In this topic I will explain some basic networking concepts. If you’re new to the networking world, then this information might help you get a grasp on networking terminology and can help you further understand the inner workings of a basic network.

Local Area Network

A Local Area Network, or otherwise called a LAN, is a name given to a collection of connected computers or other devices which can communicate with each other using a shared medium. The systems that want to communicate with one another, use a specific protocol to do so. The most widely used protocol today, is Ethernet. Other LAN protocols include for example: Token Ring, FDDI, ATM etc. Nowadays, we use switches to build our LAN network. Since we mainly use Ethernet in our cabled networks, I’ll briefly explain what it is and how it works.


Modern LANs use a standardization called Ethernet. The Ethernet was an invention of Robert Metcalfe, who wrote a memo in 1973 describing the Ethernet network system. This system was based on the ALOHA network, with significant improvements however. At that point in time, protocols were developed for half duplex operation over a shared communications channel. When a frame was being sent while another frame was being received, a collision occured, and frames would get garbled. The ALOHA system used a random backoff algorithm to counter this, but collisions were still occuring, due to the nature of using a shared medium.

Whereas the ALOHA network had a channel utilization of 18 percent, the Ethernet network system could function at up to 100 percent load. This was due to the use of Carrier Sense Multiple Access with Collision Detection, or CSMA/CD in short. CSMA/CD used a more sophisticated backoff algorithm and listened for frames, before sending any, in contrary to the ALOHA protocol. The Ethernet system became popular because of its performance and became widely used. The first Ethernet standard was published in 1980, but because the protocol was so popular, it was also standardized by the IEEE 802.3 committee. The IEEE standard was first published in 1985.

A standard Ethernet frame is comprised of the following fields:

ethernet frame (1)

Preamble: This is a stream of bits used to allow the transmitter and receiver to synchronize their communication.
Ethertype/length: Describes what kind of Ethernet frame this is.
Data/Payload: Contains the actual data of the frame.
CRC: This is also known as the FCS (Frame check Sequence) field. This allows detection of errors in the frame by the receiver.

The above rendition of an Ethernet frame is simplified. In actual, it contains more specific details in its fields. I’ve also left out the size of the fields. You might have also noticed that I skipped the Destination and Source MAC addresses. This is because it deserves a better explanation in comparison to the brief explanation I gave about the other fields.

MAC addresses

Every system or device which can connect to a network, has a Media Access Control (MAC) address. Or to be more precise: the Network Interface Card (NIC) has a mac address. Wireless devices, like smartphones, also have a NIC, but then it is called a Wireless NIC, or WNIC. The MAC address is the unique identifier of the device on a network, just like an IP address is. The difference between a MAC address and an IP address, is that a MAC address is hardcoded. The hardware MAC address of a NIC cannot be changed. A MAC address looks as follows:


A MAC address consists of 6 octets. An octet is the hexadecimal number between the colons. Each octet is 1 byte, making 6 octets equal 48 bits. There are a few types of MAC addresses. 48 bit MAC addresses are most commonly used. Those that are globally unique are also called EUI-48 identifiers.

To describe how Ethernet uses MAC addresses, it is useful to explain so by using the OSI model. This model is commonly used in the networking world to segment network operations in order to simplify explaining protocols and techniques. Here is how Ethernet fits in the OSI model:


Ethernet operates at the first two layers of the OSI model. The operations at the physical layer describe the way data is transmitted en received on the wire. This can be across an electric signal, or an optical signal. The physical layer handles how data is encoded or decoded. For example: it describes whether a specific voltage on an electrical medium is being seen as a one or zero in binary. Or how received light at a specific wavelength on an optical medium would be seen as a one or zero.

Layer 2, the data link layer, is subdivided into two sublayers:

The Logical Link Control sublayer

The Logical Link Control sublayer, or LLC, is responsible for acting as an interface between the physical layer and the network layer. When a frame arrives from the physical layer below, the LLC will look at the Network protocol type and hand over the datagram to the correct Layer 3 protocol at the Network Layer. This is called multiplexing and de-multiplexing.

The Media Access Control sublayer

The MAC sublayer, act as an interface between the physical layer and is responsible for creating frames when it received packets from the Network Layer. At that point, it will insert the frame header and trailer. The frame header contains the MAC addresses and the frame trailer contains the CRC checksum of the frame. It then interacts with the physical layer to send the newly created frame. It is also responsible for accepting frames based on the MAC address in the frame header and then inspecting the frames received from the physical layer for errors. Collision resolution is also part of the MAC sublayer.

