What Does The Application Layer Do?

A lot of newcomers to TCP/IP wonder why an Application Layer is needed, since the Transport Layer handles a lot of interfacing between the network and applications. While this is true, the Application Layer focuses more on network services, APIs, utilities, and operating system environments.

If you know the TCP/IP stack and OSI model well enough, you’ll know that there are three OSI model layers that correspond to the TCP/IP Application Layer.

By breaking the TCP/IP Application Layer into three separate layers, we can better understand what responsibilities the Application Layer actually has.

The OSI Equivalent of the TCP/IP Application Layer

---

• 1. Application Layer - The seventh OSI model layer (which shouldn’t be confused with the TCP/IP stack’s Application Layer). It supports network access, as well as provides services for user applications.
• 2. Presentation Layer - The Sixth OSI model layer is the Presentation Layer. It translates data into a format that can be read by many platforms. With all the different operating systems, programs, and protocols floating around, this is a good feature to have. It also has support for security encryption and data compression.
• 3. Session Layer - The fifth layer of the OSI model is the Session Layer. It manages communication between applications on a network, and is usually used particularly for streaming media or using web conferencing.

---

To better grasp the concepts of the Application Layer, we’ll take a look at a few examples of the Application Layer in action.

Application Layer APIs

If you aren’t hip on the nerdy lingo- don’t worry: an API simply stands for Application Programming Interface. An API is just a collection of functions that allows programs to access an internal environment.

A good example of an API is DirectX. If you’ve ever run a multimedia application and used Windows at the same time, odds are you have come into contact with DirectX. DirectX is made up of many different components that allow programmers to create multimedia applications (such as video games).

There are many types of APIs to delve into. You may have heard of NetBIOS, Winsock, or WinAPI among others. The world of APIs has also extended to web services. You may have heard of a Google API, for instance. In this case Google allows developers to use its internal functions, yet also keeps Google’s internal code safe from prying eyes. (Otherwise, there would be a few security concerns on Google’s part.)

Network Services

The Application Layer handles network services; most notably file and printing, name resolution, and redirector services.

Name resolution is the process of mapping an IP address to a human-readable name. You may be familiar with the name Google more so than the IP address of Google. Without name resolution, we would have to remember four octets of numbers for each website we wanted to visit- not very friendly is it?

A redirector, otherwise known as a requester, is a service that is largely taken for granted. It is a handy little service that looks at requests a user may make: if it can be fulfilled locally, it is done so. If the request requires a redirection to another computer, then the request is forwarded onto another machine. This enables users to access network resources just like they were an integral part of the local system. A user could browse files on another computer just like they were located on the local computer- obviously redirector services are fairly powerful.

Lastly we have file and print services. If a computer needs to access a file server or a printer, these services will allow the computer to do so. It is fairly self-explanatory, but worth reviewing nonetheless.

Network Utilities

This is where most people have experience- within the network utilities section of the Application Layer. Every time you use a Ping, Arp, or Traceroute command, you are taking full advantage of the Application Layer.

It’s quite convenient that the Application Layer is located on the top of the TCP/IP stack. We can send a Ping and, if successful, can verify that the TCP/IP stack is successfully functioning. It’s a good idea to commit each utility to memory, as they are very useful for maintaining, configuring, and troubleshooting networks. Listed below are seven of the most used utilities.

Seven TCP Utilities Explained

---

• 1. ARP - Arp stands for Address Resolution Protocol. It is used to map an IP address to a physical address found on your NIC card. Using this command can tell us what physical address belongs to which IP address.
• 2. Netstat - Netstat is a handy tool that displays local and remote connections to the computer. It displays IP addresses, ports, protocol being used, and the status of the connection.
• 3. Ping - Ping is a simple diagnostic tool that can check for connectivity between two points on a network. It is one of the most used TCP/IP utilities when setting up a network or changing network settings.
• 4. TraceRT - Tracert, or traceroute, is a command that will show the path that packets of data take while being sent. It’s handy for checking to see where a possible network failure lies, or even for ensuring that data packets are taking the fastest route possible on a network.
• 5. FTP / TFTP - FTP and TFTP are both used for transferring files. It is important to note that FTP is a TCP utility, while TFTP is a UDP utility. TFTP tends to be less secure than FTP, and is generally only used for transferring non-confidential files over a network when speed is concerned.
• 6. Hostname - Hostname is a simple command that displays the hostname of the current computer. Simple, yet effective.
• 7. Whois - Whois information is just like an online phonebook. It shows the contact information for owners of a particular domain. By using a Whois search, you will find that Google is based in California.

---

Closing Comments

The Application Layer isn’t as exciting as the others. We don’t really have much physical interaction with the Application layer, and most of the fun applies to developers and geeks only.

There is still much to learn- TCP/IP is just the very beginning of the networking world. But with this lesson on the final TCP/IP layer complete, you can now say that you have a much better understanding of the TCP/IP model. (And networking in general.)

