Core Internet Protocols: The Hidden Language of the Internet
Why Protocols Matter?
Imagine trying to call a friend, but you both speak different languages. You shout “hello,” they answer with “bonjour,” and pretty soon no one knows what’s going on. Total confusion.
That’s what the internet would look like if computers didn’t follow shared rules of communication—also known as protocols.
Now let’s take it one step further.
Think of the internet like a massive global highway system. Billions of devices are zipping around, sending and receiving data—like cars carrying messages instead of people. Sounds fast and efficient, right?
But what happens if there are no traffic rules? No stop signs, no lanes, no speed limits?
Chaos. Accidents. Collisions. Gridlock.
That’s exactly why we have internet protocols — they are the set of rules of the digital road. They decide how information moves, who goes first, where data should turn, and how to make sure nothing gets lost on the way.
If you’ve already explored some of our articles in the Internet Basics and Networking Essentials, then you’ve already started building your foundation. You’ve learned what an IP address is, how the internet is built, and how networks connect.
Now, it’s time to go deeper.
In this article, we’re diving into the most common internet protocols. These are the digital road rules that make the internet function smoothly—and the backbone of how everything works online.
But here’s the twist:
The same rules that help everything run safely can also be exploited—meaning hackers use them in clever ways to cause harm or steal data.
Hackers don’t break the rules—they use them. By manipulating how protocols behave, they’re able to steal data, run scams, and carry out attacks… all by riding the same roads you do.
So, if you want to understand how to protect yourself, troubleshoot your connection, or just finally get how the internet really works—this is the article for you.
The TCP/IP Model – The Internet’s Blueprint
Before we dive into individual protocols, we need to understand the framework that holds them all together.
What’s a framework, anyway?
A framework is just a structured system of rules, roles, and steps that help things work together smoothly.
You can think of it like the rules of a sport, the outline of a recipe, or the blueprint for building a house. It doesn’t do the work itself—but it tells everyone how to do their part correctly.
Now, back to the internet.
Protocols are the players, the ones doing the work.
The TCP/IP model is the framework—the game board and rulebook combined. It defines where each protocol fits, how it should behave, and how everything works together as a team.
Still not sure? Let’s go real-life for a second.
Imagine organizing a big family road trip. The framework is the plan:
Who’s driving, what route to take, where to stop, and when to refuel.
The protocols are the actions: the driving, the GPS guidance, the communication between drivers.
That’s exactly how TCP/IP works—it’s the structure behind the scenes that keeps all the digital "drivers" on the right track and speaking the same language.
When It Was Created?
Let’s rewind to the 1970s. The U.S. Department of Defense had a bold idea:
“Let’s build a communication system that can still work… even during a nuclear war.”
That idea led to the creation of ARPANET, a project we explored in our article History of the Internet. ARPANET was developed by DARPA (the Defense Advanced Research Projects Agency) and was the first real attempt at building a decentralized, resilient communication network.
But there was a big problem: different networks couldn’t talk to each other. Each had its own rules, its own structure, its own “language.”
So, two brilliant minds—Vinton Cerf and Robert Kahn—developed a universal communication system. They introduced the TCP/IP model, which allowed networks to “speak the same language” and pass data back and forth.
By 1983, TCP/IP officially became the standard for ARPANET… and eventually for the entire internet.
Why It Was Needed?
Back then, there wasn’t “one internet.” There were many small, isolated networks. Everyone built their own version of a local web. TCP/IP was the breakthrough that unified them all.
It created a common framework that said:
“It doesn’t matter what type of device or network you have—if you follow these rules, you can connect.”
That idea became the foundation of today’s internet.
How Does It Work?
The TCP/IP model is built on 4 simple layers. Each layer has a specific job, and together they deliver your messages—like how a mail system works:
| Layer | Purpose | What It Does | Real-Life Analogy |
|---|---|---|---|
| Application | What users see | Sends/receives data from apps (web, email, etc.) | You order food through an app and get the receipt |
| Transport | Reliability | Breaks data into chunks, tracks it, ensures delivery | The restaurant packs your order safely and confirms it’s complete |
| Internet | Routing | Finds the best path to the destination | The delivery app calculates the fastest route to your location |
| Network Access / Link | Physical delivery | Sends data over cables or Wi-Fi to the next device | The delivery driver physically brings your order to your doorstep |
Each layer talks to the layer above and below it—kind of like a team passing a message down the chain until it reaches its destination.
