What Is TCP? Security Definition
Also known as: Transmission Control Protocol, TCP/IP, RFC 793
This page mentions older exam versions. See the Current Exam Context and Legacy Exam Context sections below for the updated mapping.
On This Page
Quick Definition
TCP (Transmission Control Protocol) is a core protocol of the Internet Protocol Suite that operates at the Transport Layer (Layer 4) of the OSI model. It provides reliable, connection-oriented communication between two hosts, ensuring that data sent from one application reaches the other application intact, in order, and without duplication. TCP achieves this through mechanisms such as sequence numbers, acknowledgments, retransmissions, flow control, and congestion control. It exists to solve the problem of unreliable packet delivery inherent in IP (Internet Protocol), which is a best-effort service. By establishing a virtual connection before data transfer and maintaining state information about the session, TCP guarantees that applications like web browsers, email clients, and file transfer tools can exchange data reliably even over lossy networks. Without TCP, these applications would have to implement their own reliability mechanisms, which would be inefficient and inconsistent across different implementations.
Must Know for Exams
CompTIA Network+ (N10-008/009) tests TCP in several distinct areas: (1) TCP vs. UDP characteristics – candidates must know that TCP is connection-oriented, reliable, and provides flow control, while UDP is connectionless and best-effort. (2) TCP header fields – exam questions may ask about the purpose of Sequence Number, Acknowledgment Number, Window Size, or Flags (SYN, ACK, FIN).
(3) Three-way handshake – the exact sequence (SYN, SYN-ACK, ACK) and the state transitions (LISTEN, SYN-SENT, SYN-RECEIVED, ESTABLISHED) are frequently tested. (4) Port numbers – common TCP ports (e.g.
, 20/21 FTP, 22 SSH, 23 Telnet, 25 SMTP, 53 DNS, 80 HTTP, 110 POP3, 143 IMAP, 443 HTTPS, 3389 RDP) must be memorized. (5) Reliability mechanisms – questions may cover retransmission, acknowledgment, sequencing, and windowing. Candidates should also understand how TCP handles congestion (slow start, congestion avoidance) and the difference between flow control and congestion control.
Expect scenario-based questions where you must choose TCP over UDP for a given application (e.g., email vs. streaming video).
Simple Meaning
Think of TCP as a certified courier service. When you send a package via a regular postal service, you drop it in a mailbox and hope it arrives. But with a certified courier, the process is different: the courier first confirms your address and schedules a pickup (connection establishment), then delivers the package, and finally asks you to sign a receipt (acknowledgment).
If the package gets lost, the courier sends another one (retransmission). If you send multiple packages, the courier numbers them so you can arrange them in the correct order (sequencing). The courier also checks if your mailbox is overflowing and slows down delivery to prevent congestion (flow control).
TCP does exactly this for data traveling over the internet. It ensures that every piece of data sent from your computer to a web server arrives correctly, in the right order, and without errors, even if the underlying network is unreliable.
Full Technical Definition
TCP is a connection-oriented, reliable transport layer protocol defined in RFC 793 (updated by RFC 1122, RFC 5681, and others). It operates at Layer 4 (Transport Layer) of the OSI model and Layer 4 of the TCP/IP model. TCP provides a reliable byte stream service to applications, meaning that data sent from one application is delivered to the other application as a continuous stream of bytes, without gaps or errors.
Key fields in the TCP header include Source Port (16 bits), Destination Port (16 bits), Sequence Number (32 bits), Acknowledgment Number (32 bits), Data Offset (4 bits), Flags (9 bits, including SYN, ACK, FIN, RST, PSH, URG), Window Size (16 bits), Checksum (16 bits), Urgent Pointer (16 bits), and Options (variable). TCP uses a three-way handshake to establish a connection: SYN, SYN-ACK, ACK. Data transfer involves segmenting the byte stream into segments, each with a sequence number.
The receiver sends cumulative acknowledgments (ACKs) indicating the next expected byte. Retransmissions occur when a timer expires before an ACK is received. Flow control is implemented via the Window Size field, which tells the sender how much data the receiver can buffer.
