The Five-Layer Network Model

Overview: As an IT Support Specialist, it’s important that you fully grasp how networks
work. You may need to troubleshoot different aspects of a network, so it’s important that
you know how everything fits together. This assignment will help you demonstrate this
knowledge by describing how networks function.
What You’ll Do: In your own words, describe what happens at every step of our network
model, when a node on one network establishes a TCP connection with a node on
another network. You can assume that the two networks are both connected to the
same router.
Your submission must include a detailed explanation of the following:

 Physical layer
 Data link layer
 Network layer
 Transport layer
 MAC address
 IP address
 TCP port
 Checksum check
 Routing table
 TTL

There are five layers of the TCP/IP Network Model: the physical layer, data link layer,
network layer, transport layer and the application layer. Each layer builds on another to
complete a TCP connection. 
Physical layer - The physical layer deals with actual physical connectivity of two different
nodes. This layer defines hardware equipment, cabling, wiring, pulses required
represent binary signals. This layer encodes and decodes the bits found in a frame and
includes the transceiver that drives and receives the signals on the network.

Data link layer - is the protocol layer that transports data across a physical link in a
network. The Data Link layer adds a header containing the MAC address information to
create a frame. MAC is Media Access Control address is a device unique identifier
assigned to a Network Interface Controller (NIC) in a device. The Data layer creates
frames that encapsulates packets and use MAC addresses to specify source and
destination addresses. The frame is then sent it to the Physical layer to transmit the bits.

Network layer - Provides data routing paths for network communications. Data is
transferred as packets. The Network layer adds a header including the source and
destination IP address to generate a packet. The header also includes a 16-bit header
checksum to protect against data corruption. IP address is a numerical label assigned to
each device connected on to a computer network and Network Layer specifies the
packet’s source and destination IP addresses. This packet is then sent to the Data Link
layer.
Checksum check - a hashed value of a message that can be computed on both ends for
validating contents of messages.

Transport layer - Receives data from the application, and breaks it into segments. The
Transport layer is responsible for connecting different applications running on different
nodes. It keeps track of the processes running in the applications above it by
assigning 16-bit port numbers to them and hence TCP or UDP header includes the
source and destination port addresses and the data payload. Vital information like the
packet sequence number used for TCP will also be added to the header.  The data
generated by transport layer is called a Segment if TCP is used and Datagram if UDP is
used. Then the segment is sent to the Network layer.
TCP port - endpoint address for reliable connection
Encapsulation - is the process of taking data from one protocol and translating it to
another protocol.

Routing table - table for network to direct messages in the right direction
TTL (Time to Live) - Max. time a message may travel in seconds, or hops. or hop limit is
a mechanism that limits the lifespan or lifetime of data in a computer network, once the
time span is elapsed data is discarded or re-validated. The router looks up its routing
table and checks the Ethernet frame checksum and inserts its own IP and MAC address
in the Source fields of the headers, and re-encapsulates them all in new data-gram and
Ethernet Frame. TTL is deprecated by 1. This packet is then sent to the receiving node
B, where the same process will happen again with a new TCP segment including a
SYN/ACK flag. Then a three-way handshake takes place to establish connection
between the two nodes. Then data is sent between two nodes using the TCP/IP
software layers. When data for node B reaches node A, data is received by the physical
layer and is moved to upper layers. Finally, data is read by the application from the
application layer.

Application Layer: Application layer is where application requiring network

communication live and it includes email clients, web browsers in node A. Application
layer generates messages that has request to connect to node B which is then sent to
Transport layer.

Transport Layer: The Transport layer is responsible for connecting different applications
running on different nodes. It keeps track of the processes running in the applications
above it by assigning 16-bit port numbers to them and hence TCP or UDP header
includes the source and destination port addresses and the data payload. Vital
information like the packet sequence number used for TCP will also be added to the
header.  The data generated by transport layer is called a Segment if TCP is used and
Datagram if UDP is used. Then the segment is sent to the Network layer.
 Network Layer: The Network layer adds a header including the source and destination
IP address to generate a packet. The header also includes a 16-bit header checksum to
protect against data corruption. IP address is a numerical label assigned to each device
connected on to a computer network and Network Layer specifies the packet’s source
and destination IP addresses. This packet is then sent to the Data Link layer.
Data Link Layer: The Data Link layer adds a header containing the MAC address
information to create a frame. MAC is Media Access Control address is a device unique
identifier assigned to a Network Interface Controller (NIC) in a device. The Data layer
creates frames that encapsulates packets and use MAC addresses to specify source
and destination addresses. The frame is then sent it to the Physical layer to transmit the
bits.
Physical Layer: The physical layer deals with actual physical connectivity of two different
nodes. This layer defines hardware equipment, cabling, wiring, pulses required
represent binary signals. This layer encodes and decodes the bits found in a frame and
includes the transceiver that drives and receives the signals on the network.
Let us consider a browser at node A is trying to get a web-page from computer at node
B> At node A, higher layers pass information to lower layers and each layer adds
information called a header to the data payload. Node A consults its own routing table
and determines that the connection it wants to make is on another network or the same
network. A routing table is a set of information that is necessary to forward a packet
along the best path to its destination. It has information such as IP addresses, next hop,
and metrics to identify best and cost-effective routes.
Time to Live (TTL) or hop limit is a mechanism that limits the lifespan or lifetime of data
in a computer network, once the time span is elapsed data is discarded or re-validated.
The router looks up its routing table and checks the Ethernet frame checksum and
inserts its own IP and MAC address in the Source fields of the headers, and re-
encapsulates them all in new data-gram and Ethernet Frame. TTL is deprecated by 1.
This packet is then sent to the receiving node B, where the same process will happen
again with a new TCP segment including a SYN/ACK flag. Then a three-way handshake
takes place to establish connection between the two nodes. Then data is sent between
two nodes using the TCP/IP software layers. When data for node B reaches node A,
data is received by the physical layer and is moved to upper layers. Finally, data is read
by the application from the application layer.

==========
·        Physical Layer: The physical cables and electrical signals that are interpreted as
data.
·        Data Link Layer: Refers to the set of protocols and standards that allow the signals
carried by the physical layer to be interpreted. Ethernet frames and MAC addresses
exist here.
·        Media Access Control (MAC) Address: A unique number identifying a specific
network interface.
·        Network Layer: organizes computer networks to make data transmission more
efficient. Internet Protocol, IP address, and IP packets exist here.
·        IP Address: number assigned to a NIC to identify its location on the network.
·        Transport Layer: Ensures data transmitted is received by the intended recipient in
the right order and also allows for multiple outbound and inbound connections with TCP
ports.
·        TCP port: a number assigned to a network connection between two applications.
·        Checksum Check: A checksum check is performed by recalculating the checksum
based on the data you received and comparing the result to the checksum value sent
with the data.
·        Routing Table: contains the fastest path to every subnet of the network.
·        Time to Live (TTL): The maximum number of routers hops an IP packet will allow.
If it ever equals zero a router will just drop the packet.
==========

