Skip to main content
Explainer · networking

What is TCP/IP? (The protocol suite the internet runs on)

Every message you send online — a web page, an email, a video call — is broken into packets, addressed, routed across the world, and reassembled at the other end. The rulebook that makes this work is called TCP/IP. Here is what it actually is, how its four layers fit together, and what happens to your data as it travels down the stack and out the wire.

What TCP/IP actually is

TCP/IP is the family of protocols that the internet runs on. It takes its name from its two most important members — the Transmission Control Protocol (TCP) and the Internet Protocol (IP) — but those names are shorthand. The full suite includes dozens of protocols working together: UDP, ICMP, ARP, DHCP, DNS, and application protocols like HTTP, SMTP, and SSH. When people say “the TCP/IP stack,” they mean this whole layered collection, not just the two protocols in the name.

What makes it all hang together is that the protocols are organized into layers. Each layer has one job, talks only to the layers directly above and below it, and treats everything else as a black box. That separation is what let the internet grow without a redesign: swap out the Wi-Fi at the bottom or invent a new app at the top, and the layers in between neither know nor care.

The four-layer TCP/IP model

The practical description of the stack has four layers. From the bottom (closest to the physical wire) to the top (closest to your application):

How it compares to the OSI model

You will often hear networking described with seven layers instead of four. That is the OSI model — a reference framework built for teaching and standard vocabulary. The two describe the same journey at different resolutions. OSI splits the TCP/IP Application layer into three (Application, Presentation, Session) and splits the TCP/IP Link layer into two (Data Link, Physical). The Transport and Network layers line up almost one-to-one with TCP/IP's Transport and Internet layers.

In practice, the internet is built on TCP/IP, while OSI is the shared language people reach for when they say things like “that's a layer 7 problem” or “the load balancer works at layer 4.” If you want the full seven-layer breakdown and how the numbering maps across, see What is the OSI model?.

IP's job: addressing and routing

The Internet Protocol has two responsibilities: give every host an address, and move packets toward that address. An IP address is the label that tells the network where a device is — for the full explanation of what an address is and what a website can learn from yours, see What is an IP address?. IP delivery itself is deliberately simple, described by two words worth understanding:

By itself that is unreliable, but the simplicity is a feature: because IP asks so little of the network in the middle, routers can be fast and stateless, and the hard work of making delivery trustworthy is pushed to the endpoints. You can watch IP's hop-by-hop routing with a traceroute, which shows each router a packet passes through on its way to a destination.

TCP's job: a reliable, ordered stream — and UDP's alternative

TCP sits on top of IP and turns that best-effort delivery into something you can trust. When your application hands TCP a stream of bytes, TCP:

The result is a reliable, ordered, bidirectional stream of bytes — exactly what a web page, file download, or email transfer needs.

Not everything wants that overhead. The User Datagram Protocol (UDP) is the transport layer's other main option: connectionless, it does almost nothing beyond adding port numbers and a checksum on top of IP — no handshake, no acknowledgements, no retransmission, no ordering. That makes it lightweight and fast, which is why it is used for DNS lookups, live video and voice, and online games, where a slightly late packet is worse than a lost one. For a side-by-side breakdown, see TCP vs UDP.

Encapsulation: how your data gets wrapped for the journey

Layers cooperate through a mechanism called encapsulation. As your data travels down the stack, each layer wraps what it received from the layer above in its own envelope by adding a header. Walk it through concretely, using a web request:

  1. Application layer. Your browser builds an HTTP request — “GET /index.html” plus some headers — and hands those bytes down to TCP.
  2. Transport layer. TCP prepends a header (source and destination ports, sequence and acknowledgement numbers, flags); the result is a TCP segment.
  3. Internet layer. IP takes the whole segment as its payload and prepends a header (source and destination IP addresses, time-to-live, and so on); the result is an IP packet.
  4. Link layer. The link layer wraps the whole packet in a frame header and trailer (MAC addresses and an error-check field); the result is a frame that goes out onto the wire or the air.

So the same slice of your HTTP request ends up nested like a set of envelopes: HTTP data inside a TCP segment inside an IP packet inside a link-layer frame. Each header is added by the layer that needs it and read only by its counterpart on the other side. At the destination the process runs in reverse — decapsulation — each layer stripping and acting on its own header before passing the payload up, until your HTTP request emerges intact at the server. Along the way, routers rewrite the link-layer frame header at every hop (the next-hop MAC address changes) while the IP addresses inside stay the same end to end — exactly the division of labor the layering is designed to give you.

“TCP/IP” usually means the whole suite

When someone says a device “speaks TCP/IP,” they almost never mean literally just TCP and IP. They mean the entire internet protocol suite — including UDP, ICMP for control and error messages (what traceroute and ping rely on), ARP and DHCP for local addressing, and application protocols like DNS. The two headline names stuck because they are the load-bearing middle of the stack.

How a real request flows through the stack

Put it together and follow what happens when you type an address into your browser and hit enter:

  1. Name to address. Your browser needs an IP address, not a name, so it first does a DNS lookup — typically a small UDP exchange — to turn the domain into one. (How DNS works covers this step.)
  2. Connection setup. TCP opens a connection to that IP address on the web server's port (443 for HTTPS) with the three-way handshake.
  3. Request goes down the stack. Your HTTP request is encapsulated into a TCP segment, then an IP packet, then link-layer frames, and sent out. IP forwards the packets hop by hop across many routers — best-effort, connectionless — while TCP quietly acknowledges what arrives and resends anything that goes missing.
  4. Reassembly and reply. The server's stack decapsulates each frame back up through IP and TCP, reassembles the ordered byte stream, and hands the request to its web software. The response travels back the same way, and your browser reassembles and renders it.

All of that — the name lookup, the handshake, the wrapping and unwrapping, the routing — happens in the time it takes a page to appear.

Frequently asked questions

Is TCP/IP one protocol or many?

Many. TCP/IP is named after two protocols — TCP and IP — but the term is used colloquially for the whole suite, including UDP, ICMP, ARP, DNS, DHCP, and application protocols like HTTP. “The TCP/IP stack” means the entire layered set, not just the two headline protocols.

What is the difference between TCP/IP and OSI?

The TCP/IP model is the practical four-layer description of the real internet; the OSI model is a seven-layer reference framework used mainly for teaching and shared vocabulary. They describe the same journey at different resolutions — see What is the OSI model? for the full mapping.

How do IP and TCP work together?

IP handles addressing and routing, forwarding packets best-effort and connectionless with no guarantees. TCP runs on top and adds reliability — numbering bytes, acknowledging what arrived, retransmitting what was lost, and reassembling an ordered stream. IP gets packets roughly there; TCP makes the delivery trustworthy.

Related reading