≡ Menu

TCP/IP Protocol Fundamentals Explained with a Diagram

Have you ever wondered how your computer talks to other computers on your local LAN or to other systems on the internet?

Understanding the intricacies of how computers interact is an important part of networking and is of equal interest to a sysadmin as well as to a developer. In this article, we will make an attempt to discuss the concept of communication from the very basic fundamental level that needs to be understood by everybody.


Communications between computers on a network is done through protocol suits. The most widely used and most widely available protocol suite is TCP/IP protocol suite. A protocol suit consists of a layered architecture where each layer depicts some functionality which can be carried out by a protocol. Each layer usually has more than one protocol options to carry out the responsibility that the layer adheres to. TCP/IP is normally considered to be a 4 layer system. The 4 layers are as follows :

  1. Application layer
  2. Transport layer
  3. Network layer
  4. Data link layer

1. Application layer

This is the top layer of TCP/IP protocol suite. This layer includes applications or processes that use transport layer protocols to deliver the data to destination computers.

At each layer there are certain protocol options to carry out the task designated to that particular layer. So, application layer also has various protocols that applications use to communicate with the second layer, the transport layer. Some of the popular application layer protocols are :

  • HTTP (Hypertext transfer protocol)
  • FTP (File transfer protocol)
  • SMTP (Simple mail transfer protocol)
  • SNMP (Simple network management protocol) etc

2. Transport Layer

This layer provides backbone to data flow between two hosts. This layer receives data from the application layer above it. There are many protocols that work at this layer but the two most commonly used protocols at transport layer are TCP and UDP.

TCP is used where a reliable connection is required while UDP is used in case of unreliable connections.

TCP divides the data(coming from the application layer) into proper sized chunks and then passes these chunks onto the network. It acknowledges received packets, waits for the acknowledgments of the packets it sent and sets timeout to resend the packets if acknowledgements are not received in time. The term ‘reliable connection’ is used where it is not desired to loose any information that is being transferred over the network through this connection. So, the protocol used for this type of connection must provide the mechanism to achieve this desired characteristic. For example, while downloading a file, it is not desired to loose any information(bytes) as it may lead to corruption of downloaded content.

UDP provides a comparatively simpler but unreliable service by sending packets from one host to another. UDP does not take any extra measures to ensure that the data sent is received by the target host or not. The term ‘unreliable connection’ are used where loss of some information does not hamper the task being fulfilled through this connection. For example while streaming a video, loss of few bytes of information due to some reason is acceptable as this does not harm the user experience much.

3. Network Layer

This layer is also known as Internet layer. The main purpose of this layer is to organize or handle the movement of data on network. By movement of data, we generally mean routing of data over the network. The main protocol used at this layer is IP. While ICMP(used by popular ‘ping’ command) and IGMP are also used at this layer.

4. Data Link Layer

This layer is also known as network interface layer. This layer normally consists of device drivers in the OS and the network interface card attached to the system. Both the device drivers and the network interface card take care of the communication details with the media being used to transfer the data over the network. In most of the cases, this media is in the form of cables. Some of the famous protocols that are used at this layer include ARP(Address resolution protocol), PPP(Point to point protocol) etc.


One thing which is worth taking note is that the interaction between two computers over the network through TCP/IP protocol suite takes place in the form of a client server architecture.

Client requests for a service while the server processes the request for client.

Now, since we have discussed the underlying layers which help that data flow from host to target over a network. Lets take a very simple example to make the concept more clear.

Consider the data flow when you open a website.

As seen in the above figure, the information flows downward through each layer on the host machine. At the first layer, since http protocol is being used, so an HTTP request is formed and sent to the transport layer.

Here the protocol TCP assigns some more information(like sequence number, source port number, destination port number etc) to the data coming from upper layer so that the communication remains reliable i.e, a track of sent data and received data could be maintained.

At the next lower layer, IP adds its own information over the data coming from transport layer. This information would help in packet travelling over the network. Lastly, the data link layer makes sure that the data transfer to/from the physical media is done properly. Here again the communication done at the data link layer can be reliable or unreliable.

This information travels on the physical media (like Ethernet) and reaches the target machine.

Now, at the target machine (which in our case is the machine at which the website is hosted) the same series of interactions happen, but in reverse order.

The packet is first received at the data link layer. At this layer the information (that was stuffed by the data link layer protocol of the host machine) is read and rest of the data is passed to the upper layer.

Similarly at the Network layer, the information set by the Network layer protocol of host machine is read and rest of the information is passed on the next upper layer. Same happens at the transport layer and finally the HTTP request sent by the host application(your browser) is received by the target application(Website server).

One would wonder what happens when information particular to each layer is read by the corresponding protocols at target machine or why is it required? Well, lets understand this by an example of TCP protocol present at transport layer. At the host machine this protocol adds information like sequence number to each packet sent by this layer.

