The TCP protocol (Transmission Control Protocol) plays a central role in the TRANSPORT layer of the TCP/IP model. It acts as a bridge between applications and the Internet layer, ensuring the reliable transfer of data between two distant machines. While the IP protocol simply sends packets without guaranteeing delivery or order, TCP ensures the integrity and consistency of the data flow, delivering it loss-free, in the correct order, and without duplicates.

TCP's main responsibilities include:

TCP is a connection-oriented protocol, meaning it sets up an explicit, ongoing relationship between client and server. To do this, it uses sequence numbers and acknowledgements: for every segment sent, a unique identifier is assigned so the receiving machine can check both the order and integrity of the data. The receiver then returns an acknowledgement segment with the ACK flag set to 1, confirming receipt and indicating the next expected sequence number.

To improve reliability, TCP uses a timer: once a segment is sent, a countdown starts. If an acknowledgement does not arrive within the timeout period, the sender automatically retransmits the segment, assuming it was lost in transit. This automatic retransmission mechanism offsets the losses inherent to IP networks, which can occur in cases of congestion, routing errors, or hardware failures.

TCP is able to detect and handle duplicates. If a retransmitted segment arrives but the original also shows up, the receiver uses the sequence numbers to identify the duplicate and keep only the correct copy, eliminating any ambiguity.

For this process to work, both machines must share a common understanding of their initial sequence numbers. This is ensured by following a strict connection procedure: on the one hand, the server listens on a specific port, waiting for an incoming request (passive mode); on the other, the client actively initiates the connection by sending a request to the server on the same service port.

NOTE: A "port" is a numerical identifier (from 0 to 65,535) assigned to a network application on a computer. It is used to differentiate multiple services running simultaneously on the same IP address. When a client sends data, it specifies the port number so the server's operating system knows which program should receive it (e.g. 80 for HTTP, 443 for HTTPS, 25 for SMTP). Ports act like dedicated doors, directing traffic in and out, preventing confusion between services, and allowing fine-grained access control through firewalls or filtering rules.

The sequence synchronization exchange is based on the famous "three-way handshake" mechanism, similar to the way two people greet each other to establish contact. This initialization phase, which ensures TCP's reliability, takes place in 3 stages:

This exchange protocol ensures that both parties share the same numbering base before transmitting payload data. Once this synchronization is complete, the session is opened: segments can now travel in both directions, each acknowledged upon receipt, ensuring maximum reliability of the data flow.

This three-way handshake only concerns connection establishment. For closing, TCP uses a four-way handshake: FIN → ACK → FIN → ACK, which guarantees that no segment in transit is lost before the connection is completely released.

Although designed for robustness and reliability, this process has also given rise to exploitable vulnerabilities. For example, attacks such as IP Spoofing aim to bypass or corrupt this trust relationship by posing as an authorized machine through falsified sequence numbers, creating a breach that allows interception or manipulation of the data stream.

To limit the risks of sequence synchronization hijacking and to manage network load, the TCP protocol uses a flow management technique known as "Sliding Window". This system regulates how much data can be sent without requiring an immediate acknowledgement for each segment, thus reducing unnecessary overload on the network while maintaining good reliability.

In practical terms, the sliding window defines a range of sequence numbers that can circulate freely between sender and receiver without each individual segment beeing acknowledged. As acknowledgements are received by the sending system, the window "slides": it slides to the right making room for new segments to be sent. The size of this window (critical for optimizing throughput while avoiding congestion) is specified in the "Window" field of the TCP header.

Example: if the initial sequence number is 3 and the window extends to sequence 5,segments numbered 3 to 5 can be sent without waiting for individual acknowledgements.

The size of the sliding window is not fixed; it adjusts dynamically to network conditions and the receiver's processing capacity. If the receiver can handle a greater volume of data, it indicates this through the Window field, prompting the sender to expand its window. Conversely, in case of overload or risk of saturation, the receiver can request a reduction, the sender will wait until the window moves forward to send additional segments.

The protocol provides a symmetrical procedure for closing a TCP connection to ensure a clean, orderly shutdown. Either machine can initiate closure by sending a segment with the FIN flag set to 1, signalling its intent to end the communication. It then waits until all in-transit segments have been received and ignores any further data.

Upon receiving this segment, the other machine sends an acknowledgement, also marked with the FIN flag. It then finishes sending any remaining data before informing the local application that the coonection has been closed. This double confirmation ensures an orderly shutdown and minimizes the risk of data loss.

This precise management,combining IP's flexible routing with TCP's strict control, is often illustrated by a diagram contrasting the speed of the IP protocol (which works on a "best effort " basis, with no guarantee of delivery) against the reliability of the TCP protocol (which manages transmission through acknowledgements and negotiated sequences).

In some cases, however, absolute reliability is not the priority: speed and simplicity are. This is true for applications like live streaming or VoIP, which can tolerate some packet loss without seriously affecting user experience. In such cases, UDP (User Datagram Protocol) is preferred.

UDP operates on a fundamentally different principle from TCP: it is connectionless, meaning no prior relationship is established between sender and receiver. When a machine sends packets via UDP, they are transmitted one way; the receiver does not send acknowledgements, and the sender has no confirmation that the message arrived. The UDP header is intentionally minimal, containing only the source port, destination port, segment length, and a checksum, with no built-in acknowledgment or state-control mechanism. As always, IP addresses are carried by the underlying IP header.

A common analogy is that TCP is like a phone call, where a circuit is established, followed and controlled throughout the conversation. While, the UDP protocol is like posting a mail, where the sender slips a letter into a mailbox with no immediate proof of delivery or systematic feedback.

This complementarity between TCP and UDP enables modern networks to adapt to a variety of needs, choosing maximum reliability or prioritizing speed, depending on the application.