7‑layer model – comprehensive but theoretical, rarely implemented directly.

TCP/IP 4‑layer model – derived from practical use; the lowest layer is abstract.

5‑layer model – a compromise that retains clarity while being concise.

The OSI 7‑layer functions are:

Application layer – provides services to applications (e.g., DNS, HTTP, SMTP).

Presentation layer – handles data format conversion, encryption, compression.

Session layer – establishes, maintains, and terminates connections.

Transport layer – offers reliable (TCP) or best‑effort (UDP) transport. TCP: connection‑oriented, reliable. UDP: connection‑less, low‑overhead.

Network layer – routing and forwarding, primarily IP.

Data link layer – frames IP packets for transmission over a link.

Physical layer – transparent bit‑stream transmission between adjacent nodes.

2. TCP vs. UDP

Key differences are summarized in the table below:

UDP

TCP

Connection

Connection‑less

Connection‑oriented

Reliability

Unreliable, no flow or congestion control

Reliable, with flow and congestion control

Order

Unordered

Ordered (re‑ordered if needed)

Speed

Fast

Slower

Peers

One‑to‑one, one‑to‑many, many‑to‑many

One‑to‑one only

Transmission mode

Message‑oriented

Byte‑stream oriented

Header overhead

8 bytes

20‑60 bytes

Typical use cases

Real‑time apps (VoIP, video, live streaming)

Reliable apps (file transfer, web traffic)

In short, use TCP when reliability is required and UDP when low latency and high throughput are prioritized.

3. Application Scenarios for UDP and TCP

TCP: FTP, HTTP/HTTPS, other reliable services.

UDP: Low‑volume communications (DNS, SNMP), multimedia streaming, broadcast.

4. TCP Three‑Way Handshake

The handshake consists of:

Client sends SYN with initial sequence number x .

Server replies with SYN‑ACK, acknowledges x+1 , and chooses its own sequence y .

Client sends ACK acknowledging y+1 ; both sides enter ESTABLISHED state.

5. Why Three Handshakes?

Prevents old, delayed SYN packets from causing errors.

Ensures both ends verify each other's send/receive capabilities.

Confirms each side's initial sequence numbers.

6. Why Not Four Handshakes?

Three exchanges already guarantee bidirectional capability and sequence‑number agreement, making a fourth unnecessary.

7. SYN Flood Attack and Mitigation

SYN flood exploits the half‑open state ( SYN_RECV ) by sending massive forged SYN packets, exhausting server resources.

Mitigation methods include firewall filtering, TCP/IP stack hardening, and SYN cookies.

8. Lost Final ACK in Handshake

Server remains in SYN_RECV and retransmits SYN‑ACK; after repeated failures it closes the connection. The client believes the connection is established, but will receive RST on data transmission.

9. TCP Four‑Way Termination

Client sends FIN (and ACK) – initiates close.

Server acknowledges with ACK.

Server sends its own FIN.

Client acknowledges with ACK and enters TIME‑WAIT before moving to CLOSED.

10. Why Four Steps to Close?

Because the server may still have data to send after receiving the client’s FIN, requiring a separate FIN of its own.

11. Purpose of TIME‑WAIT (2 MSL)

Ensures the final ACK reaches the server.

Prevents delayed packets from being misinterpreted by future connections.

12. Handling Faulty Clients or Lost Packets

TCP relies on timers and retransmission; servers also use keep‑alive probes to detect dead peers.

13. Excessive TIME‑WAIT Connections

Too many TIME‑WAIT sockets waste server resources and exhaust client ports. Solutions: enable SO_REUSEADDR , tune net.ipv4.tcp_tw_reuse and tcp_tw_recycle , or force close with RST.

14. Which Side Enters TIME‑WAIT?

Typically the active closer (client) enters TIME‑WAIT; servers usually stay in LISTEN or CLOSE‑WAIT.

15. How TCP Guarantees Reliability

Checksum for error detection.

Sequence numbers and acknowledgments.

Sliding window for flow control.

Timeout‑based retransmission.

Congestion control algorithms.

Explicit flow‑control via window size.

16. Sliding Window Mechanism

The window defines how many unacknowledged bytes may be in flight; it moves forward as acknowledgments arrive, balancing throughput and congestion.

17. Congestion Control Algorithms

Slow start – exponential growth of cwnd until a threshold.

Congestion avoidance – linear increase of cwnd per RTT.

Fast retransmit – resend after three duplicate ACKs.

Fast recovery – halve ssthresh and avoid slow start after fast retransmit.

These mechanisms together keep TCP efficient and stable under varying network conditions.

References

https://segmentfault.com/a/1190000021815671 https://juejin.cn/post/6844904005315854343 https://www.nowcoder.com/discuss/568071 https://blog.csdn.net/yrx420909/article/details/104483455 https://www.cnblogs.com/xiaolincoding/p/12638546.html https://imageslr.com/2020/07/07/tcp-shake-wave.html https://cloud.tencent.com/developer/article/1537628