Congestion control algorithms (e.g., slow start, congestion avoidance, fast retransmit, fast recovery) prevent network collapse. TCP is full-duplex, meaning data can flow in both directions simultaneously.
Compared to UDP, TCP is slower but reliable; it is used for applications where data integrity is critical, such as HTTP, HTTPS, FTP, SMTP, and SSH.
Real-Life Example
Consider a user accessing a website (https://example.com) from a laptop at home. The laptop's web browser (application) sends an HTTP GET request. The operating system's TCP stack initiates a three-way handshake with the web server at 93.
184.216.34:443. The laptop sends a SYN segment with a random sequence number (e.g., 1000). The server responds with SYN-ACK (sequence 5000, acknowledgment 1001). The laptop sends an ACK (sequence 1001, acknowledgment 5001).
The connection is established. The browser then sends the HTTP GET request as a TCP segment. The server receives it, processes the request, and sends back the web page data in multiple TCP segments.
Each segment is acknowledged by the laptop. If a segment is lost (e.g., due to network congestion), the laptop's TCP retransmits it after a timeout. The window size adjusts dynamically to prevent overwhelming the laptop's buffer.
Once all data is received, the browser renders the page. Finally, the connection is closed with a four-way handshake (FIN, ACK, FIN, ACK). The entire process ensures the user sees the correct webpage without errors.
Why This Term Matters
TCP is fundamental to network reliability. IT professionals must understand TCP to troubleshoot connectivity issues, analyze packet captures, configure firewalls and load balancers, and optimize application performance. Knowledge of TCP's handshake, windowing, and retransmission mechanisms is essential for diagnosing slow networks, dropped connections, and high latency.
In operations, TCP tuning (e.g., adjusting buffer sizes, enabling selective acknowledgments) can significantly improve throughput. For certifications like Network+, Security+, and CCNA, TCP is a core topic that appears in questions about protocol operation, port numbers, and troubleshooting.
Mastery of TCP demonstrates a solid grasp of how data flows reliably across networks, a skill valued in roles from help desk to network engineering.
How It Appears in Exam Questions
Typical exam questions include: (1) 'Which protocol provides reliable, connection-oriented communication?' – answer TCP, with distractors like UDP, IP, or ICMP. (2) 'During the TCP three-way handshake, what is the second step?'
– correct answer: SYN-ACK; wrong answers: SYN, ACK, FIN. (3) 'Which TCP field is used to prevent the sender from overwhelming the receiver?' – Window Size; common wrong: Checksum, Sequence Number, Urgent Pointer.
(4) 'An administrator notices that a web server is not responding. Which TCP flag is used to initiate the connection?' – SYN; wrong: ACK, FIN, RST. To spot the correct answer, focus on keywords: 'reliable,' 'connection-oriented,' 'ordered delivery' point to TCP.
For handshake questions, remember the order: SYN, SYN-ACK, ACK. For port questions, associate common services with their well-known ports (e.g., HTTPS = 443).
Practise TCP Questions
Test your understanding with exam-style practice questions.
Example Scenario
1. User opens a web browser and types 'www.example.com'. 2. Browser asks the OS to resolve the domain to an IP address (93.184.216.34) via DNS. 3. Browser requests a TCP connection to port 80 (HTTP) on that IP.
4. The OS sends a SYN packet to the server. 5. Server receives SYN, allocates resources, and replies with SYN-ACK. 6. Client receives SYN-ACK and sends an ACK. Connection established.
7. Browser sends an HTTP GET request as a TCP segment. 8. Server receives the request, processes it, and sends back the webpage data in multiple TCP segments. 9. Client acknowledges each segment; if a segment is lost, it retransmits after timeout.
10. After all data is received, browser displays the page. 11. Connection is closed with a FIN exchange.
Common Mistakes
TCP guarantees delivery of data.
TCP provides reliable delivery by retransmitting lost segments, but it does not guarantee delivery. If the network fails or the remote host crashes, data may be lost. TCP only guarantees that if data is delivered, it will be in order and without errors.
TCP ensures reliable delivery, not guaranteed delivery.
TCP is faster than UDP.
