So I know almost every one with basic IT education has taken a course about networking and knows about OSI layers and routing and other stuff such as “Transport layer provides end to end communication where as network layer provides hop to hop communication”.
But it amazes me when I actually get to know how LITTLE they know about real traffic or the precise meaning of above quoted sentence. I remember asking countless times in software development interviews “What if I rip off the transport layer of a packet?” This is the beginning of confusions - which is my motivation. I thought of writing a few words (well few paragraphs may be ) to make people understand what generally is present in REAL packets and what is the purpose of those contents.
I will not draw any boring BLOCK diagrams listing each layer (though they are good to visually understand the contents of packets) since there are too many already available. Will just try to add what I thought was missing.
1. OSI is theoretical – TCP/IP is practical. You won’t see an OSI packet flying by your pc.
2. TCP/IP is not a single protocol. It is a collection of many (at least 30) protocols out of which TCP is one and IP is another.
3. TCP/IP packets are what travel all around us. It basically has four layers.
4. You can actually see those four layers distinctly when you open a packet in e.g. Wire shark or Tcpdump.
5. In any given packet, each layer would normally contain one protocol belonging to that layer.
6. This means that general single packet should have 4 different protocols.
7. Protocol is simply a set of rules – which is necessary so that when a machine A sends a number 4 as 1st byte, machine B knows it has a special meaning.
A simple packet such as the one that leaves my pc when I type Google in my browser has a few typical things:
1. Link Layer - Containing MAC or physical address, it is the lowest level which tells if the machine the packet is destined for is directly connected to me or not. If not, it contains the information of the directly connected one which takes it nearer to destination. Common protocol on this layer is Ethernet.
2. Network Layer – The logical address or IP address. It’s job is basically to get you to a destination machine i.e. from my pc to a Google server. The common protocol is IP.
3. Transport Layer – Before leaving my machine OR after reaching Google’s server there are still many processes / application running on a computer. Identifying and delivering to which process is the intended communicator is the job of this layer. It also decides the MODE of communication with that process i.e. do we guarantee that all packets will be delivered and will inform if that is not the case. TCP and UDP are the most common protocols of this layer.
4. Application Layer – The rules specific to the application e.g. if we are querying a web server, we will send a get request telling it the name of URL and expect it to fetch a response (HTTP). These would differ widely from those of sending emails (SMTP and POP3).
Why did we create layers?
There is definitely a purpose. You can isolate responsibility and completely forget about doing other aspects of communication.
If functionality is part of a layer say TCP which is used with many application layers such as HTTP, SMTP, FTP, we can easily integrate a separately available TCP with them all. So no effort replication for each of these as well as forth coming protocols.
Layers work together to get the job done.
HTTP tells that I want to get a page Google
TCP layer ensures this will be a reliable communication and identifies that the application on the server would be using port 80. Port associates a number with a program. If we send data to pre-agreed port, it is identifying the application on the other end to receive our traffic. It also ensures packets are delivered in order, have acknowledgements and would be retransmitted if lost.
IP locates where will be google.com and uses an intelligent mechanism called routing to pass out packets to nearest possible neighbor. The intelligence has really got to do with determining
a) this way leads to destination google
the immediately next node is one step closer to destination
Once reached the point where google server is directly connected (next hop) Link Layer tells it’s physical address which enables us to actually deliver the packet.
When using it, we are asking the TCP/IP stack to handle all Link layer, network layer and transport layer itself (we only specific the name e.g. TCP or UDP of transport layer by choosing socket type). So sockets exist somewhat above the transport layer and only the details of application layer are handled by our program.
There are no structures left when packets travel through network. So a byte’s position and value are the only two measures to make a decision about its intention. Every packet is a sequence of bytes where say 2nd byte tells the protocol type, 3rd – 4th contain the command that it wants be communicated and so on.
For this reason, ports are mostly well known i.e. if it is 80, it means HTTP traffic, SMTP 25 and so on. This simplifies the task of identifying which protocol we are receiving currently.
I intend to use these basics to create a simple server application (may be a web server) in the forth coming tutorials. But I wanted to lay the ground work.
Edited by fayyazlodhi, 15 May 2011 - 01:34 PM.
THIS IS A TUTORIAL - SHOULD BE MOVED as it appears as a thread