By definition on a layered model as OSI or TCP/IP each layer works independent and not-aware of the lower layers.
When you remove the cable, it's a physical disruption (layer 1), so almost inmediately ethernet (layer 2) detects a loss of signal (if you're on Windows you will see the very dreaded pop-up informing network disconnected)
IP (layer 3) and TCP (layer 4) won't notice it, so they will try to keep on working.
TCP won't break a established TCP connection during a period of time because when TCP sends data, it expects an ACK in reply and if it doesn't arrive within a period of time, it re-transmits the data.
TCP will re-transmit the data, passing it to IP, who will pass it to Ethernet, who is unable to send it and simply discard it.
TCP will be waiting again and repeating this process until a timeout happens that let it declares that the connection is over. TCP resets the segment sequence number, discard the information that was trying to send and let free the buffer and memory resources that were allocated for that connection.
Plug the cable in before it happens and everything will keep going. This is what makes TCP reliable and at the same time vulnerable to DDos attacks.
If the OS has more than one interface (for example, ethernet and wi-fi), it is possible that when the ethernet goes down, it will try through wifi. It depends how the routing is configured, but in general terms "TCP won't be aware of that".
The basic structure of DDoS attacks is: thousands of clients opening each one a TCP connection every few seconds to a server and then abandoning the connection. Each TCP connection keeps open on the server during a long time (wasting valuable assets as TCP ports, allocated memory, bandwith, etc.) clogging the server resources to attend legitimate users.
9"what exactly goes about" is going to be very hard to answer. These days the OS might do 'clever' things, like detecting that the cable is removed. Dropping the routes to that network from the routing table. Activating new routes via wireless, .... All of this gets in the way of a simple universal explanation. – Hennes – 2015-05-07T09:11:58.307
5Did you look in the bit bucket for your missing packets? – Daniel R Hicks – 2015-05-07T12:19:07.907
4One thing that can happen for sure is that your current communications are interrupted in the middle of a s – ereOn – 2015-05-08T14:02:38.490
It depends on OS and its configuration. For MS Windows try to google
windows mediasense
. – Zaboj Campula – 2015-05-10T10:00:19.490