Table of Contents 4 sections
What is TCP/IP?
TCP/IP, which stands for Transmission Control Protocol/Internet Protocol, is the fundamental suite of protocols that enables communication across the internet and most modern networks. Developed in the 1970s by Vint Cerf and Bob Kahn for the US Department of Defence's ARPANET project, TCP/IP defines how data should be packetised, addressed, transmitted, routed, and received at the destination.
The name "TCP/IP" refers to two of the most important protocols in the suite, but the full TCP/IP stack encompasses dozens of protocols including HTTP, FTP, SMTP, DNS, and many others. Together, these protocols form the backbone of virtually all networked communication today.
The Four Layers of TCP/IP
The TCP/IP model is organised into four layers, each with a distinct responsibility. The Network Access layer (also called the Link layer) handles the physical transmission of data over a specific medium such as Ethernet or Wi-Fi. The Internet layer is responsible for addressing and routing packets across networks using IP addresses.
The Transport layer ensures reliable or unreliable end-to-end communication using TCP or UDP respectively. Finally, the Application layer encompasses all protocols that applications use to exchange data, including HTTP for web browsing, SMTP for email, and DNS for name resolution. This four-layer architecture is simpler than the seven-layer OSI model and maps more directly to how the internet actually functions.
How TCP Ensures Reliable Delivery
TCP is a connection-oriented protocol that establishes a reliable channel between two endpoints using a three-way handshake (SYN, SYN-ACK, ACK). Once the connection is established, TCP guarantees that data arrives in order, without duplication, and without corruption. If packets are lost during transmission, TCP detects the loss and retransmits the missing data automatically.
TCP also implements flow control and congestion control mechanisms to prevent a fast sender from overwhelming a slow receiver or a congested network. These features make TCP the preferred protocol for applications that require complete and accurate data transfer, such as web browsing, email, and file transfers.
TCP/IP and Security Considerations
Because TCP/IP was designed for interoperability rather than security, it is vulnerable to several types of attacks. SYN flood attacks exploit the TCP handshake by sending large numbers of SYN packets without completing the connection, exhausting server resources. IP spoofing allows attackers to forge the source address of packets to impersonate trusted hosts or evade detection.
Modern security measures such as firewalls, intrusion detection systems, and encryption protocols like TLS have been layered on top of TCP/IP to address these vulnerabilities. Understanding how TCP/IP works is essential for any security professional tasked with defending networks against both common and sophisticated threats.
FAQ
Frequently Asked Questions
TCP/IP stands for Transmission Control Protocol/Internet Protocol. It is the suite of communication protocols used to interconnect devices on the internet and most private networks.
The client sends a SYN packet to the server, the server responds with a SYN-ACK packet, and the client completes the handshake with an ACK packet, establishing a reliable connection.
Common attacks include SYN floods that exhaust server resources, IP spoofing that forges source addresses, and session hijacking that takes over established TCP connections.
Tags
Related Definitions
What is a denial-of-service (DoS) attack?
A denial-of-service (DoS) attack is a cyberattack that aims to make a computer, server, or network resource unavailable to legitimate users by overwhelming it with a flood of malicious traffic or exploiting vulnerabilities.
What is a Ping of Death (PoD) attack?
A Ping of Death (PoD) attack is a denial-of-service attack in which an attacker sends a malformed or oversized ICMP ping packet that exceeds the maximum allowed IP packet size, causing the target system to crash or freeze.
What is a WAF (Web Application Firewall)?
A Web Application Firewall (WAF) is a security solution that monitors, filters, and blocks HTTP/HTTPS traffic between a web application and the internet to protect against application-layer attacks.
What is blackhole routing?
Blackhole routing is a network defence technique where traffic destined for a specific IP address or range is silently dropped by routing it to a null interface, commonly used as an emergency response to DDoS attacks.