Transmission control protocol (TCP) is defined as a protocol used by the internet to establish a connection between two remotely hosted applications and deliver a reliable data stream from one to the other. This article explains what TCP is and how it works. It also lists some best practices for operation.
Table of Contents
Transmission control protocol (TCP) is a protocol used by the internet to establish a connection between two remotely hosted applications and deliver a reliable data stream from one to the other.Â
The technology was designed in the 1970s-80s when the internet was built. In a 1974 paper titled A Protocol for Packet Network Intercommunication, engineers Vint Cerf and Bob Kahn first described TCP, its working structure, and its foundational principles. It had two main components:
- Connection-oriented links: The server listens to the client before a connection is established and data can be sent.Â
- Datagram services: Information goes from source to destination without confirmation of delivery.
The protocol was initially termed the department of defense (DOD) networking model because TCP and other internet protocols were mainly used for military use cases and research. Over the years, TCP became incorporated into the public internet infrastructure we use today and is now synonymous with the internet protocol (IP) suite. TCP/IP forms the backbone of the modern internet.
To understand what TCP is, one must first consider the role of protocols in the functioning of the internet. A communication protocol defines the rules, semantics, and synchronization process for delivering octets (8 bits or 1 byte when in motion and not storage) from their source to the destination.Â
Since the internet is a vast and ever-growing space, protocols help standardize information delivery so that all the applications hosted on the web are interoperable and network management becomes simpler. The data source can predict the response it will elicit from the destination and can use the protocol to send the information accordingly.Â
In addition to TCP, networks use a variety of protocols such as user datagram protocol (UDP), simple mail transport protocol (SMTP), file transfer protocol (FTP), hypertext transfer protocol (HTTP), hypertext transfer protocol secure (HTTPS), and several others.Â
How does transmission control protocol work?
The functioning of TCP relies on the following core rules and components:
- The server is in a â€œpassive openâ€ state: Passive open is a network communication setting where a server process is waiting to establish a connection with a client. It is â€œlisteningâ€ for a connection without establishing it.
- The client must initiate an â€œactive open:â€ Once the server is in a â€œpassive openâ€ state, the client must establish a connection by sending a TCP synchronization or TCP SYN message. The server then expends resources to accept the connection.
- A reliable connection is established through a three-way handshake: The three-way handshake is one of the central features of TCP. It makes sure that the connection is set up securely and reliably by ensuring it follows three steps:
- SYN: The client sends a synchronization message to the server, essentially a unique numerical value.
- SYN-ACK: The server sends back a synchronization acknowledgment (or SYN-ACK) message, which comprises two parts â€“ the SYN value +1 and an ACK message, which is also a numerical value. The client receives the SYN-ACK.
- ACK: The client responds with an acknowledgment of its own, which is the ACK value + 1. This step in the three-way handshake establishes the client-to-server connection. Applications hosted on the client can now communicate with server-hosted applications by leveraging the connection.Â
- It uses retransmission to drive reliability: Retransmission or automation repeat query (ARQ) is an error-control method that resends data packets if they are lost in transmission across the network topology. An interval of time is allowed to lapse between the source sending a data packet and the destination receiving it. This interval is called a timeout, and if the destination does not acknowledge receipt before the timeout, the source will send the packet once again.Â
- It has three tools to detect and correct errors in data transmission: TCP ensures that data is transmitted over the internet correctly and without corruption. It uses three measures to achieve this:
- Checksum: TCP groups the bytes in a message into segments, and each component has a mandatory checksum field, which is a 16-bit value. The destination will check the data in the checksum field for integrity, and if it is corrupted, it will not send back an ACK.
- Timeout: Timeout is the maximum interval allowed to pass between the data origination and receipt. It ensures that the connection does not remain open too long and minimizes exposure to online threats and bad actors.Â
- Acknowledgment: The server and the client exchange ACK values for data transmission validation. If a data stream is not acknowledged, then the protocol tries retransmission. Also, if three consecutive ACK values are the same, then TCP initiates retransmission.
These rules make TCP among the most reliable communication protocols available across local area networks (LAN) and wide area networks (WAN). However, it does have a few vulnerabilities. The three-way handshake (SYN, SYN-ACK, and ACK) process takes time, and there is a stipulated interval allotted for a timeout. As a result, TCP connections have a greater latency and may slow down data transmission when heavy packets need to be delivered.
Also, sophisticated online threats may take advantage of the TCP model to hijack the network. When the server is in a passive open state, a bad actor may send a series of fraudulent packets, forcing the server to spend resources on accepting and acknowledging them. It floods the server with traffic, which eventually causes it to crash and become unavailable to the intended client. That is how denial-of-service attacks occur.Â
Therefore, web-based systems are now equipped with advanced cybersecurity measures to protect against such threats. Web application security is also an essential field in the connected era, as it embeds security measures into online services by design.