Let’s say that computer A wants to get a webpage from computer B. First, an
application, such as a browser, on computer A creates a TCP request to its local
network stack. It consults its own routing table and determines that the connection it
wants to make is on another network, because the web site’s address is outside its own
LAN’s IP range, meaning it will have to send all traffic to its own gateway, the router,
first.
Next, the sending node creates an ARP broadcast, using the MAC address FF: FF: FF:
FF: FF: FF, indicating that it needs to find the device with the IP of the website.
When the router receives the ARP message, it responds to computer A with its own
MAC address, and can begin creating the packet to send to the web server.
Because this is a TCP connection it will need to use a TCP port to establish the
connection with the server, which is determined by the network stack of the Sathe TCP
segment (Transport layer) is created with the flag SYN in the TCP header, along with
the sequence number, all of which is then encapsulated in the Network Layer IP
datagram, which calculates the checksum.
This is all encapsulated in the Ethernet frame at the data link layer, where another
checksum is calculated and the TTL is set at 64.
This is then sent over the physical layer to the router over wife or Ethernet, using 802.11
or 10 base T.
The router checks the Ethernet frame checksum and inserts its own IP and MAC
address in the Source fields of the headers, and re-encapsulates them all in new
datagram and Ethernet Frame. TTL is deprecated by 1. This packet is then sent to the
receiving node, where the same process will happen again with a new TCP segment
including a SYN/ACK flag.
In this scenario, we will refer to node 1 as “computer 1”, which in this example will play
the role of the client requesting data from node 2. Node 2 will be the server in this
scenario, and will be referred to as “computer 2”. Computer 1 is on “network A”, while
computer 2 is on “network B”, but both networks are connected via the same router.
Computer 1 is seeking to establish a TCP connection with computer 2, to access a web
page that is being served by computer 2.

To make this connection happen, it all starts with the physical layer, which makes the
connections possible through the cabling, computers, routers, and server hardware that
are physically and wirelessly connected. Through the configuration of these physical
layer elements, the computers are able to send data back and forth between network A
and network B.

With the physical layer components in place, when computer 1 seeks to request
information from computer 2, its web browser seeks to establish a TCP connection by
speaking with the local network stack, which is responsible for handling the networking
functions of the operating system. The web browser knows that it is seeking to connect
at computer 2’s IP address via a TCP port, as this information is encoded into to the
URL that computer 1 is seeking to fetch data from.

As a first step in establishing a TCP connection with computer 2, the web browser of
computer 1 examines its own subnet at the data link layer level and sees that the IP
address destination for which it is seeking to establish a TCP connection lives on
another network. In realizing this, computer 1 now knows that it must send its data
request to its gateway, so it can be routed to the remote network where computer B
lives. Computer 1 then examines the gateway configuration number that is present
between network A and the router. It looks at its ARP table to determine what MAC
address aligns with this configuration number, and if it doesn’t find a corresponding
entry in its ARP table, then it will send out an ARP discovery request to every node on
network A (since this is the local network for computer 1). When the router (which is one
of the nodes on network A) receives computer 1’s ARP request, it sees that it is
currently assigned the IP address that computer A is connected with, so the router
responds to computer 1 to let it know its MAC address. Computer 1 then receives this
response, which makes it aware of the hardware address of computer 1’s router. With
this known, computer 1 is ready to start building the outbound packet that will be sent to
computer 2 to fetch the data needed.
Computer 1 will then open an outbound TCP port to establish a socket connection with
the IP address and TCP port of computer 2. To ensure the connection is established to
the correct place, the networking layer comes into play here because a TCP datagram
header must be constructed, which will specify the source port of computer 1 and the
destination port of computer 2 for the TCP connection. In addition to specifying the
source and destination port numbers in the TCP datagram header, a sequence number
is set, the “SYN” control flag is set, and a checksum for the segment is calculated and
recorded in the checksum field. Then, this newly constructed TCP segment is submitted
to the IP datagram that now must be constructed. An IP datagram header is
constructed, within which the source IP address (computer 1’s network) and the
destination IP address (computer 2’s network) are specified. Additionally, the TTL field
of the IP datagram is set to 64. Finally, the recently constructed TCP segment is
inserted as the data payload for the IP datagram that was just built. With the IP
datagram and TCP segment combined, a checksum is calculated for the entire IP
datagram, so that the data integrity of the request can be checked along the way, as it
moves from network A to network B.

With the IP datagram constructed, the next step is for computer 1 to get the IP datagram
to its router, which is the gateway connecting network A to network B, where computer 2
is connected. Based on the ARP request response it received earlier, computer 1 knows
its router’s MAC address. The data link layer comes into play now, as the computer
must construct an Ethernet frame to get the IP datagram to the known gateway, so it
can then be further routed to computer 2’s network. The Ethernet frame that is
constructed will specify the source MAC address (which in this case, is the MAC
address of computer 1) and the destination MAC address (which is the MAC address of
the router), so the path of the Ethernet frame is clearly defined. The final step of the
Ethernet frame’s construction is the insertion of the IP datagram into the data payload
section of the Ethernet frame. Again, to ensure the data integrity of all of the combined
elements up to this point, another checksum is calculated (this time on the entire
Ethernet frame), before the Ethernet frame is sent.

With the checksum complete on the Ethernet frame, it is now ready to be sent across
the physical layer components that connect computer 1 to network A to the router.
Specifically, the Ethernet frame will be converted into binary data that is transmitted via
modulating electrical signals that run across the CAT6 cabling which connects computer
1 to a network switch of network A.  When network A’s network switch receives the
Ethernet frame, it inspects it and observes the destination MAC address, which is the
router that was specified. The switch knows which of its interfaces that the router, which
matches the destination MAC address, is connected to, so it then forwards the Ethernet
frame across the cable that is connected from the network switch to the router.

When the router receives the Ethernet frame, it recognizes that its own MAC address is
specified as the destination, so it knows that it was intended to receive it and, therefore,
performs a checksum calculation. The router then compares its checksum results
against the checksum results of the Ethernet frame, and confirms that they match,
meaning all of the data within the Ethernet frame was successfully transmitted to the
router. Then, the router strips away the Ethernet frame, leaving just the IP datagram,
and performs another checksum to compare against the checksum of the IP datagram.
This checksum confirms that all of the IP datagram data also arrived successfully.

From here, the router inspects the destination IP address that is specified within the IP
datagram and searches its own routing table, to determine the quickest path for
reaching network B, where Computer 2 resides. The router sees that the IP address of
network B is on a locally connected network (since both network A and network B are
connected to the same router). It then decrements the TTL value from 64 to 63. After
decrementing the TTL, another checksum is calculated and a new IP datagram is
created in the process. The new IP datagram is then encapsulated by a new Ethernet
frame, which specifies the router’s MAC address as the source MAC address and
computer 2’s MAC address as the destination MAC address. Before being sent across
network B to computer 2, the new IP datagram is once again inserted as the data
payload of the newly constructed Ethernet frame and a checksum is completed.

