They can easily manipulate TCP as well. Unless you establish an authenticated session like TLS, TCP can be mitm-ed easily.