TCP/IP Suite

Later on in this blog post, I will explain how packets are sent in an Ethernet Network. But in order to do so, I have one more topic to discuss. That topic is TCP/IP. This protocol is used in conjunction with Ethernet, to allow communication in a LAN environment. TCP/IP is like Ethernet, a very complex and elaborate set of protocols. I will explain its basic functions without going too deep into the matter.

The history of the Internet and of TCP/IP cannot be discussed without mentioning one another. They are very closely related to each other. TCP/IP is an evolution, which started with ARPANET in 1969, the predecessor to our modern Internet. The different protocols used for ARPANET all had its own flaws, making ARPANET unable to scale to a larger size. Modern TCP/IP is what it is today, because of the constant evolving and optimizations to the protocol suite.

TCP/IP is like mentioned before, a collection of a lot of different protocols. I’ll name the three most important ones, by dissecting the name.

The IP in TCP/IP stands for Internet Protocol. You might have already heard about a thing called an IP address. An IP address comes from this protocol. Besides addressing, this protocol is also responsible for routing packets through a network, among a lot of other things. The IP protocol operates at the Network Layer (Layer 3) of the OSI model.

The TCP part of TCP/IP stands for Transmission Control Protocol. This protocol is among other things, responsible for connection establishment and reliable data transport. The two major protocols which are part of the TCP suite, are the likewise named Transmission Control Protocol and the User Datagram Protocol (UDP). The TCP protocol operates at the Transport Layer (Layer 4) of the OSI model. These three protocols are further explained below.


When you browse to a web page, you’re using a protocol called Hyper Text Transfer Protocol. HTTP runs the World Wide Web, that’s why URL’s start with: http://www. As you can imagine, TCP contains of the most common protocols used on the internet today.

TCP is called a connection-oriented protocol. This means that hosts that want to communicate with each other, must set up a connection first. It does so by doing a three-way handshake. I will not go into detail explaining that right now. In network communication, it is common to have some packet loss. TCP makes use of sequence numbers, to make sure that every packet within the communication stream will be counted for. If a packet has not been acknowledged by the receiver, the sender might send it again, to make sure the receiver will receive all the packets. This is why you won’t see half of a picture when you’re browsing to a web page for example.


UDP is considered to be a connectionless protocol. Communication between hosts using UDP will generally be faster than using TCP. Where TCP uses sequence numbers, UDP does not. The header of a UDP packet (its properties if you will), will therefore be smaller than a TCP packet, which allows for more data to be sent. The negative effect of this setup, is that packets might get lost along the way. An example of where UDP is used, would be Voice over IP, or VOIP. When you’re having a phone call over a network, it won’t matter too much if you have a small hickup. You generally will still be able to hear what the other person says, despite the short interruption caused by the loss of some packets.


The most notable contribution of the IP protocol, is its addressing scheme. An IP address will look as follows:

The above example uses the IP version 4 system, or IPv4 in short. These type of IP addresses use 4 octets where each octet contains 8 bits of information. An IP address therefore has 32 bits of information. There is a distinction between private IP addresses and Public IP addresses. Private IP addresses are not routable over the internet, and are used in a private network, while public IP addresses can be routed over the internet. Public ip addresses can however also be used in private networks. This is mostly not done, because of the shortage of IPv4 addresses.

IP addresses also use something called a subnet mask. A subnet mask will tell you which IP addresses are part of the same LAN. It looks like this:

In another blog post, I will explain the IP addressing scheme in much more detail.

In the before mentioned example of browsing to a webpage, you’re actually using the ip address of your own computer, to connect to the ip address belonging to the system hosting the web page. Communication over the internet by two hosts is done so by using IP addresses.

So, now when someone asks you what the difference is of a MAC address in comparison to an IP address, you can answer that MAC addresses are used in an Ethernet network, in a Local Area Network. IP addresses are used within the TCP/IP protocol suite, and are used for communication between hosts beyond the LAN, eg. over the internet.

Communication in a Network

All of the previous information was necessary to give you a brief description of the networking technologies used in our modern networks. So, let’s put everything we’ve learned together. I’ll now explain how two hosts on a different network can communicate with one another by using two different examples, one about communication within the LAN and one about communication beyond the LAN.

Communication in a Local Area Network


Let’s say a newly plugged in Computer A want to send some data to the newly plugged in Computer B. How would it go about sending this in a Local Area Network?