The Ethernet frame is then sent out to network B. Upon arriving at network B’s switch, it
inspects the destination MAC address and sees that it belongs to computer 2. It
recognizes that computer 2 is also connected to the switch, so it then forwards the
Ethernet frame across the cable that connects the switch of network B to computer 2.
When computer 2 receives the frame, it recognizes that its own MAC address was
specified as the destination, so it knows that this ethernet frame was intended for it.
Recognizing this, computer 2 then strips away the ethernet frame to inspect the IP
datagram and performs a checksum to determine that the data arrived in tact. Following
this, computer 2 examines the destination address specified within the IP datagram and
sees that its own IP address was specified, further confirming that it was intended to
receive the data sent.

Then, computer 2 strips away the IP datagram layer, leaving just the TCP segment of
the data sent. It performs a checksum against the TCP layer and confirms that all of the
data within the TCP segment arrived in tact. Next, computer 2 inspects the destination
port which is specified within the TCP segment, which in this case is port 80. Computer
2 checks its own port 80 to see if there is an open socket at that port. In this case, there
is an open socket at port 80, which has been set to the “listen” state by the server. Then,
computer 2 recognizes that the “SYN” flag is set within the control flags, so it knows it
must respond with a “SYN/ACK” to computer 1, in order to continue establishing the
TCP connection. Computer 2 checks the sequence number of the TCP segment, so it
knows what number to include in the acknowledgement number field of its SYN/ACK
response.

To finish establishing the TCP connection, computer 2 would then go through all of the
same steps that were just outlined for computer 1, to construct a new TCP segment, IP
datagram, and Ethernet frame, to send the TCP segment with a “SYN/ACK” response
back to computer 1. Then, after receiving that “SYN/ACK” response, computer 1 would
repeat the process yet again, this time to send an “ACK” response back to computer 2.
Once computer 2 received the “ACK” response from computer 1, the three-way
handshake would be complete and the TCP connection would be fully established.
 ==================

Layer Name Function

Process &
  5 Provide applications services to users and programs
Applications
Handles data-consistency functions, i.e., provides a
  4 Transport reliable byte stream between two nodes on a
network. TCP and UDP work at this level.
Provides network addressing and routing, and does
so in such a way as also to provide a common
Internet (sometimes
address space across multiple lower-level protocols.
  3 called the Network
This makes possible the interconnection of networks
Layer)
that characterizes the Internet. The IP protocol
operates at this level.
This layer contains whatever IP will run over, e.g.,
Network (sometimes
Ethernet, token-ring, and Fiber Distributed Digital
  2 called the Data Link
Interface (FDDI) networks. Individual network
Layer)
protocols, e.g., Ethernet, work at this level.
Not really part of the model, since TCP and IP, as
protocols, deal with software rather than hardware.
  1 Physical
This layer is generally thought of as referring to all
hardware under the Network Layer.

Layer Name Function

Deals with the interface between a user and the
host computer: e.g., Microsoft Word translating a
signal, initiated by the user's typing in a string of
  7 Application
characters and then depressing the "Search"
function key, into instructions to Windows (or
System X) to try to find that string in a file.
Deals with syntactic representation of data: e.g.,
agreement on character code (e.g., ASCII,
  6 Presentation extensions to ASCII, Unicode), data-compression
and data-encryption methods, representations of
graphics (e.g., files using the .PIC or .BMP formats)
Deals with creating and managing sessions when
one application process requests access to another
  5 Session
applications process (e.g., Microsoft Word importing
a chart from Excel)
Deals with data transfer between end systems; flow
control for two computers (e.g., how Netscape on
  4 Transport
your PC talks with the UT Libraries Online
Webpage)
  3 Network Deals with establishing paths for data between a
 pair of computers and handling any switching
among alternative routes between the computers,
as well as with definitions of how to break files (or
messages) up into individual packets of data, in
such a way that the packets can be transmitted and
then reassembled.
Deals with the transmission of data frames (e.g.,
packets) over a physical link between network
  2 Data-Link
entities, including the incorporation of error-
correction coding into the data frames.
Deals with the physical (i.e., electrical and
mechanical) aspects of transmitting data (e.g.,
  1 Physical
voltage levels, pin-connector design, cable lengths,
and grounding arrangements).

To really understand networking, we need to understand all of the components

involved. 
We're talking about everything from the cables that connect devices to each other to the
protocols that these devices use to communicate. 
There are a bunch of models that help explain how network devices communicate, but
in this course, we will focus on a five-layer model. 
By the end of this lesson, you'll be able to identify and describe each layer and what
purpose it serves. 
Let's start at the bottom of our stack, where we have what's known as the physical
layer. 
The physical layer is a lot like what it sounds. 
It represents the physical devices that interconnect computers. 
This includes the specifications for the networking cables and the connectors that join
devices together along with specifications describing how signals are sent over these
connections. 
The second layer in our model is known as the data link layer. 
Some sources will call this layer the network interface or the network access layer. 
At this layer, we introduce our first protocols. 
While the physical layer is all about cabling, connectors and sending signals, the data
link layer is responsible for defining a common way of interpreting these signals, so
network devices can communicate. 
Lots of protocols exist at the data link layer, but the most common is known as
Ethernet, although wireless technologies are becoming more and more popular. 
Beyond specifying physical layer attributes, the Ethernet standards also define a
protocol responsible for getting data to nodes on the same network or link. 
The third layer, the network layer is also sometimes called the Internet layer. 
It's this layer that allows different networks to communicate with each other through
devices known as routers. 
A collection of networks connected together through routers is an internetwork, the most
famous of these being the Internet. 
Hopefully you've heard of it. 
While the data link layer is responsible for getting data across a single link, the network
layer is responsible for getting data delivered across a collection of networks. 
Think of when a device on your home network connects with a server on the Internet. 
It's the network layer that helps gets the data between these two locations. 
The most common protocol used at this layer is known as IP or Internet Protocol. 
IP is the heart of the Internet and most small networks around the world. 
Network software is usually divided into client and server categories, with the client
application initiating a request for data and the server software answering the request
across the network. 
A single node may be running multiple client or server applications. 
So, you might run an email program and a web browser, both client applications, on
your PC at the same time, and your email and web server might both run on the same
server. 
Even so, emails end up in your email application and web pages end up in your web
browser. 
That's because our next layer, the transport layer. 
While the network layer delivers data between two individual nodes, the transport layer
sorts out which client and server programs are supposed to get that data. 
When you heard about our network layer protocol IP, you may have thought of TCP
IP, which is a pretty common phrase. 
That's because the protocol most commonly used in the fourth layer, the transport layer,
is known as TCP or Transmission Control Protocol. 
While often said together as the phrase TCP IP, to fully understand and troubleshoot
networking issues, it's important to know that they're entirely different protocols serving
different purposes. 
Other transfer protocols also use IP to get around, including a protocol known as UDP or
User Datagram Protocol. 
The big difference between the two is that TCP provides mechanisms to ensure that
data is reliably delivered while UDP does not. 
Spoiler alert, we will cover differences between the TCP and UDP transfer protocols in
more detail later. 
For now, it's important to know that the network layer, in our case IP, is responsible for
getting data from one node to another. 
Also, remember that the transport layer, mostly TCP and UDP, is responsible for
ensuring that data gets to the right applications running on those nodes. 
Last but not least, the fifth layer is known as the application layer. 
There are lots of different protocols at this layer, and as you might have guessed from
the name, they are application-specific. 
Protocols used to allow you to browse the web or send receive email are some common
ones. 
The protocols at play in the application layer will be most familiar to you, since they are
ones you probably interacted with directly before even if you didn't realize it. 
You can think of layers like different aspects of a package being delivered. 
The physical layer is the delivery truck and the roads. 
The data link layer is how the delivery trucks get from one intersection to the next over
and over. 
The network layer identifies which roads need to be taken to get from address A to
address B. 
The transport layer ensures that delivery driver knows how to knock on your door to tell
you your package has arrived. 
And the application layer is the contents of the package itself.

