Terms of Use For FixedByVonnie

By proceeding to access fixedByVonnie.com, you expressly acknowledge, and agree to, all of the following:

fixedByVonnie.com is a personal website and blog owned by Security Plus Pro LLC, which is being presented for informational purposes only. The views on this website are solely those of the website owner (and not those of any employer or of any professional associations affiliated with the website owner).  Any views expressed in this website and any information presented on this website, or in any of its blog entries, should not be relied on for any purpose whatsoever other than as the personal opinions of the website owner.  The website owner expressly disclaims any and all liability for any information presented on this site.  The owner of this website and its blog posts shall not be held liable, and shall be held harmless, for any errors or omissions in any information or representations contained in this website, or in any of its blog entries.  The website owner also expressly disclaims any liability for the current or future availability of any such information. The website owner makes no representations as to the accuracy or completeness of any information on this website or which may be found by following any link on this website. The website owner shall not be held liable for any losses, injuries, damages, claims, or causes of action, from the display or use of any information on this website or in any of its blog entries. If you use the information on this website, or on any of its blog entries, you do so solely at your own risk.

Networking 101: The lowdown on how Networks really work (Part 2 of 2) - fixedByVonnie

Networking 101: The lowdown on how Networks really work (Part 2 of 2)


In the first part of this two part series I gave you an analogy for thinking about networks.

And now we’re going to dive in a little deeper.  You’re going to peer into packet captures.  You’ll see exactly how the data maps to the TCP/IP layers.  I’ll also clarify a few terms like encapsulation.  Finally, I’ll share a secret that most people miss when talking about data networks.

Are you ready for this!?

Let’s go!

Encapsulate me, then De-encapsulate me

As the data moves down each layer, it gets encapsulated.  When it’s received at the destination it moves back up the layers.  This is called de-encapsulation.  In other words, as the original message is passed along down the stack, new information is tacked on.  The message essentially keeps getting bigger and bigger as each layer adds its own data to the message.  This is important because it helps the computers know what kind of data is being sent and which application it should go to.

For example, the Network layer adds a header that contains the source and destination IP addresses.


And the Data Link layer adds another header that has the source and destination MAC address.

At the destination, the remote computer discards the headers from each layer as it moves back up the stack.  That’s the de-encapsulation part.

Remembering the Layers

So the seven layers we just presented are known as the seven layers of the OSI (Open Systems Interconnect) Model.  Here they are again:

  • Application
  • Presentation
  • Session
  • Transport
  • Network
  • Data Link
  • Physical

You can remember this with this fancy mnemonic:

  • All
  • People
  • Should
  • Try
  • New
  • Dr.
  • Pepper

It’s probably better if you come up with your own.  You’ll remember it better.  Some people remember it in the reverse order with:

  • Please
  • Do
  • Not
  • Take
  • Sales
  • Person’s
  • Advice

So here’s the deal: I need to tell you a secret: despite what you may have heard, no one actually uses the OSI model.  You only need to remember it if you’re taking a class or studying for a certification such as the Network+ exam.

The OSI Model is mainly conceptual.  Today, people use the TCP/IP network model.  It was designed by the IETF (Internet Engineering Task Force).  People started using the TCP/IP network model and so it’s the one we use today.  99% of production networks use the TCP/IP suite.

The TCP/IP Suite

TCP takes the Application, Presentation and Session layer and lumps it into one layer called the Application Layer.

The Transport layer is the same in TCP/IP.  Remember the Transport layer decides whether to transmit the message across the network using reliable or unreliable methods.  It also segments large messages into parts.

In the TCP/IP protocol stack, the Network Layer maps to the Internet Layer.

And the Data Link Layer and the Physical Layer are lumped into the Network Interface Layer.

Here’s the the layers of the TCP/IP suite.

  • Application
  • Transport
  • Internet
  • Network Interface

TCP/IP Layers

Do you want to know a secret?

But I’ve got to tell you anther secret!

