TCP/IP suite

---

Understanding the TCP/IP Suite

TCP/IP (Transmission Control Protocol/Internet Protocol) is not just one protocol - it's a suite of protocols that form the foundation of the entire internet. Every time you browse the web, send an email, or stream a video, you're using TCP/IP.

The Big Picture

Think of TCP/IP as the "language of the internet" - it's the set of rules that allows billions of devices to communicate with each other, regardless of manufacturer, operating system, or location.

---

The Four Layers Explained

Layer 1: Network Access Layer (Link Layer)

What it does: Handles the physical transmission of data over network hardware.

Real-world analogy: The actual roads and vehicles that carry physical mail.

Examples:

• Ethernet cables in your office

• Wi-Fi radio signals

• Your network interface card (NIC)

• MAC addresses (hardware addresses like 00:1B:44:11:3A:B7)

You rarely interact with this layer directly - your operating system handles it.

Layer 2: Internet Layer

What it does: Routes data packets across different networks to reach the destination. Handles addressing and pathfinding.

Real-world analogy: The postal system that figures out which route to send your letter through multiple post offices.

Key protocol: IP (Internet Protocol)

IP Addresses identify devices:

• IPv4: 192.168.1.1 (32-bit, ~4.3 billion addresses)

• IPv6: 2001:0db8:85a3:0000:0000:8a2e:0370:7334 (128-bit, basically unlimited)

Other protocols:

• ICMP: Used by ping to test connectivity

• ARP: Translates IP addresses to MAC addresses

Layer 3: Transport Layer

What it does: Manages how data is delivered between applications. Provides ports to identify which application gets the data.

Real-world analogy: Choosing between certified mail (guaranteed delivery) vs. regular mail (faster but no guarantee).

Two main protocols:

TCP (Transmission Control Protocol)

• Reliable: Guarantees delivery and correct order

• Connection-oriented: Establishes a connection first (handshake)

• Slower: Due to overhead and error checking

• Used by: HTTP/HTTPS, SMTP (email), FTP, SSH

UDP (User Datagram Protocol)

• Unreliable: No delivery guarantee

• Connectionless: Just sends data without setup

• Faster: Minimal overhead

• Used by: DNS, video streaming, online gaming, VoIP

Layer 4: Application Layer

What it does: Protocols that applications use directly. This is what you interact with.

Examples:

• HTTP/HTTPS - Web browsing

• SMTP/POP3/IMAP - Email

• FTP/SFTP - File transfer

• SSH - Remote access

• DNS - Domain name resolution

• DHCP - Automatic IP address assignment

---

How Data Travels: Encapsulation

Let me show you what happens when you send data:

Key Concepts in TCP/IP

IP Addresses

Every device on a network needs an address:

IPv4 format: 192.168.1.1 (four numbers, 0-255)

Special IPv4 addresses:

• 127.0.0.1 - Localhost (your own computer)

• 192.168.x.x - Private network addresses

• 10.x.x.x - Another private range

• 0.0.0.0 - "Any" address

IPv6 format: 2001:0db8:85a3::8a2e:0370:7334 (128-bit hexadecimal)

Ports

Ports identify which application should receive the data:

IP Address : Port Number
192.168.1.100:80    ← Web server
192.168.1.100:22    ← SSH server
192.168.1.100:3306  ← MySQL database

Well-known ports (0-1023):

• 20/21 - FTP

• 22 - SSH

• 25 - SMTP (email)

• 53 - DNS

• 80 - HTTP

• 443 - HTTPS

• 3306 - MySQL

• 5432 - PostgreSQL

Registered ports (1024-49151): Used by applications

Dynamic/private ports (49152-65535): Used for client connections

---

TCP Three-Way Handshake

Before TCP can send data, it establishes a connection:

TCP vs UDP: When to Use Each

TCP - Reliable but Slower

Characteristics:

• Guarantees delivery

• Maintains order

• Error checking

• Retransmits lost packets

• Flow control

Use TCP when:

• Data must arrive completely and correctly

• Order matters

• You can tolerate slight delays

Examples:

• Web browsing (HTTP/HTTPS)

• Email (SMTP, IMAP)

• File transfers (FTP, SFTP)

• Remote access (SSH)

• Database queries

UDP - Fast but Unreliable

Characteristics:

• No delivery guarantee

• No order guarantee

• No error checking

• No retransmission

• Lower overhead

Use UDP when:

• Speed is more important than accuracy

• A little data loss is acceptable

• Real-time matters more than perfection

Examples:

• Video streaming (live broadcasts)

• Online gaming

• VoIP (voice calls)

• DNS queries

• Network time synchronization

---

DNS: A Critical TCP/IP Service

DNS (Domain Name System) translates human-readable names to IP addresses:

