Network Security
TCP (Transmission Control Protocol)
TCP is the Transmission Control Protocol, a core internet protocol that provides reliable, ordered, connection-oriented delivery of data between applications by establishing a session, acknowledging received data, and retransmitting what is lost.
In plain terms
TCP is the part of the internet that makes sure data arrives complete and in order. When you load a web page or send an email, TCP quietly checks that every piece got through and asks again for anything that did not. It trades a little speed for reliability.
TCP, the Transmission Control Protocol, is one of the foundational protocols of the internet and sits at the transport layer, above the Internet Protocol that moves individual packets between hosts. Its job is to turn the unreliable, best-effort delivery of IP into a dependable stream of data between two applications. TCP guarantees that bytes sent by one side arrive at the other side complete, in order, and without duplication, or that the connection fails visibly if that cannot be achieved. This reliability is why TCP underlies the web, email, file transfer, and most other services where missing or scrambled data would be unacceptable.
TCP is connection-oriented, meaning the two endpoints establish a session before exchanging data. That session is set up with the three-way handshake, in which one side sends a SYN segment, the other replies with SYN-ACK, and the first confirms with ACK. Only after this exchange do the endpoints consider a connection established and begin transferring data. The handshake also lets both sides agree on initial sequence numbers and options. A connection is closed through a comparable exchange of FIN and ACK segments, allowing each side to signal that it has finished sending.
Reliability is achieved through sequence numbers, acknowledgements, and retransmission. Every byte in a TCP stream is numbered, so the receiver can reassemble data in the correct order even if packets arrive out of sequence, and can detect gaps. The receiver acknowledges data it has received, and if the sender does not receive an acknowledgement within an expected time, it retransmits the missing data. On top of this, TCP implements flow control, using a window to prevent a fast sender from overwhelming a slow receiver, and congestion control, which backs off sending when the network appears congested. These mechanisms together make TCP adaptive and robust but also add overhead compared with simpler protocols.
Applications reach TCP services through ports. A TCP connection is identified by the combination of source IP address, source port, destination IP address, and destination port, which together form a unique four-tuple. Well-known services listen on standard ports, such as 80 for HTTP and 443 for HTTPS, and a server can handle many simultaneous connections because each client connection has a distinct tuple. This port-based multiplexing is what allows a single machine to run many network services at once.
The security relevance of TCP is significant, partly because the protocol was designed for a more trusting network and provides no built-in encryption or authentication of its own. Several classic attacks target TCP behavior. SYN flooding abuses the handshake by sending many SYN segments without completing the connection, exhausting a server’s table of half-open connections and denying service to legitimate clients. TCP reset attacks inject forged RST segments to tear down connections. Sequence number prediction and session hijacking attempt to inject data into or take over an existing connection by guessing or observing sequence numbers. Because TCP itself carries data in cleartext, confidentiality and integrity must come from protocols layered on top, most commonly TLS.
TCP also matters for defenders in terms of visibility and control. Stateful firewalls track the state of TCP connections, distinguishing new connection attempts from established sessions and using the handshake and flags to enforce policy. Network monitoring and intrusion detection systems analyze TCP flags, sequence behavior, and connection patterns to spot scanning, anomalies, and attacks. Port scanning frequently relies on manipulating TCP handshakes to discover which services are listening. Understanding normal TCP behavior is therefore central to recognizing abnormal or malicious activity on a network.
In practice, TCP is the workhorse that makes reliable communication possible across an unreliable internet, using connections, sequencing, acknowledgements, and congestion control to deliver ordered, complete data. Its design priorities are reliability and fairness rather than security or raw speed, which is why it is paired with encryption such as TLS for protection and contrasted with UDP where low latency matters more than guaranteed delivery. Knowing how TCP establishes, maintains, and tears down connections is foundational both for building networked applications and for defending them.