Skip to content

TCP/IP Model

The TCP/IP stack is what actually runs the internet
OSI is theoretical -- TCP/IP is the real protocol suite that every network device implements and every security tool targets

Four Layers

1. Application Layer Contains protocols applications use to communicate * HTTP/HTTPS - Web traffic * SSH - Secure shell * FTP - File transfer (legacy and insecure) * SMTP - Email sending * DNS - Name resolution

2. Transport Layer End-to-end communication management * TCP - Reliable , ordered , connection-oriented * UDP - Quick , connectionless , no guarantees

3. Internet Layer Packet routing and addressing * IP - Addressing and routing (v4 and v6) * ICMP - Error reporting and diagnostics (ping, traceroute) * ARP - MAC address resolution (local network only)

4. Network Access Layer Physical hardware interface

TCP Three-Way Handshake

Client                    Server
  |                         |
  |----- SYN (seq=x) ----->|  Step 1: Client initiates
  |                         |
  |<- SYN-ACK (seq=y, ack=x+1)-|  Step 2: Server acknowledges
  |                         |
  |----- ACK (seq=x+1) --->|  Step 3: Client confirms
  |                         |
  |===== Data Transfer ====>|
  |                         |

This handshake is critical for port scanning because: * SYN sent + RST received = port closed * SYN sent + SYN-ACK received = port open (full handshake not completed) * No response = port filtered (firewall)

TCP Flags

  • SYN - Synchronize (initiate connection)
  • ACK - Acknowledgment
  • FIN - Finish (graceful close)
  • RST - Reset (immediate close)
  • PSH - Push (immediate delivery)
  • URG - Urgent

Packet Structure

| IP Header | TCP Header | Payload |
  20-60 bytes  20-60 bytes

TCP Header Fields: Source Port , Dest Port , Sequence Number , Acknowledgment Number , Flags , Window Size , Checksum , Urgent Pointer

IP Header Key Fields

  • Version (4 or 6)
  • TTL (Time To Live) - decremented per hop , prevents loops
  • Protocol - TCP (6) , UDP (17) , ICMP (1)
  • Source IP
  • Destination IP

NAT and PAT

Network Address Translation maps private IPs to public Port Address Translation uses port numbers to track multiple internal hosts sharing one public IP

  • Security by obscurity (not real security)
  • Complicates peer-to-peer protocols
  • Traversal techniques: STUN , TURN , ICE