And the best part?
This framework is so effective that it’s still used 50+ years later.
Up next, we’ll zoom into each protocol that operates within these layers—starting from ARP at the Link Layer all the way to HTTPS at the Application Layer.
These are the rules of the road, the digital couriers, and—when abused—the playground for hackers and scammers.
Ready to meet the team?
Layer 1: Network Access (Link Layer)
This is the first stop in the journey. The Network Access Layer, also called the Link Layer, is responsible for physically moving data from your device to the next device on the network—whether that’s your router, a switch, or another computer nearby.
It handles how your data gets onto the local network, whether through cables, Wi-Fi or fiber. Think of it as the part of the process that physically delivers your message to the right doorstep on your neighborhood block.
Let’s go back to the food delivery analogy. This is the delivery driver ringing your doorbell. They’ve reached your street (thanks to higher layers), but now they need to find your exact apartment and physically hand you the food.
Core Protocols at the Network Access Layer
| Protocol | What It Does | Real-Life Analogy |
|---|---|---|
| ARP (Address Resolution Protocol) | Matches an IP address to a MAC address (physical device ID) | Like the driver checking which apartment to knock on |
| Ethernet | Defines how devices communicate over cables (wired connections) | Like the layout of roads in your neighborhood |
| Wi-Fi (IEEE 802.11) | Defines how devices communicate wirelessly | Like flying a drone to deliver your order when roads aren't available |
Now let’s take a closer look at the core protocols of the Network Access Layer.
ARP – Address Resolution Protocol
ARP is used to find out who owns a certain IP address on the local network. Devices use it to ask:
“Hey, who has IP address 192.168.1.25?”
And the correct device responds:
“That’s me! Here’s my MAC address.”
But what’s a MAC address anyway?
A MAC address (Media Access Control address) is a unique ID assigned to every network interface card (NIC)—the hardware inside your phone, laptop or router that connects to the internet. You can think of it like your digital social security number for networking. It never changes and it’s unique to your device.
In fact, the first part of the MAC address even identifies which company made the device—like Intel, Apple, or TP-Link.
You can paste a MAC address into tools like macvendors.com to see who manufactured the network card. Try it—it’s kinda cool.
Want to see your own MAC address? Here’s how:
On Windows:
- Press Windows + R, type cmd, and press Enter
- In the black window, type ipconfig /all
- Look for “Physical Address” under your active network adapter (that’s your MAC address)
On macOS or Linux:
- Open the Terminal
- Type ifconfig or ip link show and press Enter
- Find the line that starts with ether or link/ether — that’s your MAC address
It’ll look something like this: 00:B0:D0:63:C2:26
So, ARP acts like the intercom system at the building entrance.
The driver (your device that’s about to send a data packet) checks, “Which apartment matches this IP?”
And ARP responds: “Here’s the MAC address—go knock there.”
Without ARP, your device wouldn’t know where to send the data—even if it knew the correct IP address. It’s like having the right building address, but not knowing the unit or door number.
Real-World Hackers Abuse Tactic
Hackers can manipulate ARP to perform attacks by pretending to be someone else’s device on the network.
It’s like someone shouting “Yeah, that’s my apartment!” and stealing your order.
These types of attacks are called “man-in-the-middle” (MITM) attacks, and we’ll cover them in more detail in upcoming articles.
Ethernet – The Standard for Wired Connections
Ethernet is the most widely used technology for wired networks. It defines how data is physically transmitted over cables—like the rules of the road for delivery trucks driving through your neighbourhood.
When your computer is connected via an Ethernet cable, it uses this standard to know how to send and receive data, how to handle collisions on the network and how to communicate with other nearby devices.
It’s fast, stable, and secure—perfect for businesses, gaming setups and anyone who needs a reliable connection. Unlike Wi-Fi, it’s not affected by walls, interference or how far you are from the router.
