The basics of network packets

For administering a Linux box , setting up a SOHO network or create a web application you don’t have to be a network expert , I have to admin that I’m not either a network expert , but at least the basic concepts of networking have helped me many times to explain / resolve some weird problems I came across . It helps… especially in troubleshooting scenarios for example when your program cannot connect to the database due to network or firewall misconfiguration .

This article assumes that you already know what an Ethernet network is and how to set up a small LAN (local area network) . It will just outline how the communication occur on a network from the perspective of the packet structure . Do not expect from this article to make you a protocol engineer , it took me 8 months to read  Tanenbaum’s book ( Computer networking ) and believe me I have only scratched the surface of this huge topic . I am a visual person and most of the time a picture speaks a lot more to me than a bunch of words, so here is a simple diagram that explains the basics of a TCP/IP network packet:

A little more detailed version of this diagram I drew up in my notebook when I was taking a networking class . I still find myself drawing it on a white board when someone asks me a network question.

The “Level” labels above refer to the different layers of the OSI model. It is helpful to think about a network packet as a present, wrapped in multiple boxes. The outermost box corresponds to level 2 in the OSI model (Data Link layer) and it is the one containing the physical addresses of the source and the destination machines. A typical level 2 device is a network switch.

Inside this big box is the level 3 (Network layer) box that contains the IP address of the computer sending the packet and the one that it is directed to. An example of a level 3 device is a router.

The next box is the one that identifies what port the packet originated from and the number of the port that the destination computer should receive the data on. The port number ultimately determines what application is responsible for processing the data. For example, a packet coming on port 21 means that it is an ftp request and that the ftp daemon on the machine should process it. This box corresponds to level 4 on the OSI model – the Transport layer. A PIX firewall is a typical level 4 network device.

And the innermost box of the packet is the “present” itself – the data. This is what was needed to be delivered from one computer to another on the first place and the rest of the boxes were just the means to accomplish this.

The different network devices and computers open the different boxes and read the information they carry as needed. For example, it is helpful to remember that routers strip the Data Link layer to find out the destination (the IP) address of the packet. Then they reconstruct that layer with a new destination physical address – the MAC address of the next hop on the network and with their own MAC address as the source address. This process repeats until the packet reaches its destination.

I have been asked many times by web programmers how to find out the MAC address of the machine that made the original request . As you can see now- this is impossible. The TCP/IP packet that reaches the web server will only contain the MAC address of the last router that processed the frame.

Basic network concepts :

Layering is an important conceptual tool that helps us to organize, understand, and deal with the complexity of network architecture. The idea is to divide the network’s functions into layers. Each layer makes use of the services of the layer below it to provide a set of specific services for the layer above it.
An logical representation of the network architecture can be seen below .

.
Beginners are often confused about the difference between the network and transport layers , previous picture makes the distinction clear. The network layer carries on a conversation with its peer network layer on the next hop, whereas the transport layer carries on a conversation with its peer layer on the final destination. To put it another way, the transport layer behaves as if it were directly connected to its peer layer and is unaware of the actual path that its data takes through the network. The network layer, on the other hand, is concerned with choosing the path that the data takes and, as such, is involved with processing at each hop. Note from the figure that routers do not necessarily even have transport layers.

Encapsulation:

Encapsulation is an fundamental term in network architecture , as data travels down the stack on its way to the network cable or other media, each layer adds a header and, possibly, a trailer to the data. We say that each layer encapsulates the data from the previous layer.The picture below  illustrates how data for a TCP session moves  through the stack. The data that, say, the user types in at the console is encapsulated by the application layer, which adds an application header. When the encapsulated application data enters the transport layer, it is encapsulated into a TCP segment by the addition of a TCP header. Similarly, when the TCP segment arrives at the network layer, IP adds its own header, encapsulating the TCP segment into an IP datagram. Finally, when the IP datagram gets to the interface layer, the Ethernet driver encapsulates it in an Ethernet frame by adding a header and trailer.

Of course there is a lot more to network packets and protocols than this. But the simple diagram above is good enough to give you a basic idea and to get someone started in the field of networking.