TCP/IP Stack
- Used more for conceptualization and network design. OSI is preferred for troubleshooting.
| Layer | Datagram | Interactors | Protocol |
|---|---|---|---|
| Application | Payload | Software | HTTP, SMTP, FTP, DNS, etc. |
| Transport | Segment | TCP, UDP,QUIC | |
| Internet | Frame/Packet | Routers/Switches | IPV4/6, ICMP, IGMP, ARP, Routing |
| Network Access | Bit | Cables, Radio, Physical | Ethernet, Wifi, Fiber, PPP |
| The actual model would have network access split between data link and physical |
TCP/IP Protocol Stack
- Four-layer model used for network conceptualization and design (OSI’s 7-layer model preferred for troubleshooting)
- Each layer encapsulates data from the layer above, adding its own header information
- Horizontal communication - layers communicate with their peer layers on remote devices
- Vertical communication - adjacent layers on the same device pass data up/down the stack
| Layer | Data Unit | Primary Function | Key Protocols | Network Devices |
|---|---|---|---|---|
| Application | Data/Payload | User interface to network services | HTTP/HTTPS, SMTP, FTP, DNS, DHCP, SSH | Application servers, web browsers |
| Transport | Segment (TCP) / Datagram (UDP) | End-to-end communication, reliability | TCP, UDP, QUIC | Firewalls (stateful inspection) |
| Internet | Packet | Logical addressing, routing between networks | IPv4/IPv6, ICMP, IGMP, ARP, OSPF, EIGRP | Routers, Layer 3 switches |
| Network Access | Frame → Bits | Physical transmission, local network access | Ethernet, Wi-Fi, PPP, Frame Relay | Switches, hubs, NICs, cables |
Layer Functions & Encapsulation Process
Application Layer:
- Provides network services directly to end-user applications
- Examples: Web browsing (HTTP), email (SMTP/POP3/IMAP), file transfer (FTP), name resolution (DNS)
- Data created at this layer becomes the payload for lower layers
Transport Layer:
- TCP - Connection-oriented, reliable delivery with flow control and error recovery
- UDP - Connectionless, best-effort delivery for speed-sensitive applications
- Port numbers identify specific applications (HTTP uses port 80, HTTPS uses 443)
- Segmentation - breaks large data into smaller segments for transmission
Internet Layer:
- Logical addressing using IP addresses (IPv4: 32-bit, IPv6: 128-bit)
- Routing - determines best path across multiple networks
- ICMP provides error reporting and network diagnostics (ping, traceroute)
- ARP resolves IP addresses to MAC addresses on local networks
Network Access Layer:
- Combines OSI Physical and Data Link layers
- Physical addressing using MAC addresses (48-bit hardware addresses)
- Frame formatting, error detection, and media access control
- Technology-specific: Ethernet frames, Wi-Fi frames, PPP for serial links
Vocabulary
Encapsulation - Process of adding headers (and trailers) as data moves down the protocol stack
Protocol Data Unit (PDU) - Generic term for data at any layer of the protocol stack
Multiplexing - Multiple applications sharing a single network connection using port numbers
Demultiplexing - Separating incoming data streams to appropriate applications based on port numbers
Best-effort delivery - Network attempts to deliver data but provides no guarantees (UDP characteristic)
TCP vs UDP Comparison
| Characteristic | TCP | UDP |
|---|---|---|
| Connection type | Connection-oriented | Connectionless |
| Reliability | Guaranteed delivery | Best-effort |
| Overhead | High (20-byte header minimum) | Low (8-byte header) |
| Flow control | Yes (windowing) | No |
| Error recovery | Yes (retransmission) | No |
| Use cases | Web browsing, email, file transfer | DNS, DHCP, streaming media, gaming |
Notes
- TCP/IP is the foundation of internet communication - understanding this stack is critical for network troubleshooting
- Layer separation allows changes at one layer without affecting others (modularity principle)
- Real networks often blur layer boundaries - for example, Layer 3 switches perform both switching (Layer 2) and routing (Layer 3) functions
- When troubleshooting, start at Physical layer and work up (bottom-up approach) or start at Application layer and work down (top-down approach)
- Each layer adds overhead - consider this when designing networks for performance-sensitive applications
- Network Access layer implementation varies significantly by technology (Ethernet vs Wi-Fi vs cellular), but upper layers remain consistent
- Modern applications like QUIC (used by Google) are blurring traditional layer boundaries by implementing transport-layer features at the application layer