TCP/IP Model
- TCP/IP has four layers: Application, Transport, Internet, Network Access.
- Each layer adds a header (encapsulation); the receiver strips headers in reverse (decapsulation).
- TCP three-way handshake adds one RTT of latency before data flows.
The TCP/IP model has four layers: Application (HTTP, DNS, SMTP), Transport (TCP/UDP), Internet (IP), and Network Access (Ethernet, Wi-Fi). Data flows down the stack on the sender (each layer adds a header) and up the stack on the receiver (each layer strips its header). TCP provides reliable ordered delivery; UDP is faster but unreliable.
The Four Layers
# The TCP/IP stack — what happens when you make an HTTP request # You write: import requests response = requests.get('https://thecodeforge.io/python/nested-loops/') # What actually happens across the TCP/IP layers: # LAYER 4 — APPLICATION (HTTP) # Your code creates an HTTP GET request: # GET /python/nested-loops/ HTTP/1.1 # Host: thecodeforge.io # Accept: text/html # LAYER 3 — TRANSPORT (TCP) # TCP wraps the HTTP data: # Source port: 54321 (ephemeral) Dest port: 443 (HTTPS) # Sequence number, acknowledgement number, flags # TCP ensures the HTTP data arrives complete and in order # LAYER 2 — INTERNET (IP) # IP wraps the TCP segment: # Source IP: 192.168.1.100 Dest IP: 104.26.10.33 # IP handles routing — gets the packet to the right server # LAYER 1 — NETWORK ACCESS (Ethernet/Wi-Fi) # Ethernet wraps the IP packet: # Source MAC: aa:bb:cc:dd:ee:ff Dest MAC: router's MAC # Handles physical transmission to the next hop print('Each layer wraps the layer above — unwrapped in reverse at destination')
TCP Three-Way Handshake
Before any data is sent, TCP establishes a connection with a three-way handshake. This adds one round trip of latency — the cost of reliability.
# TCP three-way handshake: # Client → Server: SYN (I want to connect, my seq=100) # Server → Client: SYN-ACK (OK, your seq+1=101, my seq=300) # Client → Server: ACK (Got it, your seq+1=301) # → Connection established, data can flow # TLS adds two more round trips on top of TCP: # TCP 3-way handshake (1 RTT) # TLS ClientHello / ServerHello (1 RTT) # TLS Finished / Application data (1 RTT) # Total: 3 RTTs before first HTTP byte # Why HTTP/3 uses QUIC instead of TCP: import socket # TCP socket: 3-way handshake before any data tcp_sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM) tcp_sock.connect(('example.com', 80)) # handshake happens here # UDP socket: no handshake — send immediately udp_sock = socket.socket(socket.AF_INET, socket.SOCK_DGRAM) udp_sock.sendto(b'data', ('example.com', 53)) # DNS uses UDP # No connection, no guarantee of delivery or order
TCP vs UDP — When to Use Each
# TCP: reliable, ordered, connection-oriented # Use for: HTTP, HTTPS, email, file transfer, databases # - Guarantees all data arrives in order # - Retransmits lost packets # - Flow control and congestion control built in # - Cost: 3-way handshake, higher latency # UDP: unreliable, connectionless, fast # Use for: DNS, video streaming, online gaming, VoIP # - No handshake — send immediately # - No retransmission of lost packets # - Lower latency, no head-of-line blocking # - Application must handle ordering/reliability if needed import socket # DNS lookup — UDP (one-shot request/response, loss is handled by retry) def dns_query(domain): sock = socket.socket(socket.AF_INET, socket.SOCK_DGRAM) sock.settimeout(2) # DNS query format (simplified) sock.sendto(b'\x00\x01' + domain.encode(), ('8.8.8.8', 53)) data, _ = sock.recvfrom(1024) return data # For streaming video: UDP — a dropped frame is preferable to stopping to retransmit # For file download: TCP — every byte must arrive correctly
🎯 Key Takeaways
- TCP/IP has four layers: Application, Transport, Internet, Network Access.
- Each layer adds a header (encapsulation); the receiver strips headers in reverse (decapsulation).
- TCP three-way handshake adds one RTT of latency before data flows.
- TCP is reliable and ordered; UDP is unreliable but faster and lower latency.
- HTTP/3 uses QUIC (UDP-based) to eliminate TCP's head-of-line blocking and reduce handshake latency.
Interview Questions on This Topic
- QWhat are the four layers of the TCP/IP model?
- QWhat is the TCP three-way handshake?
- QWhen would you choose UDP over TCP?
Frequently Asked Questions
What is head-of-line blocking in TCP?
TCP delivers data in order. If one packet is lost, subsequent packets — even if they arrived — must wait until the lost packet is retransmitted. This is head-of-line blocking. In HTTP/2 over TCP, multiple streams share one TCP connection, so one lost packet blocks all streams. HTTP/3 uses QUIC (over UDP) where each stream is independent — a lost packet blocks only that stream.
What is the difference between a TCP port and an IP address?
An IP address identifies a machine on the network. A port identifies a specific application on that machine. The combination (IP + port) is called a socket address. Port 80 is HTTP, 443 is HTTPS, 5432 is PostgreSQL, 3306 is MySQL. When you run a server on port 8000 and connect from a browser, the server gets connection from your IP + ephemeral port (e.g., 54321).
Developer and founder of TheCodeForge. I built this site because I was tired of tutorials that explain what to type without explaining why it works. Every article here is written to make concepts actually click.