TCP (Transmission Control Protocol) and IP (Internet Protocol) form the foundation of reliable internet communication, operating at the transport and network layers of the OSI model. TCP ensures ordered, error-checked byte stream delivery between application processes, while IP handles packet routing across networks. Understanding TCP/IP internals—from handshakes and state machines to congestion control and window management—is essential for network engineers, system administrators, and software developers optimizing performance, debugging connectivity issues, or implementing network protocols. The protocol's behavior under congestion, packet loss, and varying network conditions reveals sophisticated algorithms and careful engineering trade-offs that have evolved over decades of internet growth.
What This Cheat Sheet Covers
This topic spans 15 focused tables and 155 indexed concepts. Below is a complete table-by-table outline of this topic, spanning foundational concepts through advanced details.
Table 1: TCP Connection Establishment
Every TCP connection begins by synchronizing sequence numbers through the famous three-way handshake, and the SYN exchange is also where both ends negotiate the options that govern the rest of the conversation — MSS, window scaling, timestamps. The mechanisms here go beyond the textbook handshake to cover the security and latency refinements layered on top of it, like randomized ISNs that thwart hijacking, SYN cookies that survive a flood, and Fast Open that lets data ride along in the very first packet.
| Mechanism | Example | Description |
|---|---|---|
Client: SYN (seq=x) Server: SYN-ACK (seq=y, ack=x+1) Client: ACK (ack=y+1) | • Standard TCP connection initiation where client sends SYN, server responds with SYN-ACK, client confirms with ACK • establishes synchronized sequence numbers and initial parameters | |
ISN = hash(src IP, src port, dst IP, dst port, secret) | • Randomly generated 32-bit starting sequence number sent in SYN packet • randomization prevents connection hijacking and sequence prediction attacks | |
SYN=1, seq=2000 | Flag set to 1 in first two handshake segments (SYN and SYN-ACK) to initiate connection and exchange initial sequence numbers | |
ACK=1, ack=13002 | • Set to 1 in all segments after initial SYN • indicates acknowledgment field contains valid next expected sequence number | |
Both: SYN (seq=x) Both: SYN-ACK (seq=y, ack=x+1) Both: ESTABLISHED | • Rare scenario where both endpoints initiate active connection simultaneously • results in single connection, not two—handled by TCP state machine |