Physical layer

Layer 1 - Physical

At the bottom of our OSI bean dip we have the Physical Layer, which represents the
electrical and physical representation of the system. This can include everything from
the cable type, radio frequency link (as in an 802.11 wireless systems), as well as the
layout of pins, voltages and other physical requirements. When a networking problem
occurs, many networking pros go right to the physical layer to check that all of the
cables are properly connected and that the power plug hasn’t been pulled from the
router, switch or computer, for example.

Data link layer

Layer 2 – Data Link

The Data Link Layer provides node-to-node data transfer (between two directly
connected nodes), and also handles error correction from the physical layer. Two
sublayers exist here as well - the Media Access Control (MAC) layer and the Logical
Link Control (LLC) layer. In the networking world, most switches operate at Layer 2.

Network layer

Layer 3 - Network

Here at the Network Layer is where you’ll find most of the router functionality that most
networking professionals care about and love. In its most basic sense, this layer is
responsible for packet forwarding, including routing through different routers. You might
know that your Boston computer wants to connect to a server in California, but there are
millions of different paths to take. Routers at this layer help do this efficiently.

Transport layer

Layer 4 – Transport
The Transport Layer deals with the coordination of the data transfer between end
systems and hosts. How much data to send, at what rate, where it goes, etc. The best-
known example of the Transport Layer is the Transmission Control Protocol (TCP),
which is built on top of the Internet Protocol (IP), commonly known as TCP/IP. TCP and
UDP port numbers work at Layer 4, while IP addresses work at Layer 3, the Network
Layer.

This is the layer 4 protocols. It ensures accurate delivery of data; solves transmission
problems; provides error-free reassembly and control traffic to be directed to specific
network applications.

MAC address
A MAC address is a globally unique identifier attached to an individual network
interface. 
It's a 48-bit number normally represented by six groupings of two hexadecimal
numbers. 
Just like how binary is a way to represent numbers with only two digits, hexadecimal is a
way to represent numbers using 16 digits. 
Since we don't have numerals to represent any individual digit larger than nine,
hexadecimal numbers employed the letters A, B, C, D, E, and F to represent the
numbers 10, 11, 12, 13, 14, and 15. 
Another way to reference each group of numbers in a MAC address is an octet.
An octet, in computer networking, is any number that can be represented by 8 bits. 
In this case, two hexadecimal digits can represent the same numbers that 8 bits
can. Now, you may have noticed that we mentioned that MAC addresses are globally
unique, which might have left you wondering how that could possibly be. 
The short answer is that a 48-bit number is much larger than you might expect. 
The total number of a possible MAC addresses that could exist is 2 to the power 48 or
281,474,976,710,656 unique possibilities. 
That's a whole lot of possibilities. 
A MAC address is split into two sections. 
The first three octets of a MAC address are known as the organizationally unique
identifier or OUI. 
These are assigned to individual hardware manufacturers by the IEEE or the Institute of
Electrical and Electronics Engineers. 
This is a useful bit of information to keeping your back pocket because it means that you
can always identify the manufacturer of a network interface purely by its MAC address. 
The last three octets of MAC address can be assigned in any way that the manufacturer
would like with the condition that they only assign each possible address once to keep
all MAC addresses globally unique. 
Ethernet uses MAC addresses to ensure that the data it sends has both an address for
the machine that sent the transmission, as well as the one that the transmission was
intended for. 
In this way, even on a network segment, acting as a single collision domain, each node
on that network knows when traffic is intended for it.
A media access control address (MAC address) of a device is a unique identifier
assigned to a network interface controller (NIC) for communications at the data link layer
of a network segment. MAC addresses are used as a network address for most IEEE
802network technologies, including Ethernet, Wi-Fi and Bluetooth.
IP address
IP addresses are 32-bit long numbers made up of 4 octets, and each octet is normally
described in decimal numbers. 
8 bits of data, or a single octet, can represent all decimal numbers from 0 to 255. 
For example, 12.34.56.78 is a valid IP address. 
But 123.456.789.100 would not be, because it has numbers larger than could be
represented by 8 bits. This format is known as dotted decimal notation.

An Internet Protocol address (IP address) is a numerical label assigned to each device

connected to a computer network that uses the Internet Protocol for communication. An
IP address serves two principal functions: host or network interface identification and
location addressing.
Internet Protocol version 4 (IPv4) defines an IP address as a 32-bit number. However,
because of the growth of the Internet and the depletion of available IPv4 addresses, a
new version of IP (IPv6), using 128 bits for the IP address, was developed in 1995,
[3]
 and standardized in December 1998. In July 2017, a final definition of the protocol
was published. IPv6 deployment has been ongoing since the mid-2000s.

TCP port
- In this lesson, we're going to talk about how transport layer port numbers are used to
identify conversations, and applications that are the destination and source of
transmissions. 
Alright, so, let's talk about setting up a server. 
When we set up a server, to provide services over the network, we load applications on
that server.
For example, a web server application, an FTP application, or a mail transport
application. 
When we set up these services, a port is assigned to them, a transport layer port, to the
service itself. 
Now, there are some standard services.
Port numbers that are below 1024 are often called well known ports.
And the reason they're called well known is because they are the most commonly used. 
For example, a web server listens for communications addressed to port 80. 
The FTP server, to port 21.
The mail server, to port 25.
These, and many other well-known ports, are automatically identified by the clients. 
Whenever we open a web browser, and we type in a URL, we don't have to tell it what
port, because the client, in this case the web browser, already knows that web servers
are listening on port 80, to be able to respond to web page requests.
So, when our web server is listening,
what this means is, it has a buffer set up, that will accept requests that are addressed to
its IP address, and also the TCP port 80.
If the FTP server is expected to respond, the communications will be addressed to port
21. 
This enables us to have many different services running at the same time on the web
server. 
So, it can be doing many different things. 
Now, on the host side.
Host ports for TCP and UDP, are dynamically assigned from the range above 1024.
And those ports are randomly assigned. 
So basically, your PC picks one out of the range, and it uses it as a source port. 
So, say your web browser is open, and you're requesting a web page. 
The web browser will pick a port, a TCP port.
When the traffic goes to the transport layer, the TCP port will be destination port 80, and
source from one of the randomly assigned ports.
So, when the communications leave the host, and heads for the web server, the web
server will see the destination port as 80. 
So, it will automatically put this request into the queue for the web server to process. 
When the web server formulates its response, it will respond back with the destination
port 5305, and the source port of 80.
So, when it comes back to the host, the host will know that this is the request that was
sent out from the web browser. 
Because the port 5305 was assigned to the web browser request.
TCP and UDP ports at the transport layer are what enables our devices to have
open many different applications at the same time, and have all of those
applications communicating simultaneously. 
Because, for example, if I also had an FTP client running, I could send FTP requests
with a different port number. 
So that would be destination 21, and source port 5307.
So then, the communications would come back here, and it would go through the same
process. 
Would see that the destination port was 21. 
It would go in the queue for the FTP server. 
And when the response came back, it would be addressed to the destination port 5307. 
So that the host would know that that was the request from the FTP client.

