FTP

FTP (File Transfer Protocol) is a standard network protocol used for transferring files between a client
and a server on a computer network. It is commonly used to upload files to a server or download files
from a server over the internet. FTP follows a client-server model, where the client initiates a connection
to the server and requests file transfers.

How FTP works

 Client-server connection: The FTP client (e.g., a computer or software) establishes a connection
with an FTP server using the network's IP address or domain name.
 Authentication: The client may need to provide a username and password to log in to the FTP
server, depending on its configuration. This step ensures that only authorized users can access
the server.
 Command and control: Once the client is connected, it sends commands to the server to
perform actions such as listing directories, uploading files, or downloading files. These
commands are sent over the control connection.
 Data transfer: When transferring files, FTP uses separate connections for data transfer. There are
two modes of data transfer: active and passive.
 Active mode: In active mode, the client opens a port and listens for the server to establish a
connection and transfer data. The client provides the server with its IP address and a port
number to establish the data connection.
 Passive mode: In passive mode, the client requests the server to open a port and provide its IP
address. The client then connects to the server's IP address and port to transfer data.
 File transfer: After the data connection is established, the actual file transfer takes place. The
client sends commands to upload or download files, and the server responds accordingly.

FTP uses two well-known port numbers to establish connections:

 Port 21: This is the default port for FTP control connections. The client sends commands and
receives responses from the server through this port. It is used for authentication, issuing
commands, and controlling the FTP session.
 Port 20: This is the default port for FTP data connections in active mode. The server uses this
port to establish a connection with the client and transfer data.

In passive mode, the server dynamically assigns a port number from a specified range (typically higher
port numbers) for the data connection, and the client connects to that port.
It's worth noting that FTP can be insecure, as data transfers are not encrypted by default. To enhance
security, protocols like FTPS (FTP over SSL/TLS) and SFTP (SSH File Transfer Protocol) are commonly used,
which provide encryption and authentication mechanisms for secure file transfers.

Telnet

Telnet is a network protocol that allows remote access to a command-line interface (CLI) of a remote
computer or device. It enables users to establish a terminal session on a remote machine and interact
with it as if they were physically present. Telnet operates on a client-server architecture and is primarily
used for remote administration and debugging purposes.

How Telnet works

1. Client-server connection: The Telnet client establishes a connection to a Telnet server using the
server's IP address or domain name. The client and server negotiate Telnet options and exchange
information.

2. Authentication: Telnet does not provide inherent encryption or authentication mechanisms.

Therefore, the server typically prompts the client for a username and password for
authentication. However, this authentication process is sent in plain text, making it insecure for
transmitting sensitive information.

3. Terminal emulation: Once the connection is established, the Telnet client emulates a terminal,
providing a text-based interface to interact with the remote server. The client sends keystrokes
and commands, and the server responds accordingly, transmitting the output back to the client.

4. Command execution: The client can execute commands on the remote server by entering them
via the terminal emulation. The server processes these commands and returns the results.

Telnet traditionally uses port 23 as the default port number for establishing connections. The client
connects to the Telnet server's IP address on port 23 to establish the session. Both the client and server
need to have port 23 open and accessible for Telnet communication.

It's important to note that Telnet operates in plain text, which means all communication, including
usernames, passwords, and command output, is transmitted in clear text. This lack of encryption makes
Telnet insecure for transmitting sensitive information over untrusted networks, as it is vulnerable to
eavesdropping and interception. As a result, Telnet has largely been replaced by more secure protocols
like SSH (Secure Shell) for remote access and administration.
 SSH (Secure Shell)

SSH (Secure Shell) is a network protocol used for secure remote access and secure data communication
over an unsecured network. It provides a secure channel between a client and a server, allowing users to
authenticate and establish encrypted communication. SSH is widely used for remote administration,
secure file transfers, and tunneling network connections.

How SSH works

1. Client-server connection: The SSH client initiates a connection to an SSH server using the server's
IP address or domain name. The client and server negotiate the SSH protocol version and
exchange identification information.

2. Authentication: After the initial connection is established, the client needs to authenticate itself
to the server. SSH supports various authentication methods, including password-based
authentication, public key authentication, and more advanced methods like certificate-based
authentication. This step ensures that only authorized users can access the server.

