The TCP/IP Model vs the OSI Model
Two layered models describe how internet protocols fit together. The OSI (Open Systems Interconnection) model has seven layers: Physical, Data Link, Network, Transport, Session, Presentation, and Application. The TCP/IP model is a practical four-layer simplification: Link, Internet, Transport, and Application. Real protocols do not map perfectly to either model — they are design frameworks, not engineering blueprints. The TCP/IP model more accurately reflects how the internet actually works and is the more useful reference in practice.
| TCP/IP Layer | Common Protocols | Job |
|---|---|---|
| Application | HTTP, DNS, SMTP, SSH, TLS | Defines useful application conversations |
| Transport | TCP, UDP, QUIC | Moves data between ports on hosts |
| Internet | IPv4, IPv6, ICMP, BGP | Addresses and routes packets between networks |
| Link | Ethernet, Wi-Fi, ARP | Moves frames on the local network segment |
Encapsulation: How Layers Wrap Each Other
When an application sends data, each layer adds its own header before passing it down to the next layer. This is called encapsulation. A web request becomes an HTTP message (Application layer), which is passed to TCP. TCP adds a header with source and destination port, sequence numbers, and control flags, creating a TCP segment (Transport layer). IP adds a header with source and destination IP addresses and a TTL, creating an IP packet (Internet layer). The network driver wraps the packet in an Ethernet or Wi-Fi frame with MAC addresses and an FCS checksum (Link layer). Each layer only reads its own header — HTTP does not know about IP, and IP does not know about HTTP. At the receiving end, the process reverses: each layer strips its header and passes the payload up.
IP Routing and TTL Decrement
IP is a best-effort delivery service. Each router along the path reads the destination IP address, looks it up in a routing table, chooses a next hop, decrements the Time to Live (TTL) field by one, and forwards the packet. If TTL reaches zero, the router discards the packet and sends an ICMP Time Exceeded message back to the source — this is how traceroute works, by deliberately triggering TTL expiry at each hop. IP provides no guarantee of delivery, ordering, or retransmission — those are handled by TCP if needed.
TCP Connection State Machine
A TCP connection passes through well-defined states. Understanding these states explains behavior seen in netstat or ss output:
- LISTEN: The server has a socket open and is waiting for incoming connections.
- SYN-SENT: The client has sent a SYN and is waiting for a SYN-ACK.
- SYN-RECEIVED: The server received a SYN and sent a SYN-ACK; waiting for the final ACK.
- ESTABLISHED: The three-way handshake is complete; data can flow in both directions.
- FIN-WAIT-1 / FIN-WAIT-2: The local side has sent FIN to close the connection and is waiting for acknowledgment.
- CLOSE-WAIT: The remote side has sent FIN; the local application has not yet closed its end.
- TIME-WAIT: The connection is closed but the OS holds the port for 2 × MSL (Maximum Segment Lifetime, typically 60–120 seconds) to ensure delayed packets do not confuse a new connection using the same port tuple.
How a Web Request Flows End to End
Tracing a single HTTPS page load through every layer makes the model concrete:
- Browser issues a DNS query for the hostname. UDP port 53 carries the query to the resolver; the resolver returns an IP address.
- OS initiates a TCP connection: SYN sent to server port 443, SYN-ACK returned, ACK sent. The connection enters ESTABLISHED.
- TLS 1.3 handshake: ClientHello and ServerHello exchange in one round trip, establishing encryption keys and authenticating the server certificate.
- Browser sends an HTTP GET request inside the encrypted TLS stream. The HTTP message is encapsulated in TCP segments, each inside IP packets, each inside Ethernet frames.
- Each IP packet traverses routers across the ISP and internet, TTL decrementing at each hop, MAC addresses rewritten at each hop.
- The server processes the request, generates the HTTP response, and sends it back in TCP segments.
- TCP on both sides acknowledges received segments, retransmits any losses, and manages the congestion window.
- When the response is complete, either side sends FIN. The connection transitions through FIN-WAIT and TIME-WAIT before closing.
Why TCP/IP Became the Internet Standard
TCP/IP was not the only protocol suite competing for internet dominance in the 1980s and early 1990s. OSI protocols, IBM's SNA, Novell's IPX/SPX, and DEC's DECnet were all in use. TCP/IP won for several reasons: it was developed openly and documented in freely available RFCs, the US government mandated it for ARPANET and later funded its implementation, Unix shipped with BSD TCP/IP making it freely available to universities, and critically it was designed for heterogeneous networks — IP could run over any link layer without assuming anything about the underlying medium. The internet's radical openness — anyone with a connection and a protocol implementation could participate — was inseparable from the design of TCP/IP itself.
Frequently Asked Questions
What does TCP/IP mean?
TCP/IP refers to the protocol suite used by the internet. IP handles addressing and routing. TCP is one transport protocol that provides reliable ordered delivery.
Is TCP/IP only TCP and IP?
No. The phrase usually refers to the broader internet protocol suite, including IP, TCP, UDP, ICMP, DNS, HTTP, TLS, and many other protocols.
Why does TCP affect speed?
TCP controls reliability and congestion. Latency, packet loss, window size, and congestion control affect how quickly a TCP flow can ramp up and sustain throughput.