Understanding OSI Model, TCP/IP Model, and TCP/UDP Protocols: Layers, Handshakes, and Data Transmission

OSI Seven‑Layer Model

The OSI model uses a layered architecture with seven layers: Physical, Data Link, Network, Transport, Session, Presentation, and Application.

TCP/IP Model

Because the OSI model is complex, the TCP/IP model is more commonly used in practice and consists of four layers: Link, Internet, Transport, and Application. The correspondence between the two models is shown in the diagram.

Each abstract layer builds on the services provided by the layer below and offers services to the layer above.

TCP/IP Protocol Suite

TCP/IP (Transmission Control Protocol/Internet Protocol) is the fundamental protocol suite of the Internet, composed of the IP protocol at the network layer and the TCP protocol at the transport layer. The term often refers to the whole set of protocols that rely on IP for communication.

Data Transmission in TCP/IP Networks

At each layer, a header is added to the data being sent; the header contains information required by that layer, such as destination address and protocol‑specific data. The packet therefore consists of a protocol header and the payload from the upper layer.

The encapsulated packet passes through the following processing steps:

1. Application layer encoding (similar to OSI's Presentation layer) and session management (similar to OSI's Session layer). 2. TCP adds its own header to the application data to provide reliable transmission. 3. IP adds its header to the TCP segment, forming an IP packet that is routed according to the routing table. 4. The Ethernet driver adds an Ethernet header and transmits the frame over the physical layer. 5. The receiving host checks the Ethernet header, discards frames not addressed to it, and forwards the payload to the appropriate module (e.g., IP, ARP). 6. The IP module validates the destination IP address, then forwards the payload to the corresponding transport protocol (TCP or UDP). 7. The TCP module verifies the checksum, reorders segments, checks ports, and delivers the data to the application. 8. The application processes the received data.

TCP and UDP

IP is the core protocol that provides addressing for both TCP and UDP, which operate at the transport layer to offer end‑to‑end communication for applications.

TCP provides reliable, connection‑oriented data transfer using acknowledgments, retransmissions, and flow control via a sliding window. It also implements congestion control algorithms such as slow start and fast recovery.

UDP is connectionless and sends datagrams without guaranteeing delivery or ordering, making it faster but unreliable.

Note: Many common network applications are built on TCP or UDP, which in turn rely on IP. It is also possible to bypass the transport layer and communicate directly with IP (e.g., Linux LVS) or even the link layer (e.g., tcpdump).

Detailed TCP Features

TCP is connection‑oriented; a connection must be established before data transfer.

Once established, TCP provides bidirectional communication.

TCP treats data as a byte stream, numbering each byte; acknowledgments (ACK) confirm receipt, ensuring ordered and complete delivery.

Flow control is achieved with a sliding window that dynamically adjusts the transmission rate based on the receiver’s capacity.

Congestion control uses algorithms such as slow start, congestion avoidance, fast retransmit, and fast recovery.

Sequence and Acknowledgment Numbers

Sequence number (SEQ): identifies each byte sent from the TCP source.

Acknowledgment number (ACK): tells the sender the next expected byte (last received byte + 1).

Flag bits: SYN (connection request), ACK (acknowledgment), FIN (connection termination), RST (reset), PSH (push), URG (urgent).

TCP Three‑Way Handshake

To establish a reliable connection, the client (initiator) and server exchange three packets:

1. SYN: client sends a SYN with an initial sequence number. 2. SYN‑ACK: server replies with SYN and ACK, acknowledging the client’s sequence and providing its own. 3. ACK: client acknowledges the server’s sequence, completing the handshake and entering the ESTABLISHED state.

The three exchanges ensure both sides know each other’s initial sequence numbers, preventing old duplicate connections.

Why Three Handshakes?

Both parties must learn and confirm each other’s sequence numbers; two exchanges would only confirm the initiator’s number.

SYN Flood Attack

Attackers spoof the source IP in SYN packets, overwhelming the server with half‑open connections, exhausting resources. Mitigations include firewalls, monitoring and dropping excess half‑open connections, and delaying TCB allocation until the handshake completes.

TCP Four‑Way Termination

Connection termination involves four packets:

1. FIN from the client → server enters FIN_WAIT_1. 2. ACK from server → server enters CLOSE_WAIT. 3. FIN from server → client enters TIME_WAIT. 4. ACK from client → both sides reach CLOSED.

TIME_WAIT lasts for 2 MSL to ensure all duplicate packets have expired and the connection can be safely reused.

Why Wait 2 MSL?

Guarantee reliable full‑duplex closure.

Ensure delayed packets from the closed connection do not interfere with new connections.

When many connections are created and closed, the overhead of handshakes can degrade performance; HTTP keep‑alive reuses existing connections to avoid repeated handshakes.

Additional Notes

Other protocols mentioned: ICMP (control messages), IGMP (group management), ARP (address resolution), RARP (reverse ARP).