Network Packet introduction

This page is here to give you a basic view of what a packet looks like, in the general case.

A packet is the basic unit of data transfer in a networked environment. Packets are individual chunks of data, flowing in a single direction. Once they reach their destination, they cease to exist.

There are different kinds of packet floating around various networks. Many packets can carry other packet types inside them, and in fact, their primary function is to contain, or "encapsulate", other packets.

Technically, a particular packet type is usually found at a specific level of nesting. These levels are generically called network "layers". A packet that is interpreted *directly* by a machine, without any intervening translation, is called a "Layer 1" packet. A packet that travels on top of nothing but a Layer 1 packet, is a Layer 2 packet type.

Sample TCP data packet
[Layer 1 is electrons flowing!]

Layer 2

This is the ethernet packet. It is the lowest level software packet you can normally see on a LAN. There are other LAN-level packet types, but nowadays, ethernet is the most common.

An ethernet packet contains info like
Ethernet SRC addr: 80:00:20:fa:b2:36
Ethernet DESC addr: 20:00:15:45:3f:f3

It also data inside it, but it doesnt have much idea about what is actually IN the data. It doesnt know too much more than the ethernet data type number, how much data there is to carry, and that

Layer 3

This is the IP packet, inside the ethernet packet.
It contains info like
Source IP addr:
Dest IP addr:
It also contains data. It knows what IP type number the data is, but nothing else except its size, and that

Layer 4

This is a TCP packet, inside the IP packet.
It contains information like
Source TCP port: 32892
Dest TCP port: 25
It also contains data. it doesnt know anything else about the data, except for a checksum, its size, and that

Layer 5+

[This could be "a random chunk of data". Except this is a piece of data destined for port 25, which is the SMTP port. So in this particular instance, it has some data relevant to the SMTP protocol. Unlike all the other layers, the ONLY thing constraining what is in here, is whatever a program decides to put in here. In this case, the data is an ASCII string: ]


It is this logical layering that leads to the description of a simple ethernet switch as a "layer 2" device, and a router as a "layer 3" device.

Also, there are application level protocols that operate at layer 5, and themselves encapsulate data. NFS is an example of one of these packets. So the actual data in an NFS packet could be described as at layer 6.

Even though there are all these "separate" layers, they all arrive as part of a single data packet. If you run a network sniffer, you can specify to look at any particular layer for a type of data.

Similarly, you can make firewall rules for differing levels of control, although not usually so broad as with a network sniffer.

TCP connections

When dealing with networking issues, you will often hear about TCP "connections". This may seem a little odd in looking at the above diagram, because there is no notion of a "connection" if you are just looking at packets. After all, a single packet goes to its destination, then goes away. Sometimes, it doesnt even reach its destination. There is no guarantee that any particular packet will reach its destination, just because you send it a single time.

This led to the development of "reliable" transmision protocols. In fact, TCP stands for "Transmission Control Protocol". It's design goal is to provide a reliable way of ensuring that your data gets to where it is going. So if two computers support TCP, a virtual connection can be established, that keeps track of data

The client computer requests the start of a connection, by sending a TCP SYN packet to the target computer. This packet will request a connection from client-IP:portX to target-IP:portY

If there is something waiting for a connection on the other side, the target machine will reply with a SYN-ACK packet, saying "Yes, I accept your request, and have a connection reserved for you".

The final step is for the original machine to send an ACK packet, saying "I acknowlege the reservation, let's start talking!".

This is called the Three-way Handshake of TCP.

From this point on, there is a virtual connection in place. All data will be tracked to make sure that it is recieved on the other side. If it is not, it will automatically be resent, until either it is received correctly, or it is judged that the other side has gone offline (at which point, the connection is broken)

Author: Philip Brown Site: