Common Network Protocols - Networking Basics

Protocols are the "rules" that govern how devices communicate. Different protocols solve different problems.

Protocol Basics

A protocol is a standardized set of rules for communication:

Define how data is formatted
Define how devices initiate, maintain, and end communication
Allow different vendors' equipment to interoperate

Transport Layer Protocols

The most important protocols for DevOps engineers are at the Transport Layer (Layer 4).

TCP (Transmission Control Protocol)

Purpose: Reliable, ordered delivery of data

TCP Three-Way Handshake (Connection Setup):

Client                Server
  |------ SYN ------->|   "I want to connect"
  |<----- SYN-ACK ----|   "OK, I'm ready"
  |------ ACK ------->|   "Great, connected"
  |======= DATA =====>|   Connection established

Key Features:

Reliable — all data arrives
Ordered — data arrives in sequence
Flow Control — prevents overwhelming receiver
Error Checking — detects and corrects errors
Slower — overhead of reliability

TCP Flags:

Flag	Meaning	Purpose
SYN	Synchronize	Start connection
ACK	Acknowledgment	Confirm receipt
FIN	Finish	End connection
RST	Reset	Abruptly close connection
PSH	Push	Send data immediately
URG	Urgent	Mark data as urgent

TCP State Machine:

CLOSED → LISTEN (server)
         ↓
Client initiates SYN →
         ↓
    SYN_RECEIVED
         ↓
    ESTABLISHED ← ACK received
         ↓
FIN sent → FIN_WAIT_1
         ↓
    TIME_WAIT
         ↓
    CLOSED

When to use TCP:

Web browsing (HTTP/HTTPS)
Email (SMTP, POP3, IMAP)
File transfer (FTP, SFTP)
SSH (remote access)
Database connections
Anything where data integrity matters

UDP (User Datagram Protocol)

Purpose: Fast, best-effort delivery of data

UDP Communication (No Handshake):

Client                Server
  |====== DATA ======>|   One-way, no connection
                      |   Server may or may not receive

Key Features:

Unreliable — packets may be lost
Unordered — packets may arrive out of order
No Connection — no setup/teardown
Fast — minimal overhead
Lower Latency — important for real-time apps

When to use UDP:

DNS queries (quick lookup)
Voice over IP / Video calls (can tolerate packet loss)
Online gaming (latency more important than perfection)
Live video streaming (occasional dropped frames acceptable)
Network monitoring (SNMP)
IoT sensors (volume matters more than individual readings)

ICMP (Internet Control Message Protocol)

Purpose: Send error messages and diagnostic information

Common ICMP Types:

Type	Name	Purpose
8	Echo Request	Ping request ("Are you there?")
0	Echo Reply	Ping response ("Yes, I'm here")
3	Destination Unreachable	Network/host unreachable
11	Time Exceeded	TTL expired
1	Unassigned	Reserved

Ping Example:

ping google.com
# Sends ICMP Echo Request
# Google replies with Echo Reply
# Shows latency and packet loss

Traceroute Example:

traceroute google.com
# Sends UDP packets with increasing TTL
# Each router responds when TTL expires
# Shows path from your machine to destination

When to use ICMP:

Diagnostics (ping, traceroute)
Network troubleshooting
Path MTU discovery
Not for application data

Protocol Comparison

Feature	TCP	UDP	ICMP
Reliability	Guaranteed	Best effort	N/A
Ordering	Ordered	Unordered	N/A
Connection	Yes	No	No
Speed	Slower	Fast	Fast
Use case	Web, email, DB	Gaming, DNS, video	Diagnostics

IP (Internet Protocol)

Purpose: Route packets between networks

IPv4 Header Contains:

Source IP address
Destination IP address
TTL (Time To Live) — prevents infinite loops
Protocol (TCP=6, UDP=17, ICMP=1)
Checksum — error detection
Flags and fragment offset — packet fragmentation info

TTL (Time To Live):

Decrements by 1 at each router
When TTL reaches 0, packet is discarded
Prevents routing loops
Typical initial TTL: 64 or 255

Application Layer Protocols

These protocols sit on top of TCP/UDP:

HTTP (Hypertext Transfer Protocol)

Built on TCP port 80
Stateless request-response protocol
Plain text (unencrypted)

HTTPS (Hypertext Transfer Protocol Secure)

Built on TCP port 443
HTTP + TLS encryption
Secure version of HTTP

DNS (Domain Name System)

Built on UDP port 53
Translates domain names to IP addresses
Can use TCP for large responses

SMTP (Simple Mail Transfer Protocol)

Built on TCP port 25
Sends emails

SSH (Secure Shell)

Built on TCP port 22
Remote login + command execution
Encrypted

FTP (File Transfer Protocol)

Built on TCP ports 20-21
File transfer (unencrypted)

Protocol Layering (Encapsulation)

When you send data over the network, it gets wrapped in multiple headers:

Example: HTTP request over HTTPS

┌─────────────────────────────────┐
│ HTTP Request (Application)      │
│ "GET /index.html"               │
├─────────────────────────────────┤
│ TLS Record (Encryption Layer)   │
├─────────────────────────────────┤
│ TCP Header (Transport Layer)    │
│ Source Port: 54321              │
│ Dest Port: 443                  │
├─────────────────────────────────┤
│ IP Header (Network Layer)       │
│ Source IP: 203.0.113.50         │
│ Dest IP: 142.251.41.14          │
├─────────────────────────────────┤
│ Ethernet Header (Link Layer)    │
│ Source MAC: aa:bb:cc:dd:ee:01  │
│ Dest MAC: aa:bb:cc:dd:ee:02    │
└─────────────────────────────────┘

Port + Protocol Combinations

Web Services:

HTTP:           TCP 80
HTTPS:          TCP 443

Email:

SMTP:           TCP 25
POP3:           TCP 110
IMAP:           TCP 143

Remote Access:

SSH:            TCP 22
Telnet:         TCP 23 (deprecated)

Database:

MySQL:          TCP 3306
PostgreSQL:     TCP 5432
MongoDB:        TCP 27017
Redis:          TCP 6379

Monitoring & Management:

SNMP:           UDP 161
Syslog:         UDP 514
NTP:            UDP 123

Protocol Selection Decision Tree

Is data integrity critical?

YES → Use TCP
NO → Check next question

Is real-time response more important than perfection?

YES → Use UDP
NO → Use TCP

Is this diagnostic?

YES → Use ICMP (ping/traceroute)
NO → Use TCP or UDP

DevOps Considerations

Network Firewalls:

Must allow specific protocol + port combinations
Example: Open TCP 443 for HTTPS, but block TCP 23 (Telnet)

Load Balancers:

TCP load balancing (Layer 4) — can handle any TCP protocol
UDP load balancing (Layer 4) — stateless, more complex
Application load balancing (Layer 7) — understands HTTP/HTTPS

Monitoring:

TCP connections easily monitored
UDP harder to track (stateless)
ICMP used for availability monitoring

Summary

TCP — reliable, ordered, slower; use for important data
UDP — fast, unreliable, best-effort; use for real-time apps
ICMP — diagnostic; used by ping and traceroute
Protocols layer — each layer adds headers to the previous layer
Port selection — choose standard ports when possible for compatibility
Understand these protocols to design, troubleshoot, and monitor networks