Demystifying Network Protocol Layers and the TCP 3‑Way Handshake

Computer Network Architecture

A layered architecture abstracts network functions into independent layers, simplifying design, implementation, and standardization.

Why Layer Protocols?

Simplify complex problems by dividing them into smaller, independent tasks.

Changes in one layer do not affect others if interfaces remain unchanged.

Facilitate implementation, maintenance, and standardization.

Drawback: Some functionality may appear in multiple layers, causing overhead.

OSI vs. TCP/IP Models

OSI: 7 layers – Application, Presentation, Session, Transport, Network, Data Link, Physical.

TCP/IP: 4 layers – Application, Transport, Internet, Network Interface.

Hybrid teaching model: 5 layers – Application, Transport, Network, Data Link, Physical.

TCP/IP Protocol Suite

Application Layer

Provides network services to end‑user applications. Common protocols include:

DNS, HTTP/HTTPS, FTP, POP3, SMTP, TELNET, SSH (run over TCP).

BOOTP, NTP, DHCP (run over UDP).

DNS (can use both TCP and UDP).

Transport Layer

TCP – connection‑oriented, reliable byte‑stream service.

UDP – connection‑less, best‑effort delivery.

Network Layer

Routes packets and encapsulates transport segments into IP datagrams (IPv4/IPv6).

Data Link Layer

Transmits frames between adjacent nodes, adding synchronization, addressing, and error‑control information.

Physical Layer

Transfers raw bits over the physical medium, abstracting hardware specifics.

TCP Header Fields (selected)

Sequence Number (seq) : 32‑bit field identifying the byte position in the stream.

Acknowledgment Number (ack) : 32‑bit field valid when the ACK flag is set; ack = received seq + 1.

Flags (6 bits) : URG, ACK, PSH, RST, SYN, FIN – each controls connection state.

Note: The ACK flag is distinct from the acknowledgment number field.

Three‑Way Handshake (Connection Establishment)

Client → Server: SYN with initial sequence number (ISN).

Server → Client: SYN‑ACK, acknowledges client ISN and provides its own ISN.

Client → Server: ACK, acknowledges server ISN; connection is established.

Four‑Way Termination (Connection Close)

Client → Server: FIN (no more data to send).

Server → Client: ACK (may still send remaining data).

Server → Client: FIN when its data is finished.

Client → Server: ACK; both sides wait 2 MSL before releasing resources.

Typical Interview Questions

Why three‑way handshake? It guarantees that both ends can send and receive data and handles possible packet loss that a two‑step handshake cannot reliably detect.

Why four steps to close? Both sides must be sure that no more data will be sent; the extra step allows the side that still has data to finish transmitting before it can safely terminate.

Why wait 2 MSL after the final ACK? To allow for possible loss of the final ACK; if lost, the peer will retransmit its FIN, and the 2 MSL period ensures the connection is fully cleared.

What if a client crashes after a connection is established? TCP uses a keep‑alive timer (commonly 2 hours). If no data is received within this interval, the server sends probe packets every 75 seconds; after ten unanswered probes, the server assumes the client has failed and closes the connection.

Illustrative Diagrams

Author: ThinkWon Original article: https://blog.csdn.net/ThinkWon/article/details/104903925