Next in line we have the Transport layer- the layer responsible for actually getting the data packets to a specific location. When we receive email, we want to open it with our email program- not anything else. So how does a computer know exactly where to route data to appropriate programs, all while dealing with multiple connections?

The Difference between TCP and UDP

There are two protocols that are primarily used to transport data: TCP and UDP. TCP stands for transmission control protocol. It is the more common of the two, since it allows for much more error checking functionality and stability. UDP, or User Datagram Protocol, lacks extensive error checking- but is considered to be much faster than TCP as a result.

Since TCP guarantees the delivery of data over a network we call it a connection-oriented protocol. If in the event that data isn’t sent correctly, the sending computer will be notified and will resend the information. This is compared to UDP, which doesn’t require that data has been received correctly. Likewise, we call UDP a connectionless protocol.

How Do Transport Protocols Work?

We mentioned earlier that a transport protocol can have simultaneous connections to a computer- yet the receiving computer still knows where each data packet should be sent. This is accomplished through ports and sockets.

A port is simply an internal address that acts as a pathway to control data flow. Since we need each port to be specific to a certain application, there are thousands of ports for use. If you are using the internet, for instance, data is being routed through TCP port 80. This port is called the HTTP port. Ports that have specific purposes (such as the HTTP port) are also known as well-known ports. (And in case you were wondering, there are over 65,535 ports to experiment with.)

So now we know two things. First, the IP address is used to route the data to a specific computer. Next, the port number is used to tell the receiving computer what kind of application should handle it. But to actually accomplish both of these tasks, we use what is called a socket. A socket is simply an address formed by using the IP address and then tacking on the port number at the end.

Practical Uses of the Socket

So what good is a socket? For one thing, multiplexing and demultiplexing is made possible. When you are running multiple programs that are communicating with other computers, you are making use of both of these technologies.

Let’s look at a practical example. You are running a telnet server in which multiple computers are connected to. Each computer uses a socket address to tell the server which computer and which port the data is coming from. If each computer broadcasted at the same time, there may be a jam at the transport layer. We use multiplexing in this case to combine all incoming data into one stream.

Demultiplexing is very similar to multiplexing, except that it works in reverse. Instead of taking multiple streams of input data and outputting a single stream of data, demultiplexing involves receiving a single stream of input and delivering it to multiple outputs. This is handy for separating multiplexed signals. You may see demultiplexing referred to as “Demuxing.”

The Anatomy of a TCP Segment

So now we know how data is routed, but what is the data made up of? As we learned in previous sections, we call the data at the Transport level of the TCP protocol a segment.

TCP Segments Explained

---

• 1. Source Port - A 16-bit field that specifies which port number the data segment originated from on the source machine.
• 2. Destination Port - A 16-bit field that specifies which port number the data segment is destined for on the receiving machine.
• 3. Sequence Number - A 32-bit field that specifies which sequence number the particular segment of information is assigned. The sequence number is used to number packets of information so that they may be counted on the receiving side- guaranteeing a successful and complete delivery of information.
• 4. Acknowledgment Number - A 32 bit field that specifies whether or not a segment was received correctly. The acknowledgment number is always one higher than the sequence number, since the receiving computer is expecting the next segment.
• 5. Data Offset – A 4-bit field that tells the receiving computer how long the header is, and where the data actually begins.
• 6. Reserved - A 6-bit field that is reserved for future use. Currently this field is represented as all zeroes. In the future, it may be likely that TCP will make use of this space for some reason or another.
• 7. URG - A 1-bit control flag that stands for urgent. If the value is 1, the information is urgent and should be dealt with accordingly.
• 8. ACK - A 1-bit control flag that, if set to 1, indicates that the Acknowledgment Number field is significant.
• 9. PSH - A 1-bit control flag that stands for push. If set to 1, all the information sent so far is sent to the receiving application.
• 10. RST - 1-bit control flag that stands for reset. If set to 1, the connection is reset.
• 11. SYN - A 1-bit control flag that stands for synchronize. If set to 1, then a sequence of numbers will be used to sort information packets. This also marks the beginning of a connection.
• 12. FIN - A 1-bit control flag that stands for finished. It also closes a connection, and indicates that there is no more data to be sent.
• 13. Window - A 16-bit field that is used for flow control. It indicates that a range of sequence numbers past the last acknowledged sequence number do not require further acknowledgment.
• 14. Checksum - A 16-bit field that checks segment integrity. A calculation is done on both the sending and receiving computer. This calculation is based on the segment’s information, so we can use it to check and see if the packet is indeed the same being received as it was sent.
• 15. Urgent Pointer - A 16-bit field that indicates the beginning of urgent information. Specifically, it points to a sequence number.
• 16. Options - A field that may be used to set various optional settings.
• 17. Padding - A spacer used to offset the Options field. Since every row must equal 32 bits, the Padding field must add to the Options field to equal 32 bits. Since the Options field may vary, variable Padding is needed.
• 18. Data - The actual data being sent to the recipient computer.

