##

TCP / UDP & Transport

Layer 4 delivers data between applications. TCP is reliable and ordered; UDP is fast and lean.

// TCP open (3-way) & close (4-way)

CLIENTSERVER

SYN

▶

SYN-ACK

◀

ACK

▶

connection established

CLIENTSERVER

FIN

▶

ACK

◀

FIN

◀

ACK

▶

connection closed

	TCP	UDP
Connection	Connection-oriented	Connectionless
Reliability	Acks + retransmit	Best-effort
Ordering	Sequenced	None
Header	20 bytes	8 bytes
Trade-off	Robust, slower	Fast, low overhead
Used by	Web, SSH, email	DNS, VoIP, DHCP, video

// 3-way handshake

SYN→SYN-ACK→ACKconnection established

// TCP flags

[S]	SYN — open request
[S.]	SYN-ACK — open accepted
[.]	ACK — acknowledgement
[P.]	PSH-ACK — data pushed
[F.]	FIN-ACK — closing
[R]	RST — reset / refused

// port ranges

0 – 1023	Well-known
1024 – 49151	Registered
49152 – 65535	Dynamic / ephemeral

3-way handshake: SYN → SYN-ACK → ACK
Teardown: FIN → ACK → FIN → ACK
Default MTU 1500 B · MSS = MTU − 40 (IP+TCP)
Flow control via the sliding window
PMTUD avoids fragmentation along the path

// MTU, MSS & fragmentation

// MTU reference

Standard Ethernet	1500 B	Default payload MTU
Jumbo frame	9000 B	Storage / DC — must match end-to-end
IPv4 + TCP headers	40 B	MSS = 1500 − 40 = 1460
PPPoE	1492 B	8 B PPPoE overhead
IPsec / GRE tunnel	~1400 B	Tunnel overhead eats the MTU
IPv6 minimum	1280 B	Every link must support at least this

// PMTUD & clamping

MSS = MTU − IP − TCP headers (1500 − 40 = 1460 for IPv4)
PMTUD relies on ICMP "Fragmentation Needed" (v4) / "Packet Too Big" (v6)
Black-hole: a firewall dropping that ICMP breaks PMTUD — sessions hang
IPv4 routers may fragment; in IPv6 only the source fragments
MSS clamping (ip tcp adjust-mss 1360) fixes most tunnel MTU issues