Advanced Networking

Fundamentals, Architecture & Practice

Framework Architecture Troubleshooting

Master the TCP / IP Model

Master the TCP / IP Model: A complete technical guide

Cisco Networking

Master The TCP / IP Model:
A complete technical guide

Covers all four layers, encapsulation, Cisco IOS examples, and best practices.

📅 April 2026
⏱ 18 min read

📶 What is the TCP / IP Model?

The TCP / IP Model — formally known as the Internet Protocol Suite — is the conceptual framework that defines how data is packaged, addressed, transmitted, routed, and received across interconnected networks. Unlike purely theoretical constructs, the TCP / IP Model was purpose-built for practical implementation. It underpins every internet communication you perform today, from loading a web page to establishing a secure SSH session on a Cisco router.

Developed in the early 1970s by DARPA researchers Vint Cerf and Bob Kahn, the TCP / IP Model was designed to create a resilient, vendor-neutral protocol stack capable of surviving partial network failures — a requirement born from Cold War-era military thinking. The Department of Defense (DoD) later codified this into what became known as the DoD model, an alternative four-layer representation of the same stack.

At its core, the TCP / IP Model describes how two processes — perhaps a web browser on your laptop and a server in a data centre — can exchange data reliably and efficiently despite being separated by thousands of kilometres, dozens of autonomous systems, and heterogeneous physical media. It achieves this through a layered architecture in which each layer provides well-defined services to the layer above and consumes services from the layer below.

Context: TCP / IP vs the OSI Model
The OSI model is a seven-layer reference model used for troubleshooting and conceptual discussion. The TCP / IP Model is a four-layer implementation model that describes the actual protocols deployed on the internet. Understanding both models and how their layers map to each other is an essential skill in networking.

The TCP / IP Model compresses OSI’s seven layers into four: the Application, Transport, Internet, and Network Access layers. This consolidation reflects reality — the session and presentation concerns that OSI separates are, in practice, handled by the application itself or by TLS encryption libraries, not by discrete protocol entities. For a network tech working in the field, being able to map any given protocol — HTTP, OSPF, ARP, 802.3 Ethernet — to its correct TCP / IP layer is both a theoretical requirement and a practical troubleshooting skill that you will use daily.

Understanding the TCP / IP Model also provides the mental scaffolding for interpreting Cisco IOS output. When you run show ip interface brief, you are looking at the Internet layer. When you examine show interfaces error counters, you are working at the Network Access layer. The model gives meaning to the data the device is surfacing, transforming raw output into actionable diagnostic insight.

🧮 Key Components of the TCP / IP Model

The TCP / IP Model is organised into four layers, each with a distinct responsibility and a well-defined set of protocols. Together, they form a complete end-to-end communication system. The following describe each layer, its primary role, and the protocols that operate within it.

🖥

Application Layer

The topmost layer interfaces directly with user-facing processes. It defines the rules for how applications format, exchange, and display data. Key protocols include HTTP/HTTPS, FTP, SMTP, DNS, SNMP, SSH, and Telnet. This layer corresponds to OSI layers 5, 6, and 7 combined.

📤

Transport Layer

Responsible for end-to-end communication between processes on different hosts. The two dominant protocols are TCP — which provides reliable, connection-oriented, sequenced delivery with flow control and error recovery — and UDP, which provides lightweight, connectionless, best-effort delivery for latency-sensitive traffic.

🌎

Internet Layer

Handles logical addressing and routing of packets between networks. The core protocol is IP (IPv4 and IPv6). Supporting protocols include ICMP for diagnostic messaging, ARP for resolving IP addresses to MAC addresses, and routing protocols such as OSPF and EIGRP that populate the routing table.

🔌

Network Access Layer

Combines the functionality of OSI layers 1 and 2. It governs how data is physically placed on the transmission medium and how frames are addressed within a single network segment. Technologies include Ethernet (IEEE 802.3), Wi-Fi (IEEE 802.11), PPP, and HDLC. MAC addressing and framing occur here.

👥

Port Numbers

Port numbers are a critical Transport-layer concept that allows multiple simultaneous connections on a single IP address. Well-known ports (0–1023) are assigned to common services by IANA. Registered ports (1024–49151) are for vendor applications. Ephemeral ports (49152–65535) are used dynamically by clients.

