How Computers Talk? Hello TCP/IP
Do you browse internet, watch movies on Netflix or chat on WhatsApp ? TCP/IP is underlying technology that made all of above and most of the Internet possible.
“lo” was first ever message sent over the internet. That’s first 2 letters of word ‘login’ and then the system had crashed!!
Sounds interesting? Let’s refresh few key concepts before we jump in.
Uniform Resource Locators (URLs)
URL is the unique address for a resource on the Web/Internet. You might think of a URL as a regular postal mail address. i.e. it uniquely identifies physical location where package needs to be delivered.
Examples of URLs
https://www.google.com/
https://www.linkedin.com/in/maheboob/
Internet Protocol (IP) Address
In digital world, all we have is 0s and 1s and their movement from one device to the other. For this communication between devices, they need to know ‘address’ of each other . These digital addresses are known as IP Addresses.
IP Address is similar to physical mail address in post office scenario. Here they uniquely identify a device (computer, phone. ipad, car etc). IP Addresses have 2 flavors.
IPv4: This is original and older format of the from a.b.c.d where values of letters can range from 1 to 255. e.g. 188.184.21.108
IPv6: IPv4 could only support maximum of 4.3B addresses. That may sound like a lot but we already have more than 15B devices connected to the internet as you read.
To address the exploding need for IP addresses, IPv6 was introduced. The format is y:y:y:y:y:y where each y can have hexadecimal value between 0 and FFFF. Max unique addresses IPv6 can support is 3.4 followed by 38 zeros!
Why URL?
Turns out remembering and typing website address such as google.com will be easier than remembering IP addresses; e.g. 172.217.174.78 .
Hope you agree!
Domain Name System (DNS)
Think of this as phonebook for internet. i.e. it is mechanism by which computers determine IP addresses from URLs.
DNS may require its own article but at a high level this is how it works.
Suppose you type https://careers.github.com in browser then following process happens behind the scene to determine IP Address for careers.github.com
DNS is hierarchical system wherein top level maintain info just for a level below and so on.
At the top we have root servers. There are 13 root servers each storing a copy of the same file. It lists an address for each top-level domain (.com, .net, etc).
The root servers and all top level domains (TLDs) are managed by ICANN. It delegates the responsibility of the TLDs to various organizations.
TCP/IP Packets
TCP/IP breaks data into smaller and manageable chunks known as packets. It contains information needed to route data to correct destination, error handling, payload etc.
Packet structure and other details are covered in below section.
TCP/IP
Now that we have basic understanding that computers use IP Addresses to communicate with each other, lets see how all this works.
TCP/IP is layered suite of protocols and used by devices to communicate over the internet.
As you can see starting at the top, each successive layer wraps data from previous layer and adds its own headers.
Example
Let’s browse world’s first website - http://info.cern.ch and see how all this works. We will use wireshark to capture network packets and learn more.
TCP Handshake
Before exchanging any data computers need to make sure they are available and willing to talk. Think of this as typical ‘hello’ we use while making phone calls.
Client Computer: Hello , Can we talk? [SYN]
Server : Sure. [SYN, ACK]
Client Computer: Thanks. Lets talk. [ACK]
As shown above, TCP handshake is done in transport layer and it doesn't contain any application layer data. Let’s open the packets to understand what i mean here.
Top panel shows 3 different packets of TCP handshake. Bottom panel shows all the layers of a selected packet and its content.
Here we selected first packet of TCP handshake and below panel is shows various layers and content of packet.
TCP Packet Structure
Source Port : Port number of device or computer initiating TCP connection. If you are browsing a website, this is port number on your PC.
This is 2 bytes or 16 bits in size.
Destination Port : Port number of device or computer we are trying to connect to. If you are browsing website http://google.com, this is port number of google.com server.
This is 2 bytes or 16 bits in size.
TCP Flags : TCP layer use these flags for handshake and for reliable delivery of packets. This particular packet has only SYN flag set which indicates request for TCP Handshake.
12 bits are allocated for various flags.
Data or Payload: As these are TCP handshake messages, hence no application data is included. Len=0.
Total Length of this packet is 32 Bytes.
Internet Protocol (IP) Packet Structure:
Version: Version of IP (v4 or v6). Here its 4 meaning v4.
Header Length: Length of headers added by IP layer.
Here its 20 bytes.
Total Length: Total length of IP packet = 20 bytes of IP header + 32 bytes of TCP data = 52 bytes.
Time to Live: This denotes time in seconds that a packet still has before its life ends and is dropped. Here its 128 meaning it has 128 seconds before this packet will expire and dropped.
Protocol: This indicates protocol being used on top pf IP layer.
Value of 6 indicates TCP .
Source Address: IP Address of source device or computer that's initiating connection. If you start browsing then its IP of your computer.
Target Address: IP Address of target device or computer. If you start browsing google.com then its IP Address of google.com computer.
Physical Network Layer
This is physical link layer. i.e. it takes data and adds physical addresses of network device where data needs to be sent.
MAC Address: A media access control (MAC ) address is a unique identifier assigned to a network interface controller (NIC) for use as a network address in communications within a network segment.
