An Overview of Networking

A network is a way to connect two or more devices together (usually computers) so that they can exchange information. In order to make this work, each device must know when another is trying to connect to it and it must know how to reply. The network consists of a whole suite of protocols to make this work (A protocol is just a set of rules that each device uses to communicate with other devices).

At the most basic level is the wire (or a wireless device) used to make the physical connection. In most cases this will designed for an "Ethernet" type physical network. Fiber optic cable is just a single wire so it's kind of boring to talk about but it offers the highest speeds. Wireless connections use a radio receiver/transmitter to create the "physical" connection but with no cable used at all. Wireless speeds are limited by distance and obstacles in the transmission path but wireless networks are getting better all the time.

The most common connection is a cable containing 8 wires arranged as 4 pairs. This kind of cable (Unshielded Twisted Pair, UTP) is rated according to its reliability at various transmission speeds. Typically the minimum is rated Category 5 with most new installation rated as at least Category 5e or Category 6.

Once the medium (cable, wireless, fiber, etc.) is installed, there are other rules that determine how it will connect to the devices on the network. Fiber will use connectors called either ST or SC type, copper cable (say Cat 5e) will use RJ45 type connectors and wireless will use no connectors at all. When the transmission medium is in place and the connectors properly installed, the network is almost ready.

What is needed next is the circuitry required to process whatever is transmitted over the network "wire". This is typically called a Network Interface Card or NIC (nick). You'll attach the physical network cable to the NIC (a wireless device is still a NIC but it uses an antenna instead of a wire) and the circuitry there will handle all movement of data to and from the wire and pass the data to the device's processing circuitry. So the NIC is just what it says it is: An interface to the network.

A NIC can do lots of things but, at the most basic level of operation it will determine what kind of network is being used. In almost every case this will be an ethernet network. Ethernet is another set of protocols that regulates what kind of network "wire" is used, how it is terminated (the kind of connectors it uses) and how the NICs will "talk" to each other. The "talking" part is another element of the ethernet protocol and requires that each NIC have a unique identifier. This identifier is a number called the NIC's Media Access Control (MAC) number and it looks like this:

00:11:22:33:44:55

Each MAC number is an address that will only point to one NIC; it is entirely unique and each NIC manufacturer has a reserved block of these addresses. With that address an ethernet network can always find any other device on the network (as well as identify itself of course).

The next thing ethernet does is to create "packets" (frames) of data. These packets will contain the address of the originating NIC and the NIC to which it wants to communicate along with some other control data, and then add the data that is to be actually used on the other end (the payload). Once that packet (a frame is what you get when when an ethernet NIC has bundled the addresses and data together in a usable form) is assembled, the NIC will dump that frame onto the wire.

If there are more than two devices sharing the wire it's possible for the packets one NIC dumps on the wire to conflict with another NIC's packets. This is called a collision. If there's a collision, each NIC will stop transmitting for a random length of time and then try again. The "backoff time" is random so that one of the competing NICs has a better chance of using the wire without another collision. All of this makes a ethernet network a "shared network" that "senses" the presence of other NICs (by their packets on the wire), that can detect collisions and can correct the collision condition (by backing off). Newer network installations don't have this problem simply because they don't actually share the wire. More on this elsewhere (if you're still awake).

All of that is pretty much a basic network using the ethernet protocol. However, you can't really do anything since you have no way to tell the networked device how to get on the wire or what to do with stuff you may have pulled off the wire. There are ethernet packets bouncing around out there but no one knows what to do with them. Must be time for another protocol.

TCP is the "Transmission Control Protocol" and is part of the data contained in the ethernet frame. TCP will provide and input and output channel for the data on the ethernet network so devices on either end can pass along their payloads and do useful work. The TCP packet is part of the ethernet frame's payload, the part that's destined to do something useful for the end-user. There are quite a few TCP applications (programs) available: http (the Web) ftp, telnet, email, etc. TCP will allow you to exchange data between devices on the network. But this exchange is for devices on the same ethernet network only. There is no way to communicate with devices on other networks. Time for another protocol.

IP, the "Internet Protocol", is used to move packets between networks. This protocol gets complicated early on and then gets worse. IP has no interest in what kind of network you are connected to; it doesn't have to be ethernet. It also has no interest in the kind of data being moved or by which application or by which device. All IP cares about is what network the packet came from and what network it's going to. IP is all about networks and not about the individual network devices.