📄

Sockets

A socket is the combination of an IP address and a port number, forming a unique communication endpoint. A TCP connection is uniquely identified by a four-tuple: source IP, source port, destination IP, destination port. Sockets are the mechanism by which the OS multiplexes multiple concurrent application streams over a shared IP address.

🔓

Protocol Data Units (PDUs)

Each layer has a specific name for the data unit it handles. The Application layer works with data, the Transport layer with segments (TCP) or datagrams (UDP), the Internet layer with packets, and the Network Access layer with frames and ultimately bits on the wire.

💾

Encapsulation & De-encapsulation

As data travels down the TCP / IP stack on a sending host, each layer wraps the payload with a layer-specific header (and sometimes a trailer). This process is called encapsulation. The receiving host performs de-encapsulation in reverse, stripping each header as data travels up the stack to the application.

Conflating ARP with the Internet Layer!
ARP operates at the boundary between the Network Access and Internet layers. While ARP resolves IP addresses (an Internet-layer concept), the protocol itself — including its frame format and MAC-address logic — functions at the Network Access layer. ARP is typically placed in the Network Access layer or described as operating between layers 2 and 3.

One component that deserves special attention is the TCP three-way handshake. Before any reliable data transfer can occur, the TCP protocol establishes a connection using three messages: SYN (synchronise), SYN-ACK (synchronise-acknowledge), and ACK (acknowledge). This handshake negotiates initial sequence numbers and confirms that both sides are ready to communicate. Understanding this process is fundamental for interpreting packet captures on production networks.

How the TCP / IP Model Works

The genius of the TCP / IP Model lies in its layered separation of concerns. Each layer is autonomous — it only needs to know how to talk to the layer directly above and below it. This means an engineer can upgrade physical media from copper to fibre (Network Access layer) without modifying TCP (Transport layer), or deploy IPv6 at the Internet layer without requiring HTTP at the Application layer to be rewritten. This modularity is what has allowed TCP / IP to scale from ARPANET’s four nodes in 1969 to billions of connected devices today.

TCP / IP Layer Stack — Visual Reference

4
Application Layer
HTTP, HTTPS, FTP, SSH, DNS, SMTP, SNMP, Telnet — application-level protocols and data formatting

Data

3
Transport Layer
TCP (reliable, connection-oriented) | UDP (best-effort, connectionless) — port numbers, segmentation, flow control

Segment /
Datagram

2
Internet Layer
IPv4, IPv6, ICMP, ARP, OSPF, EIGRP, BGP — logical addressing and routing across networks

Packet

1
Network Access Layer
Ethernet 802.3, Wi-Fi 802.11, PPP, HDLC — MAC addressing, framing, physical bit transmission

Frame / Bits

Data Flow: Step-by-Step Encapsulation

When a user opens a browser and requests a web page, the following sequence occurs as data travels down the TCP / IP stack on the client, across the network, and up the stack on the server.

1
Application Layer — Data Creation
The browser (HTTP client) formats an HTTP GET request. At this layer, data is simply referred to as data. The DNS resolution needed to reach the server has already occurred at this stage. The Application layer hands the data to the Transport layer.

2
Transport Layer — Segmentation and Port Assignment
TCP receives the data and breaks it into segments. Each segment receives a TCP header containing the source port (an ephemeral port assigned by the OS, e.g. 54321), the destination port (80 for HTTP or 443 for HTTPS), sequence numbers for ordered reassembly, acknowledgement numbers, flags (SYN, ACK, FIN), the window size for flow control, and a checksum for error detection. Before data segments are sent, TCP completes the three-way handshake.

3
Internet Layer — IP Encapsulation and Routing Logic
The IP layer wraps each segment in an IP header to create a packet. The IP header includes the source IP address (the client), the destination IP address (the server), the Time-to-Live (TTL) value (decremented by each router along the path), the protocol field (6 for TCP, 17 for UDP, 1 for ICMP), and a header checksum. The sending host consults its routing table to determine the next-hop IP address.

