« All Software Development Articles

Networking for Application Developers 2 of 3: TCP

  1. Networking for Application Developers 1 of 3: IP
  2. Networking for Application Developers 2 of 3: TCP
  3. Networking for Application Developers 3 of 3: HTTP


Built on top of IP are protocols for operating systems to send and receive messages in different ways and deliver them to the applications that are expecting them. The two most common transport protocols are UDP and TCP. UDP is commonly used by DNS, media streaming apps, VoIP apps, and others. It is not covered in this series of articles.


TCP stands for Transmission Control Protocol. There are some defining characteristics of TCP that developers should know about. The last article noted that IP is "fire-and-forget". However, the TCP protocol enables ordered streams of bytes. If dealing with TCP directly, developers can write programs that assume that information is received in the order it was sent without additional code.

The TCP message segments, traveling in IP packets and managed by the operating system, are error-checked and require positive acknowledgement with re-transmission. As such, apps can depend on the completeness and accuracy of the data that the OS delivers or expect an appropriate error notification from whatever API is being used, for example an exception from the Java java.net.Socket APIs. Web applications normally rely on the browser to handle communication at this layer.

TCP is also a connection oriented communication protocol. This means it's sort of like a phone call: a connection is established, a conversation occurs, then the connection is closed. Remember this when the browser gives a message such as "can't connect" as this probably indicates an error at the TCP layer.

Ports and Sockets

To allow many different apps to all communicate over TCP at the same time port numbers are used. When an app wants to allow incoming connections or open an outgoing connection it requests a port number from the operating system. Sometimes it specifies which one it would like and sometimes it'll take any free port. For example, web traffic is normally sent over port 80, or if encrypted over port 443, so web servers will try to grab those port numbers to listen for requests.

  • 0-1023: Well known ports are assigned by the IANA and are used by the most common services.
  • 1024-49151: Registered ports are called as such because server programs will commonly claim one as their own without formally registering it, for example Microsoft SQL Server uses 1433.
  • 49152-65535: Ephemeral ports are normally the ports the operating system will assign to an app when it requests any free port number.

The combination of a source address/port and destination address/port is called a socket and is managed by the OS. A web connection can look like this:

  1.    User's web browser opens a TCP socket on an ephemeral port (e.g. 50101) and initiates a connection.
  2.    Web server accepts incoming connection on listening TCP socket on port 80.
  3.    Conversation happens, possibly including HTTP requests and responses, until the connection is closed.

To view open TCP sockets use the netstat command. Below we can see a connection open on an ephemeral port to a really secure web site.

PS C:\Users\Steve> netstat

Active Connections

  Proto  Local Address          Foreign Address        State
  TCP      74-208-236-186:https   ESTABLISHED

Another excellent tool is Fiddler Classic for Windows. This graphical tool can monitor open connections and peek at the messages being passed back and forth, for example HTTP requests and reponses. Browsers have this feature built in but for other applications Fiddler has been an indispensable tool.


Check out the next article in the series Networking for Application Developers 3 of 3: HTTP. If you have any feedback or corrections please let me know on my contact page.

Have a nice day.