TCP/IP Model: Layers and How It Works

TCP/IP model

The TCP/IP model is the conceptual framework that describes how data is transmitted across the internet. It organises the complex process of network communication into four distinct layers, each responsible for a specific aspect of getting data from one device to another anywhere in the world.

What Is the TCP/IP Model

The TCP/IP model, also called the Internet model or the DoD model, is a four-layer architecture that describes how networked devices communicate. It was developed in the 1970s by DARPA (the US Defense Advanced Research Projects Agency) as the foundation for ARPANET, the precursor to the modern internet. Unlike theoretical models that came later, the TCP/IP model was designed to describe how actual internet protocols work in practice, which is why it remains the definitive model for understanding real-world network communication.

Each layer in the model handles a specific set of responsibilities and communicates only with the layers directly above and below it. When data is sent, it passes down through all four layers on the sending device, travels across the network, and passes back up through all four layers on the receiving device. Each layer adds or removes its own header information at each stage in a process called encapsulation and decapsulation.

The model is named after its two most important protocols: TCP (Transmission Control Protocol), which handles reliable data delivery, and IP (Internet Protocol), which handles addressing and routing. Together these two protocols define the core behaviour of the internet, but the model encompasses many other protocols across all four layers.

The Four Layers of the TCP/IP Model

Layer 1: Network Access (Link Layer)

The Network Access layer, also called the Link layer or Network Interface layer, is the lowest layer of the TCP/IP model. It handles the physical transmission of data between two devices that are directly connected on the same network segment. This layer is responsible for converting data into the electrical signals, light pulses, or radio waves that travel across cables or through the air, and for converting received signals back into data.

At this layer, devices are identified by their MAC addresses rather than IP addresses. MAC addresses are hardware identifiers burned into network interface cards by the manufacturer. When your laptop sends data to your router over Wi-Fi, the Network Access layer handles the wireless radio transmission and uses MAC addresses to identify the source and destination devices on that local network segment.

• Ethernet: The dominant wired networking standard, defining how devices transmit data over copper cables and fibre-optic connections in local area networks
• Wi-Fi (IEEE 802.11): The wireless networking standard that defines how devices communicate over radio frequencies in home, office, and public networks
• MAC addresses: 48-bit hardware identifiers used to identify devices within a local network segment. Unlike IP addresses, MAC addresses do not change when you move between networks.
• ARP (Address Resolution Protocol): Maps IP addresses to MAC addresses on a local network, allowing the internet layer to hand packets to the correct physical device

Layer 2: Internet Layer

The Internet layer is responsible for logical addressing and routing. While the Network Access layer handles communication between directly connected devices on the same local network, the Internet layer handles communication across multiple networks, from source to final destination anywhere on the internet. This is the layer where IP addresses live and where routers make forwarding decisions.

When a packet needs to travel from your device in one city to a server in another country, it passes through many routers along the way. Each router operates at the Internet layer, examining the destination IP address in the packet header and forwarding it to the next router closer to the destination. No single router knows the full path. Each one only knows the best next hop based on its routing table.

• IPv4: The original 32-bit addressing protocol that powers most internet traffic today. Provides approximately 4.3 billion unique addresses, a pool that is now exhausted and extended through NAT.
• IPv6: The 128-bit successor to IPv4 with a virtually inexhaustible address space, built-in security support, and improved routing efficiency. Adoption is growing steadily.
• ICMP (Internet Control Message Protocol): Used for diagnostic and error reporting purposes. The ping command uses ICMP echo requests to test reachability, and traceroute uses ICMP to map network paths.
• Routing: The process by which routers use routing tables and routing protocols such as BGP and OSPF to determine the best path for each packet across the network of networks.

Layer 3: Transport Layer

The Transport layer manages end-to-end communication between specific processes running on the source and destination devices. While the Internet layer gets a packet to the right machine, the Transport layer gets it to the right application on that machine using port numbers. A web server and an SSH server can both run on the same IP address because they listen on different ports, and the Transport layer uses those port numbers to deliver each packet to the correct process.

The Transport layer also decides whether the communication should be reliable and ordered or fast and lightweight. This decision is made by choosing between TCP and UDP, the two primary transport protocols.

Port numbers at the Transport layer identify which application should receive each segment. Well-known ports are standardised: port 80 for HTTP, port 443 for HTTPS, port 22 for SSH, port 25 for SMTP, and port 53 for DNS. The combination of an IP address and a port number is called a socket, and a socket uniquely identifies a specific communication endpoint on the network.

Layer 4: Application Layer

The Application layer is the topmost layer and the one that end users and developers interact with most directly. It defines the protocols that applications use to communicate over the network, specifying the format of messages, the sequence of exchanges, and the meaning of each field. Every time you load a web page, send an email, or resolve a domain name, an application layer protocol is doing the work.

The Application layer does not concern itself with how data gets across the network. It relies on the layers below to handle addressing, routing, and reliable delivery. It focuses entirely on the format and meaning of the data being exchanged between two applications.

How Data Travels Through the Layers: Encapsulation

When an application sends data over the network, the data passes down through each layer of the TCP/IP model on the sending device. Each layer wraps the data from the layer above it with its own header, adding the information that layer needs to do its job. This process is called encapsulation.