At the target machine, when packet reaches at this layer, the TCP at this layer makes note of the sequence number of the packet and sends an acknowledgement (which is received seq number + 1).

Now, if the host TCP does not receive the acknowledgement within some specified time, it re sends the same packet. So this way TCP makes sure that no packet gets lost. So we see that protocol at every layer reads the information set by its counterpart to achieve the functionality of the layer it represents.


On a particular machine, a port number coupled with the IP address of the machine is known as a socket. A combination of IP and port on both client and server is known as four tuple. This four tuple uniquely identifies a connection. In this section we will discuss how port numbers are chosen.

You already know that some of the very common services like FTP, telnet etc run on well known port numbers. While FTP server runs on port 21, Telent server runs on port 23. So, we see that some standard services that are provided by any implementation of TCP/IP have some standard ports on which they run. These standard port numbers are generally chosen from 1 to 1023. The well known ports are managed by Internet Assigned Numbers Authority(IANA).

While most standard servers (that are provided by the implementation of TCP/IP suite) run on standard port numbers, clients do not require any standard port to run on.

Client port numbers are known as ephemeral ports. By ephemeral we mean short lived. This is because a client may connect to server, do its work and then disconnect. So we used the term ‘short lived’ and hence no standard ports are required for them.

Also, since clients need to know the port numbers of the servers to connect to them, so most standard servers run on standard port numbers.

The ports reserved for clients generally range from 1024 to 5000. Port number higher than 5000 are reserved for those servers which are not standard or well known.

If we look at the file ‘/etc/services’, you will find most of the standard servers and the port on which they run.

$ cat /etc/services
systat		11/tcp		users
daytime		13/udp
netstat		15/tcp
qotd		17/tcp		quote
msp		18/udp
chargen		19/udp		ttytst source
ftp-data	20/tcp
ftp		21/tcp
ssh		22/tcp
ssh		22/udp
telnet		23/tcp

As you see from the /etc/services file, FTP has port number 21, telent has port number 23 etc. You can use ‘grep’ command on this file to find any server and its associated port.

As far as the standards are concerned, the following four organizations/groups manage the TCP/IP protocol suite. Both the IRTF and the IETF fall under the IAB.

  1. The Internet Society (ISOC)
  2. The Internet Architecture Board (IAB). The IAB falls under the ISOC.
  3. The Internet Engineering Task Force (IETF)
  4. The Internet Research Task Force (IRTF)

If you enjoyed this article, you might also like..

  1. 50 Linux Sysadmin Tutorials
  2. 50 Most Frequently Used Linux Commands (With Examples)
  3. Top 25 Best Linux Performance Monitoring and Debugging Tools
  4. Mommy, I found it! – 15 Practical Linux Find Command Examples
  5. Linux 101 Hacks 2nd Edition eBook Linux 101 Hacks Book

Bash 101 Hacks Book Sed and Awk 101 Hacks Book Nagios Core 3 Book Vim 101 Hacks Book

{ 54 comments… add one }

  • Devin November 2, 2011, 9:02 am

    You left out the most popular application layer protocol – HTTP!

  • krishnan November 2, 2011, 9:09 am

    Excellent job. Short and informative

  • jalal hajigholamali November 2, 2011, 12:10 pm


    very nice article
    thanks a lot…

  • Júlio Hoffimann Mendes November 2, 2011, 1:52 pm

    Thank you for the clear explanation! I’ve always wanted to learn a little about TCP/IP. Keep the good work!


  • Walyonaire November 2, 2011, 3:17 pm

    This reminds me of my Cisco Lessons, thanks for the “refresh”.
    Excellent Article.

  • Narendra Kangralkar November 2, 2011, 10:21 pm

    Very good explanation !!!
    Keep writing.

  • Ramesh Natarajan November 2, 2011, 10:27 pm


    Yes. HTTP is the most popular application layer protocol. This is why the “TCP/IP Concept Example” section explains it using the HTTP protocol.

    Anyway, thanks for pointing it out, HTTP is added to the “Application Layer” section to make the list complete.

  • Joe November 3, 2011, 3:37 am

    Thank you for the effort.

    Well written.

  • Vonskippy November 3, 2011, 2:54 pm

    Seems redundant to the OSI model.

  • ATUL KHACHANE November 4, 2011, 8:32 pm

    Yes. Vonskippy 😉

    Great articles here always…………….this is one stop resource…..and you will find almost everything you need…

  • Himanshu November 5, 2011, 12:48 pm

    Thank you all for your valuable comments.

  • grouch0 November 13, 2011, 9:15 pm

    Some books say the 5000 upper limit for client (dynamic/ephemeral) ports was a misprint in W. Richard Stevens’ “TCP/IP Illustrated Vol. 1″ and should have been 50000. The issue doesn’t seem to have affected the progress of the protocol in taking over the world.

  • Himanshu November 13, 2011, 11:30 pm

    OK. Can you provide some references?

