Ten Essential TCP/IP Topics Every Engineer Should Know

1. TCP/IP Model

The TCP/IP model consists of four layers—link, network, transport, and application—each encapsulating data with specific headers and footers, analogous to a stack of protocol headers that are added on send and stripped on receive.

2. Data Link Layer

The data link layer converts the bit stream into frames, adds MAC source and destination addresses, ensures transparent transmission, provides reliability on certain links, and performs error detection using CRC.

3. Network Layer

3.1 IP Protocol

IP is the core of the TCP/IP suite; it routes packets but does not guarantee delivery, leaving reliability to upper‑layer protocols like TCP or UDP.

3.1.1 IP Address Classes

A类IP地址: 0.0.0.0~127.0.0.0
B类IP地址: 128.0.0.1~191.255.0.0
C类IP地址: 192.168.0.0~239.255.0.0

3.2 IP Header – TTL

The Time‑to‑Live (TTL) field limits how many routers a packet can traverse; each router decrements TTL, and the packet is discarded when TTL reaches zero (typically 255, often 32 or 64).

3.3 ARP and RARP

ARP resolves an IP address to a MAC address by broadcasting a request; the host owning the IP replies with its MAC. RARP performs the opposite mapping.

3.4 ICMP

ICMP provides network‑level error reporting and diagnostics (e.g., destination unreachable) and is used by tools such as ping.

4. Ping

Ping sends ICMP echo‑request packets to test reachability and measures round‑trip time, displaying useful information like response time and TTL.

5. Traceroute

Traceroute discovers the path to a destination by sending UDP packets with incrementally increasing TTL values; each router that decrements TTL to zero returns an ICMP “time exceeded” message, revealing its IP address.

6. TCP vs UDP

Both operate at the transport layer; TCP provides reliable, connection‑oriented byte‑stream transmission with flow and congestion control, while UDP offers connectionless, best‑effort datagram delivery.

When to use TCP

For applications requiring reliable delivery, such as HTTP/HTTPS, FTP, email (SMTP/POP).

When to use UDP

For latency‑sensitive scenarios where occasional loss is acceptable, like video streaming or DNS queries.

7. DNS

Domain Name System maps human‑readable hostnames to IP addresses, operating over UDP port 53.

8. TCP Connection Establishment and Termination

Three‑Way Handshake

1) Client sends SYN (seq=x). 2) Server replies with SYN‑ACK (ack=x+1, seq=y). 3) Client sends ACK (ack=y+1). Both sides then enter ESTABLISHED state.

Four‑Way Handshake (Termination)

FIN from initiator → ACK from peer → FIN from peer → ACK from initiator, after which the initiator enters TIME_WAIT for 2 MSL to ensure all duplicate packets have expired.

9. TCP Flow Control

Flow control prevents the sender from overwhelming the receiver by limiting the sender’s window to the receiver’s advertised window (rwnd). The sliding‑window mechanism adjusts the allowed data volume dynamically.

10. TCP Congestion Control

Slow Start and Congestion Avoidance

During slow start, the congestion window (cwnd) doubles each RTT until a loss is detected; thereafter, congestion avoidance increases cwnd linearly (by one MSS per RTT). The slow‑start threshold (ssthresh) separates the two phases.

Fast Retransmit and Fast Recovery

When three duplicate ACKs are received, the sender immediately retransmits the missing segment (fast retransmit) and reduces ssthresh to half of the current cwnd, then continues with congestion avoidance (fast recovery) instead of resetting cwnd to 1.