Networking fundamentals tutorial – Transport layer, TCP and UDP

The Transport layer is situated under the Application layer in the TCP/IP stack and it’s responsible for end-to-end transfer of data. After data arrives at the Transport layer, it is encapsulated into a segment and application ports are added. Transport layer is also in charge for data segmentation at the source and reassembly at destination:

Transport layer


You’ve probably heard about ports numbers a lot, but have you ever wondered why are they useful? Well port numbers are used to identify the source and destination application that a segment is destined to. When the source sends the segment it attaches a random source port that is above 1023 and a destination port that is usually under 1023. But why this number? Well there are three port classes as follows:
0 to 1023 are the so called well known ports. These ports are reserved for services and applications that are  well known like DNS, HTTP or SMTP
1034 to 49151 are the registered ports used by different applications of different vendors. For example when you install Skype, it uses a certain port to create connections.
49152 to 65535 dynamic ports are used by hosts to establish connections and is usually the source port in a segment.
The combination between an IP address and port number is known as a socket: “socket address is the combination of an IP address and a port number, much like one end of a telephone connection is the combination of a phone number and a particular extension. Based on this address, internet sockets deliver incoming data packets to the appropriate application process or thread.” Read here on wikipedia more:
In windows, to list the available TCP/IP network connections use the command netstat (network statistics):

netstat command

I have taken the netstat states explanation from Microsoft’s website:
“State Explanation
———— ——————————————————–

SYN_SEND Indicates active open.

SYN_RECEIVED Server just received SYN from the client.

ESTABLISHED Client received server’s SYN and session is established.

LISTEN Server is ready to accept connection.

NOTE: See documentation for listen() socket call. TCP sockets in listening state are not shown – this is a limitation of NETSTAT. For additional information, please see the following article in the Microsoft Knowledge Base:

134404 NETSTAT.EXE Does Not Show TCP Listen Sockets

FIN_WAIT_1 Indicates active close.

TIMED_WAIT Client enters this state after active close.

CLOSE_WAIT Indicates passive close. Server just received first FIN from a client.

FIN_WAIT_2 Client just received acknowledgment of its first FIN from the server.

LAST_ACK Server is in this state when it sends its own FIN.

CLOSED Server received ACK from client and connection is closed.”

As we talked in a previous post, when data is sent onto the medium it is interleaved which means that multiple applications can transmit data at the same time. Transport layer must recognise and sort all the pieces so that when they arrive at destination, data is received intact. To understand the role of Transport layer imagine the following scenario. You are running multiple applications on your host, an email client, web browser and a data streaming client:


Data from all three applications must be segmented before it is sent to the lower layers for processing. Each segment receives an application port destination so that Transport layer protocols know which one corresponds to which application. When data is sent onto the medium it can be damaged or delayed that’s why when all the pieces arrive at destination they can be unordered or even missing. This is where Transport layer comes and arranges all pieces to form the whole data block. Overall Transport layer protocols offer reliable delivery, data reconstruction, data segmentation which facilitates multiplexing, flow control and session establishment. Transport protocols offer reliable delivery because they use acknowledgement, retransmission and tracking messages. An acknowledgement message is transmitted when individual pieces of data arrive at destination; when data has not been acknowledged it is retransmitted by the source and tracking is used to oversee each piece as it travels in the network. Now we will get to the two most known Transport layer protocols, the TCP or Trasmmission Control Protocol and UDP or User Datagram Protocol. You have probably heard about these two protocols but how many of you know what exactly these two protocols offer? I will write the differences between them:

TCP                                                 UDP
Connection oriented                         Connectionless
Overhead increased                         Low Overhead
Reliable Delivery Flow control          “Best effort protocol”
PDU is called Segment                    PDU is called Datagram

TCP – This protocol is “connection oriented” because before any data is transmitted, a connection between the source and destination must be initiated. This connection is initiated by using the three way handshake method. After the connection has been created, data is sent from source to destination. After each segment has been send, the source waits for the acknowledgement message to be received and if the message doesn’t arrive then the segment is retransmitted.
The three way handshake – this method is used to establish the connection between source and destination. The source sends a SYN (Synchronize) message with a random sequence number value. This message is used by the host to request a connection to the server. The server responds with a SYN (Synchronize), ACK (Acknowledgement) message indicating that he is ready to establish the connection. The server also responds with it’s own sequence number and an ACK number (the SEQ is also random but the ACK number is grater then the host’s ACK by one). After this phase is complete, connection is established and the host sends the final SEQ and  ACK message(the SEQ is greater then the server’s ACK number by 1 and the ACK number is greater than the server’s SEQ number by one). I know that is hard to understand this so that’s why I’m going to attach an image of this process:

TCP session establishment

To terminate the connection, the following steps are made:

TCP session termination

To view a session establishment and termination use a protocol analyzer tool like Wireshark ( I use it and I think it’s the best one :
TCP is using sequence numbers and acknowledgements to provide reliability and window size to specify how much data can be transmitted before the acknowledgement message is send. Window size is also used for flow control. When network resources permit more traffic, the window size is increased, if not the windows size is decreased. This is very useful to avoid network congestion.
Services that use TCP are :
Web browsers, E-mail applications, File transfers
UDP – is a Transport layer conectionless protocol which means that UDP doesn’t wait for a connection to be established first. This feature considerably reduces overhead. UDP doesn’t use sequence numbers or acknowledgements when sending data which means that it’s unreliable and applications that run UDP do not guarantee for data delivery. Also datagrams can be lost during transmission and are not re-sent. After data is ready to be delivered and port numbers are identified, UDP creates the datagram and sends it to lower layers.
Some well known applications that run UDP are: SNMP, DNS, DHCP, video streaming and online gaming.

OK folks that’s all about the Transport layer, I hope you will enjoy this post, wish you all the best and have a nice day.


One thought on “Networking fundamentals tutorial – Transport layer, TCP and UDP

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s