4
Network Access Layer — Framing for Local Delivery
The packet is wrapped in a frame appropriate for the local medium — typically an Ethernet frame. The frame header contains the source MAC address (the host’s NIC) and the destination MAC address (the default gateway’s interface). If the MAC address is not cached in the ARP table, an ARP broadcast is sent first. A Frame Check Sequence (FCS) trailer is appended for error detection at the receiving end.

5
Physical Transmission — Bits on the Wire
The NIC converts the frame into a bit stream — voltage levels on copper, light pulses on fibre, or radio waves on wireless media. The bits traverse the physical medium to the first-hop device (typically a switch, then a router). Each intermediate router strips and re-builds the frame header as the packet transits network segments, while the IP packet and TCP segment remain unchanged until they reach the destination host.

6
De-encapsulation at the Destination
The server’s NIC receives the bit stream and checks the FCS. If valid, the frame is de-encapsulated, and the IP packet is passed up. The IP layer verifies the destination address and hands the segment to TCP. TCP checks the sequence number and reassembles segments in order, sending ACKs back to the sender. Once all segments are received, the complete HTTP request is delivered to the web server process on port 80 or 443.

Encapsulation Data Unit Flow

Application
Data
Transport
Segment
Internet
Packet
Net Access
Frame
Physical
Bits

💡
Remember PDU Names with a Mnemonic
The PDU names from Application to Network Access are Data, Segment, Packet, Frame, Bits. A popular mnemonic is “Do Some People Fear Birthdays?” Alternatively, work from the bottom up: “Bits Float Past The Application”.

TCP vs UDP — Choosing the Right Transport

One of the most consequential decisions in network application design is the choice between TCP and UDP. TCP’s reliability mechanisms — acknowledgements, retransmission, flow control using the sliding window, and congestion control using algorithms like CUBIC or Reno — make it ideal for data integrity-critical applications: file transfers (FTP, SFTP), email (SMTP, IMAP), and web traffic (HTTP/HTTPS). The cost is increased latency and overhead.

UDP eliminates that overhead by offering a stateless, connectionless transport. No handshake, no acknowledgements, no sequencing. This makes UDP the protocol of choice for real-time applications where a retransmitted packet arriving late is worse than no packet at all — VoIP (RTP over UDP), live video streaming, DNS lookups, and DHCP all rely on UDP. In modern deployments, QUIC (the transport used by HTTP/3) rebuilds reliability semantics over UDP to gain performance advantages unavailable with TCP.

📊 TCP / IP Model — Usage and Functions

The following table maps common TCP / IP use cases to their functional role within the model and identifies the relevant Cisco IOS context in which each manifests. This is a practical reference that bridges theory and the CLI, helping you connect what you read in a textbook to what you see on a device prompt.

Use Case Function Cisco IOS Context
Web Browsing (HTTP/HTTPS) Application-layer protocol exchange; TCP segments data, IP routes packets across the internet, Ethernet delivers frames locally. Inspect with show tcp brief; filter access with ACLs matching TCP port 80/443.
Router-to-Router Routing (OSPF) OSPF operates at the Internet layer; it sends Hello packets encapsulated directly in IP (protocol 89) to form adjacencies and exchange LSAs. show ip ospf neighbor, show ip route ospf.
DNS Resolution Application-layer request/response protocol over UDP port 53 (or TCP for large responses). Resolves hostnames to IP addresses before communication begins. ip domain-lookup, ip name-server <address>, debug ip dns.
DHCP Address Assignment Application-layer protocol operating over UDP (server port 67, client port 68). Four-step DORA process (Discover, Offer, Request, Acknowledge) allocates IP addressing information. ip helper-address for relay; show ip dhcp binding on DHCP server.
SSH Remote Management Encrypted Application-layer protocol over TCP port 22. Provides secure CLI access to Cisco devices, replacing cleartext Telnet. ip ssh version 2, transport input ssh on VTY lines, show ssh.
ICMP Ping / Traceroute ICMP is an Internet-layer protocol (IP protocol number 1) used for diagnostics. Ping uses ICMP Echo Request/Reply; traceroute exploits TTL expiry and ICMP Time Exceeded messages. ping <ip-address>, traceroute <ip-address>, show ip traffic.
ARP Table Maintenance ARP resolves Internet-layer IP addresses to Network Access-layer MAC addresses within a subnet. Essential before a frame can be constructed for local delivery. show arp, show ip arp, clear arp-cache.
VoIP / Real-time Media RTP carries media streams over UDP for minimal latency. RTCP provides out-of-band statistics. Quality of Service (QoS) at the Internet and Network Access layers prioritises these flows. Class-maps and policy-maps under MQC; show policy-map interface.
Network Monitoring (SNMP) SNMP operates at the Application layer over UDP port 161 (agent) and 162 (trap). Managers poll agents using Get/Set requests to retrieve MIB objects representing device state. snmp-server community, snmp-server host, show snmp.
Secure File Transfer (SFTP/SCP) SFTP and SCP operate as SSH subsystems at the Application layer over TCP port 22. Used to copy configuration files and IOS images to and from network devices. copy scp: flash:, ip scp server enable.