TCP is slower than UDP because of its overhead: connection establishment, acknowledgments, retransmissions, and flow control. UDP is faster because it is connectionless and has minimal overhead.
UDP is faster; TCP is reliable but slower.
TCP uses a fixed window size.
TCP window size is dynamic and can change during a connection based on receiver buffer availability (flow control) and network congestion (congestion control). The window field in the header is the receiver's advertised window, but the sender also maintains a congestion window.
TCP window size is dynamic, not fixed.
Exam Trap — Don't Get Fooled
{"trap":"Candidates often think TCP uses a two-way handshake (SYN, ACK) instead of the correct three-way handshake (SYN, SYN-ACK, ACK). They may also believe that the handshake includes a FIN flag.","why_learners_choose_it":"The two-way handshake seems logical: 'I send a request, you send a reply.'
Many learners confuse the handshake with a simple request-response pattern. Additionally, they may have seen diagrams that omit the SYN-ACK step or combine it with ACK.","how_to_avoid_it":"Memorize the exact three steps: Step 1: SYN (client to server).
Step 2: SYN-ACK (server to client). Step 3: ACK (client to server). Use the mnemonic 'SYN, SYN-ACK, ACK' and practice drawing the handshake until it becomes automatic."
Commonly Confused With
TCP is connection-oriented and reliable; UDP is connectionless and unreliable. TCP uses sequencing, acknowledgments, and retransmissions; UDP does not. TCP is slower but ensures data integrity; UDP is faster but may lose data.
TCP is used for web browsing (HTTP) where every byte must arrive; UDP is used for live video streaming where a few lost packets are acceptable.
IP operates at Layer 3 (Network Layer) and provides best-effort packet delivery. TCP operates at Layer 4 (Transport Layer) and builds on IP to provide reliable, connection-oriented service. IP handles addressing and routing; TCP handles reliability and flow control.
IP is like the postal service that routes letters; TCP is like the certified mail service that tracks and confirms delivery.
Step-by-Step Breakdown
Step 1 — Connection Establishment (Three-Way Handshake)
The client sends a SYN segment with a random initial sequence number (ISN). The server responds with SYN-ACK, acknowledging the client's ISN and providing its own ISN. The client sends an ACK to confirm. The connection is now established.
Step 2 — Data Transfer (Segmentation and Sequencing)
The application data is divided into segments. Each segment is assigned a sequence number indicating the position of the first byte in the byte stream. The sender transmits segments and starts a retransmission timer.
Step 3 — Acknowledgment and Retransmission
The receiver sends cumulative ACKs indicating the next expected byte. If the sender does not receive an ACK before the timer expires, it retransmits the segment. Duplicate ACKs may trigger fast retransmit.
Step 4 — Flow Control (Window Size)
The receiver advertises a window size in each segment, telling the sender how much data it can buffer. The sender must not send more than this window. This prevents the receiver from being overwhelmed.
Step 5 — Connection Termination (Four-Way Handshake)
Either side can initiate termination by sending a FIN segment. The other side acknowledges with ACK, then sends its own FIN. The initiator acknowledges that FIN. The connection is closed after a time-wait state.
Practical Mini-Lesson
**Core Concept:** TCP provides reliable, ordered, and error-checked delivery of a stream of bytes between applications running on hosts in an IP network. It is the backbone of most internet applications. **How It Works:** TCP operates by first establishing a connection using a three-way handshake (SYN, SYN-ACK, ACK).
During this handshake, both sides agree on initial sequence numbers and exchange window sizes. Once established, data is sent in segments. Each segment carries a sequence number that identifies the position of the first byte in the segment within the overall byte stream.
The receiver sends cumulative acknowledgments (ACKs) indicating the next expected byte. If the sender does not receive an ACK within a timeout period, it retransmits the segment. The receiver can also advertise a window size, telling the sender how much data it can accept (flow control).
Additionally, TCP implements congestion control algorithms (slow start, congestion avoidance, fast retransmit, fast recovery) to prevent network overload. **Comparison to Similar Technologies:** The primary alternative is UDP (User Datagram Protocol). UDP is connectionless, unreliable, and does not guarantee order.
