DEV Community

Shivakumar
Shivakumar

Posted on

Networking Internals I

#beginners #computerscience #networking

This is a foundational concept in computer science. Here is a clear breakdown of Networking and the OSI Model, designed to help you understand how computers communicate.

1. What is Networking?

Networking is the practice of connecting two or more computing devices (computers, servers, routers, switches) together for the purpose of sharing resources (like files or printers) and exchanging data.

Think of it like a conversation: to talk to someone, you need a shared language, a medium (voice/air), and a set of rules (grammar). In computing, networking provides that infrastructure.

  • Key Goal: Resource sharing and communication.
  • Common Types:
  • LAN (Local Area Network): A network in a small area like a home or office.
  • WAN (Wide Area Network): A network covering a large geographic area (the Internet is the biggest WAN).

2. What is the OSI Model?

The OSI (Open Systems Interconnection) model is a conceptual framework used to understand how network communications work. It splits the complex process of sending data into 7 distinct layers.

Why do we use it?

  • Standardization: It helps different vendors (like Apple, Cisco, and Microsoft) create hardware and software that can talk to each other.
  • Troubleshooting: If the internet is down, a network engineer can check layer-by-layer (e.g., "Is the cable plugged in?" is Layer 1; "Is the IP address correct?" is Layer 3).

3. The 7 Layers of the OSI Model

You can memorize the layers from Bottom (1) to Top (7) using the mnemonic:

"Please Do Not Throw Sausage Pizza Away"
(Physical, Data Link, Network, Transport, Session, Presentation, Application)

Here is a detailed breakdown of each layer:

Layer # Layer Name What it Does (The "Job") Real-World Examples
7 Application Human-Computer Interaction. This is what you see. It allows applications (like Chrome or Outlook) to access the network services. HTTP (Web), SMTP (Email), FTP
6 Presentation Translation. It translates data into a readable format, handles encryption (security), and compression (zipping files). JPEG, GIF, SSL/TLS (Encryption)
5 Session Conversation Control. It sets up, maintains, and terminates the connection ("session") between two devices. NetBIOS, RPC
4 Transport Delivery & Reliability. It decides how much data to send and checks if it arrived correctly. It breaks data into "segments." TCP (Reliable), UDP (Fast/Streaming)
3 Network Routing & Addressing. It decides the path the data takes to reach the destination (like a GPS). Data here is called "packets." IP Addresses, Routers
2 Data Link Physical Addressing. It ensures error-free transfer between two directly connected nodes. It uses MAC addresses. Data here is called "frames." MAC Addresses, Switches, Ethernet
1 Physical Hardware connection. The actual cables, electricity, or radio waves (WiFi). It transmits raw "bits" (1s and 0s). Cables (Cat6, Fiber), Hubs

Summary of Data Flow

When you send an email:

  1. Encapsulation (Down): The data goes from Layer 7 down to Layer 1 on your computer. Each layer wraps the data in a simplified "envelope" (header).
  2. Transmission: It travels over the wire/air as bits (Layer 1).
  3. Decapsulation (Up): The receiving computer unwraps the data from Layer 1 up to Layer 7 to read the email.

Important Note: OSI vs. TCP/IP

  • OSI is a theoretical model used for teaching and understanding.
  • TCP/IP is the practical model used in the actual Internet today (it condenses the 7 layers into 4).

Here is a deep dive into the transport layer protocols (TCP/UDP), their packet structures, and how to analyze them using Wireshark.

1. TCP Deep Dive: The 3-Way Handshake

TCP (Transmission Control Protocol) is connection-oriented. Before any data is sent, a reliable connection must be established. This is done via the 3-Way Handshake.

The Process

Think of this like a phone call:

  1. SYN (Synchronize): Client sends a packet with the SYN flag set. It picks a random Sequence Number (e.g., Seq=100).

  2. Meaning: "Hi, I want to connect. My starting number is 100."

  3. SYN-ACK (Synchronize-Acknowledge): Server receives the SYN. It sends back a packet with SYN and ACK flags. It acknowledges the client's sequence (Ack=101) and sends its own Sequence Number (e.g., Seq=300).

  4. Meaning: "I hear you. I'm ready. My starting number is 300."

  5. ACK (Acknowledge): Client sends a packet with the ACK flag. It acknowledges the server's sequence (Ack=301).

  6. Meaning: "Got it. Connection established. Let's send data."

Connection Termination (4-Way Handshake)

Because TCP is full-duplex (data flows both ways independently), each side must close its side of the connection separately using FIN (Finish) flags.

  1. Client: Sends FIN ("I'm done sending").
  2. Server: Sends ACK ("I received your request to stop").
  3. Server: Sends FIN ("I am also done sending").
  4. Client: Sends ACK ("Connection closed").

2. UDP (User Datagram Protocol)

UDP is connectionless. It is the "fire and forget" protocol.

  • No Handshake: It just sends data immediately.
  • No Reliability: If a packet is lost, it is not re-sent.
  • Speed: Much faster than TCP because there is no overhead for error checking or ordering.
  • Use Cases: Streaming video, VoIP, Gaming, DNS lookups.

3. Packet Headers: Under the Hood

To understand what you see in Wireshark, you need to know what is inside the headers.

TCP Header (20-60 Bytes)

The TCP header is complex because it ensures reliability.

  • Source/Dest Port: Identifies the app (e.g., HTTP is 80, SSH is 22).
  • Sequence Number: Used to reassemble data in the correct order.
  • Acknowledgment Number: Tells the sender what data has been received.
  • Flags (Control Bits):
  • SYN: Start connection.
  • ACK: Acknowledge data.
  • FIN: End connection.
  • RST: Reset/Kill connection (usually indicates an error).

  • PSH: Push data immediately (don't wait for buffer to fill).

  • Window Size: Flow control. Tells the sender "I only have space for X bytes right now."

UDP Header (8 Bytes)

The UDP header is very simple and lightweight.

  • Source Port: (Optional in UDP).
  • Destination Port: Where the data is going.
  • Length: Length of header + data.
  • Checksum: Basic error checking (to see if data was corrupted).

4. Wireshark Basics

Wireshark is a network protocol analyzer. It captures packets flowing through your network interface card (NIC).

Core Concepts

  • Capture Interface: You must select which hardware to listen to (e.g., eth0 for wired, wlan0 for Wi-Fi).
  • Promiscuous Mode: Allows your NIC to read all traffic on the network segment, not just traffic meant for your IP (though switched networks often limit this).

Essential Filters (The "Green Bar")

Wireshark captures everything, which is overwhelming. You must use filters to find what you need.

Goal Filter Syntax
Filter by IP ip.addr == 192.168.1.5
Filter by TCP Port tcp.port == 80
Filter by Protocol dns or ssh
Combine Filters ip.addr == 10.0.0.1 && tcp.port == 443
Find Errors tcp.analysis.flags (Shows retransmissions, duplicate ACKs)

"Follow TCP Stream"

This is the most useful feature for beginners.

  1. Right-click a packet in the packet list.
  2. Select Follow > TCP Stream.
  3. Wireshark reconstructs the entire conversation (Client is Red, Server is Blue) so you can read the data (like HTML or text) rather than raw packets.

Top comments (0)