The TCP protocol stack comprises four layers: the application layer, the transport layer, the network layer, and the link layer. The first transfers data from one application to another, the second delivers data between processes, the third enables communication between the two hosts, and the last layer provides abstraction to hide the details of the physical network. This ensures that users can gain from TCP model layers without getting into the complex underlying architecture of the computer network or functionalities.Â
1. Application layerÂ
This layer manages the conversations between the web apps or services at each end of a TCP-mediated exchange â€“ i.e., the client and the server. It sets up, coordinates, and terminates data streams between the apps, following a TCP modelâ€™s rules and syntactical protocols.Â
It also ensures that the data is transmitted in a standardized format so that the receiving application can make sense of the information and present it to the end-user for consumption. In the case of online-hosted software, the application layer determines if the software will require network connectivity.Â
2. Transport layerÂ
This layer interacts with the data generated by the previous layer and prepares it for transmission over networking software and hardware infrastructure. The transport layer is instrumental in enforcing TCP rules.Â
The application layer only generates the data in a format that is TCP-ready, while it is the transport layer that ensures all TCP rules are followed during the data transmission. Built-in mechanisms enable reliability and automated error recovery for uninterrupted information flow. The client and the server can continually exchange information without disruptions.
3. Network layerÂ
This transmission control protocol stack layer deals with data interaction across multiple network segments and components. It creates logical paths between the two hosts (the client and the server), choosing the most reliable and efficient pathway.Â
Data packets may travel in myriad ways before reaching their destination, and the selected route will determine the latency, exposure to security vulnerabilities, and impact on integrity. The network layer evaluates the physical infrastructure powering the internet to determine the ideal transmission pathway while adhering to TCP rules.Â
4. Link layerÂ
The link layer operates at the local device or on-premise environment level. It enables internet connectivity for endpoint devices and software applications while maintaining due abstraction. Abstraction in computing is a process of presenting only the relevant attributes of a procedure or experience to avoid overwhelming the user.Â
The link layer of a TCP stack uses the network topology, installed drivers, and other local components to set up an internet connection. This layer also includes network interfaces that administrators can leverage for more granular control. These layers work together to enable internet connectivity via transmission control protocols. Remember that multiple protocols may combine and co-exist at different levels to perform discrete functionalities.Â
For instance, at the application layer, the TELetype NETwork (Telnet) protocol may help establish connections between Telnet clients and servers, commonly used in remote computing. Similarly, TCP can work alongside UDP at the transport layer, and the network layer may use internet control message protocol (ICMP) to diagnose communication issues. In other words, these four layers are central but not exclusive to TCP architecture alone.Â
To make the most of transmission control protocols in 2022, organizations can follow these best practices:Â
1. Configure the TCP model to store broken packetsÂ
Traditionally, transmission control protocol instructed the network to destroy data packets if they were corrupted in motion or if they arrived in a broken state. In some scenarios, the destination would not acknowledge receipt, and the source would initiate retransmission.Â
However, modern networking architecture allows organizations to opt for a different route. The TCP model can store broken packets instead of destroying them, and when fresh data packets are transmitted, these stored packets can fill in the gaps. This reduces latency and makes the connection more efficient.Â
2. Avoid well known or registered numbers for outbound and inbound port management Â
Port numbers are used to identify a network port used for a particular data transfer activity. Network and IT infrastructure managers can select a number or numerical range within which the transmission control protocol will operate.Â
As a best practice, one should avoid well-known or commonly used port numbers utilized by other components of a computing environment. For example, port 80 is typically used for IP and HTTP communication, while port 443 is used for HTTPS.Â
If you select a number above the 20,000 range, then connections using TCP protocols will be able to quickly identify and establish the line of connection between the server and client. This best practice is essential when testing enterprise servers for TCP connectivity.Â
3. Manage the TCP serverâ€™s listen backlog carefullyÂ
The listen backlog refers to a queue of connection requests that the receiving application has yet to be accepted. When the source generates multiple data streams and sends consecutive requests to a listening server, it creates a backlog of requests. The server has to spend resources listening to, acknowledging, or rejecting each request â€“ a process that takes time.Â
However, an overlong queue can cause congestion, and the queue will eventually become full, unable to accommodate any further requests. This could result in lost data packets without an administrator taking notice. It is essential to specify the maximum length of a serverâ€™s listen backlog, considering the computing resources at hand. Otherwise, one may have to restart a busy server and restart ongoing processes from scratch.Â