No one really talks about the TCP/IP network model like this.  In the real world people don’t think about the layers like this. For example, if you take a packet capture and analyze the layers you won’t see the layers listed like this.  Instead you’ll see:

  1. Physical Layer (Ethernet Cables, Hubs, Bits)
  2. Data Link Layer (Switches, MAC Addresses)
  3. Network Layer (Routers, Packets, IPv4 and IPv6 addresses)
  4. Transport Layer

And the next layer is the Application layer but no one calls it Layer 5.

Let me show you a live packet capture so you can see what happens:

Checking out the packet captures

When you type in fixedbyvonnie.com, your computer contacts immediately gets to work finding a DNS to resolve the fixedbyvonnie.com domain name into an IP address.  That’s what DNS does.  It sends a Standard Query for an A record which means:

Give me the IPv4 address of fixedbyvonnie.com!

Once it gets that, it’s ready to communicate.

It all starts at the Application Layer.  Your web browser uses the Hypertext Transfer Protocol (HTTP) to request a particular web document from a web server.

You can actually see the HTTP header and the GET request for a specific file called fixedbyvonnie-ebook-801.png.

Looking at the Application Layer of the TCP/IP model

At layer 4, you’ll see either a TCP or UDP segment.  HTTP uses TCP, so in order to guarantee that the HTTP request will arrive at fixedbyvonnie.com, TCP uses acknowledgements, sequence numbers  (so it can sort the segments at the destination) and port numbers (so it can make sure the right data gets to the right application)

In the screenshot below you can see the TCP Segment length is 623 bytes.  You can also see the Sequence Numbers and Acknowledgements that TCP used to guarantee fixedbyvonnie.com was returned to my web browser.

Looking at the Transport Layer of the TCP/IP model

Next at Layer 3, you’ll see the IP header added to the TCP segment.  The main thing to focus on is the source IP address (street name and house number of your computer) and the destination address. (street name and house number of fixedbyvonnie.com)

You can see my source IP address (the IP address of my computer) is and the IP address of fixedbyvonnie.com (resolved via DNS) is

Looking at the Network layer of the TCP/IP model

Next at Layer 2, in the Data Link layer, you’ll see the physical addresses; namely, the MAC address of your computer and the MAC address of your default gateway.

If your computer was sitting on the same street (network) as fixedbyvonnie.com the destination MAC address would be the MAC of the fixedbyvonnie.com web server.  But alas!  You aren’t on my network so you need to send it to your gateway to the internet first.

In the graphic below you can see the MAC address of my default gateway (the destination) and my source MAC.

Looking at the Data link layer of the TCP/IP model

And then, finally, at Layer 1, you’ll see all the bits.  In WireShark this is basically the summary or snapshot of all the information in the frame.

My favorite section is where it says [Protocols in frame].

It shows you a snapshot of all the protocols in the current frame.  You can also see the length of the frame and a bunch of other mouth watering goodies.

Examining the Physical Layer in WireShark

Everything is a packet right!?

So what’s the data called?  You might hear people erroneously referring to all network data as a Packet.  But this is technically incorrect.  It’s only a packet at Layer 3.

The general term is for network data is a Protocol Data Unit, (PDU) but when it hits the Transport Layer it becomes a Segment. Then at the Network Layer it becomes a Packet and at the Data Link Layer it becomes a Frame.  Incidentally, it’s called a frame because the Data Link layer is the only layer that adds both a header and trailer to the packet.

As long as both the source and destination devices use the same frame format they will understand each other because the bits will be in the expected order.

  • Segment (Transport Layer)
  • Packet (Network Layer)
  • Frame (Data Link Layer)
  • Bits (Physical Layer)

So now you know that everything on the network isn’t a packet!

The Bottom Line

Believe it or not, if you can read everything here and can communicate it in your own words (without missing anything) then you truly understand how networks work.

I’ve given you a framework for understanding the entire process!

Please let me know if this helped you.  Just shoot me a comment or an email vonnie@fixedbyvonnie.com.


Connect with Vonnie on Twitter

Posted in What Is Tagged with: ,