Part 6 – The TCP/IP Model

The TCP/IP Model

Table Of Contents
  1. The TCP/IP Model
  2. Resources

Introduction

Welcome to Part 6 of the Network Fundamentals study notes! If you haven’t already, we recommend watching the video first.

In Part 3 we looked at the OSI model. But it’s not the only network model out there. The TCP/IP model is its competition — and it’s the one the internet actually runs on. In this part we’ll explore what the TCP/IP model is, how it relates to OSI, and what protocols sit at each layer.

OSI vs TCP/IP

The goal of the OSI model was to allow different protocols and vendors to interoperate, with protocols built directly based on the model. That vision didn’t fully materialise — we don’t see many OSI-native protocols in use today. Instead, the protocols from the TCP/IP framework won out in practice.

The TCP/IP framework was originally developed by the US Department of Defense, with universities and other organisations later getting involved. This broader participation led to rapid development, which is likely why it succeeded where OSI didn’t. Protocols like TCP, UDP, and IP align directly to this framework.

Another reason for TCP/IP’s success is pragmatism — it’s happy to use existing protocols like Ethernet rather than trying to reinvent the wheel.

RFC Documents

Any protocol created as part of the TCP/IP framework is defined in an RFC documentRequest for Comments. RFCs are very technical descriptions of how a protocol or concept works. Some have been around for decades and are still in use today. Because they’re publicly available, any vendor can build hardware or software to the specification — and it will interoperate with everyone else’s.

The original description of the TCP/IP model is RFC 1122, published in 1989.

The TCP/IP Model Layers

The TCP/IP model has gone through two versions. The original model (RFC 1122) had four layers. The current model splits the bottom layer into two, giving five layers in total. The current version lines up well with OSI:

  • Application — maps to OSI’s Session, Presentation, and Application layers combined
  • Transport — maps to OSI’s Transport layer
  • Network (Internet) — maps to OSI’s Network layer
  • Data Link — maps to OSI’s Data Link layer
  • Physical — maps to OSI’s Physical layer

The reason the original single “Link” layer was split into Data Link and Physical is simple: in the early days, there weren’t many physical connection types. Today we have Ethernet, Wi-Fi, fiber optics, and many more — so separating the physical transmission from the logical data delivery makes a lot of sense.

It’s also useful to think of the model in two halves. The top half (Application and Transport) deals with application processes. The bottom half (Network, Data Link, Physical) focuses on getting data from one host to another.

Each Layer in Detail

Application Layer

The application layer defines how applications on two hosts communicate with each other over the network. It doesn’t define how the application itself works — only how it uses the network. Examples include:

  • HTTP – web browsing
  • SMTP / IMAP – email delivery and retrieval
  • FTP – file transfers
  • SSH, Telnet, RDP – remote administration

These applications create processes that listen on particular port numbers — which is where the transport layer comes in.

Transport Layer

The transport layer creates and maintains conversations between application processes on different hosts. The two protocols here are TCP and UDP. Both use port numbers to track sessions and identify which application traffic belongs to. We’ll dig into TCP and UDP in much more detail in the next two videos.

Using HTTP as an example: the web server listens on port 80. When the client sends a request, TCP adds a header containing port 80 as the destination, plus a randomly chosen source port. The combination of IP addresses and port numbers allows a device to maintain multiple simultaneous sessions — like several tabs in a web browser — without mixing them up. The resulting chunk of data is called a segment.

Network Layer

The network layer is responsible for getting data from one host to another, even across multiple networks. The protocol here is IP. An IP header containing the source and destination IP addresses is added to each segment, creating a packet. Routers operate at this layer, forwarding packets from network to network until they reach the destination. At the destination, IP headers are stripped and the data is passed back up to the transport layer.

Other network layer protocols worth knowing include ICMP (used for diagnostics like ping) and ARP (used to find MAC addresses from IP addresses) — but we’ll cover those separately.

Data Link Layer

The data link layer handles delivery within a single network segment — in TCP/IP terms, within a single subnet. The most common protocol here is Ethernet, which uses MAC addresses. A header containing source and destination MAC addresses is added, along with a trailer for error checking. The result is called a frame.

If the two hosts are on the same subnet, one simply sends directly to the other. If they’re on different subnets, the frame is addressed to the router. The router reads the destination IP, rewrites the MAC addresses for the next hop, and forwards the packet on. If there are multiple routers in the path, the MAC addresses are rewritten at each hop.

Physical Layer

The physical layer handles the actual transmission and reception of raw bits over a medium — electrical signals over copper, light over fiber, or radio waves for Wi-Fi. The data is encoded and the bits are sent across the wire (or through the air). This may happen several times along a path — for example, copper from a workstation to a switch, fiber between switches, and copper again at the destination.

Resources

Try the TCP/IP Model quiz to test your understanding!