TCP/IP Behind the Scene

What is TCP/IP Model?

TCP/IP is a suite of internet protocol that helps to build a reliable connection between hosts running on IP network to achieve end-to-end data communication. The functionality is divided into four abstraction layers:

Peeling the Onion

When I was studying the cross-cultural communication course at university, I learned about the onion theory, where cultural behaviors are analyzed from different layers like peeling an onion. I really like this metaphor so will borrow it to explain the TCP/IP model. In this section, I’ll peel the onion and deep dive into every single layer. At its very core, the TCP/IP model is doing two things:

1. Building the connection
2. Transferring data

Therefore, I will talk about how each layer works from these two perspectives with a case study.

Let’s begin!

To start, I’m entering an HTTP address in my chrome’s address bar, and at the same time, I’m capturing packets using Wireshark in the background.

(Note: The focus here is to talk about data communication in each TCP/IP layer, so I’ll not cover topics like DNS lookup, and TCP handshakes.)

Abracadabra~ here’s one of the messages between my laptop and the server in Baidu.

One of the messages on the fly

Let’s start from the top layer — Application Layer

Message in the application layer

We can see that this layer contains messages in a human-readable format, including request method (GET), protocol (HTTP), hostname (baidu.com), etc. But information like port and IP address is not in this layer.

Keep going — Transport Layer

A segment in the transport layer

Now we know where the port information is stored! In this layer, the data unit is called “segment”. Each segment contains information like source port, destination port, and TCP payload. We’re also seeing other information like Sequence Number, Acknowledgment Number, Flags, and Window. They are used by TCP handshake, which I will write about in another blog, so for now, let’s just know that these are the fields present in a TCP segment. Note that at this point, the IP address is not present yet!

Let’s go deeper — Internet Layer

A packet in the internet layer

Hey IP address, that’s where you are! In this layer, both the source and destination IP addresses are stored.

In this layer, ARP (Address Resolution Protocol) is frequently used to find the corresponding MAC address of an IP address. We can imagine there’s a map where the key is the IP address and the value is the associated MAC address of a host. If the MAC address is found on the internet layer, then the message directly goes to the link layer, otherwise, a request to broadcast address will be sent first to get the corresponding destination MAC address.

Lastly — Link Layer

Frame in the Link Layer

In the link layer, a data unit is called “frame”. Each frame contains information like destination MAC address and source MAC address (e.g.00:00:5e:00:01:67 in the picture above). The real data transfer between physical hosts happens at this layer, where a frame from one MAC address is sent to another MAC address in the same local network, and eventually to Baidu’s hosts.

References

https://en.wikipedia.org/wiki/Internet_protocol_suite#Internet_layer
https://en.wikipedia.org/wiki/Transmission_Control_Protocol