1. Home
  2. Docs
  3. Networking Fundamentals
  4. TCP/IP Model

TCP/IP Model

TCP/IP Implementation hierarchy

TCP/IP implementation hierarchy differs slightly from OSI model. There exists also a DoD (Department of Defense) model, which has less divisions than OSI model. The following model summarizes protocols related to internetworking and TCP:


Figure : TCP/IP implementation hierarchy

Different applications use services provided by TCP, UDP and IP. Even though TCP and UDP are higher level protocols than IP applications can use IP directly. Some examples of TCP level applications are File Transfer Protocol (FTP), Hypertext Transfer Protocol (HTTP), TELNET and Simple Mail Transfer Protocol (SMTP). Examples of protocols that run on the top of UDP are Trivial File Transfer Protocol (TFTP) and Simple Network Management Protocol (SNMP). Network File System (NFS) is an example of protocol that can run on either TCP or UDP.

TCP/IP can run on top of many lower level protocols.

The Transmission Control Protocol (TCP)

The TCP protocol provides a standard general-purpose method for reliable delivery of data. For applications TCP provides a standard way of accessing remote computers on unreliable internetwork. This reliability is provided by adding services on top of IP. IP is connectionless and does not guarantee delivery of packets.

The reliability of TCP is achieved by retransmitting data, which has been sent but not acknowledged by receiver within given time. Thus sending TCP must keep the sent data in memory until it has received the acknowledgements of sent data.

TCP assumes that IP is inherently unreliable, so TCP adds services to ensure end-to-end delivery of data. TCP has very few expectations on the services provided by the networks and it thus can be run across a large variety of hardware. All that is required from lower level is unreliable datagram service.

TCP is the primary transport protocol used to provide reliable, full-duplex, virtual circuit connections. The most common use of TCP is to run it over IPv4 or IPv6, although several experimental projects have been done to run TCP on other Network layer protocols [4].

IP is implemented on hosts and routers. TCP is typically implemented on hosts only. Today, many routers are implemented with TCP protocol to provide easy configuration and management. For example, many commercial routers implement TCP or UDP to provide remote login and network management facilities. Even though TCP and UDP are implemented in routers, the transport protocols are not used by routing services and messages. This is illustrated in the following picture.


Figure : TCP protocol on network

TCP Standard

TCP standard is defined in RFC 793 in 1981. The primary purpose of the TCP is to provide reliable, securable logical circuit or connection service between pairs of processes [4]. This security is based on assumption that the underlying network can be trusted, which is not the case in the current commercial Internet. The statement secure comes from the time, when TCP/IP was primarily used for Military purposes.

TCP provides reliable services on top of a less reliable internet communication systems on following areas [4]:

  • Basic Data Transfer
  • Reliability
  • Flow Control
  • Multiplexing
  • Connections
  • Precedence and Security

The basic operation of the TCP is described in the following sections [4].

The Basic Data Transfer

The TCP Basic Data Transfer is able to transfer a continuous stream of octets in each direction between its users by packaging some number of octets into segments for transmission through the internet system. The octets are sent among application processes running on remote systems that use TCP. In general, the TCPs decide when to block and forward data at their own convenience [4].

The application processes group a set of bytes that need to be sent or received into a message segment. Message segments can be arbitrary length. At the TCP level there is no real restriction on message size because the details of accommodating the message segments in IP datagrams is the task of the IP layer.

Ultimately, the messages have to be sent in IP datagrams that are limited by the MTU (Maximum Transfer Unit) size of a network interface. For efficiency reasons TCP connections typically negotiate a maximum segment size.

Messages sent by TCP have an octet orientation. TCP keeps track of octets that has been sent or received. The TCP does not have any notion of a block of data. This differs from many other transport protocols, which typically keep track of the Transport Protocol Data Unit (TPDU) number and the octet number. TCP can be used to provide multiple connections between two host computers.

Application processes are allowed to send data whatever size that is convenient for sending. For example, an application can send one octet at a time or several kilo octets. TCP numbers each octet that is send. The octets are delivered to the application layer in same order that they are sent.

An application can send data to TCP a few octets at a time. TCP buffers this data and sends these octets either as a single message or as several smaller message segments. All that TCP guarantees is that data arrives in the order in which it was sent.

The actual data that is sent by TCP is treated as an unstructured stream of octets. TCP does not contain any facility to superimpose an application dependent structure on data. The structuring of data must be handled by the application processes that communicate by using TCP.


