1. Design and Planning
Transport Layer Reliability
Part 1 — Build the Network
Investigation 1 — Connection Establishment (Three-Step Setup)
Step A — Reset and Prepare & Step B — Generate TCP Traffic
Step C — Step Through the First Three Packets Only
A TCP connection is created through a process called the three-way handshake. First, the client sends a packet with the SYN flag to request a connection. Second, the server responds with a packet containing SYN and ACK, which acknowledges the request and signals readiness to connect. Third, the client sends an ACK packet back to the server confirming the connection. After these three packets are exchanged, the TCP connection is established and data transmission can begin.
Investigation 2 — Acknowledgment and Ordering
TCP uses sequence numbers and acknowledgment numbers to keep data in the correct order and confirm successful delivery. Sequence numbers increase as more data is sent so the receiver knows the order of the packets. Acknowledgment numbers confirm which data has been received successfully. Sometimes a sender may transmit additional data before receiving acknowledgment depending on the window size. If the connection were interrupted, the sender would notice missing acknowledgments and retransmit the missing packets.
Investigation 3 — Header Fields and Error Detection
The checksum field in the TCP header is used to detect errors in transmitted data. It verifies that the packet contents have not been corrupted while traveling across the network. If the receiving computer calculates a different checksum than the one in the packet, the segment is considered invalid and is discarded. Because the receiver does not acknowledge the corrupted packet, the sender eventually retransmits the data.
Part 2 — Observing TCP Behavior
Step 1: Switch to Simulation Mode & Step 2: Generate TCP Traffic & Step 3: Filter for TCP
Step 4: Run the Simulation Slowly
Part 3 — Observe UDP Behavior
Step 1: Clear Simulation Step 2: Generate UDP Traffic
| Feature | TCP | UDP |
|---|---|---|
| Connection setup | Requires a three-way handshake before data is sent | No connection setup is required |
| Acknowledgment | Uses acknowledgments to confirm delivery | Does not use acknowledgments |
| Ordering | Delivers data in order using sequence numbers | Does not guarantee order |
| Retransmission | Retransmits lost packets | Does not retransmit lost packets |
| Overhead | Higher overhead because of reliability features | Lower overhead because it is simpler |
Part 4
Step 1 — Start TCP Traffic
Step 2 — Interrupt the Link
Step 3 — Step Forward
Step 4 — Restore Connectivity
TCP detects packet loss when acknowledgments stop arriving or when duplicate acknowledgments appear. This indicates that a packet may have been lost in transmission. The sender then retransmits the missing segment using the same sequence number. Because TCP can detect and resend lost packets, the communication usually continues successfully even if some packets are dropped.
Part 5 — Port Number Rigor
Port numbers help identify which application on a device should receive the data. While an IP address identifies the computer itself, the port number identifies the specific program or service. For example, web servers commonly use port 80 for HTTP and port 443 for HTTPS. Ports allow multiple applications to use the network at the same time on the same device. Both TCP and UDP use port numbers for this purpose.
2. Technical Development
Investigation 1 — Connection Establishment
Before any data is transmitted in TCP, a three-step handshake occurs between the client and server. The client sends a SYN packet requesting a connection. The server replies with a SYN-ACK packet to acknowledge the request and indicate it is ready. The client then sends a final ACK packet confirming the connection. Once this process is complete, both systems can begin exchanging data reliably.
Investigation 2 — Acknowledgment and Ordering
If a TCP segment is sent but never acknowledged, the sender assumes that the packet was lost during transmission. The sender may detect this through a timeout or through repeated duplicate acknowledgments. When this happens, the sender retransmits the segment with the same sequence number. This process ensures reliable delivery of data across the network.
Investigation 3 — TCP Header Fields
The checksum protects the integrity of the data being transmitted. If a packet becomes corrupted due to network interference or transmission errors, the checksum calculation will not match. The receiving computer will discard the corrupted packet instead of processing it. Because the packet is not acknowledged, the sender will eventually retransmit it.
Part 1 — Full Stack Analysis: HTTP vs HTTPS
Step 1
curl -I http://example.com
ss -tn
Step 2
curl -I https://example.com
ss -tn
HTTP and HTTPS both operate at the application layer, but HTTPS includes encryption through TLS (Transport Layer Security). HTTP typically uses port 80, while HTTPS uses port 443. Both protocols still rely on TCP for reliable data delivery. The main difference is that HTTPS encrypts the data between the client and server, making communication more secure.