Cisco IOS CLI Examples

The two code blocks below demonstrate how TCP / IP Model concepts surface directly in Cisco IOS verification commands. The first example verifies active TCP connections and listening services on a router. The second demonstrates how to inspect the IP routing table — the Internet layer’s core data structure — and confirm that routes are being installed correctly by a routing protocol.

Cisco IOS — Verifying TCP Connections and Transport Layer State

! Display all active TCP connections on the router
Router# show tcp brief

! Expected output columns:
! TCB Local Address Foreign Address State
! Each row represents one TCP socket (IP:port pair)

Router# show tcp brief
TCB Local Address Foreign Address (state)
67A3C4E0 10.0.0.1.22 10.0.0.100.54231 ESTAB
67A3B2A0 10.0.0.1.179 10.0.0.2.179 ESTAB

! The first entry is an SSH management session (port 22)
! The second entry is a BGP peer session (port 179)
! ESTAB = TCP ESTABLISHED — full connection in place

! To view UDP listeners (Transport Layer — connectionless)
Router# show ip sockets
! Lists all open UDP and TCP sockets — useful for confirming
! SNMP (UDP/161), NTP (UDP/123), DNS (UDP/53) are running

Cisco IOS — Verifying the Internet Layer Routing Table

! Display the complete IPv4 routing table (Internet Layer)
Router# show ip route

! Codes legend — routing protocol source identifiers:
! C = Connected S = Static O = OSPF D = EIGRP B = BGP

Gateway of last resort is 203.0.113.1 to network 0.0.0.0

S* 0.0.0.0/0 [1/0] via 203.0.113.1 ! Default route
C 10.0.0.0/24 is directly connected, GigabitEthernet0/0
O 10.1.0.0/24 [110/2] via 10.0.0.2, GigabitEthernet0/0 ! OSPF route
D 10.2.0.0/24 [90/2170112] via 10.0.0.3, GigabitEthernet0/0

! The [AD/metric] values show administrative distance / metric
! IP uses this table to make forwarding decisions — Internet Layer

! Verify a specific prefix and next-hop detail:
Router# show ip route 10.1.0.0
Routing entry for 10.1.0.0/24
Known via "ospf 1", distance 110, metric 2, type intra area
Last update from 10.0.0.2 on GigabitEthernet0/0
* 10.0.0.2, from 10.0.0.2, via GigabitEthernet0/0

Best Practices for Working with the TCP / IP Model

Whether you are preparing for a Cisco exam or troubleshooting a production network outage at 2am, the following best practices will help you apply TCP / IP Model knowledge effectively. These recommendations are drawn from real-world network engineering discipline and Cisco’s own operational frameworks.

