HTTP-only tunnels (the default for most services) parse the request, terminate TLS at the edge, and forward HTTP. That's fine for webhook testing and OAuth dev, but doesn't work for Postgres, Redis, SSH, or game servers — those speak their own wire protocols on top of raw TCP.
TCP tunnels skip the HTTP parsing. The tunnel service allocates a public port (e.g. tcp.lrok.io:30007), the agent forwards bytes verbatim to a localhost port, and external clients connect like any TCP server.
Use cases: letting a colleague psql against your laptop's Postgres, exposing an SSH server you don't admin a public IP for, hosting a small game server during a session. Keep the tunnel up only as long as you need — TCP tunnels typically meter or rate-limit on free tiers.