Part 2 — DNS as a Supporting Application Protocol
nslookup example.com
DNS normally uses port 53 and operates over UDP. UDP is preferred because DNS requests are small and need fast responses without the overhead of establishing a full connection. If a DNS response is too large for UDP, it may switch to TCP. DNS plays an important role in networking because it converts domain names into IP addresses.
Part 3 — Remote Access Using SSH
Step 1 — Identify Your Local IP
ip addr
Step 2 — Connect to Yourself via SSH
ssh your_username@localhost
Step 3 — Inspect the Connection
ss -tn
SSH allows users to securely access a remote computer over a network. It normally uses port 22 and runs on top of TCP. TCP ensures that commands and responses are delivered reliably and in the correct order. SSH encrypts all communication so that sensitive data such as login credentials cannot be intercepted.
Part 4 — Secure File Transfer
echo “Layered Networking Test” > stacktest.txt
scp stacktest.txt your_username@localhost:/home/your_username/
SCP is a protocol used to transfer files securely between computers. It works by using the encrypted connection provided by SSH. Because SSH uses TCP, SCP also relies on TCP for reliable transmission. Encryption ensures that the file contents cannot be read or modified while being transferred.
Part 5 — Stack Mapping Requirement
Choose ONE of the following: • HTTPS request • SSH session • SCP transfer
| Layer | Protocol | Purpose |
|---|---|---|
| Application | HTTP | Requests and receives web content |
| Presentation | TLS | Encrypts data and protects privacy |
| Session | TLS Session / HTTPS session | Maintains the secure communication session |
| Transport | TCP | Provides reliable, ordered delivery |
| Network | IP | Routes packets between devices |
When a user visits a secure website, several networking layers work together. At the application layer, HTTP handles the request for the webpage. TLS at the presentation layer encrypts the data. TCP at the transport layer ensures reliable delivery of packets. Finally, IP at the network layer routes the packets across the internet to their destination.
HTTP Response Status Codes Investigation
Source Used:
MDN Web Docs — HTTP Response Status Codes
https://developer.mozilla.org/en-US/docs/Web/HTTP/Status
Task 1 — Understanding Status Code Categories
| Status Code Range | Meaning | Example Code | Explanation |
|---|---|---|---|
| 1xx | Informational responses | 100 Continue | This means the server has received the beginning of the request and the client should continue sending the rest of the request. |
| 2xx | Successful responses | 200 OK | This means the request was successful and the server returned the requested resource, such as a webpage. |
| 3xx | Redirection messages | 301 Moved Permanently | This means the requested resource has been permanently moved to a new URL and the client should use the new address in the future. |
| 4xx | Client error responses | 404 Not Found | This means the server could not find the requested page or resource. The request was valid, but the content does not exist at that location. |
| 5xx | Server error responses | 500 Internal Server Error | This means the server encountered a problem while trying to process the request and could not complete it. |
Task 2 — Investigating Real Codes
| Status Code | Name | What It Means | When It Happens |
|---|---|---|---|
| 200 | OK | The request was successful and the server sent back the requested data. | Happens when a webpage loads normally without any issues. |
| 301 | Moved Permanently | The requested resource has been permanently moved to a new URL. | Happens when a website permanently changes the address of a page and wants browsers to update their bookmarks. |
| 302 | Found (Temporary Redirect) | The requested resource is temporarily located at a different URL. | Happens when a website temporarily redirects users to another page, such as during maintenance. |
| 404 | Not Found | The server cannot find the requested page or resource. | Happens when a user enters the wrong URL or the page has been deleted. |
| 500 | Internal Server Error | The server encountered an unexpected problem while processing the request. | Happens when there is a bug, misconfiguration, or crash on the web server. |
Task 3 — Connecting Status Codes to Networking Concepts
HTTP status codes are handled at theApplication Layer because they describe the meaning of a web request and response. The Transport Layer, which uses TCP, is responsible for reliably delivering data between computers. TCP ensures that packets arrive correctly and in order, but it does not understand the meaning of the data being sent. HTTP, which operates at the Application Layer, defines how web browsers and servers communicate about web resources. Because status codes describe the outcome of an HTTP request, they must be handled at the Application Layer where the web communication rules are defined.
