Essential TCP Networking Concepts: OSI Model, Header Fields, Handshake, Flow Control and Related Protocols

Hello everyone, I am Tom. In this article I share common TCP networking knowledge that frequently appears in daily work and interviews.

OSI Seven‑Layer Model

Application layer – interfaces for users and protocols such as HTTP, FTP, SMTP, TELNET.

Presentation layer – data representation, security, compression.

Session layer – establishes and manages sessions.

Transport layer – defines protocol ports, flow control and error checking; protocols include TCP and UDP.

Network layer – routing, logical addressing; protocols include IP and ICMP.

Data link layer – frames encapsulation and bit‑stream conversion.

Physical layer – physical connection, bit transmission.

TCP Header Fields

Source port, Destination port (2 bytes each).

Sequence Number (4 bytes).

Acknowledgement Number (4 bytes).

Data offset (header length, 4 bytes).

Flags (6 bits): URG, ACK, PSH, RST, SYN, FIN.

Window size (4 bytes) – flow control.

Checksum (2 bytes) – error detection.

Urgent pointer (2 bytes) – indicates urgent data.

TCP Three‑Way Handshake

Client sends SYN (state SYN_SEND ).

Server replies with SYN, ACK (state SYN_RCV ).

Client sends ACK (state ESTABLISHED ); server also moves to ESTABLISHED .

Why three handshakes? Two handshakes cannot guarantee that the client has received the server’s reply, which could waste server resources; three is the minimal reliable sequence.

TCP Four‑Way Termination

1️⃣ Client sends FIN.

2️⃣ Server acknowledges (half‑close).

3️⃣ Server sends FIN.

4️⃣ Client acknowledges and enters TIME‑WAIT before moving to CLOSED after 2 × MSL.

Why four steps? TCP is full‑duplex; each direction must be closed independently.

TIME‑WAIT

The client waits 2 × MSL to ensure all ACKs have been received and that delayed packets from the old connection cannot interfere with a new one.

Connection Capacity Example

Assuming 8 GB memory, 4 KB send buffer + 4 KB receive buffer + socket descriptor ≈ 8 KB per TCP connection, the theoretical maximum is 8 GB / 8 KB = 1 048 576 connections (≈ 1 million).

Packet Fragmentation (拆包) and Reassembly

Large data is split into multiple TCP Segment s according to buffer size; the receiver reassembles them into the original message.

Sticky Packets (粘包)

To avoid many small transmissions, TCP may combine several small messages into one segment, which the receiver then separates.

Buffer Purpose

Buffers hold data when the NIC cannot process packets fast enough, providing a queue for incoming/outgoing data.

Ordering Guarantee

Each segment carries a Sequence Number ; the receiver uses it to reorder out‑of‑order packets.

Loss Recovery

Receivers send ACKs with an Acknowledgement Number indicating the next expected byte; missing ACKs trigger retransmission.

Maximum Segment Size (MSS)

MSS (Maximun Segment Size) is an optional TCP header field negotiated by both ends to limit segment size.

Sliding Window Flow Control

The window contains unacknowledged data and data ready to send.

When the smallest sequence number is ACKed, the window slides forward.

Window size can change dynamically based on ACKs.

Timeouts on the smallest un‑ACKed segment cause retransmission of the whole window.

HTTP Versions

HTTP 1.0 – short connections, new TCP connection per request.

HTTP 1.1 – persistent connections by default.

HTTP 2.0 – binary framing, multiplexing, header compression (HPACK), server push.

HTTP vs HTTPS

HTTPS = HTTP + SSL/TLS; HTTPS encrypts traffic using certificates and runs on port 443.

Statelessness of HTTP

Each request is independent, simplifying scaling, load balancing, and routing; state is kept client‑side via cookies.

HTTPS Handshake Process

Client sends a ClientHello with supported hash algorithms.

Server returns its digital certificate (public key).

Client validates the certificate.

Client generates a random symmetric key, encrypts it with the server’s public key, and sends it.

Server decrypts the symmetric key with its private key.

Both sides use the symmetric key for encrypted communication.

Symmetric vs Asymmetric Encryption

Symmetric – same key for encryption/decryption (e.g., AES, DES), fast.

Asymmetric – public key encrypts, private key decrypts (e.g., RSA, DSS), slower.

TCP Packet Capture Tools

Wireshark is the most widely used network protocol analyzer, supporting hundreds of protocols, real‑time capture, offline analysis, and multiple operating systems.