Cheat sheet

TCP/IP Fundamentals — Cheat Sheet

The networking layer cake. OSI vs TCP/IP, the journey of a packet, common protocols, and the questions that show up in system-design interviews.

Read the full postUpdated June 2026
1

OSI vs TCP/IP

Both are layered models. OSI is theoretical, TCP/IP is what runs on the internet.

OSI (7 layers)TCP/IP (4 layers)Examples
ApplicationApplicationHTTP, DNS, SSH, SMTP
Presentation(folded in)TLS, encoding
Session(folded in)
TransportTransportTCP, UDP
NetworkInternetIP, ICMP
Data linkLinkEthernet, Wi-Fi
PhysicalLinkCables, radio

Memorise the four: Application · Transport · Internet · Link.

2

What each layer does

LayerJobIdentifies by
ApplicationWhat the app actually sends (HTTP request, DNS query)URL / endpoint
TransportReliable (TCP) or fast (UDP) delivery between processesPort (0–65535)
InternetRoute packets across networksIP address
LinkMove bits across one physical hopMAC address

A web request goes: HTTP (app) → TCP (transport) → IP (internet) → Ethernet/Wi-Fi (link), then back up the stack on the server.

3

TCP vs UDP

TCPUDP
ConnectionYes (3-way handshake)No (fire and forget)
ReliabilityGuaranteed, retries, orderedBest-effort, lossy
SpeedSlowerFaster
Header overhead20 bytes min8 bytes
Use forHTTP, SSH, email, file transferDNS, streaming, gaming, VoIP

Pick TCP when correctness > speed. Pick UDP when speed > correctness (live video can drop a frame; a payment cannot drop a digit).

4

The 3-way handshake

How TCP starts a connection:

Client                   Server
  │  ─── SYN ─────────────►
  │  ◄─── SYN + ACK ──────
  │  ─── ACK ────────────►

  │      [connected]
  • SYN — "I want to talk, sequence starts at X."
  • SYN + ACK — "OK, I'll talk, my sequence starts at Y, I acknowledge X."
  • ACK — "Got it, I acknowledge Y."

Three round-trips before the first byte of payload. This is why connection-heavy protocols (HTTP/1.1) feel slow without keep-alive.

5

IP addressing

IPv4: 32-bit, written as four octets (192.168.1.1). ~4 billion addresses. Already exhausted.

IPv6: 128-bit, written in hex blocks (2001:0db8::1). Effectively unlimited.

Private ranges (not routable on the internet):

  • 10.0.0.0/8
  • 172.16.0.0/12
  • 192.168.0.0/16
  • 127.0.0.1 — localhost

NAT (Network Address Translation) translates between your private LAN and one public IP — that's how multiple devices share one home router's address.

CIDR notation: 192.168.1.0/24 = first 24 bits are network, last 8 are host → 256 addresses.

6

DNS

How a name like mariaa.tech becomes an IP:

  1. Browser checks local cache. Miss.
  2. Asks the recursive resolver (your ISP or 8.8.8.8).
  3. Resolver asks the root server → "ask .tech".
  4. Resolver asks the .tech TLD → "ask Cloudflare's nameserver".
  5. Resolver asks Cloudflare → "it's 76.76.21.X".
  6. Resolver returns the answer to your browser.

Record types:

  • A — IPv4 address.
  • AAAA — IPv6 address.
  • CNAME — alias to another name.
  • MX — mail server.
  • TXT — arbitrary text (DKIM, SPF, verification).
  • NS — nameserver authoritative for the domain.
7

HTTP / HTTPS

HTTP runs on top of TCP, port 80. HTTPS is HTTP inside TLS, port 443.

TLS handshake (simplified):

  1. Client says hello + supported ciphers.
  2. Server picks cipher, sends its certificate.
  3. Client verifies the cert against trusted CAs.
  4. Exchange keys, derive a shared session key.
  5. All further traffic is encrypted with that key.

Latency cost: ~1 round trip beyond TCP's 3-way handshake. HTTP/3 over QUIC (UDP) reduces this further.

8

Debugging tools

The networking toolbox:

ToolUse
pingIs this host reachable?
traceroute / tracertWhich hops does my packet take?
nslookup / digResolve a DNS name.
netstat -anWhat ports are open / connected on this machine?
ssModern replacement for netstat.
tcpdump / WiresharkCapture and inspect actual packets.
curl -vInspect HTTP requests, headers, TLS.
mtrCombined ping + traceroute over time.