In this example we’ll use the ping program, to communicate with Computer B. Ping is used to send a packet to a system to let it respond to know if it can be reached and therefore communication is possible. Some network statistics will also be displayed, i.e. the time it took before an answer was received back, called the Round Trip Time (RTT).

We issue the following command on Computer A:


The first thing that Computer A will do, is check to see if the destination IP address is part of the same network (LAN), by comparing it with his own IP address and subnet mask. In this case it is.

Computer A would need to know the MAC address of Computer B before it could send data directly to it on the LAN. Since Computer A is new to the network, we will assume it doesn’t know it yet. Therefore, in order to know which MAC address belongs to Computer B, it will use the Address Resolution Protocol, or ARP in short, to discover the MAC address of Computer B. It does this by sending a broadcast frame on the wire, called the ARP request. The frame will include, among other fields, at least the following fields:


With this packet, Computer A basicly says:

Hey everyone, I am looking for the MAC address of the system which has the IP address If you have it, please respond back to me!

When the frame arrives at Switch 1, the switch will look at the frame header, containing the source and destination MAC address. It will put the source MAC address in its MAC address table and marks the interface at which the frame came from. Later on, when the switch needs to send data to Computer A, it will know out of which interface to send it. The switch sees that this is a broadcast packet (because of the destination MAC address), and looks at the destination IP address of the frame. It knows the IP address is not his, and therefore knows this frame is not meant for him. Since it is a broadcast frame, the switch will flood the frame to every connected port, except to the interface it was received from. Because of this, Computer B will also get the ARP request from Computer A.

Computer B will respond to the ARP request with a ARP reply directly to Computer A. This will not be a broadcast packet, but a unicast packet, directly targeted at Computer A. The frame will include the source MAC address of Computer B and the destination MAC address of Computer A. The IP addresses are also reversed at this point. Computer B will also update its own ARP table with the entry of Computer A. the ARP table contains the relation of the MAC address to the IP address. The ARP reply of Computer B will look like this:

ARP reply

This unicast packet is forwarded to Computer A when it is received by Switch 1. When Computer A received the frame, it then knows the MAC address of Computer B and the two systems can communicate with each other. At this point Computer A will send the ping packet to Computer B, to which the latter can reply back.

This is a fairly simple and short process. However, things get a bit more complicated when packets need to be sent from one LAN to another LAN. This will be explained below.

Communication beyond the LAN

So, in order to send data out of the Local Area Network, you need a router. A router acts as the gateway of the LAN, and will sit in between two different networks as illustrated in the drawing below.


Now, when Computer A want to send data to Computer C, the process will be quite different in comparison to the example of communication within a LAN.

Again, Computer A wants to send a ping packet and will execute the command:


Notice that the IP address is different. The third octet contains a 2, whereas the prior IP address contained a 1 in the third octet. Pair that with the subnet mask of, and we can tell that this is in another subnet. (I will make another blog post about IP addresses at a later point).

Since Computer A knows that the destination is not in the same subnet, it will not use ARP to resolve the MAC address of Computer C. This is because ARP uses broadcast messages and these are only local to the LAN. Broadcast messages will not go beyond the LAN. The router will make sure to drop broadcast messages. So, how will Computer A send a packet to Computer C? Take a look at the following example:

Ping echo

Computer A will use the destination MAC address of its default gateway. A default gateway can be configured on a system for it to be able to send packets outside of the Local Area Network. In this case the MAC address for the router is known, but if Computer A did not know it, it would send an ARP request for the MAC address of the router, prior to sending the ping packet.

When the router receives the ping packet from Computer A, it will know that the packet was meant to be sent to it, because of the destination MAC addresses, but that the actual destination is somewhere else, because of the destination IP in the packet. So, the router will look in its routing table, to see where to send the packet to. In this scenario, it will see that the destination IP address is part of the LAN that it also is connected to. The routing table will mention a directly connected network in this case.

At this point, the router will change two things: The source MAC address and the destination MAC address. The source MAC address will be change to the MAC address of the router itself. The destination MAC address will be changed to that of Computer C. If the router does not know the MAC address of Computer C, it will start the ARP process again, to get the MAC address. When both are changed, the packet will be send and Computer C will receive it. Computer C will then start that whole process again, to send a packet back to Computer A, letting it know it is alive.

Now think about what happens when you browse to a website? Thousands of packets will be sent from and to your PC, in order for you to see a webpage. Isn’t it incredible to think about the speed with which that takes place?

We have barely touched upon the surface of what networking entails, but already you can see how incredibly complex this is. This is however, also the thing that makes it incredibly fun!