Transmission Control Protocol

As mentioned before, TCP is one of the most important parts of the IP protocol suite. It provides reliable delivery of data, sequencing, flow control, acknowledgement and re-transmission of packets. In its simplest operation, TCP requires establishment of connection first or sometime we call it handshake before actual transmission. The handshake is in three phases:


  1. Host A needs to send SYN signal to Host B
  2. Host B will then reply with SYN-ACK signal
  3. Host A finally will send an ACK signal.


Once the three way handshake is successful, a connection has been established. The host can then transfer data to another host. After data has been transferred, the established connection will then be closed. The process will be repeated again on another transmission.


TCP Header

Figure 3-1 TCP Header Information

You will find tons of books out there written just on TCP alone because the topics are broad. However, even though our aim is to get started with our Cisco as soon as possible, it is important for you to understand the TCP concept. Figure 3-1 gives us the TCP header information. Understanding its structure will give us better understanding of its characteristic. The parts of the Header are as follows:



  • Source Port (16 bits) – Identifies the Source port number


  • Destination Port (16 bits) – Identifies the Destination port number


  • Sequence Number (32 bits) – is the sequence number of the first data byte. If the SYN bit flag is set, the sequence number is the initial sequence number and the first data byte is the sequence number plus 1


  • Acknowledgement Number (32 bits ACK) – If the ACK flag bit is set, this field contains the value of the next sequence number that the receiver is expecting to get.


  • Data Offset (4 bits) – In the header, this specifies the number it 32-bit words. This is where the data begins.


  • Reserved (6 bits) – Reserved for future use. Must be Zero.
  • URG (1 bit) – describes that the urgent pointer field is significant.
  • ACK (1 bit) – describes that the acknowledgement field is significant.


  • PSH (1 bit)- Push function


  • RST (1 bit) – Resets the connection


  • SYN (1 bit)– This synchronize the sequence numbers


  • FIN (1 bit) – describes that no more data from the sender


  • Window (16 bits) – this describes the number of bytes the receiver is willing to receive indicated in the ACK.


  • Checksum(16 bits) – this field is used for checking error in the header


  • Urgent Pointer (16 bits) – this is only important when the URG control bit is set. This holds an offset pointer to the end following urgent data.


  • Options – a variable length option at the end of the header. It can be one of the following format:


  • A single octet of option-kind
  • An octet of option-kind, an octet of option-length and the option-data octets.


  • Padding – is used to ensure that the data and the header begins on a 32 bit boundary



The complete specification of TCP is described in RFC 793. You can view this at IETF website at

Introduction to Internet Protocol Suite

The internet protocol suite is a set of communication protocols most commonly known as the TCP/IP. It is the most widely used network protocol in the internet today. The TCP and IP is the two most important member of the family thus the name was derived from. Protocol in its simplest form is the rules in communication. It describes how network devices should communicate to each other by following well defined rules.

Like the OSI, the Internet Protocols Suite or TCP/IP suite are defined in layers. The four layers are:

Application Layer –This includes all the high-level application protocols and corresponds to the last three layer of the OSI model (Application, Presentation and Session layer). One example of application protocols are the FTP for high speed data/file transfer.

Transport Layer –corresponds to the transport layer of the OSI model. It provides end to end delivery of data from an application to another. This layer can be connection-oriented as the case of TCP or connectionless as the case of UDP. The TCP or Transmission Control Protocol provides reliable delivery of data, sequencing, flow control, acknowledgement and re-transmission of packets. On the other hand, the UDP or User Datagram Protocol provides unreliable delivery of data; packets are not numbered in sequence and no data recovery. However, UDP is a lightweight protocol and is faster than the TCP because of some overhead being not available.

Internetwork Layer – This layer corresponds to the network layer of the OSI model. It provides virtual transmission of packets on the internetwork including handling of routes. All network devices in the network communicate by assigning an IP address to each device. IP stands for Internet Protocol and is the main protocol use by this layer. Like the Transport Layer UDP, IP is a connectionless protocol which doesn’t provide error recovery and flow control. All these mechanism must be provided by the higher layer protocols.

Link Layer – This layer corresponds to the Data Link and Physical Layer of the OSI model. Its main function relates to hardware addressing mechanism and how the data is being transmitted over the network medium.


TCP/IP Application, Services and Common Ports

FTP – File Transfer Protocol is used for high speed transfer of files over the network. This the most favorite method of transferring files over the internet. FTP server located remotely must be configured to accept incoming traffic from FTP client programs. Authentication is also needed for successful connection. Some server provides Anonymous connection and uses email as password. However, this method is setup by administrators for limited access. FTP listens to TCP port 21.

SSH – Secure Shell provides superiority to Telnet. This network protocol was primarily designed to replace Telnet by connecting to remote devices using a secure channel. While Telnet send all data in plaintext, SSH sends information in encrypted form protecting data from prying eyes. SSH server uses TCP port 22.

Telnet – A telnet is a terminal emulation program use to connect to remote devices and use its resources. This method of remote connection has been used for long time until now. From the remote device, a client can use the program which refers as the Telnet Client to connect to the Telnet server. Cisco router and switches uses telnet to configure remote devices. Telnet uses TCP port 23.

SMTP – Simple Mail Transfer Protocol is the protocol for sending email. You will likely to encounter this protocol when configuring your email client such as Microsoft Outlook or Outlook Express. The SMTP server address is normally provided by your Internet Service Provider (ISP). While SMTP is used to send email, POP3 (Post Office Protocol) is the most common protocol for receiving mail. SMTP uses TCP port 25.


Without the DNS, you need to memorize all the IP addresses of every website that you want to visit. Thanks to DNS, you don’t need to. DNS uses TCP/UDP port 53.