# Look up the IP address of a domain
dig google.com

# Or use nslookup
nslookup google.com

# Or host
host google.com

# Example output:
# google.com has address 142.250.185.46

How it works:

1. You type www.example.com in your browser

2. Your computer asks a DNS server: "What's the IP for example.com?"

3. DNS server responds: "It's 93.184.216.34"

4. Your browser connects to 93.184.216.34

DNS uses UDP port 53 for queries (fast, small responses)

---

Practical Bash Examples

Check Your IP Address

# Show network interfaces and IP addresses
ip addr show

# Or on older systems
ifconfig

# Get just your main IP
hostname -I

# Check public IP (what the internet sees)
curl ifconfig.me
# or
curl ipinfo.io/ip

Test Connectivity with Ping (ICMP)

# Ping a server (uses ICMP protocol)
ping google.com

# Output:
# 64 bytes from 142.250.185.46: icmp_seq=1 ttl=118 time=12.3 ms
# 64 bytes from 142.250.185.46: icmp_seq=2 ttl=118 time=11.8 ms

# Ping exactly 4 times
ping -c 4 google.com

# Ping with larger packets
ping -s 1000 google.com

Trace the Route (Show Hops)

# Show all routers between you and destination
traceroute google.com

# Or on Windows/some systems
tracepath google.com

# Output shows each "hop" (router) along the path:
# 1  192.168.1.1 (1.234 ms)      ← Your router
# 2  10.0.0.1 (5.678 ms)         ← ISP router
# 3  72.14.215.203 (15.3 ms)     ← ISP backbone
# ...
# 10 142.250.185.46 (23.4 ms)    ← Google server

Check Open Ports and Connections

# Show all listening ports and connections
netstat -tuln

# t = TCP, u = UDP, l = listening, n = numeric (don't resolve names)

# See which programs are using which ports
sudo netstat -tulpn

# Or use the modern replacement
ss -tuln

# Check if a specific port is open
nc -zv example.com 80
# or
telnet example.com 80

View Routing Table

# Show routing table (where packets are sent)
ip route show

# Or
route -n

# Output shows which gateway handles which networks

Monitor Network Traffic

# Capture packets on an interface (requires root)
sudo tcpdump -i eth0

# Capture only HTTP traffic
sudo tcpdump -i any port 80

# Save to file for analysis
sudo tcpdump -i eth0 -w capture.pcap

# Read the capture file
tcpdump -r capture.pcap

# Monitor bandwidth usage
sudo iftop

# Or
sudo nethogs

Test DNS Resolution

# Query DNS server
dig example.com

# Get just the IP
dig +short example.com

# Query specific DNS server
dig @8.8.8.8 example.com

# Reverse DNS lookup (IP to name)
dig -x 8.8.8.8

# Check all DNS record types
dig example.com ANY

Download a File (HTTP over TCP)

# Download using wget
wget https://example.com/file.pdf

# Download using curl
curl -O https://example.com/file.pdf

# See the full HTTP headers
curl -I https://example.com

# Follow redirects
curl -L https://short.url/abc123

Simple TCP Connection Test

# Test if you can connect to a port
nc -v example.com 22

# Create a simple TCP server on port 8080
nc -l 8080

# In another terminal, connect to it
nc localhost 8080
# Now you can type messages between the two!

# Send a file over TCP
# Server (receiver):
nc -l 8080 > received_file.txt

# Client (sender):
nc localhost 8080 < file_to_send.txt

---

The TCP/IP Suite in Context

Before TCP/IP (1970s): Different networks couldn't talk to each other. IBM networks spoke one language, DEC networks spoke another, etc.

TCP/IP invention (1970s-1980s): Created as part of ARPANET (predecessor to the internet). Designed to be:

• Universal: Works with any hardware

• Robust: Can route around failures

• Scalable: Can grow from 2 computers to billions

Internet adoption (1990s): TCP/IP became THE standard. The World Wide Web uses HTTP over TCP/IP.

Today: Literally everything on the internet uses TCP/IP. Your phone, laptop, smart TV, IoT devices, servers - all speaking the same language.

Why TCP/IP Won

Simple: Four layers vs. OSI's seven

Practical: Designed by engineers building real networks, not committee theorists

Open: No patents or licensing fees

Flexible: Works over any physical network

Proven: Decades of reliability

---

Key Takeaways

TCP/IP is a suite of protocols working together, not just one protocol.

Four layers each handle different aspects: physical transmission, routing, delivery, and applications.

TCP ensures reliability (used for web, email, files) while UDP prioritizes speed (streaming, gaming, DNS).

Every internet device uses TCP/IP - it's the universal language of the internet.

Encapsulation means each layer wraps data with its own header, creating layers like nesting dolls.

TCP/IP is over 50 years old but still powers the modern internet because its design was so fundamentally sound. It's the invisible foundation that makes everything from browsing websites to streaming videos possible!

---

Explainer videos

---