Task 4 — Reasoning About Web Behavior
A server might return 301 Moved Permanently instead of just sending the new page so that browsers and search engines know the page has a new permanent address. This allows them to update bookmarks and indexes to the correct location. 404 errors are common on the internet because pages are often deleted, moved, or linked incorrectly, which causes the server to be unable to find the requested resource. A 500 Internal Server Error suggests that something went wrong on the server itself, such as a coding error, misconfiguration, or software failure that prevented the server from completing the request.
3. Testing & Evaluation
Part 1 — Predict Before Testing
TCP is considered connection-oriented because it establishes a connection before sending data. UDP is connectionless, meaning it sends data without creating a session first. If UDP packets are lost, they are not automatically retransmitted. TCP uses more overhead because it tracks sequence numbers, acknowledgments, and connection states.
Part 2 — Observing Listening Sockets (System Readiness)
Step 1 — View Listening TCP Ports
ss -tln
Step 2 — Identify the Process Using a Port
sudo ss -tlpn
If port 22 appears in a listening state, it means that an SSH server is running and waiting for incoming connections. If the port does not appear, the SSH service is likely not running. A port exists as a number in the networking system, but it is only considered listening when an application actively uses it.
Step 3 — View Listening UDP Ports
ss -uln
Part 3 — Live TCP vs UDP Experiment
Step 1 — Start TCP Listener (Terminal A)
nc -l 5000
Step 2 — Confirm LISTEN State (Terminal C)
ss -tln
Step 3 — Establish TCP Connection (Terminal B)
nc 127.0.0.1 5000
Step 4 — Observe ESTAB State (Terminal C)
ss -tn
A LISTEN state means that a program is waiting for incoming TCP connections. An ESTAB (established) state means that a connection between two systems has already been successfully created. The command ss -tln shows listening TCP sockets, while ss -tn shows active TCP connections. This demonstrates how TCP manages connection states during communication.
UDP Experiment
Step 1 — Start UDP Listener (Terminal A)
nc -u -l 6000
Step 2 — Send UDP Traffic (Terminal B)
nc -u 127.0.0.1 6000
Step 3 — Inspect UDP State (Terminal C)
ss -uln
UDP Analysis (Digital Portfolio with evidence in paragraph form)
UDP sockets typically appear with the state UNCONN, meaning they are not connected to a specific peer. This occurs because UDP does not create persistent connections like TCP. If a terminal closes suddenly, UDP communication simply stops without a formal closing process.
Part 4 — Port and Ephemeral Port Analysis
Terminal A:
nc -l 5000
Terminal B:
nc 127.0.0.1 5000
Then immediately in Terminal C:
ss -tn
A listening port is used by a server application waiting for incoming requests. An ephemeral port is a temporary port assigned by the operating system to a client during a connection. This allows many connections to occur at the same time without conflicts. UDP also uses ports to identify services, even though it does not create connections.
| Application | Protocol | Why? |
|---|---|---|
| Online Banking | HTTPS | It protects sensitive financial information through encryption |
| Zoom Call | UDP | It reduces delay, which is important for live audio and video |
| Netflix Streaming | HTTP/HTTPS | It reliably delivers streaming content in chunks over the web |
| File Download | HTTPS | It provides reliable transfer and can also encrypt the file transfer |
| DNS Query | DNS over UDP | It is fast and efficient for small requests |
Part 1 — Application Layer Investigation
Step 1 — Inspect an HTTP Transaction
curl -I http://example.com
The protocol being used is HTTP, which operates at the Application Layer. It runs on top of TCP, the transport protocol that provides reliable data delivery. We know this because HTTP normally uses TCP on port 80 for web communication. The Application Layer is responsible for interpreting the “200 OK” response because it is part of the HTTP protocol.
Step 2 — Inspect an HTTPS Transaction
curl -I https://example.com
When the request changed from http://example.com to https://example.com, the connection became secure instead of plain text. The additional protocol involved is TLS, which is used to encrypt the communication before the webpage data is exchanged. HTTP by itself does not provide encryption. The encryption logically occurs above TCP and below the application data, which is why HTTPS uses HTTP together with TLS rather than replacing HTTP itself.
Part 2 — Presentation Layer Investigation
openssl s_client -connect example.com:443
Before application data is transferred in a secure HTTPS connection, the client and server exchange information during the TLS handshake. This includes security settings, certificate information, and the process for agreeing on encryption keys. This is not Layer 4 behavior, because TCP’s job is to move data reliably, not to negotiate encryption. The handshake solves the problem of how two systems can communicate securely and trust the connection before sending private data. It must happen first so that all later application data is protected.
