We've made our way up to the Transport Layer (Layer 4) of the OSI model! If the Network Layer (Layer 3) is like the postal system, figuring out the address and route, then the Transport Layer is like deciding how to package and send your letter – registered mail (guaranteed delivery), regular mail (best effort), or maybe even a series of postcards.

The Transport Layer sits between the Network Layer (which handles IP addresses and routing) and the Session Layer (which manages dialogues between applications). Its primary job is to provide a reliable and efficient way for applications on different hosts to communicate with each other. It doesn't care how the data physically gets there (that's the lower layers' job); it focuses on how the data is handled for the application.

Key Functions of the Transport Layer:

• Segmentation and Reassembly: Just like the Network Layer can fragment packets, the Transport Layer breaks down large application data streams into smaller segments suitable for transmission. On the receiving end, it reassembles these segments back into the original data.
• Connection Management (for TCP): Establishing, maintaining, and gracefully terminating connections between applications. This is like making a phone call – you dial, talk, and then hang up.
• Flow Control: Preventing a fast sender from overwhelming a slow receiver. This is like saying "hold on a second" during a conversation when you need time to process information.
• Error Control (for TCP): Detecting and correcting errors that may occur during transmission. This is like asking someone to repeat themselves if you didn't hear them clearly.
• Multiplexing and Demultiplexing (using Ports): Allowing multiple applications on a single host to share the same network connection. This is like having multiple extensions on a single phone line.

The Two Main Transport Layer Protocols: TCP and UDP

The Transport Layer gives applications a choice: do they need a highly reliable, connection-oriented service, or a faster, connectionless service? This choice boils down to two main protocols:

1. TCP (Transmission Control Protocol): The "Registered Mail" Option
   • Connection-Oriented: TCP establishes a connection between the sender and receiver before any data is transmitted. This involves a "three-way handshake" (SYN, SYN-ACK, ACK) that we'll discuss shortly.
   • Reliable: TCP guarantees that data will be delivered in the correct order and without errors. It uses acknowledgments (ACKs), sequence numbers, and checksums to achieve this. If a segment is lost or corrupted, TCP will retransmit it.
   • Ordered Delivery: Segments are delivered to the receiving application in the same order they were sent.
   • Flow Control: TCP uses a "sliding window" mechanism to prevent the sender from overwhelming the receiver.
   • Congestion Control: TCP adapts to network congestion to avoid making things worse. It slows down transmission when it detects packet loss.
   • Examples: Web browsing (HTTP/HTTPS), email (SMTP), file transfer (FTP), SSH. These applications require reliability.
2. UDP (User Datagram Protocol): The "Regular Mail" Option
   • Connectionless: UDP doesn't establish a connection before sending data. It just sends the data and hopes for the best.
   • Unreliable: UDP doesn't guarantee delivery, order, or error-free transmission. There are no acknowledgments or retransmissions.
   • Faster: Because it doesn't have the overhead of connection management and reliability features, UDP is generally faster than TCP.
   • Lower Overhead: UDP headers are much smaller than TCP headers.
   • Examples: Online gaming, video streaming, DNS lookups, VoIP (Voice over IP). These applications can tolerate some packet loss, and speed is often more important than perfect reliability.

The Three-Way Handshake (TCP Connection Establishment)

Let's look at how TCP establishes a connection:

1. SYN (Synchronize): The client sends a SYN packet to the server, indicating its desire to establish a connection. This packet includes a randomly chosen initial sequence number (ISN).
2. SYN-ACK (Synchronize-Acknowledge): The server responds with a SYN-ACK packet. It acknowledges the client's SYN (by including the client's ISN + 1) and also sends its own ISN.
3. ACK (Acknowledge): The client sends an ACK packet to acknowledge the server's SYN-ACK. The connection is now established.

This handshake ensures that both sides are ready to communicate and agree on initial sequence numbers.

TCP Termination (Four-Way Handshake)
TCP also have Termination fase, to close connection properly.

1. FIN Initiator sends a FIN segment, indicating that it has no more data to send.
2. ACK The other side acknowledges the FIN, confirming that it has received the close request.
3. FIN The other side, sends a FIN when it's also ready to close its end of the connection.
4. ACK The Initiator acknowledges the final FIN, completing the connection closure.

Port Numbers: Identifying Applications

How does the Transport Layer know which application should receive incoming data? That's where port numbers come in.

• A port number is a 16-bit number (0-65535) that identifies a specific application or process running on a host.
• When a client application wants to communicate with a server, it specifies the server's IP address and the port number associated with the desired service.
• Think of an IP address as the street address of a building, and the port number as the apartment number within that building.

Well-Known Ports:

Some port numbers are "well-known," meaning they are reserved for specific services:

• Port 80: HTTP (Web traffic)
• Port 443: HTTPS (Secure web traffic)
• Port 20/21: FTP (File Transfer Protocol)
• Port 22: SSH (Secure Shell)
• Port 25: SMTP (Simple Mail Transfer Protocol)
• Port 53: DNS (Domain Name System)

Ephemeral Ports:

Client applications typically use "ephemeral" or "dynamic" ports, which are randomly assigned by the operating system from a range of high-numbered ports (usually above 1024).

Example:

When you browse to www.example.com, your browser (the client) might use a random ephemeral port (e.g., 49152). It connects to the server's IP address on port 80 (HTTP). The server then sends the web page data back to your browser's IP address and port 49152.

Multiplexing and Demultiplexing

• Multiplexing: The Transport Layer on the sending host gathers data from multiple applications, adds header information (including source and destination port numbers), and passes the segments down to the Network Layer.
• Demultiplexing: The Transport Layer on the receiving host examines the destination port number in the segment header and delivers the data to the correct application.

Security Considerations at the Transport Layer

• SYN Floods: A type of denial-of-service (DoS) attack where an attacker sends a large number of SYN packets to a server, overwhelming it and preventing legitimate connections.
• Port Scanning: Attackers use port scanning tools to identify open ports on a target system, which can reveal potential vulnerabilities.
• TCP Session Hijacking: An attacker can try to intercept and take over an established TCP connection.
• Firewalls Firewalls filter traffic based on source and destination IP addresses and port numbers, controlling which connections are allowed.

Conclusion

The Transport Layer is essential for reliable and efficient communication between applications. It provides the mechanisms for segmenting data, managing connections (TCP), handling errors, and directing data to the correct applications using port numbers. Understanding TCP and UDP, and their respective strengths and weaknesses, is crucial for anyone working with networked systems. Now we are going to prepare to review the Session Layer.с