TCP/IP and Application Layer Protocols

TCP/IP is the protocol suite that underpins all Internet communication. It is organised into four layers, each with a distinct responsibility:

Layer	Responsibility	Example protocols
Application	User-facing protocols; formats data for apps	HTTP, HTTPS, FTP, SMTP, POP3, SSH, DNS
Transport	End-to-end delivery; segmentation; ports; reliability	TCP, UDP
Network/Internet	Logical addressing; routing between networks	IP (IPv4, IPv6)
Link	Physical delivery within one network segment; MAC addresses	Ethernet, WiFi (802.11)

Each layer encapsulates the data from the layer above, adding its own header. At the receiver, each layer strips its header and passes the payload upward.

Ports

A port is a number that identifies a specific service or application running on a host. The combination of IP address + port number identifies a specific endpoint of a connection.

Well-known ports (0–1023) are reserved for standard services:

Port	Protocol	Service
20/21	FTP	File transfer (data/control)
22	SSH	Secure remote access
25	SMTP	Sending email
80	HTTP	Web pages
110	POP3	Receiving email
443	HTTPS	Encrypted web

Client (ephemeral) ports (1024–65535) are dynamically assigned by the OS for each outgoing connection.

Sockets

A socket is the endpoint of a connection, identified by an IP address + port number pair. Every active connection has two sockets — one on the client and one on the server.

Client socket: 192.168.1.5:54321   ←→   Server socket: 93.184.216.34:443

MAC addresses

A MAC (Media Access Control) address is the hardware address of a network interface card. It is used for local delivery within a single network segment (LAN). MAC addresses operate at the Link layer; IP addresses operate at the Network layer. Routers use IP addresses to route between networks, then use MAC addresses to deliver within the final LAN segment.

FTP (File Transfer Protocol) — port 21

• Used to transfer files between a client and a server
• Supports anonymous access (no credentials) or authenticated access (username/password)
• Separate control (port 21) and data (port 20) connections
• Unencrypted — credentials and data sent in plaintext

HTTP (HyperText Transfer Protocol) — port 80

• Transfers web pages (HTML, CSS, JavaScript, images) from a web server to a browser
• Stateless — each request is independent; the server retains no memory of previous requests
• Client sends a request (e.g. GET /index.html HTTP/1.1); server responds with status code + content

HTTPS (HTTP Secure) — port 443

• HTTP over TLS (Transport Layer Security) — all traffic encrypted
• Browser and server perform a TLS handshake using asymmetric encryption to exchange a symmetric session key
• Uses digital certificates to verify the server's identity

SMTP (Simple Mail Transfer Protocol) — port 25

• Used to send email from a client to a mail server, and between mail servers
• Works as a push protocol — sender pushes mail to the server
• Does not retrieve mail; it only sends

POP3 (Post Office Protocol 3) — port 110

• Used to retrieve email from a mail server to a client
• Downloads email to the local device and typically deletes it from the server
• Simple — designed for single-device access

SSH (Secure Shell) — port 22

• Provides secure remote login and command execution on a remote machine
• Uses TCP; encrypts all traffic (commands, responses, data)
• Replaced insecure Telnet for remote administration
• Supports public-key authentication (no password needed)

Web server

• Stores web pages and resources (HTML, images, CSS, JavaScript)
• Listens on port 80 (HTTP) or 443 (HTTPS)
• On receiving an HTTP GET request: locates the resource and responds with its content
• Returns status codes: 200 OK, 404 Not Found, 301 Redirect, 500 Internal Server Error

Email server

• Manages the sending and receiving of email
• Uses SMTP to send outbound mail (client → server; server → server)
• Uses POP3 (or IMAP) for clients to retrieve mail from the server
• Stores mailboxes for each user until mail is retrieved

Full email flow:

Sender's client ──SMTP──▶ Sender's mail server ──SMTP──▶ Recipient's mail server
                                                           │
Recipient's client ◀──POP3────────────────────────────────┘

1. Confusing SMTP and POP3 roles

SMTP sends email (outbound push). POP3 retrieves email (inbound pull). A question asking which protocol is used when a user's client downloads new email: the answer is POP3, not SMTP.

2. Confusing MAC address and IP address

MAC addresses are hardware addresses used for local delivery within a LAN. IP addresses are logical addresses used for routing across networks. A packet may travel through many networks — at each hop, the MAC address changes (new source/destination MACs for that LAN segment), but the IP addresses remain the same end-to-end.

3. Stating HTTP maintains session state

HTTP is stateless — each request is independent. Websites that appear to have sessions (logged-in users) use cookies or session tokens layered on top of HTTP to simulate state.

4. Confusing port number ranges

Well-known ports: 0–1023 (assigned to standard services). Registered ports: 1024–49151. Ephemeral/dynamic ports: 49152–65535. Exam questions often ask which range is used for well-known services — the answer is 0–1023.