The transport layer is responsible for establishing a temporary communication session between two applications and delivering data between them.

TCP/IP provides two transport layer protocols, Transmission Control Protocol (TCP) and User Datagram Protocol (UDP). IP uses these transport protocols to enable hosts to communicate and transfer data.

  • TCP is considered a reliable, full-featured transport layer protocol, which ensures that all of the data arrives at the destination.
  • In contrast, UDP is a very simple transport layer protocol that does not provide for any reliability.
The primary responsibilities:
  • Tracking the individual communication between applications on the source and destination hosts.

A host may have multiple applications that are communicating across the network simultaneously. Each of these applications communicates with one or more applications on one or more remote hosts. It is the responsibility of the transport layer to maintain and track these multiple conversations.

  • Segmenting data for manageability and reassembling segmented data into streams of application data at the destination

Most networks have a limitation on the amount of data that can be included in a single packet. Transport layer protocols have services that segment the application data into blocks of data that are an appropriate size . This service includes the encapsulation required on each piece of data. A header, used for reassembly, is added to each block of data. This header is used to track the data stream.

  • Identifying the proper application for each communication stream.

To pass data streams to the proper applications, the transport layer must identify the target application. To accomplish this, the transport layer assigns each application an identifier. This identifier is called a port number. Each software process that needs to access the network is assigned a port number unique in that host. The transport layer uses ports to identify the application or service.

Port Number

A port is a numeric identifier within each segment that is used to keep track of specific conversations and destination services requested.

In the header of each segment or datagram, there is a source and destination port. The source port number is the number for this communication associated with the originating application on the local host. The destination port number is the number for this communication associated with the destination application on the remote host.

Socket:  It is the combination of the transport layer port number, and the network layer IP address of the host, that uniquely identifies a particular application process running on an individual host device.  The socket on a web server might be:

Destination Port

The client places a destination port number in the segment to tell the destination server what service is being requested. This is usually the well known number.

Source Port

The source port number is randomly generated by the sending device to identify a conversation between two devices. This allows multiple conversations to occur simultaneously. In other words, a device can send multiple HTTP service requests to a web server at the same time. The separate conversations are tracked based on the source ports.
The requesting application port number is used as the destination port number in the response coming back from the server.

Types of ports:

  • Well-known Ports (Numbers 0 to 1023) – These numbers are reserved for services and applications. They are commonly used for applications such as HTTP (web server), Internet Message Access Protocol (IMAP)/Simple Mail Transfer Protocol (SMTP) (email server) and Telnet. By defining these well-known ports for server applications, client applications can be programmed to request a connection to that specific port, and its associated service.
    Portnumber Port Name
    TCP 21 FTP
    TCP 23 Telnet
    TCP 25 SMTP
    TCP 80 HTTP
    TCP 443 HTTPS
    UDP 69 TFTP
    UDP 520 RIP

More example, check here.

  • Registered Ports (Numbers 1024 to 49151) – These port numbers are assigned to user processes or applications. These processes are primarily individual applications that a user has chosen to install, rather than common applications that would receive a well-known port number. When not used for a server resource, these ports may be dynamically selected by a client as its source port.  Eg,
























    MSN messenger

    Cisco SCCP(VOIP)

    Alternate HTTP

    Alternate HTTP

    RADIUS Authentication Protocol

    RTP(voice and video transport Protocol)



    More example,check here.

  • Dynamic or Private Ports (Numbers 49152 to 65535) – Also known as ephemeral ports, these are usually assigned dynamically to client applications when the client initiates a connection to a service. The dynamic port is most often used to identify the client application during communication, whereas the client uses the well-known port to identify and connect to the service being requested on the server.

Both UDP and TCP port

Registered Port number Name
Registered 1433 MS SQL
Registered 2948 WAP(MMS)
Well-Known 53 DNS
Well-known 161 SNMP
Well-known 531 AOL instant Messenger.IRC

Port addressing( netstat)

Netstat lists the details:

  • Protocol in use,
  • the local address and port number,
  • the foreign address and port number,
  • The connection state.

To know which active TCP connections are open and running on a networked host. Netstat is an important network utility that can be used to verify those connections.

  • Unexplained TCP connections can pose a major security threat, because they can indicate that something or someone is connected to the local host.
  • Unnecessary TCP connections can consume valuable system resources, thus slowing down the host’s performance.

TCP(Transmission Control Protocol)

TCP was initially described in RFC 793. While the TCP reliability functions provide more robust communication between applications, they also incur additional overhead and possible delays in transmission.

3 basic operations of reliability are:

  • Tracking transmitted data segments
  • Acknowledging received data
  • Retransmitting any unacknowledged data

In addition to supporting the basic functions of data segmentation and reassembly, TCP also provides:

  • Connection-oriented conversations by establishing sessions:  A connection-oriented protocol is one that negotiates and establishes a permanent connection (or session) between source and destination devices prior to forwarding any traffic. Session establishment prepares the devices to communicate with one another. Through session establishment, the devices negotiate the amount of traffic that can be forwarded at a given time, and the communication data between the two can be closely managed. The session is terminated only after all communication is completed.
  • Reliable delivery, by re-transmitting and acknowledgement.
  • Ordered data reconstruction
    • Due to multiple routes available.
    • By numbering and sequencing the segments.
  • Flow control: Network hosts have limited resources, such as memory or bandwidth. When TCP is aware that these resources are overtaxed, it can request that the sending application reduce the rate of data flow.


Stateful protocol: A stateful protocol is a protocol that keeps track of the state of the communication session. For example, when data is transmitted using TCP, the sender expects the destination to acknowledge that it has received the data. TCP tracks which information it has sent and which information has been acknowledged. If the data is not acknowledged, the sender assumes the data did not arrive and resends it.

Full-duplex protocol: One host can receive the acknowledgement from another host, and send the data at the same time. So, waiting time is reduced, hence, transmission efficiency is enlarged.

TCP segment

TCP Segment

  • Sequence number (32 bits) – Used for data reassembly purposes,
  • Acknowledgement number (32 bits) – Indicates the data that has been received.
  • Header length (4 bits) – Known as ʺdata offsetʺ. Indicates the length of the TCP segment header.
  • Reserved (6 bits) – This field is reserved for the future.
  • Control bits (6 bits) – Includes bit codes, or flags, that indicate the purpose and function of the TCP segment.
  • Window size (16 bits) – Indicates the number of segments that can be accepted at one time.
  • Checksum (16 bits) – Used for error checking of the segment header and data.
  • Urgent (16 bits) – Indicates if data is urgent.


  • Web( HTTP, HTTPs)
  • SSH, FTP, telnet
  • SMTP, sending mail
  • IMAP/POP, receiving mail