  • Use the TCP / IP Layer Model as a Troubleshooting Framework. Always approach network problems systematically, starting at Layer 1 (physical connectivity), verifying Layer 2 (framing, MAC, switching), then Layer 3 (IP addressing, routing), and finally Layer 4 and above (transport and application). This bottom-up approach avoids time wasted investigating the wrong layer. Cisco’s OSS/BSS documentation describes this as the “divide and conquer” methodology.
  • Document IP Addressing at the Internet Layer Rigorously. Maintain accurate IP address management (IPAM) records for every interface, VLAN, and subnet in your environment. Ambiguous addressing leads to duplicate IPs, routing black holes, and ACL mismatches — all preventable with disciplined documentation. Tools like Cisco Catalyst Center (DNA Center) or open-source IPAM solutions support this discipline at scale.
  • Choose TCP or UDP Based on Application Requirements, Not Familiarity. Resist the temptation to default to TCP for every custom application. If your application can tolerate packet loss and requires low latency — such as a real-time telemetry stream — UDP with application-level sequence numbers is the correct choice. Unnecessary TCP overhead degrades performance in high-throughput, low-latency environments.
  • Apply Access Control Lists at the Appropriate Layer. Standard ACLs match on source IP only (Internet layer). Extended ACLs can match on source IP, destination IP, protocol, and port number (Transport layer). Place extended ACLs as close to the source as possible, and standard ACLs as close to the destination as possible. Misplacing ACLs is a frequent exam error and a common production mistake.
  • Validate End-to-End Connectivity at Every Layer. Use ping to confirm Internet-layer reachability. Use telnet <ip> <port> from the Cisco CLI to test Transport-layer TCP connectivity to a specific port. Use show interfaces and show controllers for Network Access layer health. Each tool targets a specific layer and provides targeted evidence.
  • Enable SSH (Not Telnet) for All Management Plane Access. Telnet operates at the Application layer and transmits credentials and session data in cleartext — observable at the Network Access and Internet layers by anyone with packet capture capability on the path. SSH encrypts the entire session. Configure ip ssh version 2 and restrict VTY lines to transport input ssh on all managed devices.
  • Understand and Monitor TCP Window Scaling. TCP flow control uses the receive window to signal available buffer space. In high-bandwidth, high-latency paths (high BDP — Bandwidth-Delay Product), the default window size can become a bottleneck. Ensure TCP window scaling (RFC 7323) is enabled on hosts and that network devices are not inadvertently stripping TCP options, which can cripple throughput on WAN links.
  • Configure MTU Consistently Across the Path. Fragmentation occurs at the Internet layer when an IP packet exceeds the MTU of the outgoing interface. Fragmentation degrades performance and can break applications that set the DF (Don’t Fragment) bit. Use ip mtu and ip tcp adjust-mss on Cisco interfaces to align MSS values with the actual path MTU, particularly on tunnelled (GRE, IPsec) links where overhead reduces effective MTU.
  • Use QoS to Classify and Queue Traffic by Application Layer Protocol. The TCP / IP Model’s layering means that time-sensitive traffic (VoIP RTP streams over UDP) and bulk transfer traffic (FTP over TCP) coexist on the same interfaces. Without QoS classification and queuing, bulk TCP flows will cause TCP back-pressure that starves real-time UDP traffic. Implement Cisco MQC policies that classify DSCP markings applied at the Application or Transport layer boundaries.
  • Regularly Audit the ARP and MAC Address Tables. Stale or spoofed ARP entries at the Network Access layer can redirect traffic to unintended hosts — the basis of ARP poisoning attacks. Enable Dynamic ARP Inspection (DAI) on Cisco switches to validate ARP packets against the DHCP snooping binding table. Routinely review show arp and show mac address-table for anomalies, especially duplicate MAC entries.

TCP / IP Model — Pros and Cons

Like any architectural framework, the TCP / IP Model carries both profound strengths that explain its universal adoption and inherent limitations that engineers must work around in practice. Understanding both sides of this analysis prepares you for the architectural discussions that arise in design scenarios.

✔ Advantages

  • Universally adopted across all modern networks, making it the de facto standard for interoperability between any two compliant devices, regardless of vendor.
  • The four-layer architecture provides clean separation of concerns, allowing each layer to evolve independently without requiring changes to adjacent layers.
  • Highly scalable — TCP / IP has successfully scaled from ARPANET’s initial four nodes to billions of internet-connected devices without fundamental architectural changes.
  • Routable and hierarchical IP addressing enables efficient aggregation and longest-prefix-match forwarding in large networks with millions of routes.
  • TCP’s robust reliability mechanisms — sequencing, acknowledgements, retransmission, and flow control — ensure data integrity for critical applications without application-level engineering effort.
  • Open, standards-based design governed by IETF RFCs ensures that any vendor can implement compliant hardware and software, preventing proprietary lock-in at the protocol level.
  • UDP provides a lightweight alternative for latency-sensitive applications, giving developers flexibility to implement only the reliability mechanisms their specific application requires.
  • Supported by an enormous ecosystem of troubleshooting tools, monitoring platforms, and documentation, reducing the skill investment required to operate TCP / IP networks.