Conceptual Distinction
If TLS encrypts data, it is not replacing TCP. Instead, TLS operates above TCP. TCP is responsible for reliable transport, meaning it makes sure data arrives in order and is retransmitted if needed. TLS is responsible for formatting and encryption, meaning it protects the contents of the communication from being read or changed by others. These are different responsibilities, so TLS builds on top of TCP rather than replacing it.
Part 3 — Session Layer Investigation
curl https://example.com & ss -tn
When running curl https://example.com & ss -tn, the connection may still appear briefly as active depending on timing. In many cases it will move through an ESTAB state while data is being exchanged and then close when the transaction is finished. The session ends when the client and server are done communicating and close the connection. That decision is made by the systems and the application behavior, not just by TCP alone. If you log into a website with a username and password, TCP is not managing your login. That is handled at a higher layer by the web application and related session mechanisms.
| Protocol | Layer | Purpose |
|---|---|---|
| HTTP | Application | Defines how web browsers and servers exchange web content |
| HTTPS | Application | Provides secure web communication using HTTP with encryption |
| TLS | Presentation | Encrypts and protects data in transit |
| DNS | Application | Translates domain names into IP addresses |
| TCP | Transport | Provides reliable, ordered delivery of data |
4. Reflection and Analysis
Assignment 1 Reflection:
TCP detects loss by using sequence numbers and acknowledgment numbers found in the TCP header. If a segment is sent and the acknowledgment does not arrive, TCP assumes the data was lost and retransmits it. This means deleting one TCP segment does not permanently break communication because TCP is designed to recover by sending the missing data again. In contrast, ICMP behaves differently because it does not provide the same reliable delivery features, so a lost ICMP packet is usually just lost. Reliability increases overhead because TCP must keep track of headers, acknowledgments, retransmissions, and connection state. This also shows the difference between layers: Layer 3 handles addressing and routing with IP, while Layer 4 handles reliability and ports with TCP.
Assignment 2 Reflection:
TCP and UDP are structurally different because TCP is connection-oriented while UDP is connectionless. TCP reliability comes from the three-way handshake, sequence numbers, acknowledgments, and retransmissions. UDP avoids those features so it can send data with less delay and less overhead. Ports enable multiplexing by allowing many applications and sessions to share the same device and network connection at once. This was visible in the ss outputs, where TCP showed states like LISTEN and ESTAB, while the netcat UDP experiment showed UNCONN behavior instead of a true connection state. Protocol overhead matters because stronger reliability requires more tracking, more control information, and more processing.
Assignment 3 Reflections:
A. Encryption does not occur at Layer 3 because Layer 3 is responsible for routing packets across networks, not for protecting the contents of the data. TCP does not handle user authentication because authentication belongs to the application layer, where services decide who is allowed to log in. These responsibilities are separated so networks remain organized and efficient: transport reliability belongs to TCP, encryption belongs to TLS, and application logic belongs to protocols and services such as HTTP and web applications. If all of these tasks were collapsed into one layer, networks would become harder to design, less flexible, and much more difficult to troubleshoot because every protocol would need to handle too many responsibilities at once.
Assignment 4 Reflection:
SSH requires TCP because it needs reliable, ordered communication, which TCP provides through error checking and retransmission. Encryption is not handled at Layer 3 because that layer focuses on routing packets, while encryption is handled at higher layers like Layer 6 using TLS. HTTP does not provide its own reliability because it relies on TCP instead. Without port numbers, devices would not know which application (like web or SSH) should receive data, so communication would fail. Remote access and file transfer are separated because they serve different purposes and require different optimizations.
In a transaction, Layer 3 handles routing between networks, Layer 4 (TCP) ensures reliable delivery, Layer 6 (TLS) encrypts the data, and Layer 7 defines how the data is used. For example, curl sends HTTP requests to specific port numbers like 80 or 443, while ssh connects to port 22. TCP ensures reliability, while TLS provides encryption, and both are needed for secure communication.
Assignment 5 Reflection:
The server does not send the new page automatically because the web uses a request-response model where the client must request each resource. Instead, the server sends a status code and a redirect header telling the client where to go next. The client then makes a new request. This gives the client control and allows flexibility, caching, and better scalability. The server provides instructions, and the client decides how to respond, which makes the web more efficient and organized.