---

The Anatomy of a UDP Datagram

Don’t worry- UDP is a lot simpler as compared to the TCP counterpart. This is due to the lack of error checking UDP contains. Although UDP is famously known for not having error checking, there are slight UDP functionalities that can act as basic error checking procedures.

It’s important to know that the UDP error checking functionalities are quite basic. For instance, the UDP protocol contains functionality for a checksum so that we may check the integrity of data. This field can be turned off, however, so that a faster connection can be had. Also important to note is that UDP uses a fake header (known as a pseudo-header) that contains a destination address, so that we can determine whether or not the packets were sent to the right place. If they are indeed sent to the wrong place, a simple ICMP message may notify the source machine that the source is unreachable.

Keep in mind that even if errors are found within a UDP connection, data will not be retransmitted. So how much different is a UDP datagram from a TCP segment?

UDP Datagrams Explained

---

• 1. Source Port - An optional 16-bit field that specifies which port the datagram originated from.
• 2. Destination Port - A 16-bit field that specifies which port the datagram should be directed to on the receiving computer.
• 3. Length - A 16-bit field that specifies how long the UDP datagram is. This includes the UDP header and the data being sent. (The value is always at least 8, since the UDP header is eight octets.)
• 4. Checksum - A 16-bit field that operates much like the TCP counterpart. It is considered optional, however.
• 5. Data - The actual data being sent to the recipient computer.

---

You will notice that the datagram anatomy is much simpler- and that no source or destination information is included. So how does the data know where to go? As we briefly reviewed earlier, UDP uses what is known as a pseudo-header. This header will act as a guide for the datagram, and can determine whether the datagram was delivered to the right address or not.

Closing Comments

Three layers down, one more to go! In the next section we will take a look at the final TCP/IP layer: the Application Layer. We’ll take an in-depth look at just how data goes from datagrams and segments to actual information you can interact with on your computer.

What the Internet Layer Is Responsible For

The Internet Layer is used to deliver data on a complex routed network. In some cases, we can get by with simply using physical addressing. However, this would only work on extremely small LAN connections that do not use routers. For anything bigger or more complex, we will need to make use of the Internet Layer.

The Internet Layer uses logical addressing, as compared to physical addressing. Logical addresses can be read and forwarded among routers, while physical addresses lack the routed functionality. The Internet Layer is also responsible for identifying computers on any network so that data can be successfully sent. Lastly, the Internet Layer is responsible for converting the logical IP address of the destination computer to a physical address, so data can be delivered to the correct computer.

Don’t worry if this is an information overload- we’ll cover all of these aspects more specifically later on in the section.

The Anatomy of an IP Datagram

Before we get into how the Internet Layer routes data, we first have to know what it is routing exactly. Specifically, data at this level is called a datagram. And from what we learned in previous sections, we know the Internet Layer attaches an IP header onto data. But what does this IP header consist of?

At first glance, this is a lot of information to digest. But don’t be dismayed- it is a lot simpler than you may think. Check below for detailed information on each field.

IP Header Fields Explained

---

• 1. Version - The version is a binary number that is four bits long. It indicates which version of IP is being used. Currently we are using IP version four, although IP version six will soon make an impact on the networking world.
• 2. IHL (Internet Header Length) - The IHL simply measures the length of the IP header in 32-bit words. The minimum header length is five 32-bit words.
• 3. Type of Service - This field is for specifying special routing information. This field in particular relates to Quality of Service technologies quite well. Essentially, the purpose of this 8-bit field is to prioritize datagrams that are waiting to pass through a router.
• 4. Total Length - This 16-bit field includes the length of the IP datagram. This length includes the IP header and also the data itself.
• 5. Identification - This is a 16-bit field that acts as a means of organizing chunks of data. If a message is too large to fit in one data packet, it is split up and all of its child packets are given the same identification number. This is handy to ensure data is rebuilt on the receiving end properly.
• 6. Flags - This field signifies fragmentation options- such as whether or not fragments are allowed. The Flags field also has capability to tell the receiving source that more fragments are on the way, if enabled. This is done with the MF flag, also known as the more fragments flag.
• 7. Fragment Offset - This is a 13-bit field that assigns a number value to each fragment. The receiving computer will then use these numbers to reassemble the data correctly. Obviously this is only applicable if fragments are allowed.
• 8. Time to Live - This is often known as TTL. It is a field that indicates how many hops a data packet should go through before it is discarded. Every successful pass through a router, known as a hop, decrements this field by one. When it reaches zero, it is discarded.
• 9. Protocol - This 8-bit field indicates which protocol should be used to receive the data. Some of the more popular protocols such as TCP and UDP are identified by the numbers 6 and 17 respectively.
• 10. Header Checksum - This 16-bit field holds a calculated value that is used to verify that the header is still valid. Each time a packet travels through a router this value is recalculated to ensure the header is still indeed valid.
• 11. Destination IP Address - This 32-bit field holds the IP address of the receiving computer. It is used to route the packet and to make sure that only the computer with the IP address in this field obtains the packets.
• 12. Source IP Address - This 32-bit field holds the IP address of the sending computer. It is used to verify correct delivery, and will also be the return address in case an error occurs.
• 13. IP Options - This field can hold a fair number of optional settings. These settings are primarily used for testing and security purposes. Although clever settings such as keeping timestamp data from each router hop may seem handy, it will actually degrade speed more often than not.
• 14. Padding - Since the IP options field varies in length depending on the configuration, we need to have this field set to occupy left over bits. This is because the header needs to be ended after a 32-bit word: no more, no less.
• 15. Data - This is fairly self explanatory- it is simply the data that is being sent.

