For a long time, networking felt like a collection of unrelated acronyms.
DHCP.
ARP.
DNS.
TCP.
IP.
NAT.
VPN.
I could explain each one individually.
But if someone had asked:
"What actually happens when you open a website?"
I would have struggled to answer.
The turning point came when I stopped learning protocols individually and started following a single packet through the network.
This article follows that packet from the moment a laptop connects to Wi-Fi until a webpage finally appears in the browser.
Before We Begin: Data, Segments, Packets, and Frames
One of the biggest beginner misconceptions is that everything is called a packet.
Technically, that is not true.
As data moves through the networking stack, its name changes.
Application Layer
The browser creates:
GET /
At this stage it is simply:
Data
Transport Layer
TCP adds a header containing information such as:
- Source Port
- Destination Port
- Sequence Number
- Acknowledgement Number
- Flags
Now we have:
TCP Header + Data
This is called a:
Segment
Network Layer
IP adds another header containing:
- Source IP Address
- Destination IP Address
- TTL
- Protocol
Now we have:
IP Header + Segment
This becomes a:
Packet
Data Link Layer
Ethernet or Wi-Fi adds:
- Source MAC Address
- Destination MAC Address
Now we have:
Ethernet Header + Packet
This becomes a:
Frame
The final structure looks like:
Frame
└── Packet
└── Segment
└── Data
This process is known as:
Encapsulation
Every packet on the Internet begins this way.
Our Example Network
To keep things simple, imagine the following setup.
Laptop
MAC = BB:BB:BB:BB:BB:BB
Router
LAN IP = 192.168.1.1
LAN MAC = AA:AA:AA:AA:AA:AA
Public IP = 49.43.12.10
DNS Server
8.8.8.8
Website
example.com
104.26.10.50
Now let's follow the packet.
Step 1: Laptop Boots
Immediately after startup, the laptop knows surprisingly little.
It knows:
My MAC Address
But it does not yet know:
- IP Address
- Default Gateway
- DNS Server
Those must be discovered.
Step 2: Connecting to Wi-Fi
The laptop successfully joins the wireless network.
At this point many people assume networking is ready.
It is not.
The laptop still lacks an IP address.
Without one, meaningful communication cannot occur.
Step 3: DHCP Gives the Laptop an Identity
The laptop broadcasts:
DHCP Discover
Meaning:
Is there a DHCP server available?
The router responds:
DHCP Offer
containing:
IP Address = 192.168.1.100
Gateway = 192.168.1.1
DNS Server = 8.8.8.8
The laptop accepts.
Now it finally knows:
Who am I?
Where should I send traffic?
Which DNS server should I use?
DHCP has completed its job.
Step 4: The User Opens a Website
Suppose the user enters:
https://example.com
The browser immediately faces a problem.
It knows:
example.com
but websites are reached using IP addresses.
The browser asks:
What IP address belongs to example.com?
Step 5: Before DNS, ARP Happens
To contact the DNS server, the laptop must send traffic through the router.
It knows the router's IP address:
192.168.1.1
But it does not know:
Router MAC Address
So it broadcasts:
Who has 192.168.1.1?
This is an ARP request.
The router replies:
192.168.1.1 is AA:AA:AA:AA:AA:AA
The laptop stores this information in its ARP cache.
Problem solved.
Step 6: The DNS Query Leaves the Laptop
The laptop creates an IP packet.
Source IP = 192.168.1.100
Destination IP = 8.8.8.8
Then it creates a frame.
Source MAC = BB:BB:BB:BB:BB:BB
Destination MAC = AA:AA:AA:AA:AA:AA
This reveals an important networking principle:
Destination IP = Final Destination
Destination MAC = Next Hop
For many beginners, this is the first surprising realization.
Step 7: NAT Changes the Source Address
The router receives the packet.
The router notices:
192.168.1.100
is a private IP address.
Private addresses cannot travel across the public Internet.
The router performs:
NAT
Network Address Translation.
The source address changes from:
192.168.1.100
to:
49.43.12.10
which is the router's public IP.
The router also records this translation in its NAT table.
This is how replies find their way back later.
Step 8: Routers Forward the Packet
The packet begins traveling across the Internet.
An important detail often goes unnoticed.
At every hop:
Old Ethernet Frame
↓
Discarded
New Ethernet Frame
↓
Created
This means:
MAC Addresses
Change at every hop
while:
IP Addresses
Remain largely unchanged
This is why networking engineers often say:
MAC = Hop-to-Hop
IP = End-to-End
Step 9: The DNS Server Responds
Eventually the packet reaches:
8.8.8.8
Google DNS receives:
Source IP = 49.43.12.10
Destination IP = 8.8.8.8
Notice something important.
Google never sees:
192.168.1.100
It only sees the public address created by NAT.
Google replies:
example.com = 104.26.10.50
Step 10: The Reply Finds Its Way Home
The DNS reply eventually returns to the home router.
The router consults its NAT table:
49.43.12.10:53001
↓
192.168.1.100:53001
The router now knows exactly which device requested the information.
The reply is forwarded back to the laptop.
Step 11: TCP Establishes a Connection
Now the browser finally knows:
example.com = 104.26.10.50
Before sending data, TCP establishes a connection.
The famous three-way handshake occurs:
SYN
↓
SYN-ACK
↓
ACK
The connection is now established.
Step 12: TLS Creates Encryption
Because the website uses HTTPS, encryption must be negotiated.
The browser and server exchange:
- Certificates
- Cryptographic parameters
- Session keys
An encrypted channel is created.
Only after this step can secure communication begin.
Step 13: The Actual Website Loads
Finally, the browser sends:
GET /
The server responds with:
- HTML
- CSS
- JavaScript
- Images
The browser renders everything.
The webpage appears.
What Changes When a VPN Is Enabled?
Without a VPN:
Laptop
↓
Router
↓
ISP
↓
Website
With a VPN:
Laptop
↓
Router
↓
ISP
↓
VPN Server
↓
Website
The router does not disappear.
ARP still happens.
DHCP still happens.
Frames still exist.
The difference is that traffic is encrypted and sent to the VPN server first.
To the ISP:
VPN Server
appears to be the destination.
The actual website remains hidden inside the encrypted tunnel.
The Mental Model That Finally Helped
Networking became easier once I stopped imagining the Internet as a single connection.
Instead, I started viewing it as many small conversations.
Laptop ↔ Router
Router ↔ ISP Router
ISP Router ↔ ISP Router
ISP Router ↔ Destination
Each conversation uses different MAC addresses.
The IP packet survives the journey.
Once that idea clicked, concepts such as:
- DHCP
- ARP
- DNS
- NAT
- VPNs
- Routing
- Wireshark captures
started feeling like pieces of the same puzzle instead of isolated protocols.
Final Thoughts
For a long time, networking felt overwhelming because every protocol seemed independent.
The breakthrough came when I followed a single packet from start to finish.
Rather than memorizing definitions, I began asking:
What problem is this protocol solving right now?
Viewed through that lens:
- DHCP provides identity.
- ARP finds local devices.
- DNS finds destinations.
- NAT enables Internet access.
- TCP creates reliable communication.
- TLS secures it.
And together, they make something as ordinary as loading a webpage possible.
Top comments (0)