TCP/IP
Contents
Internet Protocol Suite (TCP/IP)
The Internet Protocol Suite (often called TCP/IP) is the core set of network protocols that power the Internet and most computer networks. It dictates how data is packaged, sent, and received, allowing different systems to communicate. Named after its two main components, Transmission Control Protocol (TCP) and Internet Protocol (IP), it includes many other protocols essential to its function.
Overview
The TCP/IP suite uses a layered model, with each layer managing a specific part of network communication. This simplifies hardware and software design. The main layers are:
- **Application Layer:** For direct application interaction (e.g., HTTP, FTP, DNS).
- **Transport Layer:** Manages data transfer between applications (e.g., TCP, UDP).
- **Internet Layer:** Handles addressing and routing (e.g., IP).
- **Link Layer:** For physical network interface and transmission (e.g., Ethernet, Wi-Fi).
Data moves down the layers when sending and up when receiving.
Key Protocols: TCP and UDP
Within the TCP/IP suite, two major protocols operate at the Transport Layer, providing different services to applications:
- Transmission Control Protocol (TCP)
- A reliable, connection-oriented protocol ensuring ordered and error-checked data delivery. It sets up a connection, retransmits lost data, and manages flow, making it slower but guaranteeing integrity.
- User Datagram Protocol (UDP)
- A faster, connectionless protocol that sends data without guarantees of delivery or order. It has less overhead than TCP, making it suitable for applications prioritizing speed over reliability.
TCP vs. UDP Comparison
| Feature | TCP | UDP |
|---|---|---|
| Protocol Type | Connection-oriented (requires handshake) | Connectionless (sends datagrams directly) |
| Reliability / Delivery Guarantee | Reliable (guarantees data arrives, retransmits lost packets) | Unreliable (no guarantee of delivery or retransmission) |
| Order of Delivery | Guaranteed (packets delivered in the order sent) | Not Guaranteed (packets may arrive out of order or not at all) |
| Speed / Overhead | Slower (higher overhead for connection management, error checking, etc.) | Faster (lower overhead) |
| Use Cases (General) | Applications requiring reliable, ordered data: Web Browse (HTTP/S), Email (SMTP, POP3, IMAP), File Transfer (FTP, SFTP), Secure Shell (SSH). | Applications requiring speed over reliability: Streaming (video/audio), Online gaming, DNS, Voice over IP (VoIP). |
| Uses on Personal Computers | Most internet traffic (Browse, email, downloading, secure remote access). | Streaming services, voice/video calls, some games, background system services (like DNS lookups). |
| Uses on Seedbox/Servers | Hosting websites (HTTP/S), Email servers (SMTP, IMAP, POP3), File transfer servers (FTP, SFTP), SSH access, Most torrent client peer connections. | DNS servers, some monitoring services, certain peer-to-peer protocols like uTP (used by some torrent clients) or DHT, some game servers. |
What TCP is Used For
TCP is used when reliable, ordered data delivery is critical. It handles lost or out-of-order packets, ensuring data arrives as sent. This makes it ideal for:
- Loading web pages (HTTP/S).
- Sending/receiving emails (SMTP, POP3, IMAP).
- Accurate file transfers (FTP, SFTP).
- Secure remote access (SSH).
- Database connections.
How Pulsed Media Uses TCP/IP
Pulsed Media's services—including seedboxes, VPS, and Dedicated Servers—**fundamentally rely on the TCP/IP suite** for all network communication, as does virtually all modern internet traffic.
Specific uses include:
- **Client Access:** Connecting to your seedbox or server via SSH, SFTP, or web-based GUIs (all use TCP/IP).
- **Torrenting:** Core data transfers between peers typically use **TCP**. While some BitTorrent components (like DHT or uTP) use UDP, high-performance seedboxes often prioritize robust TCP connections for main data transfers.
- **Hosting Services:** VPS and dedicated servers use TCP/IP extensively for web hosting (HTTP/S), email (SMTP/IMAP/POP3), and other services.
Essentially, all data transfer to or from a Pulsed Media service over the internet depends on the correct functioning of the TCP/IP stack.
Tutorial: Opening TCP Ports on Linux (Debian) Server
To allow external network traffic to reach a specific service running on a TCP port on your Linux server, you need to configure the server's firewall to permit incoming connections to that port. This tutorial uses `ufw` (Uncomplicated Firewall), a user-friendly front-end for `nftables` or `iptables`, common on Debian-based systems like Ubuntu.
Prerequisites:
- A Linux server running a Debian-based distribution.
- Command-line access (SSH).
- sudo privileges.
- ufw installed and enabled (see Firewall Setup Tutorial for installation).
Steps:
- Check ufw status (optional):
Verify that the firewall is active. If it's inactive, you'll need to enable it later.
sudo ufw status verbose
- Allow a specific TCP port:'
Use the `ufw allow` command followed by the port number and `/tcp`. Replace `port_number` with the actual port the service listens on.
sudo ufw allow 80/tcp # Example: Allow HTTP traffic sudo ufw allow 443/tcp # Example: Allow HTTPS traffic sudo ufw allow 22/tcp # Example: Allow SSH traffic (essential if connecting remotely) sudo ufw allow 8080/tcp # Example: Allow traffic on a custom port
- Allow a service by name (if defined in ufw):
`ufw` has predefined rules for some common services (listed in `/etc/services`). You can use the service name instead of the port number.
sudo ufw allow http sudo ufw allow https sudo ufw allow ssh
- Allow a port/service from a specific IP address or network range (more secure):
To restrict access to a port to only specific source IPs.
sudo ufw allow from 203.0.113.100 to any port 22 proto tcp # Allow SSH only from 203.0.113.100 sudo ufw allow from 192.168.1.0/24 to any port 8080 proto tcp # Allow port 8080 from local network 192.168.1.0/24
- Reload ufw to apply changes (if it was already active):
If `ufw status verbose` showed `Status: active`, reload to apply your new rules.
sudo ufw reload
- Enable ufw (if it was inactive):
If `ufw status verbose` showed `Status: inactive`, enable it. **WARNING:** Ensure you have allowed SSH (port 22) *before* enabling if connecting remotely via SSH, otherwise you will be locked out.
sudo ufw enable
Confirm the action when prompted.
- Verify the new rules:
Check the status again to see your newly added rules.
sudo ufw status verbose
Remember to only open the ports necessary for the services you intend to run and make accessible from the network.
Note on NAT/Port Forwarding: If your server is behind a router performing NAT and you want to access a service from the public internet, you will also need to configure Port forwarding on the router to direct incoming traffic from a public IP and port to your server's private IP and the service's TCP port.