4. Take measures to conserve TCP server resourcesÂ
For every incoming request, a TCP server must invest a certain amount of computing resources in accepting, acknowledging, and establishing the connection. Conservation measures allow organizations to keep the TCP model performing optimally, even when there is a high volume of resources.Â
A simple best practice to achieve this is delayed acknowledgment. The transmission control protocol does not have to acknowledge every connection the moment it is received mandatorily. It can choose to delay it by a few fractions of a second through network buffers.Â
Delayed acknowledgment based on network buffers reduces the number of sockets that are concurrently open at a time, thereby conserving resources. Network hardware features like direct memory access make TCP functionalities faster and more efficient.Â
5. Configure the physical network environment for TCP optimizationÂ
Sometimes, physical network components and hardware can get in the way of proper TCP functioning. For example,Â an incorrectly configured network device can modify data packets in motion or replay the same packets multiple times to the destination.Â
In these cases, the TCP header value loses integrity, and as a result, the server is unable to accept and acknowledge the packet. Administrators should run a simultaneous network trace at the destination and source to compare the header value. Wide area network (WAN) accelerators and WAN optimization appliances cause this issue.Â
6. Configure an access control list (ACL) for routersÂ
Access control lists are a simple but effective way to control the flow of data packets in an enterprise network. Depending on ACL rules, the TCP model will restrict, permit, or deny traffic and ensure only legitimate packets enter the enterprise perimeter.Â
It is possible to define specific lists for specific protocols. For example, you can choose to allow data streams from a select set of IP addresses for TCP and a different set for UDP. The access control list should be embedded into the enterprise router as part of its core rules as a best practice.Â
7. Set up a proxy firewall at the application layerÂ
A proxy firewall acts as the last line of defense when evaluating incoming data packets in an enterprise network. It can inspect the contents of the packets to determine if they should be allowed or denied. Proxy firewalls are extremely useful when detecting zero-day threats, as they can investigate data streams for signs of anomalies.Â
Since transmission control protocols do not have any built-in security mechanisms, it is best to protect enterprise apps through this type of firewall. Once implemented, the proxy will intersect an incoming request, check it against security policies, and send an ACK response. This establishes a connection but does not allow the underlying application to receive the data without another thorough security check.Â
8. Customize TCP models to suit your organizationÂ
TCP/IP is a highly flexible networking tool and can adapt to almost any enterprise environment. Organizations must ask the following questions when formulating a TCP model for their needs:Â
- Should you opt for a flat structure when mapping out your network or a hierarchical one?
The former is suitable for single-site, small organizations, while the latter is best for large, complex environments.Â
- Will you use static or dynamic routing?
Static routes are preconfigured, while dynamic routing allows network appliances to select the best fit data transmission pathway depending on the nature of traffic and the infrastructure state. Organizations can use either of these or a combination of the two, which will determine TCP speed.Â
- What does your addressing scheme look like?
The addressing scheme allows users and applications to identify network components with which they will communicate via TCP. Organizations can collaborate with their internet service provider to set up a public addressing scheme and develop the internal testing addresses in-house.Â
- Do you need a subnet mask?
A subnet mask allows transmission control protocols to determine whether the destination is a local site or connected to a remote network.Â
By answering these questions beforehand, organizations can implement a network suited to their needs.Â Â
Today, transmission control protocols continue to underpin the internet. Particularly for organizations looking to deploy private networking infrastructure, it is vital to know what TCP is, how it works, its layers, and best practices for operation. Here are the key takeaways that one should remember:Â
- TCP prioritizes the reliability of a connection. It achieves this through a three-way handshake, which could adversely impact network latency.Â
- The TCP model lacks any inherent security features. Organizations must invest in measures like proxy firewalls, network access control lists, etc. when designing their network.Â
- TCP leverages four essential layers â€“ the application, transport, network, and link layers.Â
- TCP works alongside other communication protocols like UDP, SMTP, HTTP, FTP, HTTPS, etc., to enable the full stack of online capabilities.Â
Since the birth of the internet, TCP has remained a central pillar of online services. By configuring the protocol and the infrastructure correctly, organizations can achieve more efficient connectivity in 2022.
Did this article help you understand how transmission control protocol works? Tell us on LinkedInOpens a new window , TwitterOpens a new window , or FacebookOpens a new window . We would love to hear from you!
MORE ON NETWORKING
- What Is a Computer Network? Definition, Objectives, Components, Types, and Best Practices
- What Is Network Software? Definition, Types, Components, and Best Practices
- What Is Software-Defined Networking (SDN)? Definition, Architecture, and Applications
- Top 10 Software-Defined Networking (SDN) Solutions in 2022
- Wide Area Network (WAN) vs. Local Area Network (LAN): Key Differences and Similarities