The above diagram should be reviewed until a firm grasp is held on the concept of an IP header. If you feel you have the concepts down well enough, it’s time to move onto routing the data!

Routing the Information with the IP Protocol and IP Addresses

The Internet Protocol, or IP, operates on the Internet layer. This protocol provides a hardware-independent addressing system in the form of IP addresses. For every Network Interface Card, or NIC, there should be a unique IP address. After all, how could we send data to a specific computer if more than one computer was using an IP address?

Look at the diagram below and see if you can tell any similarities between the IP addresses.

You may have noticed that the first three numbers are identical in each address. IP addresses are made up of two portions: the network ID and the host ID. The network ID is responsible for telling other computers which network the computer resides on (useful if we are using subnets or multiple LAN segments). The host portion tells us which specific computer on the network the computer is. In terms of an actual home address, the network ID would be the street of your home- while the host ID would be the house number.

IP addresses are divided by what are called octets, or simply 8-bit segments. IP addresses also use dotted decimal format: meaning each octet is separated by a period. For every IP address there are four octets. If you do the math right, you will find that each IP address is 32 bits in size (four octets of eight bits each). Refer to the diagram below for more information.

In case you needed proof that each IP address is 32 bits, count each one and zero in the binary format. Each 1 or 0 is a bit. Since there are 8 bits in a byte, we can also say that each IP address is 4 bytes in size.

But we aren’t done yet! Each IP address belongs to a class. You will likely only see three classes on an average basis: Class A, Class B, and Class C. These classes dictate which network type an IP address is. We never actually said which part of the IP address was the network ID and which was the host ID- so how do we know where the network ID starts and where the host ID begins? Classes of course! Review the diagram below for more information.

Notice that each class is dictated through the first octet’s value. However, there is more going on behind the scenes that we are aware of with the above diagram. Each class has a specific amount of network and host octets. Review the diagram below for more information.

Remembering the network octets is easy- simply remember that each class from A to C adds a network octet. Keep in mind that Class D and Class E addresses exist, but for the sake of simplicity, we will not cover them just yet since you’ll likely not use one anytime soon. For now, we have one more thing to learn about concerning IP addresses: reserved IP addresses.

Reserved IP Addresses

There are certain IP addresses that are reserved; meaning they have a special purpose. For instance, you can’t use all zeroes for the host octets, since this is the actual network address. (The Class C address 192.168.2.0 is not usable, for instance.) We also may not use the broadcast address- which is simply represented as all 1’s in binary, or 255 in decimal. (The Class C address 192.168.2.255 is not usable, for instance.) Don’t worry- we will cover broadcast addresses more thoroughly in later sections. Lastly, you may not use the 127.0.0.1 address since it is a loopback address- mainly used for testing and troubleshooting.

There are certain IP addresses that are used for private networks, meaning that they aren’t for internet use. These addresses, therefore, don’t have to be unique and can be used for network use. These private addresses are:

Reserved IP Addresses

---

• 1. 10.0.0.0 to 10.255.255.255
• 2. 172.16.0.0 to 172.31.255.255
• 3. 192.168.0.0 to 192.168.255.255

---

Use these addresses however you see fit on your own network- but also know that since these are private addresses, you may not access the internet with them.

Last but not Least, ARP and RARP

We certainly have covered a lot so far! Don’t worry- we only have ARP and RARP to review for now. The Address Resolution Protocol, or ARP, is used to map IP addresses to physical addresses. To actually deliver data to a computer we use its physical address. You may remember that every physical address is unique and is burned into the NIC card at the factory.

Your Network InterfaceCard is actually a fairly dumb device. All it does when receiving data is look at incoming information and check to see if it is addressed to it or not. Ironically, it doesn’t even know its own IP address! Since we can’t depend on the NIC card we use ARP tables, otherwise known as the ARP cache.

The best part of the situation is that ARP tables are built dynamically- no need to configure anything normally. These ARP tables will associate physical addresses to logical addresses, and will be used to route data to specific computers. But what if there aren’t any addresses in the ARP tables, yet we have data being sent to a computer on a network? In this instance, the host sends a broadcast called an ARP request frame.

The ARP request frame contains IP address and physical address information for the host that sent the request. Other hosts on the network receive the ARP request, and hopefully the unresolved IP address is found out. If it is, a new entry into the ARP table is made. This happens more than you’d think since ARP tables actually expire after a certain amount of time.