Port numbers 0 to 1024 are reserved for privileged services and designated as well-
known ports. This list of port numbers is specified in RFC 1700.
Common TCP/IP Protocols and Ports
Protocol TCP/UDP Port Description
Number

File Transfer TCP 20/21 FTP is one of the most commonly used
Protocol (FTP) file transfer protocols on the Internet and
(RFC 959) within private networks. An FTP server
can easily be set up with little networking
knowledge and provides the ability to
easily relocate files from one system to
another. FTP control is handled on TCP
port 21 and its data transfer can use TCP
port 20 as well as dynamic ports
depending on the specific configuration.

Secure Shell TCP 22 SSH is the primary method used to

(SSH) manage network devices securely at the
(RFC 4250- command level. It is typically used as a
4256) secure alternative to Telnet which does
not support secure connections.

Telnet TCP 23 Telnet is the primary method used to

(RFC 854) manage network devices at the command
level. Unlike SSH which provides a
secure connection, Telnet does not, it
simply provides a basic unsecured
connection. Many lower-level network
devices support Telnet and not SSH as it
required some additional processing.
Caution should be used when connecting
to a device using Telnet over a public
network as the login credentials will be
transmitted in the clear.

Simple Mail TCP 25 SMTP is used for two primary functions; it

Transfer is used to transfer mail (email) from
Protocol (SMTP) source to destination between mail
(RFC 5321) servers and it is used by end users to
send email to a mail system.
Domain Name TCP/UDP 53 The DNS is used widely on the public
System (DNS) internet and on private networks to
(RFC 1034- translate domain names into IP
1035) addresses, typically for network routing.
DNS is hieratical with main root servers
that contain databases that list the
managers of high-level Top-Level
Domains (TLD) (such as .com). These
different TLD managers then contain
information for the second level domains
that are typically used by individual users
(for example, cisco.com). A DNS server
can also be set up within a private
network to private naming services
between the hosts of the internal network
without being part of the global system.

Dynamic Host UDP 67/68 DHCP is used on networks that do not

Configuration use static IP address assignment (almost
Protocol (DHCP) all of them). A DHCP server can be set up
(RFC 2131) by an administrator or engineer with a poll
of addresses that are available for
assignment. When a client device is
turned on it can request an IP address
from the local DHCP server, if there is an
available address in the pool it can be
assigned to the device. This assignment
is not permanent and expires at a
configurable interval; if an address
renewal is not requested and the lease
expires the address will be put back into
the poll for assignment.

Trivial File UDP 69 TFTP offers a method of file transfer

Transfer without the session establishment
Protocol (TFTP) requirements that FTP uses. Because
(RFC 1350) TFTP uses UDP instead of TCP it has no
way of ensuring the file has been properly
transferred, the end device must be able
to check the file to ensure proper transfer.
TFTP is typically used by devices to
upgrade software and firmware; this
includes Cisco and other network
vendors’ equipment.

Hypertext TCP 80 HTTP is one of the most commonly used

Transfer protocols on most networks. HTTP is the
Protocol (HTTP) main protocol that is used by web
(RFC 2616) browsers and is thus used by any client
that uses files located on these servers.

Post Office TCP 110 POP version 3 is one of the two main
Protocol (POP) protocols used to retrieve mail from a
version 3 server. POP was designed to be very
(RFC 1939) simple by allowing a client to retrieve the
complete contents of a server mailbox
and then deleting the contents from the
server.

Network Time UDP 123 One of the most overlooked protocols is

Protocol (NTP) NTP. NTP is used to synchronize the
(RFC 5905) devices on the Internet. Even most
modern operating systems support NTP
as a basis for keeping an accurate clock.
The use of NTP is vital on networking
systems as it provides an ability to easily
interrelate troubles from one device to
another as the clocks are precisely
accurate.

NetBIOS TCP/UDP 137/138/13 NetBIOS itself is not a protocol but is

(RFC 1001- 9 typically used in combination with IP with
1002) the NetBIOS over TCP/IP (NBT) protocol.
NBT has long been the central protocol
used to interconnect Microsoft Windows
machines.

Internet TCP 143 IMAP version3 is the second of the main

Message protocols used to retrieve mail from a
Access Protocol server. While POP has wider support,
(IMAP) IMAP supports a wider array of remote
(RFC 3501) mailbox operations which can be helpful
to users.

Simple Network TCP/UDP 161/162 SNMP is used by network administrators

Management as a method of network management.
Protocol SNMP has a number of different abilities
(SNMP) including the ability to monitor, configure
(RFC 1901- and control network devices. SNMP traps
1908, 3411- can also be configured on network
3418) devices to notify a central server when
specific actions are occurring. Typically,
 these are configured to be used when an
alerting condition is happening. In this
situation, the device will send a trap to
network management stating that an
event has occurred and that the device
should be looked at further for a source to
the event.

Border Gateway TCP 179 BGP version 4 is widely used on the

Protocol (BGP) public internet and by Internet Service
(RFC 4271) Providers (ISP) to maintain very large
routing tables and traffic processing. BGP
is one of the few protocols that have been
designed to deal with the astronomically
large routing tables that must exist on the
public Internet.

Lightweight TCP/UDP 389 LDAP provides a mechanism of

Directory accessing and maintaining distributed
Access Protocol directory information. LDAP is based on
(LDAP) the ITU-T X.500 standard but has been
(RFC 4510) simplified and altered to work over
TCP/IP networks.

Hypertext TCP 443 HTTPS is used in conjunction with HTTP

Transfer to provide the same services but doing it
Protocol over using a secure connection which is
SSL/TLS provided by either SSL or TLS.
(HTTPS)
(RFC 2818)

Lightweight TCP/UDP 636 Just like HTTPS, LDAPS provides the

Directory same function as LDAP but over a secure
Access Protocol connection which is provided by either
over TLS/SSL SSL or TLS.
(LDAPS)
(RFC 4513)

FTP over TCP 989/990 Again, just like the previous two entries,
TLS/SSL FTP over TLS/SSL uses the FTP protocol
(RFC 4217) which is then secured using either SSL or
TLS.

Checksum check
Once all of this segment has been ingested by a recipient, then the entire segment is
calculated and is compared with the checksum in the header to make sure that there
was no data lost or corrupted along the way.