3. Encryption and session establishment: Once the client is authenticated, SSH establishes an
encrypted session between the client and server. It negotiates encryption algorithms, integrity
checks, and other parameters to secure the communication. This encryption prevents
unauthorized access and protects the confidentiality and integrity of the data transferred.

4. Secure shell session: With the encrypted session established, the client can now execute
commands or run applications on the remote server securely. The client sends commands, and
the server executes them, returning the output to the client over the encrypted channel.

SSH uses port 22 as the default port number for establishing connections. Both the client and server
need to have port 22 open and accessible to establish an SSH connection. By default, SSH uses TCP
(Transmission Control Protocol) as the underlying transport protocol.

It's important to note that SSH provides a secure alternative to protocols like Telnet, rlogin, and FTP,
which transmit data in plain text and are vulnerable to eavesdropping and unauthorized access. SSH
encrypts the communication and provides strong authentication mechanisms, making it a popular choice
for secure remote access and file transfers.

SMTP (Simple Mail Transfer Protocol)

SMTP (Simple Mail Transfer Protocol) is a standard network protocol used for sending and routing email
messages between email servers. It defines how email clients (like Outlook or Thunderbird)
communicate with mail servers to send outgoing mail and how servers relay messages to deliver them to
their intended recipients.

How SMTP works

1. Connection establishment: The email client (SMTP client) establishes a TCP connection with the
SMTP server (SMTP receiver) on the destination mail server. The client typically connects to port
25 on the server.
 2. SMTP session initiation: After the connection is established, the client initiates an SMTP session
by sending a greeting message to the server. This greeting includes information about the client
and its capabilities.

3. Sender and recipient information: The client provides the sender's email address and the
recipient's email address(es) to the server. This information is included in the SMTP commands
and headers.

4. Message transfer: The client then sends the email message to the server. The message includes
headers (such as From, To, Subject) and the body of the email. The client breaks the message
into smaller parts and transfers them to the server in a series of SMTP commands.

5. Server communication: The server acknowledges the receipt of each part of the message and
sends response codes to the client. These response codes indicate the status of the SMTP
commands and help in troubleshooting any issues that may arise during the process.

6. Message delivery: If the server is the final destination for the email, it delivers the message to
the recipient's mailbox. If the server is not the final destination, it relays the message to the
appropriate server responsible for delivering it to the intended recipient.

SMTP primarily uses port 25 for communication between email servers. However, there are additional
ports associated with SMTP for specific purposes:

 Port 25: This is the default port used for SMTP. It is used for regular SMTP communication
between mail servers.

 Port 465: This port is designated for SMTP over SSL/TLS. It is commonly used for SMTP with the
Secure Sockets Layer (SSL) or Transport Layer Security (TLS) encryption for secure email
transmission.

 Port 587: This port is reserved for the submission of email messages by mail clients (SMTP
clients) to a mail server. It is typically used for authenticated and encrypted email submission,
often with STARTTLS encryption.

It's worth noting that SMTP is a protocol specifically designed for mail transfer and doesn't handle
receiving or reading email. POP (Post Office Protocol) and IMAP (Internet Message Access Protocol) are
commonly used for email retrieval by clients from mail servers.

POP3 (Post Office Protocol version 3)

POP3 (Post Office Protocol version 3) is a standard network protocol used for retrieving email messages
from a remote mail server to a client device. It allows email clients to access and download messages
from the server, enabling users to read and manage their email offline. POP3 operates on a client-server
model and is one of the most widely used email retrieval protocols.
 How POP3 works

1. Connection establishment: The email client (POP3 client) establishes a TCP connection with the
POP3 server (POP3 receiver) on the mail server. The client typically connects to port 110 on the
server.

2. Authentication: After the connection is established, the client sends the username and password
to the server for authentication. The server verifies the credentials, ensuring that the client has
permission to access the email account.

3. Message listing: Once authenticated, the client can send commands to retrieve email messages.
The client typically issues a command to list the available messages on the server. The server
responds with a list of message numbers and their corresponding sizes.

4. Message retrieval: The client selects specific messages or retrieves all messages from the server.
It sends commands to retrieve individual messages by their message number or commands to
download all messages. The server transfers the requested messages to the client.