TFTP – Trivial File Transfer Protocol is the express version of FTP. It is use in basic file transfer if authentication and encryption is not an issue. A Cisco router uses TFTP to perform IOS backup and upgrade. TFTP uses UDP port 69.

HTTP – Hypertext Transfer Protocol is the language of the internet. It describes the rules of transferring HTML documents which may contains graphics, text, documents, audio and video. HTTP uses TCP port 80 by default.

SNMP – Simple Network Management Protocol is use in managing the network system. It provides the ability to monitor network device status and functionalities by polling object variables. These objects can be seen in the Management Information Base or MIB which describes the collection of objects in hierarchical order. Agent software in the managed device reports back the status of the polled object. By using SNMP, Network Engineers or Administrators can monitor performance of the network and helps in troubleshooting networks issues. SNMP uses UDP port 161.

HTTPS – is an acronym for Hypertext Transfer Protocol over SSL. Some also referred to this as Secured Http. It was taken from HTTP and combined with encrypted secured socket layer or SSL. The SSL encryption is used to secure information sent in the internet. HTTPS uses TCP port 443.

DHCP – Dynamic Host Configuration Protocol enables the assigning of IP network parameters to its connected clients dynamically. These parameters include but not limited to IP address, Subnet Masks, DNS address, Gateways etc. A dedicated DHCP server is configured with pool of addresses to be assigned to client requesting for IP parameters. This provides flexibility when additional nodes need to be added in the network.

ARP /RARP– Before communication between network hosts takes place, the Physical address of each other must be known. This is the job of the Address Resolution Protocol or ARP. It maps the Hardware Physical Address or MAC address when the IP address is known. An ARP request is broadcast to all hosts and the receiving host with matching IP address will then reply with its MAC address. On the other hand Reverse ARP is the opposite of ARP. It is used to map IP address when the Physical address is only known.

OSI Reference Model

Any networking topic will not be complete without discussing the OSI model. The OSI is an acronym for Open Systems Interconnection – a worldwide standard created by the ISO – Industry Standard Organization. The aim of the OSI is to layout a guide for all manufacturers, vendors, designers, software people etc. making the networking industry compatible to each other. The OSI layered approach explains how information travels and encapsulated from one node to another. Each layer explains its relation to the layer above and the layer below it.

This section is not actually a practical DIY but my aim here is for you to understand travel of information in networking. Having this understanding will help you in troubleshooting network problem in the future.

There are seven layers of the OSI model namely:

Application Layer

Presentation Layer

Session Layer

Transport Layer

Network Layer

Data Link Layer

Physical Layer

The application layer is the 7th layer while the Physical is the 1st layer. One way to remember all these layers from top to bottom are through the use of mnemonic:

All People Seem TNeed Data Processing

Or it can be from bottom to top:

Please DNot Take Sale’s People’s Advice

Each layer of the OSI has its own function needed in communication and as I said before, each layer provides relationship to layer above and below it.



Application Layer

This layer provides services enabling network applications to communicate to each other. These services may include synchronization, determining resource availability and requests to Presentation Layer. Data encapsulation in this layer is called Data.

Some examples are:

FTP – File Transfer Protocol

SMTP – Simple Mail Transport Protocol

HTTP – Hypertext Transfer Protocol


TFTP –  Trivial File Transfer Protocol


Presentation Layer

The presentation layer is the sixth layer of the OSI reference model. Its function deals with the conversion of data to a required format for the application layer. Data encapsulation in this layer is called Data.

Some examples are:

EBCDIC (text)

ASCII (text)

JPEG (image)

MPEG (Audio/Video)

GIF (image)

PNG (image)

TIFF (image)

QuickTime (Audio/Video)



Session Layer

This layer deals with establishment and maintenance of session as well as terminating such sessions. Data encapsulation in this layer is called Data.

Examples are:

AppleTalk ZIP

Decnet  Session Control Protocol

Unix Remote Procedure Call (RPC)


Transport Layer


This fourth layer of the OSI reference model deals with the reliable and unreliable end to end delivery of data. Reliable delivery uses connection oriented while non-reliable uses connectionless transmission. Function includes multiplexing, windowing, flow control and error checking-recovery mechanism. Data encapsulation in this layer is called Segment.

Examples are:

TCP – Transmission Control Protocol (connection-oriented)

UDP – User Datagram Protocol (connectionless)


Network Layer


This layer 3 deals with the delivery of packet across the internetwork including routing while choosing the best path. Data encapsulation is this layer is called Packet.

Examples are:

IP – Internetworking Protocol






Data-Link Layer

This layer consists of two sub-layers. The Logical Link Control (LLC) which handles error and flow control over the physical medium. The MAC or the Media Access Control handles physical address or hardware address burned into every network device. This address is commonly called MAC address – a 48 bit address comprises of unique ID and manufacturers ID. Data Encapsulation in this layer is called Frame.

Examples are:

Fast Ethernet

Gigabit Ethernet

Token Ring





Frame Relay

Physical Layer


This is the first layer of the OSI which defines the transmission of bits into the physical hardware. This includes all electrical characteristics such as voltage, clock rates, timings, maximum cable length etc. Data encapsulation in this layer is called bits.

Examples are:



Fiber Optic

CAT 6 Cabling

CAT 5e Cabling

BNC connector

Well that’s it. I have explained the 7 OSI layers as simple as I can. Also, you may have noticed that for every layer, I mentioned about its data encapsulation. As the information travels for each layer, a new encapsulation is being introduced. This way, we could simply know what kind of information we are dealing with whether a packet, a frame or a data. So you could easily remember the data encapsulation, you use the mnemonic:

From top to bottom:

Do       –           Data

Some   –           Segment

People-            Packet

Fry      –           Frame

Bacon –            Bits