In this chapter, we will primarily focus on the transport layer of the OSI reference model and learn how to analyze various layer 4 protocol (TCP/UDP/SCTP) operations. The transport layer protocol is a host-to-host communication protocol that is responsible for data exchange between end applications running on different hosts. The User Datagram Protocol (UDP) is a simple connectionless protocol that simply delivers the datagram to the intended recipient without any reliability mechanism. On the other hand, Transport Control Protocol (TCP) is a connection-oriented protocol and its primary purpose is to provide reliable, congestion-aware data delivery between end applications.

More than 80% of the total internet traffic leverages TCP as the transport layer protocol. Any end application that is sensitive to packet loss requires reliability and such applications use TCP as the transport layer protocol. For example, a web server using HTTP uses TCP port 80. While TCP provides reliability, it requires retransmission  of the lost data; that may introduce jitter and delay. Some end applications such as voice/video over IP are less sensitive to packet loss but more sensitive to jitter/delay. Such applications use UDP instead TCP as the transport layer protocol.

In this chapter, we will discuss the basic principles of different transport layer protocols, commonly faced issues, and the use of Wireshark to analyze and troubleshoot the protocol.