Skip to content
STAGING — not production

Networking: The Physics of Packets

Why 'fast' internet feels slow. A deep dive into TCP Congestion Control, Head-of-Line Blocking, and the BGP map of the world.

Beginner 45 min read Expert Version →

🎯 What You'll Learn

  • Deconstruct the TCP 3-Way Handshake at the packet level
  • Analyze Head-of-Line (HOL) Blocking in HTTP/1.1 vs HTTP/2
  • Calculate Bandwidth-Delay Product (BDP) for tuning
  • Trace a BGP Route hijack
  • Differentiate MTU and MSS and why fragmentation kills performance

🔌 Try It: TCP Handshake Builder

Click packets in the right order to establish a TCP connection:

🔌 TCP Handshake Builder

Click packets in the correct order to establish a TCP connection.

💻
Client
Click packets below
🖥️
Server

⚡ Try It: Port Number Speed Run

Quick! What port is SSH? Race the clock:

⚡ Port Number Speed Run

Score: 0/0Streak: 🔥 0Best: 0

Learn common service ports! Pick the correct port for each service.

15 seconds per question. Use hints if you're stuck.

Introduction

“The Network” is not a cloud. It is a hostile environment where packets are dropped, reordered, and occasionally corrupted. Your application succeeds only because TCP spends significant effort detecting and recovering from these failures.

In this lesson, we stop treating the network like a reliable pipe and start treating it like a probabilistic delivery service.

TCP Congestion Control

How does your computer know how fast to send data? If it sends too slow: bandwidth is wasted. If it sends too fast: router buffers overflow, packets drop, and throughput collapses.

The Solution: The Congestion Window (cwnd). TCP starts slow (Slow Start). It increases the window size rapidly: 1, 2, 4, 8, 16… until a packet drops. When a packet drops, TCP reduces cwnd (by half for Reno, by ~30% for Cubic) and then increases linearly.

Your download speed is roughly a sawtooth wave oscillating around the bottleneck capacity.

Head-of-Line (HOL) Blocking

Imagine a one-lane highway. If the front car crashes, everyone waits.

HTTP/1.1

You open a TCP connection. You request style.css. It takes 2 seconds. Result: You cannot request script.js until style.css arrives. The pipe is idle.

HTTP/2

You multiplex streams over one TCP connection. Block style.css? Fine, script.js continues in its own stream. But TCP is still one lane. If a TCP packet is lost, the OS holds back all HTTP/2 streams until that packet is retransmitted. This is TCP HOL blocking.

HTTP/3 (QUIC)

QUIC runs over UDP. It implements stream multiplexing in userspace. One lost packet only stalls its own stream, not the others.

BGP (Border Gateway Protocol)

TCP is how you talk. IP is where you go. BGP is the map. The internet is a mesh of roughly 70,000+ Autonomous Systems (AS). BGP is the protocol where they announce to each other: “I can reach IP range X/Y”.

The Flaw: BGP is largely trust-based. If an AS announces “I own YouTube’s IP addresses”, and enough upstream routers believe it, traffic gets diverted. BGP hijacks happen — sometimes accidentally, sometimes maliciously.

Code: Inspecting the Handshake

Don’t trust the browser’s network panel. Trust tcpdump.

# Capture packets on port 80
sudo tcpdump -i eth0 port 80 -n -S

# Output:
# 1. SYN (Seq=0)          -> "Let's talk."
# 2. SYN-ACK (Seq=0, Ack=1) -> "Okay. I hear you."
# 3. ACK (Seq=1, Ack=1)     -> "Connection Open."
# 4. PSH (Seq=1:500)      -> "Here is 500 bytes of data."

Note the Ack number: It is not “I received packet 5”. It is “I am expecting byte number 501”. TCP counts bytes, not packets.

Practice Exercises

Exercise 1: The Bandwidth-Delay Product (Beginner)

Scenario: 1Gbps Link. 100ms RTT. Task: How much data must be “in flight” (on the wire) to fill the pipe? (Hint: 109 bits/s×0.1 s=100 Mbits=12.5 MB10^9 \text{ bits/s} \times 0.1 \text{ s} = 100 \text{ Mbits} = 12.5 \text{ MB}. If your TCP Receive Buffer is 64KB, your speed is capped well below line rate.)

Exercise 2: Fragmentation (Intermediate)

Scenario: MTU (Max Transmission Unit) is 1500 bytes. Typical Ethernet. You try to send a 2000 byte UDP packet. Task: What happens? (Fragmented into two pieces). Why does this hurt performance? (Receiver must reassemble; one lost fragment requires retransmitting both).

Exercise 3: Traceroute Analysis (Advanced)

Task: Run traceroute google.com. Identify:

  1. Your Gateway.
  2. Your ISP’s backbone.
  3. The moment you enter Google’s network (AS15169).

Knowledge Check

  1. Why does TCP start huge downloads slowly?
  2. What is the difference between Flow Control and Congestion Control?
  3. Why is HTTP/3 built on UDP?
  4. What does “ACK 500” mean?
  5. Why does having a larger TCP window size improve speed on high-latency links?
Answers
  1. Slow Start. It probes network capacity to avoid immediate congestion.
  2. Flow: Receiver says “I’m full” (controls send rate based on receiver buffer). Congestion: Inferred from packet loss — network in between is full.
  3. To avoid TCP HOL Blocking. QUIC moves reliability logic to userspace where streams are independent.
  4. “I have received everything up to 499. Send me byte 500 next.”
  5. Filling the pipe. With high RTT, ACKs take a long time to return. You need more data in flight to keep the link busy. (Bandwidth-Delay Product).

Summary

  • TCP: A state machine that probes bandwidth.
  • BGP: The routing layer holding the internet together (with known fragility).
  • Latency: The ultimate speed limit. You cannot beat the speed of light.

Want to go deeper?

Weekly infrastructure insights for engineers who build trading systems.

Free forever. Unsubscribe anytime.

You're in. Check your inbox.

Questions about this lesson? Working on related infrastructure?

Let's discuss