  • Devin November 28, 2011, 8:37 pm

    You forgot the physical layer.

  • Himanshu November 29, 2011, 12:08 am

    Well, I think you are talking about the OSI model where physical layer is the last layer. In TCP/IP model Data link layer is the layer 1. Sometimes this layer is also referred to as “Network Interface Layer” as as to avoid confusion with the data link layer of the OSI model. This Network interface Layer encapsulates physical layer also.

  • Sravan December 15, 2011, 2:48 am

    Thanks. Short and informative article.

  • deepak kumar January 3, 2012, 2:23 pm

    nice …..very helpfull

  • Reece April 17, 2012, 5:04 am

    thanks for the information, it helped me understand TCP/IP

  • Dharmesh May 13, 2012, 9:42 pm

    Thanks a lot!!!

    It was a very short and good explanation…

  • Asif May 13, 2012, 10:08 pm

    Simple nd Superbbbbbbbbbbb

  • rohan June 16, 2012, 1:15 am

    an application uses ephemeral port and it uses http as application layer protocol. Now when the packet is sent to destination, will it contain both ephemeral destination port and standard http destination port no. How this packet will be handled by transport layer and application layer at destination?

  • Tariq August 9, 2012, 3:02 pm


    A small demo with
    wireshark or any other tool could be used to show “how” this happens in real time.

  • raju September 13, 2012, 8:54 am

    Thanks a pile
    It’s fabulous artical and very knowledgeable for me,

  • malik usman October 3, 2012, 9:15 am

    Thanks a lot!!!

    It was a very short and good explanation…

  • swathi November 24, 2012, 10:13 am

    Its is short but soooo…… informative,thank u very much

  • Ritu Kushwaha January 26, 2013, 11:12 am

    Useful Information in Short. Well Done!!
    Keep Writing…

  • Umar Badu February 7, 2013, 10:28 am

    Useful information,i really appreciate this……Thanks

  • poonguzhali February 14, 2013, 7:37 am

    Its very easy to understand.

  • Nagendra Bhat February 20, 2013, 8:20 pm

    Explanation is good and if there any blogs related to this subject please mention it or please mail me..

  • monica March 15, 2013, 3:10 am

    Very well explained in simple language

  • pemo May 13, 2013, 2:13 am

    nice thanks a lot…

  • Ameen June 12, 2013, 9:49 am

    tanx 4 ur explanation.

  • anand July 31, 2013, 12:43 am

    very good to understand

  • brig (retd) ashwani sharma August 20, 2013, 9:47 am

    An extremely clear, concise and lucid explanation of TCP/IP.
    Great effort. Keep it up.

    Best Wishes

  • hana September 2, 2013, 12:05 am

    good understand

  • khanabusd September 28, 2013, 6:00 am

    very helpful………………………………

  • zug October 16, 2013, 10:29 pm

    We’ll written in a language that I find easy to read and understand. Thank you.

  • justauser October 27, 2013, 2:41 pm

    great article! the perfect balance of details and general view :)

  • maurice November 7, 2013, 2:51 am

    it very helpful…….in simple language

  • jaco November 8, 2013, 9:00 pm

    Thank u
    u manage to save me
    as i don’t yet have a text book to read
    this gave light into my understanding of TCP/IP im able to
    peruse my dreams :)

  • Mehbub November 19, 2013, 6:00 am

    very good explanation,u save me also……………………….thank u vry much

  • arun mehta December 8, 2013, 8:28 pm


  • Mintu Krishna December 12, 2013, 12:09 pm

    very nice, in short & informative explanation. Useful for those who have keen interest in Internet.
    Thanks a lot.

  • Ben January 24, 2014, 5:57 am

    I found this very useful! Thank you very much :)

  • Karm Nath February 12, 2014, 3:23 am

    good explanation …….

  • joe March 19, 2014, 2:22 am

    thanks for this article. Quite good.

  • amar March 24, 2014, 3:15 am

    Explanations are very easy to read and understand. I would like to know more depth about encapsulation and decapsulation process of pkts in source side and destination side.


  • kamal April 9, 2014, 9:29 am

    I really found useful article coz…before the exam usually I don’t read the book I just look and search the info…in the net….

  • ravi June 5, 2014, 6:25 am

    short n sweet :)

  • kul sidhu June 10, 2014, 8:11 am

    Plz give difference between osi and tcp/ip with diagram

  • Asamoah Apau Daniel August 21, 2014, 6:55 am

    1. what is a transport protocol?
    a. explain with diagrams different between TCP and UDP
    2. Explain secure Protocol
    a. explain with diagrams different between FTP and SSH

  • Anonymous October 22, 2014, 1:43 am

    Clearly explained

  • Nasham November 24, 2014, 12:15 pm

    It very education tanks a lot

  • INADRAJEET KUMAR VERMA December 21, 2014, 9:45 pm

    Very good explanation !!!
    Keep writing.

Leave a Comment