Simple enough, right? Next we have RARP, which can be simply seen as the opposite of ARP. It technically stands for Reverse ARP, so you wouldn’t be wrong in believing this. RARP is used when the IP address is known, but the physical address isn’t.

Closing Comments

We certainly got through a lot of information! If you haven’t noticed, the Internet Layer is a lot more complex than the physical layer. In the next section we will take a look at the Transport Layer in particular. It is highly recommended that you read our subnetting article before continuing. If you feel you have a firm grasp on the subnetting concept, you may continue to the next section.

If you haven’t already, you may wish to read the previous section on encapsulation- we will be reviewing part of the encapsulation again in this section.

What the Network Access Layer Accomplishes

It may be poor for education, but the Network Access Layer’s invisibility to the everyday user means management of the layer is unnecessary in most cases. Inventions such as the Universal Plug and Play (known to early Windows users as “Plug and Pray”) enables users to setup networked devices with little to no configuration.

Behind the scenes, the Network Access Layer is responsible for several things; including error checking, formatting data into frames, and interfacing with network adapters. See the box below for the full list of responsibilities of the Network Access Layer.

Responsibilities of the Network Access Layer

---

• 1. Checks for errors on incoming frames, and sends error checking information on outgoing frames so receiving computers can check for errors.
• 2. Acknowledgement of received frames is another feature. If a frame isn’t received correctly, it will be resent to the appropriate destination.
• 3. Formats outgoing data into frames, and then converts the data into electrical pulses for transmission. The receiving computer will rebuild the frame, and send the data up to the next layer.
• 4. Interfaces with network adapters and coordinates data transmission with the selected network architecture. An Ethernet network, for instance, will require different transmission methods than a Token Ring network.

---

Dividing the Network Access Layer with the OSI Model

The TCP/IP model only has four layers as compared to the OSI model’s seven. The Network Access Layer in particular is subdivided into two separate layers in the OSI model. Because this aids in learning, we will be working with the OSI model in this section. You can see a visual diagram of the two models below.

We are now dealing with two layers: the Data Link Layer and the Physical Layer. The Physical Layer is the layer responsible for turning the data frame into a stream of bits. This breakdown of the frame into bits is necessary for transmission. On the receiving end, the Physical Layer rebuilds the bits into a frame.

The Data Link Layer actually performs two different functions: Media Access Control, or MAC, and Logical Link Control, or LLC. The Media Access Control is the sublayer that provides an interface with the network adapter, otherwise known as your Network Interface Card or NIC. This card holds your MAC address, which is burned into your Network Interface Card at the factory of which it was made.

The Logical Link Control is the sublayer that performs error checking for frames. It also manages links between devices that are communicating over a subnet. It also offers flow control and acknowledgement of delivery.

Physical Addressing

Physical addressing is the aspect of the Network Access Layer that relates physical addresses to logical addresses. This is nothing more than simply converting your MAC address to an IP address for easier use in management.

Data sent across a network uses the physical address, so why not just use the physical address as compared to a logical address? Among other reasons, the physical address is too lengthy for practical use by humans. In the case of an Ethernet network, it is 48 bits long.

To actually go from a physical address to a logical address (or vice versa), we need to use ARP and RARP. Address Resolution Protocol and Reverse Address Resolution Protocol can relate IP addresses to physical addresses. These protocols function largely on the Internet Layer, so we’ll come back to them in our next section.

Dissecting a Frame of Data

As a short review, we know that the Network Access Layer accepts a datagram from the Internet Layer, creates a frame, and then grinds the frame down into electrical pulses for transmission. But what we haven’t covered is what the frame is exactly- but you’re in luck, there is a handy diagram shown below.

While most of the above fields are self-explanatory, the frame check sequence, or FCS, needs some explanation. This is a means of verifying data transmissions. The sending computer calculates what is called a Cyclical Redundancy Check, or CRS, and sends the calculation with the frame. If the receiving computer performs the CRS calculation and it matches, all the data is present. Otherwise, data was lost in the transmission. Don’t worry if this is confusing to you- we’ll review it more in later chapters.

Also, a good think to take note of is that each frame can only be between 64 bytes and 1,518 bytes in size. This, however, does not include the preamble’s size in the measurement. If the data being sent is larger than this, the information must be broken down into individual frames; of which will be rebuilt at the receiving computer.

Closing Comments

The Network Access Layer accomplishes a lot for being nearly invisible to the everyday computer user. It’s such a large topic, in fact, that we are overjoyed models like the OSI model could split it up into two separate layers.

We now know that the Network Access Layer interfaces with different network types (such as Ethernet or Token Ring configurations), performs error checking via the Frame Check Sequence, and is ultimately responsible for getting information to its destination.

The Network Access Layer is just one layer of the TCP/IP model, however- and in our next section we will be taking a closer look at logical addressing at its finest- the Internet Layer!

The TCP/IP Model

As we learned in the previous section, the TCP/IP model has four layers. You can view a diagram of the model below.