Routing table 
Routing itself is pretty simple concept and you'll find that routing tables aren't that much
more complicated. 
The earliest routers were just regular computers of the era. 
They had two network interfaces, bridge to networks, and auto-routing table that was
manually updated. 
In fact, all major operating systems today, still have a routing table that they consult
before transmitting data. 
You could still build your own router today, if you had a computer with two network
interfaces and it manually updated routing table. 
Routing tables can vary a ton depending on the make and class of the router, but they
all share a few things in common. 
The most basic routing table will have four columns. 
Destination network, this column would contain a row for each network that the router
knows about, this is just the definition of the remote network, a network ID, and the net
mask. 
These could be stored in one column inside a notation, or the network ID and net mask
might be in a separate column. 
Either way, it's the same concept, the router has a definition for a network and
therefore knows what IP addresses might live on that network. 
When the router receives an incoming packet, it examines the destination IP address
and determines which network it belongs to.
A routing table will generally have a catchall entry, that matches any IP address that it
doesn't have an explicit network listing for. 
Next hop, this is the IP address of the next router that should receive data intended
for the destination networking question or this could just state the network is directly
connected and that there aren't any additional hops needed. 
Total hops, this is the crucial part to understand routing and how routing tables work, on
any complex network like the Internet, there will be lots of different paths to get from
point A to point B. Routers try to pick the shortest possible path at all times to ensure
timely delivery of data but the shortest possible path to a destination network is
something that could change over time, sometimes rapidly, intermediary routers could
go down, links could become disconnected, new routers could be introduced, traffic
congestion could cause certain routes to become too slow to use. 
We'll get to know how routers know the shortest path in an upcoming video. 
For now, it's just important to know that for each next hop and each destination
network, the router will have to keep track of how far away that destination currently is. 
That way, when it receives updated information from neighboring routers, it will know if it
currently knows about the best path or if a new better path is available. 
Interface, the router also has to know which of its interfaces it should for traffic matching
the destination network out of. 
In most cases, routing tables are pretty simple. 
The really impressive part is that, many core Internet routers have millions of rows in the
routing tables. 
These must be consulted for every single packet that flows through a router on its way
to its final destination. 
What's also impressive, is how much you've learned about routers, routing, and routing
tables. 
Nice work. I'll see you in the next video on interior gateway protocols.

TTL
Time-to-live (TTL) is a value in an Internet Protocol (IP) packet that limits the lifespan of
a packet of data in a computer or network.

All the Layers Working in Unison

Now that you know the basics of how every layer of our network model works, let's
go through an exercise to look at how everything works at every step of the way. 
Spoiler alert, things are about to get a little geeky, in a good way. 
Imagine three networks, network A will contain address space 10.1.1.0/24. 
Network B Will contain address space 192.168.1.0/24, and network C will be
172.16.1.0/24. 
Router A sits between network A and network B. 
With an interface configured with an IP of 10.1.1.1 on network A, and an interface at
192.168.1.254 on network B. 
There's a second router, router B, which connects networks B and C. 
It has an interface on network B with an IP address of 192.168.1.1, and an interface on
network C with an IP address of 172.16.1.1. 
Now let's put a computer on one of the networks. 
Imagine it's a desktop, sitting on someone's desk at the workplace. 
It'll be our client in this scenario, and we'll refer to it as computer 1. 
It's part of Network A and has been assigned an IP address of 10.1.1.100. 
Now, let's put another computer on one of our other networks.
This one is a server in a data center, it'll act as our server in this scenario, and we'll refer
to it as computer 2. 
It's part of network C, and has been assigned an IP address of 172.16.1.100, and has a
web server listening on port 80. 
An end user sitting at computer 1 opens up a web browser and enters 172.16.1.100 into
the address bar, let's see what happens. 
The web browser running on computer 1 knows it's been ordered to retrieve a web page
from 172.16.1.100. 
The web browser communicates with the local networking stack, which is the part of the
operating system responsible for handling networking functions. 
The web browser explains that it's going to want to establish a TCP connection to
172.16.1.100, port 80. 
The networking stack will now examine its own subnet. 
It sees that it lives on the network 10.1.1.0/24, which means that the destination
172.16.1.100 is on another network. 
At this point, computer 1 knows that it'll have to send any data to its gateway for routing
to a remote network. 
And it's been configured with a gateway of 10.1.1.1. 
Next, computer 1 looks at its ARP table to determine what MAC address of 10.1.1.1 is,
but it doesn't find any corresponding entry. 
Uh-oh, it's okay, computer A crafts an ARP request for an IP address of 10.1.1.1, which
it sends to the hardware broadcast address of all Fs. 
This ARP discovery request is sent to every node on the local network.
When router A receives this ARP message, it sees that it's the computer currently
assigned the IP address of 10.1.1.1. 
So, it responds to computer 1 to let it know about its own MAC address of 00:11:22:
33:44:55. 
Computer 1 receives this response and now knows the hardware address of its
gateway. 
This means that it's ready to start constructing the outbound packet.
Computer 1 knows that it's being asked by the web browser to form an outbound TCP
connection, which means it'll need an outbound TCP port. 
The operating system identifies the ephemeral port of 50000 as being available, and
opens a socket connecting the web browser to this port.
Since this is a TCP connection, the networking stack knows that before it can actually
transmit any of the data the web browser wants it to, it'll need to establish a connection. 
The networking stack starts to build a TCP segment. 
It fills in all the appropriate fields in the header, including a source port of 50000 and a
destination port of 80. 
A sequence number is chosen and is used to fill in the sequence number field. 
Finally, the SYN flag is set, and a checksum for the segment is calculated and written to
the checksum field.
Our newly constructed TCP segment is now passed along to the IP layer of the
networking stack. 
This layer constructs an IP header. 
This header is filled in with the source IP, the destination IP, and a TTL of 64, which is a
pretty standard value for this field.
Next, the TCP segment is inserted as the data payload for the IP datagram. 
And a checksum is calculated for the whole thing. 
Now that the IP datagram has been constructed, computer 1 needs to get this to its
gateway, which it now knows has a MAC address of 00:11:22:33:44:55, so an Ethernet
Datagram is constructed. 
All the relevant fields are filled in with the appropriate data, most notably, the source and
destination MAC addresses.
Finally, the IP datagram is inserted as the data payload of the Ethernet frame, and
another checksum is calculated.
Now we have an entire Ethernet frame ready to be sent across the physical layer.
The network interface connected to computer 1 sends this binary data as modulations of
the voltage of an electrical current running across a CAT6 cable that's connected
between it and a network switch.
This switch receives the frame and inspects the destination MAC address. 
The switch knows which of its interfaces this MAC address is attached to, and forwards
the frame across only the cable connected to this interface.
At the other end of this link is router A, which receives the frame and recognizes its own
hardware address as the destination.
Router A knows that this frame is intended for itself. 
So, it now takes the entirety of the frame and calculates a checksum against it. 
Router A compares this checksum with the one in the Ethernet frame header and sees
that they match. 
Meaning that all of the data has made it in one piece. 
Next, Router A strips away the Ethernet frame, leaving it with just the IP datagram. 
Again, it performs a checksum calculation against the entire datagram. 
And again, it finds that it matches, meaning all the data is correct. 
It inspects the destination IP address and performs a lookup of this destination in its
routing table. 
Router A sees that in order to get data to the 172.16.1.0/24 network, the quickest path is
one hop away via Router B, which has an IP of 192.168.1.1. 
Router A looks at all the data in the IP datagram, decrements the TTL by 1, calculates a
new checksum reflecting that new TTL value, and makes a new IP datagram with this
data.
Router B knows that it needs to get this datagram to router B, which has an IP address
of 192.168.1.1. 
It looks at its ARP table, and sees that it has an entry for 192.168.1.1. 
Now router A can begin to construct an Ethernet frame with the MAC address of its
interface on network B as the source. 
And the MAC address on router B's interface on network B as the destination. 
Once the values for all fields in this frame have been filled out, router A places the newly
constructed IP datagram into the data payload field. 
Calculates a checksum, and places this checksum into place, and sends the frame out
to network B.
Just like before, this frame makes it across network B, and is received by router B. 
Router B performs all the same checks, removes the the Ethernet frame encapsulation,
and performs a checksum against the IP datagram.
It then examines the destination IP address. 
Looking at its routing table, router B sees that the destination addresses of computer 2,
or 172.16.1.100, is on a locally connected network. 
So, it decrements the TTL by 1 again, calculates a new checksum, and creates a new IP
datagram. 
This new IP datagram is again encapsulated by a new Ethernet frame. 
This one with the source and destination MAC address of router B and computer 2. 
And the whole process is repeated one last time. 
The frame is sent out onto network C, a switch ensures it gets sent out of the interface
that computer 2 is connected to. Computer 2 receives the frame, identifies its own MAC
address as the destination, and knows that it's intended for itself. 
Computer 2 then strips away the Ethernet frame, leaving it with the IP datagram. 
It performs a CRC and recognizes that the data has been delivered intact. 
It then examines the destination IP address and recognizes that as its own.
Next, computer 2 strips away the IP datagram, leaving it with just the TCP segment. 
Again, the checksum for this layer is examined, and everything checks out. 
Next, computer 2 examines the destination port, which is 80. 
The networking stack on computer 2 checks to ensure that there's an open socket on
port 80, which there is. It's in the listen state, and held open by a running Apache web
server. 
Computer 2 then sees that this packet has the SYN flag set. 
So, it examines the sequence number and stores that, since it'll need to put
that sequence number in the acknowledgement field once it crafts the response.
After all of that, all we've done is get a single TCP segment containing a SYN flag from
one computer to a second one. 
Everything would have to happen all over again for computer 2 to send a SYN-ACK
response to computer 1. 
Then everything would have to happen all over again for computer 1 to send an ACK
back to computer 2, and so on and so on.
Looking at all of this end to end hopefully helps show how all the different layers of our
networking model have to work together to get the job done. 
I hope it also gives you some perspective in understanding how remarkable
computer networking truly is. 
Even more remarkable than that, you [LAUGH] for making it through this module. 
Now it's time to apply your new knowledge to the next assessment. 
When you're done, I'll see in the next video, but first, another quiz, you got this. 
But even if you don't, just review the material until you get more comfortable with this
stuff.

