TCP: The Reliable Liar
IP moves packets.
IP does not promise they arrive. IP does not promise they arrive once. IP does not promise they arrive in order. IP does not promise they arrive before your patience expires.
Then TCP enters the room and says:
“I will provide reliable ordered delivery.”
This is technically true.
It is also why TCP is the reliable liar.
TCP lies upward so applications can sleep. Below it, the network remains chaos.
I. What TCP Actually Is
TCP is the Transmission Control Protocol.
The modern base specification is RFC 9293, which consolidates and updates the earlier TCP specifications including the famous RFC 793 lineage.
TCP gives applications a reliable, ordered byte stream between two endpoints.
Not messages. Not records. Not packets.
A stream.
This matters because many civilians think TCP preserves their application writes.
It does not.
Application writes:
"GLORY"
"TO"
"PACKETS"
TCP may deliver to receiver as:
"GLORYTOPACKETS"
"GLO"
"RYTOPA"
"CKETS"TCP preserves byte order. It does not preserve your emotional attachment to write boundaries.
If your protocol needs messages, you must frame them yourself.
The Supreme Leader recommends length prefixes, delimiters with discipline, or a real protocol format. Hope is not framing.
II. The Three-Way Handshake
Before TCP sends application data, it establishes a connection.
The famous handshake:
Client -> Server: SYN
Server -> Client: SYN-ACK
Client -> Server: ACKPolitical translation:
Client: "I request diplomatic relations."
Server: "Request acknowledged. I also request diplomatic relations."
Client: "Acknowledged. Begin trade."This handshake establishes sequence-number state on both sides.
TCP is not just sending data. It is creating a small bilateral government.
That government tracks:
- sequence numbers
- acknowledgments
- receive windows
- retransmission timers
- congestion estimates
- connection state
This is why TCP feels reliable.
It is not calm. It is heavily administered.
III. Sequence Numbers: The Packet Census
TCP labels bytes with sequence numbers.
If data is lost, the receiver’s acknowledgments reveal the gap. The sender can retransmit.
Sender transmits:
bytes 0-999
bytes 1000-1999
bytes 2000-2999
Receiver gets:
bytes 0-999
bytes 2000-2999
Receiver ACKs:
"I still need byte 1000."
Sender:
retransmits missing rangeThis is not magic.
This is bureaucracy with timers.
TCP builds reliability by assuming the network will betray it and keeping records detailed enough to prosecute the betrayal.
IV. Flow Control vs Congestion Control
People confuse these two.
The Ministry will now correct them.
| Mechanism | Protects | Meaning |
|---|---|---|
| Flow control | the receiver | ”Do not send more than I can buffer.” |
| Congestion control | the network path | ”Do not inject more than the route can survive.” |
Flow control is about the endpoint.
Congestion control is about the road.
A receiver window says:
“My palace warehouse has limited space.”
Congestion control says:
“The railway is on fire. Reduce shipments.”
TCP became the backbone of the Internet not only because it retransmits lost data, but because its congestion-control behavior helped prevent the network from melting itself under load.
This is the difference between engineering and optimism.
V. The State Machine
TCP has connection states because every bilateral treaty eventually becomes paperwork.
stateDiagram-v2
[*] --> CLOSED
CLOSED --> SYN_SENT: active open / send SYN
CLOSED --> LISTEN: passive open
LISTEN --> SYN_RECEIVED: receive SYN / send SYN-ACK
SYN_SENT --> ESTABLISHED: receive SYN-ACK / send ACK
SYN_RECEIVED --> ESTABLISHED: receive ACK
ESTABLISHED --> FIN_WAIT_1: active close / send FIN
ESTABLISHED --> CLOSE_WAIT: receive FIN / send ACK
FIN_WAIT_1 --> FIN_WAIT_2: receive ACK
FIN_WAIT_1 --> CLOSING: receive FIN
FIN_WAIT_2 --> TIME_WAIT: receive FIN / send ACK
CLOSING --> TIME_WAIT: receive ACK
CLOSE_WAIT --> LAST_ACK: application closes / send FIN
LAST_ACK --> CLOSED: receive ACK
TIME_WAIT --> CLOSED: 2MSL expires
The user sees:
“connected”
The kernel sees:
“This socket is in FIN-WAIT-2 because someone closed one direction of the stream and now we must preserve legal continuity until all obligations expire.”
TCP is why netstat looks like a government archive.
VI. TIME_WAIT: The Graveyard With Purpose
Administrators hate TIME_WAIT.
They see many sockets and panic.
But TIME_WAIT exists for a reason. It helps ensure delayed packets from an old connection do not contaminate a new connection using the same tuple.
The tuple is:
source IP
source port
destination IP
destination port
protocolIf old packets are still wandering the network, the state must linger long enough for them to die.
This is not waste.
This is quarantine.
The packet may be late, confused, and carrying paperwork from a previous regime. TCP does not allow it to walk into the new government unchecked.
VII. SYN Floods: State As Attack Surface
TCP’s handshake creates state.
State can be attacked.
A SYN flood sends many connection attempts without completing the handshake. The server allocates resources for half-open connections until capacity is pressured.
attacker -> SYN
attacker -> SYN
attacker -> SYN
attacker -> SYN
server -> allocates half-open state
server -> waits
server -> suffersDefenses include SYN cookies, backlog tuning, filtering, rate limits, and upstream mitigation.
The lesson:
any protocol that creates state before trust can be forced to create too much state.
This is not merely networking. This is politics.
Never let strangers allocate unlimited bureaucracy.
VIII. TCP And The Protocols Above It
TCP became the default foundation for many application protocols:
| Protocol | Typical TCP use |
|---|---|
| HTTP/1.1 and HTTP/2 | web traffic over reliable streams |
| SSH | encrypted terminal sessions and tunnels |
| SMTP | mail transfer |
| IMAP | mail access |
| TLS over TCP | encryption above reliable transport |
| BGP | routing sessions over TCP port 179 |
BGP using TCP is especially funny.
The global routing system, a diplomatic arrangement between autonomous systems, delegates byte reliability to TCP and then proceeds to make geopolitical decisions about where the Internet should go.
One protocol says:
“I will deliver bytes in order.”
The other says:
“Excellent. I will announce a route to half the planet.”
IX. The Real Story (Suppressed)
Officially, TCP means Transmission Control Protocol.
Unofficially, its first name was:
Trust Carefully, Peasant.
This was rejected because the acronym revealed too much operational wisdom.
TCP trusts nothing:
- packets may vanish
- packets may duplicate
- packets may reorder
- receivers may be slow
- networks may congest
- peers may disappear
- middleboxes may lie
Yet it presents applications with a polite stream, like a minister hiding a famine report under a tablecloth during a diplomatic dinner.
The application says:
“I wrote bytes.”
TCP says:
“They will arrive in order.”
The network laughs. TCP opens its ledger.
X. The Lesson
TCP is one of civilization’s great acts of deception.
It hides an unreliable world behind an interface that feels reliable.
That deception is useful. But only if you remember where the lie ends.
TCP does not know your message boundaries. TCP does not make your application protocol correct. TCP does not prevent head-of-line blocking. TCP does not make latency disappear. TCP does not save you from bad timeouts.
It gives you ordered bytes and a set of survival mechanisms.
Respect the bargain.
Frame your messages.
Tune your timeouts.
Understand connection state.
Do not panic at TIME_WAIT.
Do not let strangers allocate infinite half-open bureaucracy.
The packet network is unreliable.
TCP is the official who makes it look otherwise.
— Kim Jong Rails, Supreme Leader of the Republic of Derails