It is used for real-time applications like VoIP and video streaming where speed is more important than reliability. Another related protocol is SCTP (Stream Control Transmission Protocol), which provides message-oriented, multi-streaming capabilities but is less common. **Key Takeaway:** TCP is the protocol to use when data integrity and order are critical.
Understanding its handshake, sequencing, acknowledgment, and windowing mechanisms is essential for network troubleshooting and certification exams.
Memory Tip
**TCP = Trustworthy Courier Protocol.** Think 'Trustworthy' for reliable, 'Courier' for connection-oriented. For the three-way handshake: **SYN, SYN-ACK, ACK** – remember 'Sally Sends, Sam Sends-Acknowledges, Sally Acknowledges' or the mnemonic 'SYN, SYN-ACK, ACK' as 'Start, Start-Acknowledge, Acknowledge'.
Covered in These Exams
Current Exam Context
Current exam versions that test this topic — use these objectives when studying.
N10-009CompTIA Network+ →200-301Cisco CCNA →220-1101CompTIA A+ Core 1 →SY0-701CompTIA Security+ →220-1102CompTIA A+ Core 2 →SC-900SC-900 →CDLGoogle CDL →ISC2 CCISC2 CC →Legacy Exam Context
Older materials may mention these exam versions, but learners should use the current objectives for their target exam.
N10-008N10-009(current version)Related Glossary Terms
AH (Authentication Header) is an IPsec protocol that provides connectionless integrity, data origin authentication, and anti-replay protection for IP packets.
AH (Authentication Header) is an IPsec protocol that provides connectionless integrity, data origin authentication, and anti-replay protection for IP packets.
An AP (Access Point) bridges wireless clients to a wired network, acting as a central transceiver and controller for Wi-Fi communications.
An API is a set of rules that allows software applications to communicate and exchange data with each other.
BCP is a proactive process that creates a framework to ensure critical business functions continue during and after a disruptive event.
BNC (Bayonet Neill-Concelman Connector) is a miniature coaxial connector used for terminating coaxial cables in networking, video, and RF applications.
Frequently Asked Questions
What is the difference between TCP and UDP?
TCP is connection-oriented, reliable, and provides flow control and error checking. UDP is connectionless, unreliable, and has minimal overhead. TCP is used for applications like web browsing and email where data integrity is critical. UDP is used for real-time applications like VoIP and streaming where speed is more important than perfect reliability.
What is the purpose of the TCP three-way handshake?
The three-way handshake establishes a reliable connection between two hosts. It synchronizes sequence numbers, exchanges initial window sizes, and ensures both sides are ready to communicate. Without it, data could be sent to a host that is not listening, or sequence numbers could be mismatched.
How does TCP handle lost packets?
TCP uses a retransmission timer. When a segment is sent, a timer starts. If an acknowledgment is not received before the timer expires, the segment is retransmitted. Additionally, if the sender receives three duplicate ACKs, it performs fast retransmit, resending the missing segment without waiting for the timer.
What is the difference between flow control and congestion control in TCP?
Flow control prevents the sender from overwhelming the receiver by using the receiver's advertised window. Congestion control prevents the sender from overwhelming the network by using algorithms like slow start and congestion avoidance. Flow control is receiver-centric; congestion control is network-centric.
When would you choose TCP over UDP?
Choose TCP when data integrity and order are critical, such as for file transfers (FTP), email (SMTP), web browsing (HTTP/HTTPS), and remote access (SSH). Choose UDP when low latency is more important than reliability, such as for live video streaming, online gaming, and DNS queries.
Summary
(1) TCP is a connection-oriented, reliable transport layer protocol that ensures data arrives intact, in order, and without duplication. (2) Its key technical properties include the three-way handshake for connection establishment, sequence numbers for ordering, cumulative acknowledgments for reliability, and windowing for flow control. (3) The most important exam fact: TCP is used by applications that require guaranteed delivery (e.
g., HTTP, FTP, SMTP), and you must know its well-known ports (80, 443, 21, 22, 25) and the exact steps of the three-way handshake.