5. Message deletion and management: After downloading the messages, the client can choose to
delete them from the server. It sends commands to delete specific messages or all messages
marked for deletion. The server removes the requested messages from the mailbox.

6. Session termination: Once the client has retrieved and managed the desired messages, it can
issue a command to end the POP3 session. The server closes the connection, and the client
disconnects.

POP3 primarily uses port 110 for communication between the email client and the mail server. However,
there is also a secure variant of POP3 that uses encryption:

 Port 995: This is the default port for POP3 over SSL/TLS. POP3 with SSL/TLS encryption,
commonly known as POP3S, uses this port for secure email retrieval.

It's important to note that POP3 is primarily designed for downloading messages from a server to a
client. By default, POP3 removes the messages from the server after retrieval, making them accessible
only on the client device. If users want to access their email from multiple devices or retain copies on the
server, they may choose to use IMAP (Internet Message Access Protocol) instead, which allows
synchronization between the client and server while keeping messages stored on the server.

DNS (Domain Name System)

DNS (Domain Name System) is a hierarchical distributed naming system used to translate human-
readable domain names (like www.example.com) into IP addresses (like 192.0.2.1). It acts as a critical
component of the internet infrastructure by providing a decentralized mechanism for mapping domain
names to IP addresses and facilitating the navigation and accessibility of websites.
 How DNS works

1. DNS resolution request: When a user enters a domain name in a web browser, their device sends
a DNS resolution request to a DNS resolver (usually provided by the Internet Service Provider).
The resolver acts as an intermediary between the user's device and the DNS infrastructure.

2. Recursive DNS resolution: The DNS resolver initiates a recursive resolution process to find the IP
address associated with the requested domain name. It starts by checking its local cache to see if
it already has the corresponding IP address. If not, it proceeds to the next step.

3. Iterative DNS resolution: If the resolver doesn't have the IP address in its cache, it contacts the
DNS root servers. These root servers are authoritative for the top-level domains (.com, .org, .net,
etc.). The resolver requests information about the domain name from the appropriate root
server.

4. DNS hierarchy traversal: The root server responds to the resolver with a referral to the
authoritative name server responsible for the top-level domain (TLD) of the requested domain
name. The resolver then contacts the TLD name server.

5. TLD name server: The TLD name server provides the resolver with the IP address of the
authoritative name server responsible for the second-level domain (SLD) in the requested
domain name (e.g., example.com). The resolver then contacts the authoritative name server.

6. Authoritative name server: The authoritative name server is responsible for storing and
providing the IP address associated with the requested domain name. It responds to the resolver
with the IP address.

7. DNS response: The DNS resolver receives the IP address from the authoritative name server. It
stores the IP address in its cache and sends the response back to the user's device.

8. User access: With the IP address obtained from the DNS resolution, the user's device can
establish a connection with the server hosting the website corresponding to the requested
domain name. The device uses the IP address to send HTTP requests and retrieve the website
content.

DNS primarily uses two port numbers for communication:

 Port 53: This is the default port used for DNS queries and responses. DNS clients and resolvers
send requests to DNS servers using this port.

 Port 53 (UDP and TCP): DNS queries and responses can be transmitted over both UDP (User
Datagram Protocol) and TCP (Transmission Control Protocol). UDP is typically used for standard
DNS queries, while TCP is used for larger responses or zone transfers.

It's worth noting that DNS is a critical infrastructure component, and the availability and performance of
DNS servers directly impact the speed and accessibility of websites and online services.
 HTTP (Hypertext Transfer Protocol)

HTTP (Hypertext Transfer Protocol) is a protocol used for communication between web browsers (clients)
and web servers. It facilitates the transfer of hypertext, which includes HTML documents, images, videos,
and other resources, over the internet. HTTP defines a set of rules and standards for how clients and
servers interact and exchange information.

How HTTP works

1. Client request: The web browser (HTTP client) sends an HTTP request to a web server. The
request typically includes a URL (Uniform Resource Locator) that specifies the desired resource
(e.g., a web page) and the HTTP method (such as GET, POST, or PUT) to indicate the desired
action.