In short: Ethernet is the solid, dependable truck route of the internet world.
Wi-Fi (IEEE 802.11) – The Airborne Delivery Route
While Ethernet defines how data travels over wires, Wi-Fi defines how data moves through the air. Officially known as IEEE 802.11, Wi-Fi lets your laptop, phone, smart TV, and other wireless devices connect to the local network without physical cables.
It’s like delivering food by drone instead of a truck. Super convenient, fast (most of the time), but more prone to interference—like bad weather, thick walls or distance from the router.
Wi-Fi is incredibly common in homes, cafes, airports—basically anywhere people want to connect without cables. But since it’s wireless, it can also be less secure. If the network isn’t protected properly, other people nearby could intercept your data (like reading your messages while they’re being delivered) or connect to your network without permission.
Layer 2: Internet Layer
Once your data (or food order) is prepared and ready to leave the restaurant, the next challenge is: Where is it going and how should it get there?
The Internet Layer is responsible for routing data between networks. While the Link Layer takes care of delivery on the local block (your street), the Internet Layer handles everything beyond—across town, across countries and even across the world.
This is the part of the delivery process that figures out the best route to your destination. Think of Waze or Google Maps. It looks at your address and calculates whether to take the highway, avoid traffic or make a few pit stops.
If you're sending data from the Netherlands to New York, the Internet Layer figures out the global journey—step by step, router by router.
Core Protocols at the Internet Layer
| Protocol | Purpose | Real-Life Analogy |
|---|---|---|
| IP (Internet Protocol) | Defines how data packets are structured and routed across networks | Putting the delivery address on the food package and handing it off to the courier network |
| ICMP (Internet Control Message Protocol) | Sends error messages and network status updates (like ping) | The delivery driver calling the restaurant to say, “I can’t deliver this—it’s a wrong address” |
Now let’s take a closer look at each of these protocols and how they actually work.
IP – Internet Protocol
Just like your home has a unique street address, every device on the internet has an IP address—a number that identifies where it's located in the digital world.
The Internet Protocol (IP)doesn’t assign those addresses itself. Instead, it defines how data packets should be structured and how they should travel across networks to reach the correct destination.
There are two main versions of IP:
- IPv4 – still the most widely used (e.g., 192.168.1.1)
- IPv6 – the newer version, created because we were running out of IPv4 addresses (e.g., 2001:0db8:85a3::8a2e:0370:7334)
We explained what IP addresses are, how they work, and why they matter in our article What is an IP Address?
Just like you can't get food delivered without an address, the internet can’t send data without IP addresses.
ICMP – Internet Control Message Protocol
ICMP isn’t used for sending regular data like websites or emails. Instead, it’s used to send error messages and status checks between devices—kind of like the delivery driver calling the restaurant to say,
“Hey, I can’t deliver this order—the address is wrong,”
or
“The road is blocked, I’m going to be late.”
In technical terms, ICMP helps diagnose problems and keep communication healthy between routers and devices. It’s most famous for powering two tools:
- ping – to check if a device is reachable (like saying, “Are you there?” and waiting for a response)
- traceroute – to see the path a packet takes across the network, hop by hop
Let’s say your food delivery driver runs into an issue—they can’t find the address, the building is locked, or the GPS sends them in circles. ICMP is like the driver calling the restaurant and reporting the problem so they can try again or let you know what went wrong.
Without ICMP, you’d never know if your order got stuck halfway, disappeared or was never sent in the first place.
Try It Yourself: Use ping to Check If a Website Is Reachable
The ping command is one of the most basic (and useful) diagnostic tools available. It uses ICMP to send a small test packet to a website or device and tells you if it responded—and how fast.