Application Layer:
  [ HTTP Request: "GET /index.html HTTP/1.1" ]

Transport Layer adds TCP header (source port, dest port, seq number):
  [ TCP Header | HTTP Request ]
  This unit is called a SEGMENT

Internet Layer adds IP header (source IP, destination IP):
  [ IP Header | TCP Header | HTTP Request ]
  This unit is called a PACKET

Network Access Layer adds frame header (source MAC, dest MAC):
  [ Frame Header | IP Header | TCP Header | HTTP Request | Frame Trailer ]
  This unit is called a FRAME

Physical transmission:
  101010001110101... (raw bits over cable, fibre, or radio)

Physical reception:
  101010001110101... (raw bits received)

Network Access Layer strips frame header, passes packet up:
  [ IP Header | TCP Header | HTTP Request ]

Internet Layer strips IP header, passes segment up:
  [ TCP Header | HTTP Request ]

Transport Layer strips TCP header, passes data up:
  [ HTTP Request ]

Application Layer reads and processes:
  "GET /index.html HTTP/1.1" → server handles the request

TCP/IP Model vs OSI Model

The OSI (Open Systems Interconnection) model is a seven-layer theoretical framework developed by the International Organization for Standardization to describe network communication in more granular detail. The TCP/IP model has four layers because it merges several OSI layers that often work together in practice.

The OSI model is more commonly used in academic and certification contexts because its additional layers provide a more precise vocabulary for describing specific aspects of network communication. The TCP/IP model is more commonly used in practice and in internet standards documentation because it accurately reflects how real protocols are designed and deployed. Both models describe the same underlying reality from different levels of abstraction.

A Complete Example: Loading a Web Page

Seeing how all four layers work together for a real request makes the model concrete. Here is what happens at each layer when your browser loads a web page.

APPLICATION LAYER:
  Browser resolves example.com via DNS (UDP port 53)
  Browser sends HTTP GET request over TLS-encrypted HTTPS (TCP port 443)

TRANSPORT LAYER:
  TCP establishes connection via three-way handshake (SYN, SYN-ACK, ACK)
  TCP segments the HTTP request, assigns sequence numbers
  TCP ensures all segments arrive and are reassembled in order

INTERNET LAYER:
  IP addresses source (your device) and destination (example.com server)
  Routers at each hop read the destination IP and forward the packet
  Packet crosses ISP networks, backbone routers, and CDN infrastructure

NETWORK ACCESS LAYER:
  Your device sends frames over Wi-Fi to your router (MAC addressing)
  Router forwards frames over fibre-optic to ISP (Ethernet)
  Each physical link converts data to its appropriate signal type

Frequently Asked Questions

1. What is the difference between the TCP/IP model and the OSI model?
   The OSI model has seven layers and was designed as a theoretical reference framework for understanding network communication in fine-grained detail. The TCP/IP model has four layers and was designed to describe how actual internet protocols work in practice. The OSI model is widely used for teaching and certification because its detailed layer separation provides precise vocabulary. The TCP/IP model is used in real-world internet standards and protocol documentation. They describe the same underlying process at different levels of abstraction, and the TCP/IP model effectively collapses OSI layers 5, 6, and 7 into a single Application layer.
2. Why is it called the TCP/IP model if it covers more than just TCP and IP?
   TCP and IP are the two foundational protocols that define the core behaviour of the internet, and naming the model after them reflects their central importance. TCP provides the reliable end-to-end transport that most applications depend on, and IP provides the addressing and routing that allows packets to cross the global network of networks. Every other protocol in the stack either supports these two or builds on top of them. The model covers many protocols across all four layers, but TCP and IP are the ones that define the internet as a reliable, addressable communication system.
3. What is a socket and how does it relate to the TCP/IP model?
   A socket is a communication endpoint defined by the combination of an IP address and a port number. The IP address comes from the Internet layer and identifies the specific device on the network. The port number comes from the Transport layer and identifies the specific process or application on that device. Together they uniquely identify one end of a network connection. When your browser connects to a web server, it creates a socket with the server's IP address and port 443, and the operating system assigns a temporary ephemeral port on your device's side to identify that specific connection.
4. What is encapsulation and why does it matter?
   Encapsulation is the process of wrapping data from a higher layer with the header information needed by a lower layer as it travels down the stack on the sending side. Each layer adds its own header containing the information it needs to perform its function, such as port numbers at the Transport layer and IP addresses at the Internet layer. At the receiving end, decapsulation removes each header as data travels up the stack, until the original application data reaches the application that sent it. Encapsulation matters because it allows each layer to operate independently: the IP layer does not know or care what is inside the TCP segment it is routing, and the TCP layer does not know or care what physical medium the IP packet will travel across.
5. How does the TCP/IP model handle security?
   Security is not a dedicated layer in the TCP/IP model but is implemented across multiple layers. At the Application layer, TLS (Transport Layer Security) encrypts the content of protocols like HTTP, SMTP, and FTP. At the Internet layer, IPSec provides packet-level encryption and authentication. At the Network Access layer, WPA3 encrypts Wi-Fi transmissions. In practice, TLS at the Application layer is the most widely deployed security mechanism on the internet, protecting HTTPS traffic and making the content of HTTP requests and responses unreadable to anyone who intercepts the packets at lower layers.

Conclusion

The TCP/IP model is the architectural foundation of the internet. Its four layers divide the complex problem of global network communication into manageable responsibilities: physical transmission at the Network Access layer, logical addressing and routing at the Internet layer, reliable or fast end-to-end delivery at the Transport layer, and application-specific data exchange at the Application layer. Every web page you load, every email you send, and every DNS lookup your device performs passes through all four layers in sequence. Understanding how each layer contributes and how they interact through encapsulation gives you the conceptual framework to reason about network performance, diagnose connectivity problems, and understand where protocols like HTTP, TLS, TCP, IP, and Ethernet each fit in the bigger picture. Continue with TCP vs UDP, IP addresses, how routing works, and HTTP vs HTTPS to explore each layer in depth.