2. Server response: The web server (HTTP server) receives the request and processes it. The server
generates an HTTP response that contains the requested resource or an error message if the
resource is not found or an issue occurs. The response includes an HTTP status code (e.g., 200
for success, 404 for not found) to indicate the outcome of the request.

3. Data transfer: The server sends the HTTP response back to the client, which includes the
requested resource and associated metadata. The data is transferred over the network in the
form of text, binary files, or other media types, depending on the content.

4. Client rendering: The web browser receives the HTTP response and interprets it. It renders the
HTML content, processes any embedded resources (like images or stylesheets), and displays the
web page to the user. The browser may also send additional requests to fetch linked resources
(e.g., images, scripts, or stylesheets) referenced in the HTML.

HTTP uses port 80 as the default port number for communication between clients and servers. When a
client makes an HTTP request to a server, it connects to the server's IP address on port 80 to establish
the connection.

It's important to note that HTTP operates in plain text, which means that the data exchanged between
the client and server is not encrypted. As a result, sensitive information transmitted over HTTP, such as
login credentials or financial details, can be intercepted by attackers. To secure data transmission, it is
recommended to use HTTPS (HTTP Secure), which adds an extra layer of encryption using SSL/TLS
(Secure Sockets Layer/Transport Layer Security). HTTPS typically uses port 443 for secure
communication.

HTTPS (HTTP over SSL/TLS) uses the same underlying HTTP protocol but adds encryption and
authentication, ensuring that data exchanged between the client and server remains confidential and
secure.
 HTTPS (Hypertext Transfer Protocol Secure)

HTTPS (Hypertext Transfer Protocol Secure) is a secure version of HTTP that provides encryption and
authentication for secure communication between clients (web browsers) and servers. It ensures the
confidentiality and integrity of data transferred over the internet. HTTPS uses SSL/TLS (Secure Sockets
Layer/Transport Layer Security) protocols to encrypt the HTTP traffic.

How HTTPS works

1. Handshake initiation: The client (web browser) initiates an HTTPS connection to the server by
requesting an HTTPS URL. The client sends a "ClientHello" message to the server, indicating its
supported SSL/TLS versions, cipher suites, and other parameters.

2. Server authentication: The server responds with a "ServerHello" message, selecting the
appropriate SSL/TLS version and cipher suite from the client's options. The server also sends its
digital certificate, which contains its public key and is used for authentication.

3. Certificate verification: The client verifies the server's certificate to ensure its authenticity and
integrity. It checks the certificate's chain of trust, expiration date, and other details. If the
certificate is valid, the client proceeds; otherwise, it displays a warning or error to the user.

4. Key exchange and encryption: The client generates a random session key and encrypts it with
the server's public key obtained from the certificate. The client sends the encrypted session key
to the server. Both the client and server use this session key to encrypt and decrypt the data
transmitted during the session.

5. Secure communication: The client and server exchange encrypted data using the agreed-upon
SSL/TLS cipher suite. This encryption ensures that data transmitted between the client and
server remains confidential and cannot be intercepted or tampered with by attackers.

HTTPS primarily uses port 443 for communication between clients and servers. When a client makes an
HTTPS request to a server, it connects to the server's IP address on port 443 to establish the encrypted
connection.

By using HTTPS, sensitive information, such as login credentials, financial transactions, or personal data,
is protected from eavesdropping and unauthorized access. HTTPS is widely used for secure online
transactions, secure login pages, and any scenario where data privacy and security are paramount.

DHCP (Dynamic Host Configuration Protocol)

DHCP (Dynamic Host Configuration Protocol) is a network protocol used to dynamically assign IP
addresses and network configuration parameters to devices on a network. It simplifies the process of
network configuration by automating the assignment of IP addresses, subnet masks, default gateways,
and other network settings.

How DHCP works

 1. DHCP Discover: When a device (DHCP client) connects to a network, it sends a DHCP Discover
message broadcast on the network. This message indicates that the device is seeking an IP
address and other network configuration information.

2. DHCP Offer: DHCP servers on the network receive the DHCP Discover message and respond with
a DHCP Offer message. The DHCP Offer contains an available IP address and associated network
configuration parameters that the server is willing to assign to the client.

