Layer 4, or the Transport layer ensures reliable and efficient end to end data transfer by implementing error correction, manages port routing, connection-oriented communication, segmenting and proper order delivery, congestion avoidance, and multiplexing, given the used protocol. For the logical side, Layer 4 utilizes ports/protocols and on the physical, firewalls and load balancers.

Protocols

[[TCP]] - Transmission Control Protocol SYN>SYNACK>ACK

A three-way handshake is established for connection oriented transmission, to provide reliable, ordered, and error checked data. File transfer, http, email, remote administration, all utilize TCP. Due to the error correcting nature of TCP and ability to retransmit lost packets, TCP has higher latency than UDP. Part of the Internet protocol suite

[[UDP]] - User Datagram Protocol

Connectionless, lower latency protocol for faster transfer speeds. Ideal for VOIP, DNS, video streaming, gaming, or whenever packet loss is not a critical issue.

![[TCP UDP.png]]

[[ICMP]] - Internet Control Message Protocol

Connectionless, ICMP is used for signaling communication devices between network devices. It utilizes IP datagrams to signal between devices on a network. Routers uses ICMP for routing tables, route metrics, and source routing. Tools like ping and tracert use ICMP for echo requests and timeouts.

![[Pasted image 20250818141024.png]]

Transport Layer (Layer 4)

The Transport layer ensures reliable and efficient end-to-end data transfer between applications by managing connection establishment, error correction, flow control, and port-based multiplexing. This layer abstracts the complexity of the network layer below, providing applications with a consistent interface regardless of the underlying network topology.

Key Functions:

• Segmentation and reassembly of application data
• Port-based addressing for application multiplexing
• Connection management (connection-oriented vs connectionless)
• Error detection and recovery
• Flow control and congestion avoidance
• End-to-end reliability (when required)

Physical Implementation: Firewalls and load balancers operate at this layer to inspect port numbers and manage traffic flows.

Primary Transport Protocols

TCP (Transmission Control Protocol)

Connection-oriented protocol that provides reliable, ordered delivery through a three-way handshake (SYN → SYN-ACK → ACK).

Key Characteristics:

• Full-duplex communication with bidirectional data flow
• Sequence numbering ensures proper packet ordering
• Acknowledgment mechanism confirms successful delivery
• Automatic retransmission of lost packets (ARQ - Automatic Repeat Request)
• Flow control using sliding window mechanism
• Congestion control algorithms (Slow Start, Congestion Avoidance)

Use Cases: HTTP/HTTPS (ports 80/443), FTP (ports 20/21), SSH (port 22), Telnet (port 23), SMTP (port 25)

• When data integrity is more important than speed
• File transfers, web browsing, email, database connections

Trade-offs: Higher latency due to connection establishment and error correction overhead

UDP (User Datagram Protocol)

Connectionless protocol optimized for speed with minimal overhead and no delivery guarantees.

Key Characteristics:

• No connection establishment (fire-and-forget)
• No acknowledgments or retransmissions
• No flow control or congestion management
• Minimal 8-byte header (vs TCP’s 20-byte minimum)
• Applications handle reliability if needed

Use Cases: DNS (port 53), DHCP (ports 67/68), SNMP (port 161), VoIP/RTP, live video streaming, online gaming

• When speed is more important than guaranteed delivery
• Real-time applications where retransmission would be counterproductive

Trade-offs: No reliability guarantees - packet loss, duplication, or out-of-order delivery possible

ICMP (Internet Control Message Protocol)

Network layer protocol (Layer 3) that provides error reporting and diagnostic capabilities for IP networks.

Primary Functions:

• Error reporting for undeliverable packets
• Network diagnostic tools (ping, traceroute)
• Path MTU discovery
• Router advertisements and redirects

Common ICMP Message Types:

• Type 0/8: Echo Reply/Request (ping)
• Type 3: Destination Unreachable (with codes for specific reasons)
• Type 11: Time Exceeded (traceroute functionality)
• Type 5: Redirect (router optimization)

Diagnostic Tools:

• ping - Uses Echo Request (Type 8) and Echo Reply (Type 0)
• tracert/traceroute - Uses TTL expiration to map network paths
• Path MTU Discovery - Prevents fragmentation issues

Port Numbers and Multiplexing

Port Ranges:

• Well-known ports: 0-1023 (system services, requires admin privileges)
• Registered ports: 1024-49151 (user applications, IANA registered)
• Dynamic/Private ports: 49152-65535 (ephemeral client ports)

Socket Addressing: Combination of IP address and port number creates unique endpoint

• Example: 192.168.1.100:80 identifies web server on specific host

Notes

CCNA Exam Focus:

• Understand TCP three-way handshake process and when connections are established/torn down
• Know when to use TCP vs UDP based on application requirements
• Memorize common well-known port numbers (HTTP:80, HTTPS:443, SSH:22, Telnet:23, DNS:53, DHCP:67/68)
• ICMP is technically Layer 3 but often grouped with transport protocols due to its diagnostic role

Practical Considerations:

• Firewalls typically filter based on Layer 4 information (ports and protocols)
• Load balancers can operate at Layer 4 (transport) or Layer 7 (application)
• NAT (Network Address Translation) modifies Layer 4 headers to track connections
• Some applications use both TCP and UDP (DNS uses UDP for queries, TCP for zone transfers)
• Real-time applications often use UDP with application-layer reliability mechanisms when needed

Troubleshooting Tips:

• Use netstat or ss commands to view active connections and listening ports
• Wireshark can decode transport layer headers for detailed analysis
• Remember that ICMP traffic may be blocked by firewalls, affecting ping/traceroute functionality