The IP suite, also called the TCP/IP protocol suite because of two of the key protocols in the stack, TCP and IP, is described in RFC 1122. The Internet Engineering Task Force (IETF) frequently publishes these technical documents related to the internet in the form of Request For Comments (RFCs).

In this RFC, the TCP/IP suite is defined as consisting of four layers:

• Application Layer (layer 4)
• Transport Layer (layer 3)
• Internet Layer (layer 2)
• Data Link Layer (layer 1)

We can immediately notice some key differences between both models. The OSI model we discussed previously consisted of seven layers, while this TCP/IP model consists of only four. The Presentation and Session Layers of the OSI model have been absorbed into the Application Layer, while the Physical and Data Link Layers of the OSI model have been combined to form the Link Layer here. The Internet Layer corresponds to the Network Layer of the OSI model, while the Transport Layer remains unchanged. This simplified structure of TCP/IP was actually a key factor in its dominance over the OSI model.

However, in spite of these differences, many of the concepts we discussed in the OSI reference model are also applicable to the TCP/IP suite. Applications still utilize the concepts of encapsulation and decapsulation that we discussed previously, and protocols at a particular layer still communicate with protocols at that same layer in end hosts (called internet hosts in the RFC). In the following section, we will dive into these layers in more detail, and show you how the applications we use every day utilize the TCP/IP protocol suite to transmit data to and from applications on other hosts across the internet.

The following diagram serves to illustrate the four layers of the TCP/IP protocol suite and to build upon the knowledge we gained during our study of the OSI reference model to illustrate data flows through each of the layers during the process of encapsulation. At each layer, data is passed down to the layer directly underneath and becomes an SDU or payload at that lower layer. A header, containing information that this lower layer requires, is then added to the SDU/payload, before the process is again repeated for the layer below it. Once the data reaches the Link Layer, it is transmitted across physical media before the reverse process of decapsulation begins:

Let's briefly discuss each of the layers that comprise the TCP/IP protocol suite:

• Application Layer: At the very top of the protocol stack exists the Application Layer. The programs that we use every day on our desktop computers and mobile devices exist at this layer. For example, every time you request a web page in your browser, you use the Hypertext Transfer Protocol (HTTP) or Hypertext Transfer Protocol Secure (HTTPS) protocol. Protocols at this layer create data that needs to be transmitted to or received from other internet hosts.
• Transport Layer: The Transport Layer exists just below the Application Layer, and serves to provide the means for Application Layer protocols above it to transfer data. Devices such as desktop computers and mobile devices also run Transport Layer protocols. There are two well-known protocols at this layer—TCP and the User Datagram Protocol (UDP). TCP provides connection-oriented transmission of data, requiring a connection to be set up between internet hosts before data can be transmitted, but also providing features such as reliable, in-sequence delivery of data. UDP, on the other hand, is a connectionless protocol that does not require any setup before data can be transmitted, but also does not offer features such as guaranteed delivery of data. Applications access the services of Transport Layer protocols (and, by extension, lower layer protocols) through logical ports. For example, the HTTP protocol uses the well-known TCP port 80. The concept of logical ports and which protocols are associated with which well-known ports will be discussed in more detail later.
• Internet Layer: The Internet Layer exists just below the Transport Layer, and provides the service of moving data from the Transport Layer across networks, using forms of internet addressing. IP has become the most utilized protocol at this layer, and you are certain to deal with IP addresses from both version 4 of the protocol, IPv4, as well as version 6, IPv6. Other protocols that exist at this layer are the Internet Control Message Protocol (ICMP) and the Internet Group Management Protocol (IGMP). Devices that operate at this layer include routers and layer 3 switches.
• Link Layer: At the bottom of the TCP/IP protocol suite, we will find the Link Layer. This layer operates only on the local segment that a host is physically connected to, and is responsible for delivering data between devices that are connected in the same local segment/network. Protocols at this layer include the Address Resolution Protocol (ARP), Ethernet, and the Neighbor Discovery Protocol (NDP).

Now that we've covered the services that each layer in the TCP/IP protocol suite provides, let's see how applications can use these layers to actually communicate.

The communication using the TCP/IP protocol suite can be seen in the following diagram:

This preceding diagram combines all of the concepts we discussed previously. For a host to transmit messages, application messages/data are encapsulated down the protocol suite. At the Transport Layer, PDUs being transmitted between hosts are commonly called TCP segments or UDP datagrams, depending on which Transport Layer protocol is being used. At the Internet Layer, PDUs are termed IP packets, or simply packets, while PDUs transmitted between Link Layers are termed Ethernet frames, or simply frames, which are then transmitted out the wire as bits (or grouped together to form bytes). The following screenshot shows how Wireshark, a popular tool used to analyze protocols, categorizes data according to protocols that have been arranged in the same layers we have discussed: