Transport Layer Overview: TCP and UDP Protocols, Sockets, Ports, and Congestion Control

Transport Layer Overview

The transport layer sits between the application and network layers in the OSI model, providing end‑to‑end communication between host systems. It encapsulates data into segments (TCP) or datagrams (UDP) and adds headers containing source and destination ports, sequence numbers, and checksums.

TCP and UDP Basics

TCP (Transmission Control Protocol) offers reliable, connection‑oriented service with flow control, error recovery, and ordered delivery, while UDP (User Datagram Protocol) provides an unreliable, connection‑less service suitable for low‑latency applications such as streaming, VoIP, and DNS.

Socket API and Port Numbers

A socket acts as an interface between the application and transport layers. Applications create sockets, bind them to a port number (16‑bit integer, ranging 0‑65535), and use APIs such as listen , accept , connect , read / write , and close to communicate. Ports enable multiplexing so multiple processes can share a single host.

Multiplexing and Demultiplexing

Multiplexing combines data from many applications into one transport stream; demultiplexing uses the four‑tuple (source IP, destination IP, source port, destination port) to deliver received segments to the correct socket. UDP uses a two‑tuple (IP, port), while TCP uses a four‑tuple.

UDP Packet Structure

Each UDP datagram consists of a header (source port, destination port, length, checksum) and a data payload. The header is only 8 bytes, making UDP lightweight but without built‑in reliability; applications may implement their own acknowledgment and retransmission if needed.

TCP Segment Structure

A TCP segment contains source and destination ports, sequence number, acknowledgment number, data offset, flags (SYN, ACK, FIN, RST, etc.), window size, checksum, urgent pointer, optional fields, and payload. These fields enable reliable, ordered delivery, flow control, and congestion control.

Connection Management

TCP establishes a connection using a three‑way handshake: SYN, SYN‑ACK, ACK. It terminates a connection with a four‑step (four‑way) handshake using FIN and ACK flags, passing through states such as SYN‑SENT , ESTABLISHED , FIN‑WAIT‑1 , FIN‑WAIT‑2 , CLOSE‑WAIT , TIME‑WAIT , and finally CLOSED . The RST flag is used to abort connections when mismatched sockets are detected.

Flow Control and Sliding Window

TCP uses a sliding window mechanism to send multiple segments before waiting for acknowledgments. The window size is limited by the receiver’s advertised receive window and the sender’s congestion window (cwnd) . Flow control prevents buffer overflow, while the sliding window improves throughput.

Congestion Control

TCP employs end‑to‑end congestion control using algorithms such as Slow Start, Congestion Avoidance, Fast Retransmit, and Fast Recovery. The cwnd grows exponentially during Slow Start until it reaches the slow‑start threshold ( ssthresh ), then increases linearly. Packet loss (detected by timeout or three duplicate ACKs) reduces cwnd and triggers retransmission.

SYN Flood Attack and Mitigation

Attackers can exhaust server resources by sending many SYN packets without completing the handshake (SYN flood). Servers can mitigate this using SYN cookies, which encode connection state in the initial sequence number without allocating resources until the client returns a valid ACK.

Conclusion

The transport layer, through TCP and UDP, provides essential services for reliable and fast data transfer, socket programming interfaces, port management, multiplexing, flow control, and congestion handling, forming the backbone of modern networked applications.