Unraveling TCP: From Physical Wires to Reliable Data Streams

Network Layering Overview

Computer networking is organized into logical layers. The physical layer defines the electrical or optical characteristics of the medium (cables, voltage, frequency). The data link layer uses MAC addresses to forward frames within a LAN. The network layer introduces IP addresses, enabling routing between LANs and providing host‑to‑host logical communication. The transport layer adds sockets (IP + port) so that multiple processes on the same host can communicate independently. The application layer implements protocols such as HTTP, FTP, DNS, etc.

Transport Layer Fundamentals

The transport layer abstracts the network layer by using a socket (IP + port) as the endpoint identifier. Two protocols dominate:

TCP – reliable, ordered delivery with flow‑control and congestion‑control.

UDP – minimal, connectionless service without reliability guarantees.

TCP Header Structure

TCP adds a fixed 20‑byte header (optional fields may extend it). Key fields:

Source and destination ports

Sequence number

Acknowledgment number

Window size

Flags (SYN, ACK, FIN, RST, etc.)

Byte‑Stream Transmission

TCP treats the application payload as a continuous byte stream. Each byte receives a sequence number; the sender buffers data and transmits segments of appropriate size. The receiver reassembles bytes in order before delivering them to the application.

Reliable Transmission Mechanisms

Stop‑and‑wait – send one segment, wait for an ACK.

Timeout retransmission – resend a segment if its ACK is not received within a timer.

Sequence numbers and ACK numbers – distinguish new data from retransmissions.

Sliding‑window (continuous ARQ) – the sender may have multiple unacknowledged segments within a window.

Cumulative ACK – a single ACK covers all bytes up to the highest in‑order byte received.

Selective ACK (SACK) – the receiver reports non‑contiguous blocks that arrived, allowing the sender to retransmit only missing data.

Go‑Back‑N – on a gap, the sender retransmits from the missing segment onward.

Flow Control

The receiver advertises a window size (available buffer space) in the TCP header. The sender must keep the amount of unacknowledged data within this window, preventing the receiver’s buffer from overflowing.

Congestion Control

TCP also limits its sending rate to avoid network congestion. The classic algorithm consists of:

Slow start – exponentially increase the congestion window (cwnd) each RTT until a loss threshold (ssthresh) is reached.

Congestion avoidance – increase cwnd linearly (typically by one MSS per RTT).

Fast retransmit – upon receiving three duplicate ACKs, resend the missing segment immediately.

Fast recovery – set ssthresh to half of the current cwnd, then continue with linear growth.

Active Queue Management (AQM) in routers can signal impending congestion before packet loss occurs.

Connection Establishment and Termination

Three‑way handshake (connection setup):

Client sends SYN.

Server replies with SYN‑ACK.

Client sends ACK; both sides enter ESTABLISHED state.

Four‑step teardown (connection close):

Active closer sends FIN (state FIN_WAIT_1).

Peer acknowledges with ACK (state CLOSE_WAIT).

Peer sends its own FIN (state LAST_ACK).

Active closer ACKs the final FIN and enters TIME_WAIT to ensure delayed packets are handled before moving to CLOSED.

UDP Overview

UDP provides a lightweight, connectionless transport. Its 8‑byte header contains:

Source port

Destination port

Length

Checksum

Because UDP lacks reliability, ordering, flow‑control, and congestion‑control, it is used where low latency is critical (e.g., video streaming, DNS, simple broadcast services).

Additional Topics

Segmentation – large messages are split into multiple TCP segments to avoid retransmitting an entire payload on loss.

Routing – dynamic path selection provides fault tolerance and load balancing.

Sticky packets / packet framing – since TCP is a byte stream, applications must define message boundaries (e.g., delimiters, length fields) to avoid mixing messages.

Security – SYN‑flood attacks exploit the three‑way handshake by creating many half‑open connections; mitigations include limiting half‑open connections and using SYN cookies.

Long connections – keeping a TCP connection alive reduces the overhead of repeated handshakes for frequent requests.