intermediate

TCP/IP stack

The core protocol machinery behind Windows network communication.

Related labs

Hands-on exercises for this area — in the browser or on a Windows machine.

DNS resolution lab

Resolve names from the browser (DNS-over-HTTPS) and compare with how the Windows DNS client behaves.

Open lab

View all labs

Guided paths in this branch

Follow a short sequence step by step. Each path links to the first topic; use Read next on each page to continue.

Networking stack tour

Follow a connection from Winsock and DNS through TCP/IP, filtering (WFP/BFE), down to NDIS and the NIC.

Step 4 of 7 in this path

1. Networking 2. Name resolution & DNS Client 3. Winsock, AFD, and kernel boundaries 4. TCP/IP stack 5. Filtering & firewalling 6. WFP & BFE (deep dive)7. NDIS and network adapters

Follow this path

Official Microsoft docs

Closest official references related to this topic on Microsoft Learn.

Microsoft Learn

Windows Sockets 2

learn.microsoft.com

Microsoft Learn

Network overview

learn.microsoft.com

Why it matters

This is the main transport path for most Windows connectivity and a major source of diagnostic data.

Mental model

The stack turns endpoint operations into packets, routing logic, retransmissions, and protocol state transitions.

Go one level deeper

Extra detail for readers who want more precision before opening a child topic.

TDI is legacy; modern kernel consumers prefer WSK or WFP APIs.
NetIO is the glue between transports, filters, and the socket layer.

How it works

1A socket API call enters the networking stack.
2The stack applies protocol rules, buffering, and connection state management.
3Frames eventually leave through lower network drivers and adapters.

Key terms

Endpoint: A communication endpoint represented in kernel and user mode.
Protocol state: The tracked lifecycle state of a connection or transport interaction.

Why packet loss can slow an app dramatically

The stack may retransmit, reorder expectations, or adjust flow based on transport semantics, not just raw application demand.

Common misconception

An application timeout is not always an app bug; it can reflect underlying protocol or routing behavior.

You should read next

Ranked from your current topic, related links, branch depth, and any active guided path.

intermediate

Filtering & firewalling

Where Windows observes and controls traffic with filtering layers.

Next step in your guided path

expert

WFP & BFE (deep dive)

How filters are stored, enforced, and hooked into the packet path.

Natural next depth in this branch

intermediate

ETW tracing

Real-time sessions, controllers, and consumers for higher-volume tracing.

TCP/IP stack

Related labs

Guided paths in this branch

Networking stack tour

Official Microsoft docs

Why it matters

Mental model

Go one level deeper

How it works

Key terms

Why packet loss can slow an app dramatically

Common misconception

You should read next

Filtering & firewalling

WFP & BFE (deep dive)

ETW tracing

Related topics

ETW tracing

Services & background infrastructure