Keep in mind that we divide the stack into four separate layers because they each perform a certain role or task. As data is being sent from one computer, it will pass from the top layer to the bottom. On the receiving end, the data will then be rebuilt from the bottom layer to the top. You can view an example of this process below.

Each layer a packet of information travels through adds what is called a header. Think of it in terms of a Russian doll. You’re probably familiar with them: each doll has another smaller doll inside of it. Just like the dolls, each layer a sending packet passes through gains another header (or doll). When the packet is being rebuilt on the receiving end, each header is unpackaged the same way. You can see an example of a sending packet gaining header information below.

Note that at the receiving end, we would have the reverse process (Headers would be taken away at each layer, until the receiving packet is by itself.)

Since each layer of the TCP/IP model does a unique task separate of the other layers, we refer to the data package at each layer with different names. For instance, the data package at the Application Layer is called a message, while the same data package at the Internet Layer is called a datagram. Review the diagram below for the complete list of names.

Notice that the Transport Layer may have one of two names- a segment or a datagram. If the TCP protocol is being used, it is called a segment. If the UDP protocol is being used, it is called a Datagram.

The data then passes through the Internet Layer onto the Network Access Layer, where a frame is created. Once the data packet leaves this level it is converted into a bitstream of electrical pulses, commonly referred to as 1’s and 0’s.

Finally, you should note that Cisco demands CCNA students to know specific information on the Data Link Layer and encapsulation. As you can see, we haven’t used the OSI model, but the TCP/IP model (so we use the Network Access Layer as opposed to the Data Link and Physical Layer). Specifically, Cisco demands that students know that packets are packaged into frames at the Data Link Layer. And, like other layers, a header and trailer are added to the information at the Data Link Layer. You can see the encapsulation process with the OSI model below.

We know what you’re thinking- where’s a good pneumonic when you need it? The easiest one we could find was “Dirty Sick People Feel Bad,” whereas each letter of each word corresponds to Data, Segments, Packets, Frames, and Bits.

Putting it All Together

Now that we have the basics down, we can finally review the entire process of data encapsulation. Refer to the below list to see a real-life example of encapsulation. If needed, you can view the above diagrams if you get lost.

The Data Encapsulation Process

---

• 1. One computer requests to send data to another over a network.
• 2. The data message flows through the Application Layer by using a TCP or UDP port to pass onto the internet layer.
• 3. The data segment obtains logical addressing at the Internet Layer via the IP protocol, and the data is then encapsulated into a datagram.
• 4. The datagram enters the Network Access Layer, where software will interface with the physical network. A data frame encapsulates the datagram for entry onto the physical network. At the end of the process, the frame is converted to a stream of bits that is then transmitted to the receiving computer.
• 5. The receiving computer removes the frame, and passes the packet onto the Internet Layer. The Internet Layer will then remove the header information and send the data to the Transport layer. Likewise, the Transport layer removes header information and passes data to the final layer. At this final layer the data is whole again, and can be read by the receiving computer if no errors are present.

---

And there you have it: encapsulation at its finest. We realize that encapsulation isn’t the easiest concept to grasp, but steady review of this and previous sections will ensure you will grasp the concept soon enough.

Closing Comments

Data encapsulation allows devices to communicate, and therefore, it is completely necessary to learn. It is present on networking exams such as the CCNA, so be sure to review these concepts before exam day.

In the following sections we’ll be looking at each layer in more specifics. The next section we will review the Network Access Layer in particular. Physical addresses, frames and LAN technology- clearly we will have our hands full!

The TCP/IP Model and Modular Design

TCP/IP is responsible for a wide range of activity: it must interface with hardware, route data to appropriate places, provide error control, and much more. If you are starting to think the TCP/IP suite can get confusing, you wouldn’t be the first.

The developers of TCP/IP thankfully designed what we call a modular design- meaning that the TCP/IP system can be divided into separate components. You may call these layers or modules. But why use a modular design? Not only does it aid in the education process, but it also lets manufacturers easily adapt to specific hardware and operating system needs.

For example- if we had a token ring network and an extended star network, we surely wouldn’t want to create entirely different network software builds for each one. Instead, we can just edit the network layer, called the Network Access Layer, to allow compatibility. Not only does this benefit manufacturers, but it greatly aids networking students in education. We can dissect the TCP/IP suite into different layers, and then learn about each layer’s specifics one at a time. Below you’ll see the TCP/IP model divided into four layers.

---

• Network Access Layer – The Network Access Layer is fairly self explanatory- it interfaces with the physical network. It formats data and addresses data for subnets, based on physical hardware addresses. More importantly, it provides error control for data delivered on the physical network.
• Internet Layer – The Internet Layer provides logical addressing. More specifically, the internet layer relates physical addresses from the network access layer to logical addresses. This can be an IP address, for instance. This is vital for passing along information to subnets that aren’t on the same network as other parts of the network. This layer also provides routing that may reduce traffic, and supports delivery across an internetwork. (An internetwork is simply a greater network of LANs, perhaps a large company or organization.)
• Transport Layer – The Transport Layer provides flow control, error control, and serves as an interface for network applications. An example of the transport layer would be TCP- a protocol suite that is connection-oriented. We may also use UDP- a connectionless means of transporting data.
• Application Layer – Lastly, we have the Application Layer. We use this layer for troubleshooting, file transfer, internet activities, and a slew of other activities. This layer interacts with many types of applications, such as a database manager, email program, or Telnet.