How to Use ping:
On Windows:
- Press Windows + R, type cmd, and hit Enter
- In the command prompt, type: ping google.com
- Press Enter and watch the results
On macOS / Linux:
- Open Terminal
- Type the same command: ping google.com
- Press Enter and watch the results
- Press Control + C to stop it after a few lines (Linux may limit it automatically, if not, press Control + C)
What You’ll See:
You’ll get a response like this:
Reply from 142.250.190.14: bytes=32 time=24ms TTL=117
Here’s what it means:
- Reply from... – The IP address that answered your ping (in this case, Google)
- bytes=32 – Size of the test packet sent
- time=24ms – The time it took for the request to arrive and for the response to reach your client. This is called round-trip time (lower = faster)
- TTL=117 – “Time To Live” – the number of hops (devices) the packet can go through before being discarded. It helps prevent infinite loops on the internet
If something goes wrong, you might see:
Request timed out.
Layer 3: Transport Layer
Once the Internet Layer figures out where your data (food) needs to go, the Transport Layer takes over to make sure it gets there properly. It handles the details of delivery: chopping up data into manageable pieces (called packets), tracking those packets and reassembling them in the right order at the destination.
Some deliveries are tracked, confirmed and signed for (like important documents). Others are fast and casual—no receipt, no guarantees.
This is the difference between a delivery service with tracking, insurance and a receipt vs. someone tossing your order over the fence and hoping you find it.
The Transport Layer lets you choose how you want your data delivered:
- Reliable and confirmed (TCP)
- Fast and lightweight (UDP)
Core Protocols at the Transport Layer
| Protocol | Purpose | Real-Life Analogy |
|---|---|---|
| TCP (Transmission Control Protocol) | Ensures reliable, ordered, and complete delivery of data | A premium delivery service that tracks each item, confirms delivery, and resends missing items |
| UDP (User Datagram Protocol) | Sends data quickly without checks or guarantees | Tossing food over the gate—fast, but with no tracking or confirmation |
Now let’s take a closer look at the core protocols of the Transport Layer.
TCP – Transmission Control Protocol
TCP is the protocol you use when reliability matters. It ensures that data arrives intact, in order and without missing parts. If something gets lost, it automatically resends it. If something arrives out of order, it reassembles it before handing it to the application.
This is like a high-end delivery service. You get:
- A full receipt of everything you ordered
- Confirmation that each item was delivered
- A system that re-sends anything that was missed or delayed
Web browsing, file downloads, emails—these all use TCP, because they need accuracy and completeness.
How TCP Ensures Reliability – The 3-Way Handshake
In our previous article, How Data Travels in Networks, we explained what happens after you open your browser and type in a website name (called a URL).
Even before any page loads, several invisible steps happen in the background:
- DNS resolution – to convert the website name (like google.com) into its corresponding IP address
- ARP resolution – to find the MAC address of the next hop device:
- If the destination IP is within your local network (LAN), it finds the MAC of the destination device
- If the destination IP is outside the LAN, it finds the MAC of your default gateway (usually your router)
- The browser assembles a data packet with your HTTP request, like:
GET / HTTP/1.1
Host: google.com
But here’s something most people don’t know:
Since HTTP runs over TCP, there’s still one more behind-the-scenes process that happens before your request is even sent.
TCP wants to make sure the server is available and ready to receive your data—and it does this through a process called the TCP 3-way handshake.
What Is the TCP 3-Way Handshake?
The 3-way handshake is a short and efficient process that establishes a connection between two devices before any real data is transferred.
Here’s how it works:
- SYN – Your device sends a TCP packet with a special flag called SYN (synchronize), asking to start a connection.
- SYN-ACK – The server responds with a TCP packet that has both the SYN and ACK (acknowledge) flags set, saying “I got your message, and I’m ready.”
- ACK – Your device sends a final ACK packet to confirm, “Great, let’s begin.”
Think of it like a premium food delivery service:
- First, the driver calls to confirm you are at home (SYN)
- You say yes, and confirm you are expecting them (SYN-ACK)
- They say “Perfect, I’m on the way now” (ACK)
Only after this smooth back-and-forth does the driver with your food (your data) hit the road.
These are actual packet types defined by the TCP protocol as part of the TCP/IP framework. Every time you load a webpage, check email or send a message, this 3-packet exchange happens before any actual request is sent.
