The transport layer is responsible for providing connectivity support to applications. Services that are provided include establishing connections, providing reliable delivery (delivery confirmation and error detection), and data segmentation, sequencing, and reassembly. 

In this section, we will learn how to describe the fields in TCP segment and UDP datagram headers, and how they can betray an intrusion.

The transport layer in particular can be identified by its use of ports. These are used as identifiers for each higher-layer application protocol (for example, web services have different ports to file hosting services). In the TCP/IP model, the transport layer also includes ways of tracking which instance of an application each connection is for (for example, which of the multiple open web browser tabs to display the page in). In the OSI model, this functionality is attributed to the session layer (layer 5).