3. DHCP Request: The DHCP client receives multiple DHCP Offer messages from various servers and
selects one. It sends a DHCP Request message to the chosen server, requesting the offered IP
address and confirming the lease.

4. DHCP Acknowledge: The DHCP server responds to the client's DHCP Request with a DHCP
Acknowledge message, indicating that the requested IP address has been assigned to the client.
The message also provides additional network configuration parameters, such as subnet mask,
default gateway, DNS server, and lease duration.

5. IP configuration: Upon receiving the DHCP Acknowledge, the client configures its network
interface with the assigned IP address and other parameters received from the DHCP server. The
client can now communicate on the network using the assigned IP address.

6. Lease renewal: DHCP leases are typically assigned for a limited period. Before the lease
expiration, the client can request a lease renewal from the DHCP server to extend the lease
duration. If the server grants the renewal, the client continues to use the same IP address and
configuration parameters.

DHCP operates using UDP (User Datagram Protocol) for communication between clients and servers. It
uses two well-known port numbers:

 Port 67: This is the DHCP server port. DHCP servers listen for incoming DHCP messages on this
port.

 Port 68: This is the DHCP client port. DHCP clients use this port to send DHCP messages to the
server.

By automating IP address assignment and network configuration, DHCP simplifies network management
and reduces the chances of IP address conflicts. It is commonly used in local area networks (LANs) and is
especially beneficial in environments with a large number of devices that require IP addresses, such as
corporate networks, schools, and home networks.

SNMP (Simple Network Management Protocol)

SNMP (Simple Network Management Protocol) is a protocol used for network management and
monitoring. It allows network administrators to manage and monitor network devices, collect important
information, and receive notifications about network events. SNMP operates on an agent-manager
model, where network devices (agents) provide information, and a central management system
(manager) collects and analyzes that information.
 How SNMP works

1. SNMP Manager: The SNMP manager is the central management system responsible for
collecting and monitoring information from network devices. It initiates communication with
SNMP agents and sends requests to retrieve information or perform management tasks.

2. SNMP Agent: SNMP agents are software modules running on network devices such as routers,
switches, servers, or printers. They collect and store information about the device, such as
system configuration, performance statistics, and network traffic. Agents respond to requests
from the SNMP manager and can send notifications (traps) to the manager in case of predefined
events.

3. Management Information Base (MIB): The MIB is a structured database that defines the
structure and content of the information exchanged between SNMP managers and agents. It
contains a collection of managed objects, each identified by an Object Identifier (OID). Managed
objects represent specific aspects of network devices, such as system information, interface
statistics, or device-specific parameters.

4. SNMP Get and Set Requests: The SNMP manager sends Get and Set requests to SNMP agents. A
Get request retrieves the value of one or more specific managed objects from an agent. A Set
request modifies the value of a managed object on an agent.

5. SNMP Traps: SNMP agents can send unsolicited notifications, called SNMP traps or inform
messages, to the SNMP manager. Traps are used to notify the manager of events such as device
restarts, link failures, or other critical conditions.

SNMP uses two versions, SNMPv1 and SNMPv2, which operate over UDP (User Datagram Protocol) for
communication. SNMPv3 adds security features like authentication and encryption. SNMP typically uses
two well-known port numbers:

 Port 161: This is the default port for SNMP agents to listen for incoming SNMP requests from the
manager.

 Port 162: This is the default port for SNMP traps. SNMP agents send traps to the SNMP manager
on this port to notify it of important events.

SNMP provides a standardized framework for network monitoring and management, allowing
administrators to monitor the health, performance, and configuration of network devices. It is widely
used in enterprise networks, data centers, and service provider environments for efficient network
management and troubleshooting.

ICMP (Internet Control Message Protocol)

ICMP (Internet Control Message Protocol) is a network protocol used for diagnostic and error reporting
purposes in IP networks. It is an integral part of the Internet Protocol suite and is primarily used to send
error messages, check network connectivity, and gather information about network devices.

How ICMP works

 1. Error Reporting: ICMP is commonly used by network devices to report errors encountered during
IP packet processing. For example, if a router encounters an unreachable destination IP address
or a time-to-live (TTL) expiration, it generates an ICMP error message and sends it back to the
source IP address.