If the 3-way handshake doesn’t complete successfully, your request won’t go through at all, and you’ll likely see an error in your browser such as:
This site can’t be reached or The connection has timed out
Real-World Hackers Abuse Tactic
Hackers can exploit TCP’s handshake process using a technique called SYN flooding.
In this attack, they send a huge number of fake SYN packets to a server, pretending to start new TCP connections. The server, trying to be polite, waits for each connection to finish—but the attacker never replies with the final ACK. This overloads the server’s memory and can cause it to crash, slow down or freeze.
This type of attack is known as a DoS (Denial of Service) attack.
A more advanced version is called a DDoS (Distributed Denial of Service).
In a DDoS attack, the hacker uses many devices (often infected computers) to send SYN packets from multiple fake IP addresses. This makes it much harder to detect or block the attacker, because the flood is coming from everywhere at once.
Think of it like thousands of prank calls flooding a restaurant. The staff can’t take real orders because the phone won’t stop ringing—and they can’t block the prankster, because the number keeps changing.
UDP – User Datagram Protocol
While TCP focuses on reliability, UDP is all about speed and simplicity. It doesn’t wait for handshakes, confirmations or delivery receipts. It just sends the data and moves on.
There’s no connection setup, no checking if the other side is listening and no guarantees that the data will even arrive. But in many cases—like real-time communication—that’s totally fine.
If TCP is a premium delivery service that gets signatures and tracks every item, UDP is the opposite. Imagine tossing five sandwiches over someone’s fence and hoping they land on the porch.
There’s no packaging, no confirmation and no guarantee they all arrive in the right order—or arrive at all.
But it’s fast and for things like live video, online gaming or voice calls, that’s what matters most.
In those scenarios, it’s better to miss a few frames or words than to have the entire stream pause or get stuck waiting for perfect delivery.
Real-World Hackers Abuse Tactic
Attackers can easily craft fake UDP packets and send a massive amount of them to a potential victim.
Since UDP doesn’t have any built-in validation or handshake, the target device tries to process each one of them, eventually becoming overloaded and unresponsive—making it difficult or impossible for real users to connect.
Same like with TCP, this type of attack is known as a DoS (Denial of Service) attack.
If the burst of UDP traffic comes from many different source IP addresses, it becomes a DDoS (Distributed Denial of Service)—which makes it much harder to trace or block.
It’s like someone spamming your mobile with fake food deliveries from different numbers. You’re expecting a real delivery, so you answer every call—until you either get tired and stop answering or your phone runs out of battery.
Layer 4: Application Layer
The Application Layer is where the internet becomes real to us—humans.
It’s the layer that interacts directly with the apps we use: web browsers, email clients, messaging apps, streaming platforms and more.
This is where the data finally makes sense to the user. Everything that came before—IP addresses, MAC addresses, packets, handshakes—was just the behind-the-scenes work. Now it’s time for the browser to load the website, the email to pop up or the video to play.
The Application Layer doesn’t refer to the app itself (like Chrome or Gmail), but rather the set of rules (protocols) those apps use to communicate with other services over the internet.
In our example so far—you placed your order, it got packaged, routed, delivered and now the driver hands it to you personally. This is the moment you unwrap your food and start eating—the part you actually care about.
Key Protocols at the Application Layer
| Protocol | Purpose |
|---|---|
| DNS | Translates website names into IP addresses |
| HTTP | Loads web pages (non-secure) |
| HTTPS | Loads web pages securely |
| DHCP | Automatically assigns network settings to your device |
Now let’s take a closer look at the core protocols of the Application Layer.
HTTP – Hypertext Transfer Protocol
When you open a website like http://ipseeker.io, you’re using HTTP, one of the most fundamental protocols of the web. It’s the protocol your browser uses to send a request to a web server and receive a response—usually a web page.
HTTP is a stateless protocol, which means that every time your browser sends a request to the server, it’s treated like a brand new conversation.
The server doesn’t remember anything about your previous visits or clicks unless the website is specifically designed to keep track of that in the background.
Additionally, all the messages sent using HTTP are considered plain text—they are not encrypted.
That means if someone has access to these HTTP messages (like on public Wi-Fi or an insecure network), they can read everything without any extra effort.