The TCP must recover from data that is damaged, lost, duplicated, or delivered out of order by the internet communication system. This is achieved by assigning a sequence number to each octet transmitted, and requiring a positive acknowledgment (ACK) from the receiving TCP. If the ACK is not received within the timeout interval, the data is retransmitted. At the receiver, the sequence numbers are used to correctly order segments that may be received out of order. Damaged segments are handled by adding a checksum to each segment transmitted. The receiver verifies the checksum discarding damaged segments. Unless there is a physical break in the link that causes physical partitioning of the network, TCP is able to recover most internet communications system errors.

Flow Control

TCP provides a means for the receiver to govern the amount of data sent by the sender. Computers that send and receive TCP data segments can operate at different data rates because of differences in CPU and network bandwidth. As a result, it is possible for sender to send data at a faster rate than the receiver can handle.

TCP implements a flow control mechanism that controls the amount of data send by the sender. This is achieved by using a sliding window mechanism. The receiver TCP module sends back to the sender an acknowledgment that indicates a range of acceptable sequence numbers beyond the last successfully received segment. This range of acceptable sequence numbers is called a window.

The window size reflects the amount of buffer space available for new data at the receiver. If this buffer space size shrinks because the receiver is being overrun, the receiver will send back a smaller window size. In the extreme case the windows size will decrease to very small or one octet. This is referred to as the silly window syndrome. Most TCP implementations take special measure to avoid it.

The goal of the sliding window mechanism is to keep the channel full of data and to reduce the delays for waiting acknowledgements.Multiplexing

TCP enables many processes within a single host computer to use TCP communications simultaneously. Different processes may be communicating over the same network interface. Thus they must be separated from each other. This separation is done by using different port numbers for each process. Port numbers are concatenated with network and host addresses from the internet communication layer, this forms a socket.

A pair of sockets uniquely identifies a connection. Multiple connections can be used to enable several connections between application processes on remote computers. The binding of ports to processes is handled independently by each computer. Frequently used processes are attached to fixed sockets, which are made known to the public.


The reliability and flow control mechanisms require that TCPs initialize and maintain status information for data streams. The combination of the sockets, sequence numbers and window sizes is called a connection. Each connection is uniquely specified by a pair of sockets identifying its two sides.

The TCP connection is identified by the parameters of both end points:

(IP address 1, port number 1, IP address 2, port number 2)

These parameters make it possible to have several application processes that connect to the same remote end point [4].

Port number is a 16-bit value. This means that port numbers can vary in the range of 0 to 65535. Some of these port numbers are listed on the following table [3, 5]:

Table 1: Port numbers



Application Layer Service












Quote of the Day (QUOTD)



FTP Data Port



FTP Control Port



SSH – Secure Shell









Domain Name Server (Domain)



Bootstrap Protocol Server (bootps)



Bootstrap Protocol Client (bootpc)



Trivial Transfer Protocol (tftp)



Finger protocol



HTTP Hyper Text Transfer protocol (World Wide Web)



Post Office Protocol – Version 3 (POP3)



NETBIOS Naming Service (netbios-ns)



NETBIOS Datagram Service (netbios-dgm)



NETBIOS Session Service (netbios-ssn)



Simple Network Management Protocol (SNMP)






Remote Login



LPR/LPR printing



Microsoft WINS



Oracle SGL*net v1



X11 protocol

*Teleware training material [5] specifies this as TCP only. Inside TCP/IP book specifies this as both TCP/UDP.

Port numbers on the range 0..1023 are called well-known port numbers. Many publicly available TCP/IP applications use port numbers on this well-known range.

Precedence and security

RFC 793, where TCP was originally specified, states precedence and security:

The users of TCP may indicate the security and precedence of their communication. Provision is made for default values to be use when these features are not needed [4].

This assumption was made when the network was assumed to be secure. In these days the network cannot be trusted. Internet messages can be read by virtually anybody.

TCP operations

TCP is implemented as a protocol module that interacts with the computer’s operating system. In many operating systems, the TCP module is accessed like the file system of the operating system. The TCP module depends on other operating system functions to manage its data structures and services. The interface to the physical network is controlled by a device driver module. TCP does not communicate directly to device driver. IP module acts as a middle layer in TCP communication to the network driver.

From the abstract viewpoint, applications will interface with the TCP module with the following system calls :

OPEN to open a connection

CLOSE to close a connection

SEND to send data to an open connection

RECEIVE to receive data from an open connection

STATUS to find information about a connection

These calls are much like operating system’s file system calls. The connection must be established before it can be used, as is with operating system files.

TCP Message Format

TCP segments are sent as internet datagrams. The Internet Protocol header carries several information fields, including the source and destination host addresses [4]. A TCP header follows the internet header, supplying information specific to the TCP protocol. This division allows for the existence of host level protocols other than TCP.