The IP protocol will take a packet of data generated by a TCP application (for instance) which is wrapped in an ethernet packet and wrap it (encapsulate it) again in its own packet. An IP packet will have all the other stuff but will add the source and destination information of the networks from which it came and to which it is headed. Here again we're talking about networks not the individual devices. IP manages this by adding its own unique number describing the network it's talking to. This number is called an IP address and it looks like this:

192.168.2.100

This IP address is called a "Dotted Decimal Quad". Why? Well the are four numbers (the Quad part), separated by "dots" (the period character) and these numbers are base 10 (decimal). The numbers between the "dots" are also called octets because they represent 8 binary digits (bits) or one byte(8 bits). Since there are four octets the total address is 32 bits long (for IP Version 4 networking, the most common). The IP protocol assigns the left-most octets to networks. The size of the network (the number of unique addresses it can have) is determined by how many bits from the left we want to use. In the example above the normal network assignment would be the first three octets, 192.168.2 as the network and the remaining octet, 100 as a specific device (NIC usually) on that particular network. The IP packet only has to find the network, 192.168.2 to satisfy the IP protocol. Once the packet has found the right network, the IP part of the whole transaction is complete. Once it's gotten this far, the packet can be stripped of its IP information and dumped onto the ethernet wire.

Even so the IP addressing scheme is still being useful because it must be translated into an ethernet MAC address. To get this to work, each device on the ethernet network will also have an IP address in addition to its ethernet MAC address. The IP address 192.168.2.100 directs the packet to network 192.168.2 and then it has to be sent to the specific device on the ethernet network having the IP address 100. This requires an intermediary device that understands how to translate the IP address into a specific ethernet MAC address. This device is the NIC.

A router is what makes the IP protocol possible. Without it there is no way to pass packets between networks. A router will receive an IP packet and examine the source and destination information that the IP protocol has stuck onto the beginning of the ethernet packet. If the address is "local" it means that it's not leaving the network at all so the router just ignores it. A local packet will stay on its own ethernet network until a device on that same network picks it up. IP addressing has no relevance in this case. A router is a very specialized computer that connects two or more networks together so it has to know those networks exist and how to talk to them.

If a packet is destined for another, remote, network, the router will examine the destination IP address to see if it knows how to reach that other network. If it does it just sends it on to the router on the other end. If not it will send it to another , higher level router somewhere and that router will go through the same search. Each network will go through a router so the routers only talk to each other and not to the actual devices on local networks. When a router receives a packet for one of the networks connected directly to it, it passes that packet to that network and its work is finished for that packet.

To get to that ultimate device on the local network that device must also have an IP address. In this address assignment, the IP address is really not used for IP routing; it's just a convenience to help locate the device. IP addressing exists to route packets between networks, not within networks. Giving a device an IP address just gives the overall addressing scheme some consistency and makes it easier to find the actual devices doing the talking.

What is happening is that the router dumps the remote packet on the ethernet network and the ethernet protocol just blasts that packet over the wire until some device picks it up (since it's incoming IP address has been matched to its own NIC's MAC address). At this time the packet is still wrapped in the IP packet format. Each NIC on each device will unwrap that packet and examine the destination address. Since each NIC has its own unique MAC address that corresponds to the IP address that was assigned to it, it compares the fixed MAC to the IP address and, if they match, the NIC knows that the packet is addressed to it. That's the vastly over-simplified version of course.

The point in assigning an IP address to a NIC is to create a way to translate between the two methods of addressing a packet: MAC and IP. The IP part is handy because we're already using IP to route packets to other network so why not continue that addressing scheme all the way down to the NIC? The reality is that IP addressing was developed to route packets to other networks and not within the same network. IP is used within a network only to map IP addresses to MAC addresses so it's really not routing and therefore not really IP in the sense of the original spec (Internet routing Protocol).

You can actually see all this going on if you get really bored. download and install tcpdump or wireshark. Run wireshark and experiment with all the options. You can see everything passing on the NIC. If it's encrypted. you'll only see garbage but there plenty of stuff that's not encrypted to look at. For wireless connections, try Net Stumbler.