HTTP Requests: Talking to the Web Server
When your browser connects to a website, it sends a request similar to:
GET / HTTP/1.1
Host: ipseeker.io
User-Agent: Mozilla/5.0
This is called an HTTP request and it asks the server to send back the homepage (the / path).
The server responds with something like:
HTTP/1.1 200 OK
Content-Type: text/html
Content-Length: 1520
And then it sends the actual HTML code of the page you see in your browser.
Common HTTP Request Methods:
| Method | Purpose | Example |
|---|---|---|
| GET | Retrieve data (e.g. a web page or image) | GET /about.html |
| POST | Submit data to the server (e.g. login form) | POST /login |
| PUT | Upload or replace data | PUT /profile-picture |
| DELETE | Delete data from the server | DELETE /comments/123 |
| HEAD | Request only headers (no body) | HEAD / |
Want to explore more request methods? Check out the full list on Wikipedia’s HTTP Request Methods.
Most users only encounter GET and POST, but the others are used in advanced web applications.
Understanding Ports
Before we continue exploring HTTP and other Application Layer protocols, let’s take a moment to introduce an important concept from the Transport Layer—one that we’ve already mentioned briefly but haven’t fully explained yet: Ports.
What Are Ports?
You already know that an IP address is like a street address—it helps get the data to the right device.
But what happens once the data reaches the device?
That’s where ports come in.
A port is like a specific door or room inside an apartment (device), assigned to a specific service or application.
So while the IP address gets your message to the correct building, the port number tells it where to go inside the building.
Why Do We Need Ports?
Your computer or phone runs many different apps at the same time: a browser, an email client, maybe a video call—all communicating with different services on the internet.
Ports allow each of those services to operate independently, using the same network connection but without interfering with each other.
When data is sent over TCP or UDP, it includes:
- A source port – identifies which app/service on your side is sending it. Port number is usually generated randomly from the “Dynamic / Private” ports range (see table below).
- A destination port – tells the server which service should handle the data. This is usually chosen from the “Well-known” ports range (see table below).
Port Ranges
Ports are represented as numbers from 0 to 65,535 and are divided into 3 main ranges:
| Range | Name | Purpose |
|---|---|---|
| 0–1023 | Well-known ports | Reserved for popular services (e.g., HTTP, HTTPS, DNS, DHCP) |
| 1024–49151 | Registered ports | Assigned to specific applications by developers or companies |
| 49152–65535 | Dynamic / Private ports | Used temporarily by devices for client-side communication (also called ephemeral ports) |
Well-known Ports Examples
- HTTP uses port 80 by default
- HTTPS uses port 443 by default
- DNS uses port 53 by default
Let’s Visualize an Example of a Client Connecting to an HTTP Server
Client source IP: 192.168.1.1
Server destination IP: 142.250.190.78
Source Port: randomly chosen during the first packet creation, let’s say 50000
Destination Port: 80 (the default port for HTTP)
The HTTP request’s IP and port combination would look like this:
192.168.1.1:50000 → 142.250.190.78:80
This means the client with the source IP 192.168.1.1, using source port 50000, is sending a request to the server at destination IP 142.250.190.78 on port 80—which, as you may remember, is the well-known port for HTTP.
That tells us it’s likely a web server.
The HTTP Response Goes the Other Way Around
The server’s response will look like the reverse of the original request:
142.250.190.78:80 → 192.168.1.1:50000
The server, running its HTTP service on port 80, replies with the requested web page over the same connection—targeting the client’s source port 50000, which is now the destination port in the return path.
This system allows the same HTTP server to handle many simultaneous requests from different clients. Each client connects from:
- A unique source IP
- A random, unique source port
Even if 100 clients send requests to the same web server on port 80, the server can easily tell them apart based on the combination of each client’s source IP and port, and reply to each one correctly.
The same system applies to any other port-based service—like DNS or HTTPS. The connection is always managed using a combination of source IP:Port and destination IP:Port.
Can the Port Be Changed?
