TCP/IP Model With Different Layers

A Complete Guide to Layers of TCP/IP Model:

We learned all about Firewall Security in our previous tutorial. Here, in this tutorial we will learn about TCP/IP Model.

The TCP/IP model refers to transmission control protocol and Internet protocol.

The current Internet model is using this network model for communication purposes. Read through the Training Tutorials on Networking for clear understanding of the concept.

These protocols are simply a combination of the rules which regulate each communication over the network. These, in turn, decide the path to be followed for communication between the source and destination or the internet.

The TCP/IP Model consists of four layers which conclude the overall communication process. In this tutorial, we will take an in-depth look at the functionality of each layer.

Different Layers of TCP/IP Models

As a software tester, it is necessary to empathize with the TCP/IP model, as the software applications work on the top layer i.e the application layer of this model.

Network Architecture

The four-layer architecture is as follows:

TCP IP Architecture

Protocols and Networks used in this networking model are shown in the below figure:

Protocols and Networks used in TCP/IP Model

Let’s summarize the protocols and main uses of each layer in the TCP/IP Model with the help of the below diagram.

Summary of Layers in TCP IP Model

Functions of Each Layer in TCP/IP Model

Enlisted below are the various functions of each layer in the TCP/IP Model.

Network Access Layer

Functions of the Network Access Layer are given below:

  • This is the bottom layer of the TCP/IP Model and it includes all the functionality of the physical layer and the data-link layer of the OSI reference model.
  • Thus it characterizes the protocols, hardware, and media to be used for communication.
  • Data packets from the Internet layer are passed to this layer for sending to the destination over a physical media.
  • The main task of this layer is to combine the data bytes into frames and provide some mechanism for the transmission of IP data frame over the physical medium.
  • Point to point (PPP) is the protocol that is used to make a point to point link the over leased lines. It is also deployed to provide connectivity between the end user and internet service providers via modems. It also supports for provisioning the IP addresses over PPP links.
  • Most of the end users prefer an Ethernet link that works only on Ethernet data link protocol. Thus PPP over Ethernet which permits the encapsulated data frames to be sent inside Ethernet frames is created.
  • PPPoE initially builds up a tunnel between the end-user network devices like router and ISP router. Then the router sends PPP frames over that tunnel as the tunnel works as a point to point link between the routers. Now data is transmitted over WAN networks as well due to this technology.
  • PPP also uses the authentication process for checking the accountability for use of data with ISP’s. The methods include password authentication protocol (PAP) and channel handshake authentication protocol (CHAP).

Internet Layer

  • The second layer from the bottom is the Internet layer.
  • Once the data is segmented by TCP or UDP by adding the corresponding headers in the data packet, it will send it down to the lower layer for further communication.
  • The destination host to which the data packet is destined may reside in some other network whose path may be reached by going through various routers. It is the duty of the Internet layer to assign the logical addresses and route the data packets efficiently to the destination network.
  • Internet layer (IP) is the most popular protocol that is used to perform this task.

Internet Protocol

The purpose of this protocol is to route the data packets to the destination as per the information in the packet header by following a set of protocols.

By adding a header which has the IP address of the source and destination, the segment received from TCP or UDP is converted into PDU known as a packet. When the packet arrives at the router, it looks at the destination address in the header and then forwards the packet accordingly to the next router to reach the destination.

Let’s understand this with an Example:

In the below figure, when host A wants to communicate with host B, it will not use any routing protocol as both are in the same network range having the IP addresses of the same set.

But if Host A wants to send a packet to Host C then with the help of the protocol it discovers that the destination host is of some another network. Thus the above format will look up into the routing table to find out the next hop address for reaching out to the destination.

In this case, host A will reach the host C via router A, B and C. As router C is directly connected to a destination network via a switch, the packet is delivered to Host C.

The router gets all the routing related information from the IP header fields. The network layer of TCP/IP (data-link layer) will be responsible for end to end delivery of the data packets.

Packet flow in Internet Protocol

Packet flow in Internet Protocol

IPV4 Header

IPV4 Header

  • Version: The IPV4 has version number 4.
  • Header length: It shows the size of the header.
  • DS Field: DS field stands for differentiated services field and is deployed for constructing packets.
  • Total length: It denotes the size of the header plus the size of the data packet.
  • Identification: This field is used for fragmentation of data packets and for allocating each field and thereby helps to construct the original data packet.
  • Flags: Used to denote the fragmentation procedure.
  • Fragment offset: It indicates the fragment number and source host that uses them for rearranging the fragmented data in the correct order.
  • Time to leave: This is set at the source host end.
  • Protocol: It denotes the protocol that it is using for transmitting data. TCP has protocol number as 6 and UDP has the protocol number as 17.
  • Header Checksum: This field is used for error detection.
  • Source IP address: It saves the IP address of the source end host.
  • Destination IP address: It saves the IP address of the destination host.