TCP/IP Five

Layer Model Summary

Before we discuss each layer, let’s briefly summarize what each layer does.

Application Layer

As you might have guessed, the Application layer is where applications requiring

network communications live. Examples of these applications include email clients and
web browsers. These applications use the Transport Layer to send requests to connect
to remote hosts.
Transport Layer

The Transport layer establishes the connection between applications running on

different hosts. It uses TCP for reliable connections and UDP for fast connections. It
keeps track of the processes running in the applications above it by
assigning port numbers to them and uses the Network layer to access the TCP/IP
network.

Network Layer

The Network layer is responsible for creating the packets that move across the network.
It uses IP addresses to identify the packet’s source and destination.

Data Link Layer

The Data Link layer is responsible for creating the frames that move across the network.
These frames encapsulate the packets and use MAC addresses to identify the source
and destination.

Physical Layer

The Physical layer encodes and decodes the bits found in a frame and includes the
transceiver that drives and receives the signals on the network.
Transmit Data Using Network Layers

Now that we know the primary job of each layer, let’s see how they work together to
send and receive data across a TCP/IP network.
This is a simplified view of how the network layers work together to generate frames.
Higher layers pass information to lower layers. Each layer adds information called a
header to the data being passed to it. This header contains information the layer needs
to perform its job. We will start at the Application layer.

Application Layer

The Application layer generates a message. In this case, the specific application is a
web browser requesting a webpage download. This message is then sent to the
Transport layer.
Transport Layer

The Transport layer adds the TCP or UDP header which includes the source and
destination port addresses. Additional information like the packet sequence number
used for TCP will also be added to the header. The data generated by the transport
layer is referred to as a Segment if TCP is used, and is referred to as a Datagram if UDP
is used. This segment is then sent to the Network layer.

Network Layer

The Network layer adds a header including the source and destination IP address to
generate a packet. This packet is then sent to the Data Link layer.

Data Link Layer

The Data Link layer adds a header containing the MAC address information to create a
frame. The frame is then sent it to the Physical layer to transmit the bits.

TCP/IP Five Layer Software Model Terminology Reference

The TCP/IP Five-Layer Network Model
By: Lauren Poirier
 
There are five layers of the TCP/IP Network Model; the physical layer, data link layer,
network layer, transport layer and the application layer. Each layer builds on another to
complete a TCP connection.  This paper will discuss the process of a TCP connection.
 
At the first layer, the physical components of the computer, such as cabling interconnect
the machines. There are two types of cabling; copper, which is the most common and
fiber. These cables change voltage to communicate in 1s and 0s.  This process is called
modulation. Duplex-communication is when information can flow in both directions
across a cable. The RJ45 port and plug are the most commonly used to connect
devices.
 
At the data link layer, the Ethernet and Mac addresses are in use. The Ethernet is a
traditional cable used to send and receive data. A MAC address is a global unique
identifier attached to an individual network interface. It is a 48-bit number with 6
groupings of 2 hexadecimal numbers. At the data link layer, an Ethernet frame is
created to send data packets (any single set of binaries sent across a network). The
Ethernet frame is highly structured and presented in a specific order. The Preamble is 8
bytes, the destination is the MAC address, the source is where it came from, the ether –
type is 16-bit protocols of frame or VLAN header, the payload is the actual data
transported and the checksum check which checks to make sure the date is
uncorrupted.
 
The next layer is the network layer. The router is also a part of the network layer. IP
addresses are assigned. They consist of 32 bits or 4 bytes that use the dotted decimal
notation. The IP addresses belong to the server you are on and could be static or
dynamic. In the network layer, information is grouped in IP datagrams/IP packet. These
are highly structured series of fields that are strictly defined. The most common version
is IPv4. Part of the datagram, is the TTL which is an 8-bit field that helps control data
flow.  The IP address is divided into network ID and host ID. These are further divided
into classes. Class A is the first octet in a network; Class B is 2 octets; Class C is 3
octets.  The ARP is a protocol used to discover the hardware address of a node with a
certain IP address. These expire after time. IP addresses are submitted within a
network. Subnetting is the process of taking a large network and splitting it up into many
individual and smaller subnetworks. A subnet mask is a 32-bit number written out as
four octets in decimal. Subnet masks are created for a way to determine if an IP address
exists on the same network. The CIDR is classless and is used to demarcate networks.
A router is a network device that forwards traffic depending on destination address. The
routing table is the destination, next hop, total hops and interface.
 