✘ Disadvantages

  • IPv4 address exhaustion — the 32-bit address space provides only approximately 4.3 billion addresses, requiring NAT as a workaround and complicating end-to-end connectivity models.
  • TCP’s connection establishment overhead (three-way handshake) and slow-start behaviour add latency, which is significant in high-transaction-rate or high-BDP environments.
  • TCP head-of-line blocking means a lost packet stalls all subsequent data in the stream until retransmission completes — a fundamental limitation partly addressed by QUIC/HTTP3.
  • The original TCP / IP Model was designed without built-in security. IPsec, TLS, and other security overlays are retrofitted additions rather than integral design features.
  • IP fragmentation, while functional, degrades performance and creates potential attack vectors (fragment-based evasion of IDS/IPS systems).
  • The model’s lack of native QoS mechanisms means that traffic differentiation requires additional protocols (DSCP marking, RSVP, QoS queuing) layered on top.
  • IPv4-to-IPv6 transition complexity has proven challenging at scale, requiring dual-stack operation, translation mechanisms (NAT64), and tunnelling — all adding operational overhead.

IPv6 Addresses the Core IPv4 Limitations
IPv6, formally standardised in RFC 8200, uses a 128-bit address space providing approximately 3.4 × 10³⁸ addresses — enough to assign billions of addresses to every person on Earth. IPv6 also includes mandatory IPsec support, simplified header design for faster router processing, built-in stateless address autoconfiguration (SLAAC), and the elimination of broadcast, reducing unnecessary traffic at the Network Access layer.

🏁 Conclusion

Mastering the TCP / IP Model Is Non-Negotiable

The TCP / IP Model is not merely an exam topic to memorise and move past — it is the architectural lens through which every network engineer interprets, designs, and troubleshoots the systems they operate. Every Cisco IOS command you run, every packet capture you analyse, and every network design decision you make is framed by the four-layer logic of the TCP / IP Model.

Your goal is to be able to state which layer any given protocol operates at, describe what happens at each layer during encapsulation and de-encapsulation, and map that knowledge to Cisco IOS verification commands. That foundation expands into architectural decisions: when to choose TCP vs UDP, how to design for IPv6 coexistence, how QoS policies interact with Transport-layer behaviour, and how security controls map to specific layers.

The key takeaways from this guide are: understand the four layers and their PDU names; be precise about which protocols belong to which layer; know the TCP three-way handshake and its implications for latency and reliability; apply the model as a disciplined troubleshooting framework starting at Layer 1; and leverage Cisco IOS verification commands at each layer to gather targeted evidence during fault isolation. These skills are what separate engineers who merely pass exams from those who confidently solve real-world network problems.

Continue reinforcing this knowledge with hands-on Cisco IOS practice in a lab environment — whether on physical hardware, Cisco Packet Tracer, or Cisco Modeling Labs (CML). Theory and CLI muscle memory together form the complete skill set.

📚 Glossary

The following terms are central to the TCP / IP Model and appear frequently in Cisco study materials and production network documentation.

TCP
Transmission Control Protocol. A connection-oriented, reliable Transport-layer protocol that provides sequenced, error-checked, flow-controlled delivery of byte streams between processes identified by port numbers.

UDP
User Datagram Protocol. A connectionless, best-effort Transport-layer protocol. Provides no reliability or ordering guarantees, offering minimal overhead for latency-sensitive applications like DNS, VoIP, and streaming media.

IP
Internet Protocol. The Internet-layer protocol responsible for logical addressing and routing of packets across multiple networks. IPv4 uses 32-bit addresses; IPv6 uses 128-bit addresses.