This use is common in most IEEE 802 networking technologies, including Ethernet, Wi-Fi, and Bluetooth.
Think of MAC as unique network address hard coded by manufacturer for LAN or Wifi card. Computers use MAC while exchanging data.
Destination MAC Address: Sending computer determine destination MAC based on destination IP address. This is 6 bytes in length.
Source MAC Address: This is MAC address of sending device. This is 6 bytes in length.
Type: Type of protocol being sent. In this case its IPv4
Data: Data being transferred. Here its content of IP packet explained above.
CRC Checksum: This is used to detect data integrity, data corruption etc.
This physical layer creates frames and send to target device.
Switches and Routers
Routers and switches are 2 important network devices that will cover this whole TCP/IP puzzle.
Switches:
Switch is a networking device, which provides the facility to share data between networked devices such as computers, printers, and servers, within a small business network.
When a device or computer sends an IP packet to another device, then switch put the IP packet with source MAC address and destination MAC address, and encapsulate it with a Frame, and then send it to another device.
Switch checks the destination address of the frame against a MAC lookup table in its memory. This tells the which physical port, i.e., RJ45 port, is associated with the device whose MAC address matches destination address of the frame.
Switches use MAC addresses for forwarding packets.
Routers:
A router is a networking device used to connect multiple switches and their corresponding networks to build a large network. Router is an intelligent device and responsible for routing the data from source to destination over a network. It also distributes or routes the internet connection from modem to all the networking devices either wired or wireless, such as PC, Laptop, Mobile phone, tablet, etc
Router maintains routing table with IP ranges and it determines next hop/device based on routing table.
Routers use IP address ranges for forwarding packets.
HTTP over TCP/IP
So far we covered packets that were only used for TCP handshake, lets see how a packet with application data looks.
When we browse a website, HTTP protocol is used. Without getting into much detail , this is how HTTP request and response looks. This will become payload or data for TCP and below layers.
Sample HTTP Request and Response:
HTTP Payload in TCP/IP
Please note that TCP packet has length set to 144. This is total length in bytes of HTTP payload. Let’s open TCP packet and see what it contains.
So besides the typical stuff , this TCP packet does have payload.
Data on the wire
Lets see what is actually being sent on the wire.
Top panel displays various layers of TCP/IP. Bottom panel is divided into 2 parts. Left part represent each byte with hexadecimal equivalent. Right part shows text data where ever it make sense.
Hexadecimal digit represent 16 possible values.
4 bit can represent 16 unique values.
1 byte has 8 bits hence it can be represented by 2 hexadecimal digits.
Frame layer says this packet or frame has total length of 198 bytes on the wire. That’s 198 * 8 = 1584 binary digits or bits.
From Ethernet packet structure we know first 6 bytes represent destination MAC address. As MAC addresses are by default represented in hexadecimal convention, it has same value from top panel without colon separator.
Right part for MAC address doesn't make much sense so left as dots.
Source Port
Source port is specified by 2 bytes (35 and 36) which is c6f4.
Decimal equivalent of c6f4 is 50932.
TCP Payload or Data
Finally this is how you can see payload of TCP packet.
Btw, you can see payload only when website is available on plain HTTP and not HTTPS.
And that was one of the reasons i chose this website. We wont be able to see see the content of TCP packets if it was HTTPS.
How Packets Travel Over the Internet?
Lets pick an analogy with post office. This is how packages are delivered by traditional post office.
Important point to note here is that package is not delivered by same postman from original address to target address. It goes through local post offices, regional facilities and so on.
This is how data travels on the internet. Similar to post office scenario we have many hops before data reaches final destination. These hops are called Routers .
Summary:
Physical/Link Layer: Physical hardware used for actual transfer of data between computers.
IP Layer: Responsible for addressing of computers/devices. Make sure packets reach to the right computer .
TCP Layer: Bulk of work is done here, It takes care of transmission level stuff, e.g. detecting congestion on network, retry of packets , integrity of data etc.
Application Layer: Actual application related work is done here; e.g. SMTP (email), FTP (file transfer), HTTP etc. This mainly acts as payload for TCP/IP layers.
Fun Part
Lets check how many hops are there between my desktop to server hosting website info.cern.ch.
From dos on shell prompt type below
tracert -4 info.cern.ch (on windows)
traceroute -I -4 info.cern.ch (on linux)
traceroute 1 -4 info.cern.ch (on Mac)
Above command will list all the hops/routers between your computer and target server. Here is output for me from Mumbai, India
As public IP addresses are tied to a location, i tried to map the path taken by our TCP/IP packet and this is how it looked.
Looks like our packet has to travel 15000 kms through 20+ routers!
A typical network packet can be max 1500 bytes. Average size of HD movie on Netflix is 3GB. That translates to 2 Million packets in 1 direction.
If you do the math total distance traveled by TCP packets during 1 movie session will be 2M * 2 * 1500060 Billion Kilometers :)
For comparison Sun is just 151 Million Kilometers from the Earth!
Hope you enjoyed this article. Please clap and share your comments.