---

The above layers are more complex than the general descriptions provided, but rest assured, we will get into the specifics in later sections. For now we have another model to learn- the OSI model.

The Open System Interconnection Model

The Open System Interconnection Model, more commonly known as simply OSI, is another model that can help break the TCP/IP suite into modules. Technically speaking, it is exactly the same as the TCP/IP model, except that it has more layers. This is currently being pushed by Cisco since it aids in learning the TCP/IP stack in an easier manner. Likewise, you will see the OSI model on many Cisco exams.

Instead of four layers, the OSI model has seven. You can see a direct comparison of the two models below; notice that only the Application Layer and Network Layer are divided into smaller layers, and the Internet Layer is renamed to the “Network Layer.”

---

• Physical Layer – They Physical Layer converts data into streams of electric or analog pulses- commonly referred to as “1’s and 0’s.” Data is broke down into simple electric pulses, and rebuilt at the receiving end.
• Data Link Layer – The Data Link layer provides an interface with the network adapter, and can also perform basic error checking. It also maintains logical links for subnets, so that subnets can communicate with other parts of the network without problem.
• Network Layer – Much like the Transport Layer of the TCP/IP model, the Network Layer simply supports logical addressing and routing. The IP protocol operates on the Network Layer.
• Transport Layer – Since we left out the error and flow control in the Network Layer, we introduce it into the Transport Layer. The Transport Layer is responsible for keeping a reliable end-to-end connection for the network.
• Session Layer – The Session Layer establishes sessions between applications on a network. This may be useful for network monitoring, using a login system, and reporting. The Session Layer is actually not used a great deal over networks, although it does still serve good use in streaming video and audio, or web conferencing.
• Presentation Layer – The Presentation Layer translates data into a standard format, while also being able to provide encryption and data compression. Encryption or data compression does not have to be done at the Presentation Layer, although it is commonly performed in this layer.
• Application Layer – The Application Layer provides a network interface for applications and supports network applications. This is where many protocols such as FTP, SMTP, POP3, and many others operate. Telnet can be used at this layer to send a ping request- if it is successful, it means that each layer of the OSI model should be functioning properly.

---

Now, the Bad News

Now that we’ve reviewed each layer, you have to commit each layer and its function to memory. Most networking exams require that knowledge of each layer be present. We realize that remembering seven different layers is tough- so we use a mnemonic. A mnemonic is simply a tool we can use to remember all seven layers. Look at each beginning letter of each layer- it’s PDNTSPA, starting with the Physical Layer. You could come up with a phrase such as “Please Do Not Throw Sausage Pizza Away,” to help you remember each layer name.

It is important to remember that each layer is a standard- not an implementation. This means that not all network communication will necessarily use each layer. We partly covered this with the Session Layer, which isn’t always necessarily used. Some devices such as routers only operate at the third layer and below. Some devices are even more limited- repeaters only work at the physical layer of the OSI model.

Closing Comments

The OSI and TCP/IP model are fairly prevalent in networking- don’t be surprised if you see them more than you’d like. If you take anything from this section, remember to use a pneumonic to memorize each layer name in order. You can get as crazy as you’d like with the phrase you use, but “Please Do Not Throw Sausage Pizza Away” is generally the easiest to remember.

In the next article, we will be specifically looking at how data moves from one computer to another- and how it moves through the OSI model. Don’t worry if this seems new to you and you don’t quite take all of it in, simply review it some more and move on to the next section. And, as always, you can review the previous section if you didn’t quite grasp all the concepts in this one.

Networks, Protocols, and Suites, Oh My!

A network is simply a collection of computers or similar devices that can communicate over a transmission medium. Don’t worry- that is just a fancy phrase that usually refers to Ethernet cable and other connective wire. You can see a basic network in the diagram below- odds are you’ve already seen something similar.

Simple enough, isn’t it? Just three computers linked together for communication. Sadly, it is a little more complex than that. To actually send any data from one computer to another we need to make use of a network protocol. A network protocol is a set of common rules that defines how data should be sent. These protocols ensure that a message sent from one computer will reach the next, and that it is interpreted correctly. These many different protocols make up TCP/IP, which is referred to as a protocol suite.

But why do we need a special suite? Back when TCP/IP wasn’t around, there were many different proprietary protocols. Since many different companies developed different protocols, many networks just weren’t compatible. Without a common suite like TCP/IP, the internet would not be possible.

A Brief History of TCP/IP

Now that we have a basic understanding of what TCP/IP is for, let’s review how it came to be. Believe it or not, TCP/IP was developed way back in the 1960’s by the United States Department of Defense. Its original designers had a problem- networks at the time were very small and incompatible. Proprietary protocols were in wide use, contributing to the compatibility problem.