ICMP
Internet Control Message Protocol. An Internet-layer protocol used for diagnostics and error reporting. ICMP Echo Request and Echo Reply form the basis of the ping command; Time Exceeded messages support traceroute.

ARP
Address Resolution Protocol. Resolves IPv4 addresses to MAC addresses within a single broadcast domain. A host broadcasts an ARP Request containing the target IP; the owner of that IP replies with its MAC address. Operates at the Network Access / Internet boundary.

Encapsulation
The process by which each layer of the TCP / IP Model adds its own header (and sometimes trailer) to the data received from the layer above, creating a layer-specific Protocol Data Unit before passing it downward.

PDU
Protocol Data Unit. The generic term for the data unit at any TCP / IP layer. Specific PDU names: Data (Application), Segment (TCP Transport), Datagram (UDP Transport), Packet (Internet), Frame (Network Access), Bits (physical).

MTU
Maximum Transmission Unit. The largest IP packet size that can be transmitted on a given network link without fragmentation. Standard Ethernet MTU is 1500 bytes. Tunnel interfaces (GRE, IPsec) reduce effective MTU due to header overhead.

TTL
Time To Live. An 8-bit field in the IPv4 header initialised by the sender (typically 64 or 128) and decremented by each router. When TTL reaches zero, the packet is discarded and an ICMP Time Exceeded message is returned — preventing routing loops from consuming bandwidth indefinitely.

Port Number
A 16-bit identifier in the TCP or UDP header that identifies the specific process or service on a host. Well-known ports (0–1023) are assigned by IANA. Examples: HTTP=80, HTTPS=443, SSH=22, DNS=53, SMTP=25, SNMP=161.

Three-Way Handshake
The TCP connection establishment mechanism: the client sends SYN, the server responds with SYN-ACK, and the client completes with ACK. This exchange synchronises initial sequence numbers and confirms bidirectional path reachability before data transfer begins.

Flow Control
A TCP mechanism that prevents a fast sender from overwhelming a slow receiver. The receiver advertises a receive window size (rwnd) in each ACK, indicating available buffer space. The sender must not have more unacknowledged data outstanding than the window size permits.

Routing Table
The Internet-layer data structure maintained by every IP-capable device, listing known network prefixes and their associated next-hop addresses and egress interfaces. Populated by directly connected networks, static routes, and dynamic routing protocols (OSPF, EIGRP, BGP).

MAC Address
Media Access Control address. A 48-bit (6-byte) hardware address assigned to a NIC, used at the Network Access layer to identify devices within a single broadcast domain. Written in hexadecimal (e.g. 00:1A:2B:3C:4D:5E). The first 24 bits are the OUI (vendor identifier).

Socket
An endpoint for network communication defined by the combination of an IP address and a port number. A TCP connection is uniquely identified by its four-tuple: {source IP, source port, destination IP, destination port}. Sockets allow a single IP address to host many simultaneous connections.

FCS
Frame Check Sequence. A 4-byte (32-bit CRC) trailer appended to Ethernet frames at the Network Access layer. The receiving NIC recomputes the CRC and compares it to the FCS. Mismatches indicate bit errors in transmission and cause the frame to be discarded.

Tags
ARP - Address Resolution Protocol Application Layer (TCP/IP) Bits Cisco IOS DHCP - Dynamic Host Configuration Protocol DNS - Domain Name System De-encapsulation Encapsulation Frame ICMP - Internet Control Message Protocol IPv4 IPv6 Internet Layer (TCP/IP) Network Access Layer (TCP/IP) Network Troubleshooting Networking Fundamentals OSI Model - Open Systems Interconnection Model OSPF - Open Shortest Path First PDU - Protocol Data Unit Packet QoS SNMP SSH Segment TCP - Transmission Control Protocol TCP/IP Transport Layer (TCP/IP) UDP - User Datagram Protocol


Related Posts

Network Protocol DHCP

Understanding DHCP – Dynamic Host Configuration Protocol

Architecture Framework Network Protocol

Guide to Switching and Routing

Framework Architecture Troubleshooting

Master the TCP / IP Model

Framework Architecture Troubleshooting

The OSI Model 7 Layers Explained