We will discuss this in detail, in our upcoming tutorials.

Transport Layer

  • This is the third layer from the bottom as is responsible for the overall transfer of data and is helpful in establishing an end to end logical connectivity between the source & destination host and the devices in a network.
  • Two protocols are used to perform these tasks:
    • First is the Transmission control protocol (TCP), which is a connection-based and reliable protocol.
    • Second is the User datagram protocol (UDP), which is a connection-less protocol.
  • Before exploring these two protocols in deep, we will discuss the concept of PORT NUMBER which is used by both these protocols.

Port Number:

In a network, a host device may send or receive traffic from several sources at the same time.

In such a situation, the system will not recognize which of the applications the data belongs to. TCP and UDP protocols resolve these issues by putting a port number in their headers. The well-known application layer protocols are allocated with the port number of the range 1 to 1024.

At the source end, every TCP or UDP session is allocated with a random port number. The IP address, port number, and type of protocol used in combination reforms a socket at both the source and destination end. As every socket is exclusive, several hosts can send or receive traffic at the same interval of time.

The below table shows the port number that is assigned to several application layer protocols corresponding to the transport layer protocol.

Application ProtocolTransport ProtocolPort Number

Multiple session using port number

Multiple session using port number


  • Whenever the application layer needs to circulate the flow of huge traffic or data, it sends it to the transport layer in which the TCP performs all the end to end communication between networks.
  • TCP initially set-up a three-way handshake process between the source and destination and then it splits the data into small chunks known as segments, and includes a header into every segment and then forwards it to Internet layer.

The below figure shows the format of the TCP header.

TCP header

  • Three-Way Handshake: It is the process deployed by TCP to establish a connection between the source and destination host in the network. It is used to perform reliable data transmission. It deploys SYN and ACK flags of code bits of the TCP header to perform the task. It provisions reliable communication by performing positive acknowledgment with re-transmission and is also known as PAR. The system using PAR will re-transmit the data segment until it receives the ACK. Whenever the receiver discards the data, the sender has to re-transmit the data until it receives the positive ACK from the receiver.

There are 3 steps of three-way handshaking, which are as follows:

  1. Step 1: The source host A wants to establish a connection with the destination host B, it transmits a segment with the SYN and sequence number, which denotes that the host A wants to initiate a session of communication with Host B and with what sequence number it is defined in that segment.
  2. Step 2: The host B responds to the request of host A with SYN and ACK set in the signal bit. ACK denotes the response of the received segment and SYN denotes the sequence number.
  3. Step 3: The host A acknowledges the response from the Host B and both establish a secure connection between them and then begin data transmission over it.

As described in the below figure, in the three-way handshake process, firstly the source host sends a TCP header to the destination host by setting the SYN flag. In response, it gets back the SYN and acknowledgment flag set. The destination host practices the received sequence number plus 1 as the acknowledgment number.

TCP IP supports the client-server model of the communication system.

Three-Way Handshake Process

Three Way Handshake Process

  • Data segmentation:
    • This is one of the features of the TCP protocol. The application layer sends a huge number of data for transmission to the destination to the transport layer. But the transport layer limits the size of data to be sent in one go. This is done by splitting up the data into small segments.
    • To recognize the sequence of data segments, a sequence number is used in the TCP header and that describes the byte number of the whole data segment.
  • Flow control:
    • The source host will send the data in a cluster of segments. The TCP header having a window bit is used to find out the count of the segments that can be sent at one instance of time. It is used to elude the insignificant traffic at the destination end.
    • When the session is started, the size of the window is tiny but as the traffic increases with time, the size of the window can become huge. The destination host can adjust the window in accordance to control the flow. Thus the window is called a sliding window.
    • The source can only transmit the number of segments which are permitted by the window. In order to send more segments, firstly it will wait for an acknowledgment from the receiving end once it receives the ACK, and later it can enhance the size of the window according to its need.
    • In the below figure, the destination host is enhancing the size from 500 to 600 then to 800 after sending the ACK back to the source host.
  • Reliable delivery and Error Recovery:
    • After the last segment of the decided window is received by the destination, it has to send an ACK to the source end. ACK flag is set in the TCP header and the ACK number is put as the sequence number of the subsequent byte presumed. If the destination does not receive the segments in proper order, then it will not transmit the ACK back to the source.
    • This explains the source that few of the segments are misplaced during transmission and it will retransmit all the segments.
    • In the below figure, it has been illustrated that when the source has not received the ACK for the segment with SEQ number 200, then it is re-transmitting the data and after receiving the ACK it is sending the next sequence of the data segment in accordance with the window size.
  • Ordered Delivery:
    • The TCP ensures the sequential delivery of data to the destination. It delivers the data in the order in which it receives it from the application layer for delivery to the destination host. Thus for maintaining ordered delivery, it uses sequence number during transmission of data segments.
  • Connection Termination:
    • When the data transmission between source and destination is completed, the TCP will conclude the session by sending FIN and ACK flags and uses a four-way handshake to close it.