In the early days, it was believed that relying on networks could be a disastrous idea. If a particular network node were to be destroyed for any reason, it would likely bring the entire network down. Since a missile or bomb could literally make any point on a network a target, a decentralized system was needed. The goal was to create a network that didn’t depend on other parts of the network to operate- one of the key features of TCP/IP. Review the diagram below for a visual representation of what happens if a computer fails on a centralized network. As you can see, both right and left computers have lost connection to the central computer, since the middle computer is down.

To actually provide a decentralized network, two important features of TCP/IP are used. Instead of one computer having authority over others, computers generally operate as equals. Dynamic routing is another feature that ensures decentralization. If computers are connected through multiple paths, computers will check for alternative routes if one seems to be down. In the above image, we could achieve dynamic routing by connecting both left and right computers to the first centralized computer- this enables us to completely bypass the downed middle computer.

This ambitious project was initially named ARPANET after the Defense Department’s Advanced Research Projects Agency (ARPA). A few years later, research institutions wanted in on the protocol system too. This is the start of what became the foundations of the internet.

Soon after, we had another networking concept arise- the Local Area Network, or LAN. These networks were the solution for offices and institutions to share resources with ease. The first LAN connections were crippled from today’s standards- they lacked internet access. The advent of the gateway enabled protocols to be translated for LAN connections to access the internet- and the popularity of TCP/IP exploded from there.

Key Features of TCP/IP Students and Professionals Should Know

There are many innovative features of TCP/IP, but there are five features in particular that everyone should become familiar with. In no particular order, these features are:

---

• Application support
• Error and flow control
• Logical Addressing
• Routing
• Name resolution

---

Application Support

Say you are multitasking- you are uploading files to your website, sending an email, streaming music, and watching video all at the same time. We ran into a critical problem here! How does the computer know where to send each packet of data if multiple applications are running? We sure wouldn’t want to use our email program to watch video, and vice versa!

To combat this problem, we use channels called ports. These numbered ports each correspond to a certain action. Your email, for instance, is likely using port 25 for email operation. Remember the files you were uploading to your website? This kind of data uses the FTP port more often than not, which is usually port 20 and 21. Even browsing a webpage uses a specific port- the HTTP port 80.

In total, there are 65,535 ports for controlling the flow of information. Yikes!

Error and Flow Control

TCP/IP is considered a connection-oriented protocol suite. This means that if data isn’t received correctly, a request to resend the data is made. This is compared to User Datagram Protocol, or UDP, which is connectionless. UDP is a suite of protocols just like TCP/IP, with a few notable differences.

But when wouldn’t you care if data was received correctly or not? UDP is great for broadcasting data- such as streaming radio music. If part of the data was lost, we wouldn’t want to go back and retrieve it! It would waste bandwidth, and would create collisions or noise in our signal. With UDP, the lost data might be represented as a silent spot- which we would take over a noisy retransmission any day!

Logical Addressing

Most computers today come standard with Network Interface Cards, or NICs. These cards are the actual hardware used to communicate to other computers. Each card has a unique physical address that is set at the factory, and can’t be changed. Essentially this is an identifier for the computer it is installed on.

Networks rely on the physical address of a computer for data delivery, but we have a problem. The NIC card is constantly looking for transmissions that are addressed to it- what if the network was very large in size? To put it into perspective, imagine your computer looking at every single bit of data on the internet to see if any of the millions of data packets are addressed to it.

This is where logical addressing comes in. You are probably more familiar with the term IP address, however. These IP addresses can be subnetted on a network to divide a large network into tiny pieces. Instead of looking at every bit of data on the internet, logical addressing allows for computers to just look at data on a home network or subnet.

Routing

A router is a device used to read logical addressing information, and to direct the data to the appropriate destination. Routers are commonly used to separate networks into portions- this greatly reduces network traffic if done correctly.

TCP/IP includes protocols that tell routers how to find a path through the network. This is a vital feature of the TCP/IP suite that enables massive LAN connections to be created.

Name Resolution

And finally, we have name resolution. If you wanted to conduct a search on the internet, you would probably just type Google’s URL into your address bar. What you probably didn’t know is that you aren’t necessarily connecting to “Google.com,” but rather an IP address. Instead of having to remember an IP address, name resolution allows you to remember Google’s name.

It might not be so bad if IP addresses were not so lengthy in size. Which is easier to remember- 64.223.167.147 or Google? This handy service is accomplished on name servers, which are just computers that store tables that translate domain names to and from IP addresses.

Closing Comments

Congratulations, you just got an introduction to the vast TCP/IP world. A lot of technical students tend to skip over the basics. This means you can easily outsmart most of your techie friends with the simplest of questions- just ask them why ARPANET designers pressed for a decentralized protocol suite!

All jokes aside, there is still plenty more to cover. We just got our feet wet with this introduction!