2. Echo Requests and Replies: ICMP also supports echo requests and replies, which are used for
network connectivity testing. A device sends an ICMP Echo Request message to another device's
IP address, and the recipient responds with an ICMP Echo Reply message, indicating that the
destination is reachable.

3. ICMP Message Types: ICMP consists of various message types, each serving a specific purpose.
Some common ICMP message types include Echo Request, Echo Reply, Destination Unreachable,
Time Exceeded, Redirect, and Parameter Problem. These messages help network administrators
diagnose network issues and troubleshoot connectivity problems.

4. Network Path Discovery: ICMP can be used to discover the path taken by IP packets between
two devices. The "traceroute" utility, for example, sends ICMP Echo Request messages with
gradually increasing TTL values. Each router encountered along the path decrements the TTL,
and when it reaches zero, the router sends an ICMP Time Exceeded message back to the source
device. By analyzing these responses, the source device can determine the routers traversed
along the network path.

ICMP does not use specific port numbers like other protocols. Instead, ICMP messages are encapsulated
within IP packets and utilize the IP protocol number 1. ICMP messages do not rely on ports to identify
the source or destination, but rather on the IP addresses contained within the IP packet headers.

ICMP plays a crucial role in network troubleshooting, error reporting, and network diagnostics. It helps
network administrators identify network connectivity issues, diagnose network problems, and gather
information about network devices' status and availability.

ARP (Address Resolution Protocol)

ARP (Address Resolution Protocol) is a protocol used to resolve IP addresses to physical MAC (Media
Access Control) addresses on a local network. It is primarily used in Ethernet networks to map an IP
address to its corresponding MAC address.

How ARP works

ARP Request: When a device wants to communicate with another device on the same local network and
knows the destination IP address, it broadcasts an ARP Request message to the entire network. The ARP
Request includes the sender's IP and MAC addresses and the target IP address.
ARP Reply: The device that holds the IP address mentioned in the ARP Request responds with an ARP
Reply message. The Reply contains the sender's IP and MAC addresses and is sent directly to the device
that made the ARP Request.

ARP Cache: Upon receiving the ARP Reply, the device that made the ARP Request updates its ARP cache,
which is a local table storing IP-to-MAC address mappings. The ARP cache helps devices avoid sending
ARP Requests for frequently accessed destinations in the future, as they can directly obtain the MAC
address from the cache.

Address Resolution: Once the device has the MAC address of the destination, it can encapsulate the IP
packet within an Ethernet frame with the appropriate source and destination MAC addresses. This allows
the packet to be successfully delivered to the intended recipient on the local network.

ARP does not use port numbers like transport layer protocols (e.g., TCP or UDP) do. It operates at the
data link layer and uses broadcast messages to communicate with devices on the same network
segment.

ARP plays a vital role in local network communication, allowing devices to determine the MAC addresses
of other devices based on their IP addresses. By resolving IP-to-MAC mappings, devices can correctly
address and transmit data to the appropriate recipient on the local network.

RARP (Reverse Address Resolution Protocol)

RARP (Reverse Address Resolution Protocol) is a network protocol used to map MAC addresses to IP
addresses on a local network. It is the reverse process of ARP (Address Resolution Protocol) and is
primarily used in legacy systems or diskless workstations to obtain an IP address based on the MAC
address.

How RARP works

1. RARP Request: When a diskless workstation or a system without a configured IP address boots
up, it sends a RARP Request broadcast message to the local network. The RARP Request contains
the sender's MAC address.

2. RARP Server: A RARP server on the network receives the RARP Request and searches its
configuration database for the MAC address. If a corresponding IP address is found, the RARP
server responds with a RARP Reply message.

3. RARP Reply: The RARP Reply message is sent back to the device that made the RARP Request. It
includes the requested IP address and is directed specifically to the device's MAC address.

4. IP Address Configuration: Upon receiving the RARP Reply, the device configures its network
interface with the assigned IP address. This allows the device to participate in IP-based network
communication.

RARP does not use specific port numbers like other protocols. Instead, RARP messages are encapsulated
within Ethernet frames at the data link layer. The Ethernet frame's destination MAC address is set to a
broadcast address (FF:FF:FF:FF:FF:FF) to ensure that the RARP Request is received by all devices on the
local network.
It's worth noting that RARP has become less commonly used with the introduction of more advanced IP
address assignment methods, such as DHCP (Dynamic Host Configuration Protocol). DHCP provides a
more flexible and scalable approach to IP address allocation and configuration.