TCP Sliding Window and Reliable Delivery

TCP sliding window

User Datagram Protocol (UDP):

It is the unreliable and connection-less protocol for data transmission. In this protocol, unlike TCP it doesn’t generate any ACK flag, hence the source host will not wait for a response from the destination end and it will transmit the data without any delay and wait for ACK.

In a real-time scenario, UDP is used as the dropping of the data packets is chosen over waiting for packets for re-transmission. Thus it is most widely used in gaming, watching video online, chatting etc where acknowledgment of data is not a concern. In these scenarios, error checking and correction take place at the application layer.

UDP header:

UDP Header

  • Source Port: It classifies the source end packet information which is 16 bit of size.
  • Destination port: It is also 16 bits in size and uses to classify the type of data service at the destination node.
  • Length: It indicates the overall size of the UDP datagram. The maximum size of the length field can be the overall size of the UDP header itself.
  • Checksum: It saves the checksum value evaluated by the source end before transmission. If it doesn’t hold any value, then all of its bits are set to zero.

UDP Applications:

  • It provisions datagram, thus it is appropriate for IP tunneling and network file system.
  • Simple in use, hence it is used in DHCP and trivial file transfer protocol.
  • Being stateless makes it efficient for streaming media applications like IPTV.
  • Also suitable for voice over IP and real-time streaming programs.
  • It backs the multicast, thus it is appropriate for broadcast services such as Bluetooth and routing information protocol.

Application Layer

(i) This is the top layer of the TCP/IP model.

(ii) It performs all the tasks of a session layer, presentation layer, and application layer of the TCP/IP model.

(iii) It combines the functions of interfacing with various applications, data encoding, data translation and provisions access for the users to communicate with various networking systems.

The most common application layer protocols are defined below:

#1) TELNET: It stands for terminal emulation protocol. It generally practices accessing the remote end applications. The telnet server which acts as the host initiates a telnet server application to establish a connection with the remote end host known as the telnet client.

After the connection is established, it is presented to the OS of the telnet server. The people on the server end use its keyboard and mouse to operate and access the far end host through TELNET.

#2) HTTP: It stands for hypertext transfer protocol. It is the base of the World Wide Web (WWW). This protocol is used to exchange the hypertext among different systems. It is a type of request-response protocol.

For Example, Web browser like internet explorer or Mozilla act as a web client and the application streaming on the PC hosting the website will act as a web server.

Thus, the server which provisions the resources like HTML files and other functions requested by the client returns a response message to the client which has the content of the completion status data and requested data in the message line.

HTTP resources are recognized and positioned on the network by uniform resource locators (URL’s) deploying uniform resource identifiers (URI) methods HTTP and https.

#3) FTP: It stands for file transfer protocol. It is used for sharing or transferring the files among two hosts. The host which runs the FTP application behaves as the FTP server while the other behaves as the FTP client.

The client host requesting for file sharing requires for authentication from the server to access the data. Once authorized, it can access any type of files from the server, send or receive files.

#4) SMTP: Simple mail transport protocol is an exercise to send e-mails. When we are configuring the host for sending e-mails, we use SMTP.

#5) DNS: Each of the host devices in any network has a unique logical address called the IP address. As discussed already the IP addresses are a group of so many numbers and it is not easy to memorize. When we type any web address on a web browser such as then we are actually requesting for a host having an IP address.

But we need not memorize the IP address of the web page that we are requesting for as DNS (domain name server) maps a name against each logical IP address and stores it.

Thus when we type in the browser for any web page, then it sends the DNS query to its DNS server to map the IP address against the name. Once it gets the address, an HTTP session is built with the IP address.

#6) DHCP: Each of the host devices in any network require an IP address for communication with the other devices in the network. It gets this address by manual configuration or by using a dynamic host configuration protocol (DHCP). If using DHCP, then the host will automatically be assigned with an IP address.

Suppose a network is comprising of 10,000 host devices. Then allocating IP address manually to each host is very difficult and is time taking too, thus we use DHCP protocol for assigning an IP address and other information to the connected host devices such as subnet mask IP or gateway IP.

Software testing programs will work on this layer of the TCP/IP model, as it provisions the end users to test the various services and use those services.


We have seen the different protocols that are used at each layer of the TCP/IP model to perform the tasks associated with the layer and their benefits in a communication system.

All the above-defined protocols have their own significance and different roles in testing and applying the software tools.

PREV Tutorial | NEXT Tutorial