The transport layer allows traffic to be directed to specific network applications using the
multiplex and demultiplex. The transport layer uses ports which are a 16-bit number
used to direct traffic to a specific service running on a network. A socket is an endpoint.
A common socket is Port 80. The TCP is also broken down. It is made of TCP header
and data section. The TCP uses control flags in fields; URG, ACK, RST, SYN and FIN.
The TCP also has socket states; LISTEN, SYN_SENT, _SYN_RECEIVED,
ESTABLISHED, FIN_WAIT, CLOSE_WAIT, CLOSED.  The connection-oriented
protocol establishes a connection to ensure all data has been transmitted properly. The
connectionless protocol (UDP) does not rely on connections and acknowledgements to
stream better such as videos.
 
The last layer is the application layer. It consists of the payload, which is the entire
content of whatever data is sent to each other. This layer has standardization in
protocols. The web protocol is HTTP.
Let’s suppose there are two networks. Network A has an IP of 10.1.1.0/24. Network B
has an IP of 192.168.1.0/24. Router A is between Network A and B. Network A connects
to interface 10.1.1.1 and Network B connects to interface 192.168.1.254. There is a
computer in Network A assigned 10.1.1.100.  The computer on Network B has been
assigned 192.168.1.32. Computer A enters in the web browser 192.168.1.32:80. The
web browser then communicates with the local networking stack that it wants to
establish a TCP connection to 192.168.1.32:80. The networking stack sees that this
address is on another network so it sends it to the gateway. The gateway then sends out
a broadcast to determine MAC address and relays the info back to computer 1. 
Computer 1 then identified an outbound port and opens a socket connecting the web
browser to this port. The network then builds a TCP segment. The open socket source is
50000 and the destination port is 80. A sequence number is chosen and the SYN flag is
set. A checksum is calculated. The TCP segment is then passed to the IP layer of the
networking stack. This layer makes an IP header which contains the source and
destination IP and a TTL of 64. The TCP is then the payload of the IP datagram and a
checksum is created for the whole thing. The computer needs to get this to its gateway
through the MAC address so it creates and Ethernet datagram. The IP datagram is
inserted as well as the checksum. The entire Ethernet frame is sent along the physical
layer. The computer sends the binary through the cable to the network switch which
sends it out to Network A. Router A creates a checksum against the Ethernet frame it
received. Router A strips the Ethernet frame leaving just the IP datagram then does a
checksum. Router A then looks in the ARC table and sees Network B at 192.168.1.0/24.
It then decrements the TTL by 1 and calculates a new checksum and creates a new IP
datagram to show this. The router then creates an Ethernet frame to get to Network B
with Network B’s MAC address.  Router A then takes the Ethernet frame and the IP
datagram and performs a checksum then sends the data to Network B. Network B then
drops the Ethernet frame and creates a new checksum and demotes the TTL by 1. It
creates a new IP datagram and encapsulated in an Ethernet frame. The data is then
sent to Computer B on Network B. It strips the Ethernet frame and performs a
checksum. Computer B then strips the IP datagram and is left with the TCP segment. A
checksum is performed. The TCP contains a SYN flag. Computer B would have to do
the same process to send a SYN/ACK flag and then Computer A would have to
complete the steps to receive an ACK flag to complete the Three-Way Handshake.
=================
TCP/IP Five-Layer Software Model
The Transmission Control Protocol/Internet Protocol (TCP/IP) network provides a
framework for transmitting this data from node A to node B.
             Data is routed based on IP address of the network and hardware-based MAC
address. We also need to physically transmit the data from one location to another.
TCP/IP in a standard format is a five-layer software model which includes basic
information required to move across the network. Five layers includes the physical layer,
datalink layer, Network layer, Transport layer and the application layer. Each layer
needs to communicate with only adjacent layers.
            Application Layer: Application layer is where application requiring network
communication live and it includes email clients, web browsers in node A. Application
layer generates messages that has request to connect to node B which is then sent to
Transport layer.
           Transport Layer: The Transport layer is responsible for connecting different
applications running on different nodes. It keeps track of the processes running in the
applications above it by assigning 16-bit port numbers to them and hence TCP or UDP
header includes the source and destination port addresses and the data payload. Vital
information like the packet sequence number used for TCP will also be added to the
header.  The data generated by transport layer is called a Segment if TCP is used and
Datagram if UDP is used. Then the segment is sent to the Network layer.
           Network Layer: The Network layer adds a header including the source and
destination IP address to generate a packet. The header also includes a 16-bit header
checksum to protect against data corruption. IP address is a numerical label assigned to
each device connected on to a computer network and Network Layer specifies the
packet’s source and destination IP addresses. This packet is then sent to the Data Link
layer.
           Data Link Layer: The Data Link layer adds a header containing the MAC address
information to create a frame. MAC is Media Access Control address is a device unique
identifier assigned to a Network Interface Controller (NIC) in a device. The Data layer
creates frames that encapsulates packets and use MAC addresses to specify source
and destination addresses. The frame is then sent it to the Physical layer to transmit the
bits.
            Physical Layer: The physical layer deals with actual physical connectivity of two
different nodes. This layer defines hardware equipment, cabling, wiring, pulses required
represent binary signals. This layer encodes and decodes the bits found in a frame and
includes the transceiver that drives and receives the signals on the network.
            Let us consider a browser at node A is trying to get a web-page from computer at
node B> At node A, higher layers pass information to lower layers and each layer adds
information called a header to the data payload. Node A consults its own routing table
and determines that the connection it wants to make is on another network or the same
network. A routing tables a set of information that is necessary to forward a packet along
the best path to its destination. It has information such as IP addresses, next hop, and
metrics to identify best and cost-effective routes.
            Time to Live (TTL) or hop limit is a mechanism that limits the lifespan or lifetime
of data in a computer network, once the time span is elapsed data is discarded or re-
validated. The router looks up its routing table and checks the Ethernet frame checksum
and inserts its own IP and MAC address in the Source fields of the headers, and re-
encapsulates them all in new data-gram and Ethernet Frame. TTL is deprecated by 1.
This packet is then sent to the receiving node B, where the same process will happen
again with a new TCP segment including a SYN/ACK flag. Then a three-way handshake
takes place to establish connection between the two nodes. Then data is sent between
two nodes using the TCP/IP software layers. When data for node B reaches node A,
data is received by the physical layer and is moved to upper layers. Finally, data is read
by the application from the application layer.
==========
Physical layer - means to generate a signal from a to b
Data link layer - Data link layer is the protocol layer that handles the moving of data in
and out of a physical link in a network.
Network layer - Provides data routing paths for network communications. Data is
transferred as packets. 
Transport layer - Receives data from the application, and breaks it into segments.
MAC address - Address of physical object.
IP address - Address for network
TCP port - Endpoint address for reliable connection
Encapsulation- is the process of taking data from one protocol and translating it to
another protocol.
Checksum check - A hashed value of a message that can be computed on both ends for
validating contents of messages.
Routing table - Table for network to direct messages in the right direction
TTL - Max. time a message may travel in seconds, or hops.