Yes! Web servers can be configured by the web server administrator to listen on non-default ports, like:
- http://google.com:8080
- http://142.250.190.78:3000
In these cases, the browser includes the port number in the URL so it knows which “door” to knock on.
Now that you understand what ports are and why they matter, let’s go back to our discussion of HTTP, where port numbers play a key role in how websites are loaded.
Ports and HTTP
HTTP runs on TCP port 80 by default. This means when your browser connects to a website using http://, it assumes the server is listening for requests on port 80.
A port is like a specific “door” on a device. While the IP address gets your request to the correct building, the port number tells it which room or service to deliver it to.
HTTP is the conversation between the customer (your browser) and the restaurant (the web server).
You say, “I’d like to order the homepage please” (GET /).
They say, “Sure, here it is!” and hand you a neatly packaged HTML meal.
And since HTTP is stateless, it’s like calling the restaurant every time without them remembering who you are. Each order is handled like it’s your first—unless the website is designed to link your actions together behind the scenes.
HTTPS – Hypertext Transfer Protocol Secure
If HTTP is like talking to a web server in plain language, HTTPS is like having that conversation in a private room—with locked doors and soundproof walls. Everything you send and receive is encrypted, so no one else can listen in or steal your data.
HTTPS uses TLS (Transport Layer Security) to create a secure tunnel between your browser and the server. That way, your messages—like passwords, credit card numbers or even search queries—can’t be read by hackers, ISPs or anyone snooping on the network.
HTTPS is not a completely different protocol—it’s just HTTP over TLS. It works the same way, just with a layer of encryption added before any real data is sent.
HTTPS Still Uses TCP—but on a Different Port
Just like HTTP, HTTPS runs over TCP.
But instead of port 80, it uses port 443, which is the well-known port for secure web traffic.
So if you type https://ipseeker.io in your browser, your device connects to that site’s IP address on port 443, not port 80.
What Happens Behind the Scenes?
Before your browser even sends the first HTTP request and after the TCP 3-way handshake is successfully completed, the browser and the server perform an additional handshake called the TLS handshake.
This is a process where:
- They agree on encryption settings
- The server shows a digital certificate to prove its identity
- A secure tunnel is established
Only after a successfully established secure tunnel does your browser send the HTTP message, such as:
GET / HTTP/1.1
Host: example.com
But now, all of that is encrypted—so even if someone intercepts the traffic, they’ll only see scrambled data.
If HTTP is ordering food over a public speaker, HTTPS is like ordering in a private room with locked doors, where only you and the server know what’s being said. Even if someone taps the wires, they can’t understand the order or steal your payment details.
DHCP – Dynamic Host Configuration Protocol
When you connect to Wi-Fi at home, in a coffee shop or even at work, your device doesn’t ask you what IP address to use—it just connects and works.
That’s thanks to DHCP, the protocol that automatically assigns IP addresses, subnet masks, default gateways and even DNS settings to your device so it can join the network and access the internet.
What Happens When You Connect?
As soon as your device joins a network (e.g., when you click on a Wi-Fi network), it sends out a broadcast message saying:
“Hi, I just arrived. Can someone give me the settings I need?”
A DHCP server on the network replies with all the necessary info, like:
- Your device’s IP address
- The subnet mask
- The default gateway (usually the router)
- The DNS server
Your device then uses this information to configure itself and connect.
Imagine you walk into a shared workspace, and someone at the front desk immediately hands you:
- A desk number (IP address)
- A map of the floor (subnet mask)
- Directions to the exit (gateway)
- A directory of who to call for services (DNS)
You didn’t have to ask for any of it—it was just handed to you so you could get to work right away.
Why Is DHCP Important?
Without DHCP, you’d have to manually enter your IP address and all other network settings every single time your device connects to a network.
That might sound manageable for one laptop—but imagine a whole office building or your home filled with smart devices: TVs, phones, tablets, smart speakers, printers, security cameras...
Imagine having to manually assign an IP address to every device—every time it reconnects or after every power outage. That would be a nightmare to manage, even at home—let alone in an organization with hundreds or thousands of devices.
And it doesn’t stop there.
Internet Service Providers (ISPs) also rely on DHCP to manage millions of home internet routers.