Figure TCP header format

Table 2 TCP header specification

Source port:

16 bits

The source port number

Destination port:

16 bits

The destination port number

Sequence Number (SEQ):

32 bits

The sequence number of the first data octet in this segment (except when SYN is present) If SYN is present the sequence number is the initial sequence number (ISN) and the first data octet is ISN+1

Acknowledgement Number (ACQ):

32 bits

If the ACK control bit is set this field contains the value of the next sequence number the sender of the segment is expecting to receive. Once a connection is established this is always sent.

Data Offset:

4 bits

The number of 32 bit words in the TCP header. This indicates where the data begins. The TCP header (even one including options) is an integral number of 32 bits long.


6 bits

Reserved for future use. Must be zero.

Control bits:

6 bits (from left to right)



Urgent Pointer field significant






Push function



Reset the connection



Synchronize sequence numbers



No more data from sender


16 bits

The number of data octets beginning with the one indicated in the acknowledgement field which the sender of this segment is willing to accept.


16 bits

Checksum field is calculated to verify the data correctness.

A TCP connection progresses from one state to another in response to events. The events are the user calls, OPEN, SEND, RECEIVE, CLOSE, ABORT, and STATUS; the incoming segments, particularly those containing the SYN, ACK, RST and FIN flags; and timeouts [4].

Sequence numbers

A TCP connection numbers every octet sent with a unique sequence number. Acknowledgement of received octets can be directed to these sequence numbers directly. The acknowledgement mechanism employed is cumulative so that an acknowledgement of sequence number X indicates that all octets up to but not including X has been received. Numbering of octets within a segment is that the first data octet immediately following the header is the lowest numbered, and the following octets are numbered consecutively [4].

The acknowledgement number and sequence numbers are 32 bits wide. The biggest possible number is very large, but not infinite. All arithmetics dealing with sequence numbers must be modulo 2**32. This means that when number space overflows it starts from 0 again.

The initial sequence number can be chose quite freely for connection. It should be kept in mind that previous segments might be traversing in the network, while new connection is established. Thus is used a fictious 32 bit clock which low order bit is incremented approximately every four microseconds. Thus the initial sequence number is cycled approximately every 4 hours.

To be sure that a TCP does not create a segment that carries a sequence number which may be duplicated by an old segment remaining in the network, the TCP must keep quiet for a maximum segment lifetime (MSL) before assigning any sequence numbers upon starting up or recovering from crash. For this specification the MSL is taken to be 2 minutes [4].

A TCP connection has to be cautious about not using the same sequence numbers again, because a sequence number and socket specifies data uniquely. If sequence numbers are reused by connection too quickly the receiver might mistakenly replace the original data with different one.

Under normal conditions, TCPs keep track of the next sequence number to emit and the oldest awaiting acknowledgement so as to avoid mistakenly using a sequence number over before its first use has bee acknowledged. This does not itself guarantee that old duplicate data is drained from network, before a new octet arrives with the same sequence number. At 2 megabits/s it takes 4.5 hour to use up 2**32 octets of sequence space. Since the maximum lifetime in the net is not likely to exceed a few tens of seconds, this was seen to be adequate by designers of TCP protocol. It is also enough for higher speed networks with 10 and 100 megabits/s. For 100 megabits/s the cycle time is 5.4 minutes, which is still adequate.

Gigabit networks consume sequence numbers too rapidly in order TCP to operate in them properly. The RFC 1323 specifies extensions to RFC 793 to suit TCP for very high-speed paths [6]. Currently it is at proposed standard phase.

Opening a connection

The procedures to establish connections utilize the synchronize (SYN) control flag and involves an exchange of three messages termed the three-way handshake. A connection is established by OPEN calls to the local port. This open can be either active or passive.

In an active OPEN call, the connection establishment is to be actively initiated. An active OPEN call is generated when an another end point is contacted. A passive OPEN call signals an intent to receive an active OPEN connection. It does not generate a TCP message segment. A passive OPEN request means that a process wants to accept incoming connection requests rather than attempting to initiate a connection.

If two processes issue active OPENs to each other at the same time, they will be correctly connected.

The three way handshake is the procedure used to establish a connection. This procedure is initiated by one TCP and responded by another TCP. The procedure also works if two TCP simultaneously initiate the procedure.

In case of single TCP open connection, three-way handshake works as:

  • The opening TCP send a segment to a receiving TCP. The receiving TCP must be in listen state to indicate that it is ready to receive data from network. In the first segment the SYN bit is set to indicate the opening a session. The first segment also has an ISN number for the connection.
  • The receiving TCP responds with a segment, where SYN and ACK bits are set. The acknowledgement number is one greater than previous sequence number. This indicates that the receiver is expecting the first octet to be sent to have this sequence number. The receiver sets the last allowed octet as sequence number. The current window size for receiver is the difference between sequence number and acknowledgement number subtracted with one. When the opening TCP receives this segment it changes to connection established state.
  • In the three way handshake the third step is to change the receiving TCP to connection established state. This is done by switching the sequence number and acknowledgement number with each other. After the numbers have been switched the acknowledgement number is incremented by one. Also the SYN bit is cleared, when the segment is sent back to receiver. After the receiver has received the third message the connection is opened successfully opened.

