Transport Layer: TCP & UDP

Layer 4 handles end-to-end communication, reliability, and flow control. The two dominant protocols are TCP (Connection-Oriented) and UDP (Connectionless).

1. The TCP Header

The Transmission Control Protocol (TCP) header is complex, designed for reliability and state management. Minimum header size is 20 bytes.

Source Port 16-bit 2B

Dest Port 16-bit 2B

Sequence Number 32-bit 4B

Ack Number 32-bit 4B

Flags SYN/ACK/FIN 2B

Window Size 2B

2. The 3-Way Handshake

Before any data is exchanged, TCP establishes a connection to synchronize sequence numbers. This prevents duplicate packets and ensures ordered delivery.

CLIENT (192.168.1.10) SERVER (8.8.8.8)

1. SYN (Seq=x) ------------------------->

2. SYN-ACK (Seq=y, Ack=x+1)
<-------------------------

3. ACK (Seq=x+1, Ack=y+1) ------------->

[ESTABLISHED] [ESTABLISHED]

TCP Flags Cheat Sheet

Flag	Name	Description
SYN	Synchronize	Initiates a connection. (Only the first packet has this set).
ACK	Acknowledge	Confirms receipt of data. (Set on all packets after the initial SYN).
FIN	Finish	Graceful teardown. "I have no more data to send."
RST	Reset	Abrupt termination. "Stop talking to me immediately." (e.g., Port Closed).
PSH	Push	"Deliver this data to the application immediately." (Don't buffer).
URG	Urgent	"Prioritize this data." (Rarely used in modern networks).

Engineer's Notebook: Troubleshooting Connections

Connection Refused (RST): The server is reachable, but no application is listening on that port. (Firewall is open).

Connection Timeout (Drop): The server is unreachable or a firewall is silently dropping the SYN packet.

3. Flow Control & Windowing

Window Size: Tells the sender how many bytes the receiver can buffer before it must stop and wait for an ACK. This is dynamic ("Sliding Window").

Engineer's Notebook: Window Scaling

The standard 16-bit Window field maxes out at 65,535 bytes. This is too small for modern high-speed links (LFNs - Long Fat Networks).

RFC 1323 (Window Scaling): Adds a multiplier in the TCP Options during the handshake (e.g., Scale Factor 8 = 2^8 = 256). This allows window sizes up to 1 GB.

4. UDP (User Datagram Protocol)

UDP is a "fire and forget" protocol. It has no handshake, no reliability, no reordering, and no flow control. It is lightweight (8 byte header).

Src Port 16-bit 2B

Dst Port 16-bit 2B

Length 16-bit 2B

Checksum 16-bit 2B

Common Use Cases:

DNS (Port 53): Speed is critical; retries happen at Layer 7 if needed.
VoIP / Streaming: Real-time data. Dropped packets are better than delayed packets (waiting for retransmission causes buffering).
DHCP / SNMP / TFTP: Simple request/response protocols.