These routers need a public IP address to access the internet. If ISPs had to assign those manually to each customer, it would be a huge operational effort—especially when new customers join or after power failures.
Instead, all home routers are set up to automatically request their network settings via DHCP, pulling everything they need the moment they come online—during first-time setup or after a restart.
DHCP keeps the entire internet experience simple, automatic and scalable.
As we can see from the examples above, DHCP can manage both private IP addresses (like in your home or office) and public IP addresses (like those assigned by your ISP). This flexibility is what makes it such a powerful and widely used protocol.
Let’s Move to One Last Important Term: RFC
Now that we’ve explored the core protocols of the internet, it’s time to introduce a term that holds everything together behind the scenes.
What Is an RFC—and How Does It Relate to TCP/IP?
By now, we’ve talked about the TCP/IP model as the framework of the internet and protocols—a set of structured layers and rules that allow devices to communicate and data to flow smoothly across the globe.
But where are those rules written down?
That’s where RFCs come in.
RFC stands for Request for Comments.
It’s a formal document published by engineers and experts that describes how specific internet technologies, protocols or systems should work.
RFCs are the official blueprints of the internet. They’re created by groups like the IETF (Internet Engineering Task Force) and are open for anyone to read. Most internet standards—including the protocols in the TCP/IP framework—are described in these documents.
And while the TCP/IP model itself isn’t defined in just one RFC, its core protocols and structure are documented across several key RFCs.
Here are the two most important ones:
-
RFC 1122 – Requirements for Internet Hosts – Communication Layers
This one defines how devices should handle communication at the Link, Internet, and Transport layers. -
RFC 1123 – Requirements for Internet Hosts – Application and Support
This one focuses on the Application Layer, including protocols like HTTP, DNS, and SMTP.
Together, these two RFCs describe the complete TCP/IP framework and how all the pieces are expected to work together in real-world systems.
Every protocol has its own RFC as well. Think of them as the technical manuals behind the scenes of everything you do online.
Final Thoughts
We’ve just taken a deep dive into the core internet protocols—the hidden mechanisms that make everything you do online possible.
From the moment your device connects to the network using DHCP, to translating website names with DNS and loading content securely through HTTPS, each step follows a carefully designed set of rules.
All of this happens within the TCP/IP framework, which organizes how data moves through four layers—each with its own role in making sure your information gets from point A to point B safely, efficiently and in the right order.
Understanding these building blocks gives you a behind-the-scenes look at how the internet really works.
It helps you see what’s happening under the hood and gives you insight into the legit rules that power every digital interaction.
Once you understand how the system is supposed to work, you'll be better prepared to recognize how attackers exploit those same rules—and how you can protect yourself from their tactics.
Key Takeaways
- TCP/IP is the foundation of how the internet works. It’s a layered framework that organizes how data moves from one device to another—starting at the physical connection and ending with your browser or app.
- The four TCP/IP layers each have a unique role:
- Link Layer – Physical delivery (e.g., ARP, Ethernet, Wi-Fi)
- Internet Layer – Routing between networks (e.g., IP, ICMP)
- Transport Layer – Reliable or fast delivery (e.g., TCP, UDP)
- Application Layer – What users interact with (e.g., HTTP, DNS, DHCP)
- Ports are like numbered doors inside a device. They help data find the right app or service—like HTTP on port 80 or HTTPS on port 443.
- DHCP automatically assigns network settings to devices so you don’t have to configure IP addresses manually.
- DNS translates human-friendly domain names (like example.com) into IP addresses so browsers know where to go.
- HTTP and HTTPS are used to load web pages. HTTP is unencrypted and visible to anyone, while HTTPS is secure and protects your data using encryption.
- UDP and TCP handle how data is delivered. TCP is reliable and ordered, while UDP is faster but less reliable—often used for live streaming or games.
- Hackers often abuse these legit protocols (like TCP’s handshake or UDP’s simplicity) to launch attacks like DoS, DDoS, or spoofing.
- RFCs (Request for Comments) are the official documents that define how all of these protocols work—they're the internet's blueprint.