The procedure is illustrated in the following example.








SEQ=100 (ISN),SYN.bit=1






SEQ=300 (ISN+Window+1), ACK=101, SYN.bit=1,ACK.bit=1






SEQ=101, ACK=301, ACK.bit=1






SEQ=101, ACK=301, ACK.bit=1, DATA



The three-way handshake

After the connection has been established data can be sent. In the every segment the receiver describes how many octets of data it is ready to receive. Thus the window size can be dynamically adjusted.

Closing a connection

CLOSE is an operation meaning that there is no more data to be sent. The closing can be done in three fashions:

  • The application process initiates by telling the TCP to CLOSE the connection. This can be signaled by the user.
  • The remote TCP initiates by sending a FIN control signal
  • Both users CLOSE simultaneously

In the first case, a FIN segment can be constructed and placed on the outgoing segment queue. At this state the TCP will not accept any more SENDs from application. RECEIVEs are allowed at this state. When the other TCP has both acknowledged the FIN and sent a FIN of its own, the first TCP can ACK this FIN. Note that a TCP receiving a FIN will ACK but not send its own FIN until its user has CLOSED the connection [4].

At the second case an unsolicited FIN arrives from the network. The receiving TCP can ACK it and tell the user that the connection is closing. The user will respond with a CLOSE, upon which the TCP can send a FIN to the other TCP after sending any remaining data. The TCP then waits until its own FIN is acknowledged whereupon it deletes the connection. If an ACK is not forthcoming after the user timeout the connection is aborted.

A simultaneous CLOSE by users at both ends of a connection causes FIN segment to be exchanged. When all segments preceding the FINs have been processed and acknowledged, each TCP can ACK the FIN it has received. Both will, upon receiving these ACKs, delete the connection.

A connection can be closed also by resetting it. This should not be used as a means to normally close a connection. This is done by setting RST bit (reset) indicating that the TCP closes the connection without negotiation and the receiver should delete the connection without further interaction. As a general rule, reset must be sent whenever a segment arrives which apparently is not intended for the current connection. A reset must not be sent if it is not clear that this is the case.

Option Bits

There have been specified three different options. Option may occupy space at the end of the TCP header and are multiple of 8 bits in length. All options are also included in the checksum. These options are listed, only the first one has been specified in original RFC 793:

Maximum Segment Size: In the initialization of connection the maximum segment size can be specified.

Window Scale Factor: Originally, the Window field in the TCP header gives a credit allocation in octets. When the window scale factor is in use, the value in the Window field is multiplied by a 2**F, where F is the value of the window scale option. The maximum value of F that TCP accepts is 14. This option is only used in the initial connection request segments [7]. This option allows the window size to enlarged beyond 16-bit scale.

Timestamp: This option can be used in any data segment and defines two optional fields. Timestamp field is used to continuously monitor roundtrip time of a connection.


PSH bit is used to indicate for TCP that it must act upon the data that it has received so far. When an application process issues a series of SEND calls without setting the PSH bit, the TCP can aggregate the data internally without sending it. Similarly, when a series of segments is received without the PSH bit, a TCP can queue the data internally without passing it to the receiving application.

An application program is required to set the PSH flag in a SEND call whenever the program needs to force deliver of the data to avoid a communications deadlock. A TCP should use a maximum segment size to improve performance whenever possible. This may result that the data is not immediately delivered to receiving application.

At the receiver, the PSH bit forces buffered data to be delivered to the application. Normally the buffer is delivered to the application whenever the buffer is full.


TCP contains a mechanism to send out band of data using a URG bit. This is used to deliver data immediately to the receiving application. This segment bypasses any data on the queue and it must be processed immediately.

TCP Congestion control

Congestion in a network or internet creates problems for the end systems: reduced availability and throughput and lengthened response times. Within a switched network, such as a packet-switching or frame relay network, dynamic routing can be used to alleviate congestion by spreading the load more evenly.

Due to the variances in network performance the retransmission of octets affects TCP congestion. TCP maintains a queue of segments that have been sent but not yet acknowledged. The TCP specification states that TCP will retransmit a segment if it fails to receive an acknowledgement. By dynamically adjusting retransmission time sending TCP have an impact on network congestion. If a TCP sends data too soon, when congestion occurs, the retransmitted data increases the congestion in the network.

Was this article helpful to you? Yes 1 No

How can we help?