RARP is primarily associated with older systems or specific use cases where diskless workstations or
legacy devices require IP address assignment based on their MAC addresses.

TCP (Transmission Control Protocol)

TCP (Transmission Control Protocol) is a connection-oriented transport layer protocol in the Internet
Protocol suite. It provides reliable, ordered, and error-checked delivery of data between applications
running on devices connected over an IP network. TCP is responsible for breaking data into packets,
establishing and terminating connections, flow control, and retransmitting lost or corrupted packets.

When it comes to TCP protocol there are 3 stages.

Session starting

Data transmission

Session termination

How TCP works

1. Connection Establishment: Before data can be exchanged, a connection must be established

between the sender (client) and the receiver (server). This is achieved through a three-way
handshake process. The client sends a TCP segment with the SYN (synchronize) flag set to the
server, indicating its intention to establish a connection. The server responds with a TCP segment
that has both the SYN and ACK (acknowledgment) flags set, acknowledging the client's request
and indicating its readiness to establish a connection. Finally, the client sends an ACK segment to
the server, confirming the connection establishment.

2. Reliable Data Transfer: Once the connection is established, data transfer occurs. TCP segments
are used to encapsulate application data into packets for transmission. TCP ensures reliable
delivery by employing sequence numbers, acknowledgments, and timers. Data is divided into
smaller segments and numbered with sequence numbers. The receiver acknowledges the
received segments by sending acknowledgment (ACK) packets back to the sender. If the sender
does not receive an ACK within a specific timeout period, it retransmits the unacknowledged
segment.

3. Flow Control: TCP implements flow control to ensure that a fast sender does not overwhelm a
slower receiver. The receiver can indicate its available buffer space by using the window size
 parameter in TCP segments. The sender adjusts its transmission rate based on the receiver's
window size to maintain optimal data flow.

4. Connection Termination: When the data transfer is complete, the connection is terminated. This
is achieved through a four-way handshake. The client sends a TCP segment with the FIN (finish)
flag set to indicate the intention to close the connection. The server acknowledges the client's
request by sending an ACK segment. The server then initiates its own termination by sending a
TCP segment with the FIN flag set. The client responds with an ACK segment, acknowledging the
server's termination request. Once both sides have sent and received the FIN and ACK segments,
the connection is fully closed.

TCP provides a reliable, connection-oriented communication channel for various applications, such as
web browsing, email, file transfer, and many other network services.

UDP (User Datagram Protocol)

UDP (User Datagram Protocol) is a connectionless transport layer protocol in the Internet Protocol suite.
Unlike TCP, UDP does not provide reliable, ordered, or error-checked delivery of data. It is a simpler
protocol that focuses on delivering data with minimal overhead and lower latency. UDP is often used for
real-time applications, multimedia streaming, DNS (Domain Name System), and other scenarios where
low latency is more important than guaranteed delivery.

how UDP works:

1. Connectionless Communication: UDP does not establish a connection before transmitting data.
Each UDP datagram (packet) is treated independently and can be sent without any prior setup.

2. Data Packetization: Applications using UDP divide their data into smaller packets called UDP
datagrams. Each datagram contains the necessary addressing information, including the source
and destination port numbers, which identify the sending and receiving applications or services.

3. Unreliable Delivery: Unlike TCP, UDP does not provide mechanisms for reliable delivery, flow
control, or retransmission of lost packets. Once a UDP datagram is sent, it is up to the receiving
application to handle any lost, duplicated, or out-of-order packets.

4. Lower Overhead: UDP has lower overhead compared to TCP since it does not include features
like sequence numbers, acknowledgments, or congestion control. This makes UDP faster and
more efficient in terms of network resources.

While UDP sacrifices reliability and ordering for reduced overhead and lower latency, it is suitable for
applications that can tolerate packet loss or where timely delivery of data is crucial. It is commonly used
for real-time multimedia streaming, online gaming, VoIP (Voice over IP), and other applications that
prioritize speed and responsiveness over error checking and retransmission.