Basics Story

Chapter #5 – Networks

network structure, protocols, routing, DNS

5.0  Prologue

Every program that communicates beyond its own process relies on a network. A network is a set of nodes interconnected by links that carry data as discrete packets. Understanding how packets are structured, addressed, routed, and named is prerequisite knowledge for writing networked software correctly - whether the task is opening a TCP connection, diagnosing a timeout, or configuring a cloud deployment.

5.1  Network Structure

Networks are classified by scale. A LAN (Local Area Network) spans a single building or campus; devices share one broadcast domain and communicate at Ethernet speeds. A WAN (Wide Area Network) spans cities or continents and connects multiple LANs through routers. The internet is a WAN of WANs. The OSI model divides networking into seven layers. In practice, the TCP/IP model collapses these into four:
TCP/IP Layer OSI Equivalent Responsibilities Example Protocols
Application 5–7 (Session, Presentation, Application) User-facing data formats and semantics HTTP, DNS, TLS, SMTP, SSH
Transport 4 (Transport) End-to-end delivery, ports, flow control TCP, UDP
Internet 3 (Network) Logical addressing and routing across networks IP (IPv4, IPv6), ICMP
Link 1–2 (Physical, Data Link) Physical transmission and local delivery Ethernet, Wi-Fi, ARP
Each layer adds a header (and sometimes a trailer) carrying metadata for that layer. Encapsulation stacks headers as data moves down the sending stack; de-encapsulation strips them as data moves up the receiving stack. An HTTP request is wrapped in a TLS record, inside a TCP segment, inside an IP datagram, inside an Ethernet frame.

5.2  Protocols

A protocol is a formal agreement on message formats and exchange sequences. The foundational protocols are: IP (Internet Protocol) provides best-effort, connectionless delivery of packets called datagrams. Each datagram carries a source address, a destination address, a TTL (time-to-live counter that prevents infinite forwarding loops), and a payload. IPv4 addresses are 32-bit (written as four decimal octets, e.g., 192.168.1.1); IPv6 addresses are 128-bit (written as eight hexadecimal groups, e.g., 2001:db8::1). TCP (Transmission Control Protocol) adds reliability on top of IP: ordered delivery, retransmission of lost segments, flow control (receiver advertised window), and congestion control. It is connection-oriented; a three-way handshake establishes state before data flows: Client Server -- SYN ---------------> <----------- SYN-ACK -- -- ACK ---------------> [connection established; data flows in both directions] -- FIN ---------------> [client initiates close] <----------- FIN-ACK -- [connection closed] UDP (User Datagram Protocol) sends datagrams without handshaking, ordering guarantees, or retransmission. Lower overhead makes it appropriate for latency-sensitive applications (real-time games, video streaming, DNS queries) where occasional loss is acceptable or handled at the application layer. HTTP/HTTPS is the application-layer protocol of the web. HTTP/1.1 uses persistent TCP connections with pipelined requests. HTTP/2 multiplexes multiple streams over one TCP connection to eliminate head-of-line blocking. HTTP/3 runs over QUIC (a reliable, multiplexed protocol built on UDP), removing TCP’s per-stream blocking entirely. HTTPS wraps HTTP in TLS to provide confidentiality, integrity, and server authentication. TLS (Transport Layer Security) negotiates a cipher suite and session keys through a handshake, then protects all subsequent data with a symmetric cipher (typically AES-GCM). The server’s X.509 certificate binds its public key to a domain name; a chain of trust from a certificate authority validates it.

5.3  Routing

Routing is the process of forwarding packets from source to destination across multiple networks. Each router maintains a routing table - a list of destination prefixes mapped to next-hop addresses and outgoing interfaces. When a packet arrives, the router performs a longest-prefix match on the destination IP address and forwards the packet to the winning next hop. A default gateway is the route of last resort: any packet whose destination does not match a more specific prefix is sent to the default gateway. On a LAN, the default gateway is the local router’s interface address; that router holds routes to the rest of the internet. Routing protocols fall into two families:
  • Interior Gateway Protocols (IGPs) operate within a single organization’s network (autonomous system). OSPF (link-state) floods link-state advertisements to all routers; each builds a complete topology map and computes shortest paths with Dijkstra’s algorithm. EIGRP is a Cisco-proprietary distance-vector protocol used in enterprise networks.
  • BGP (Border Gateway Protocol) is the routing protocol of the internet. It exchanges reachability information between autonomous systems. BGP selects paths based on policy attributes (AS path length, local preference, MED) rather than pure link cost, making it policy-driven rather than metric-driven. Misconfigured BGP route advertisements cause most major internet outages.
NAT (Network Address Translation) allows many devices on a private address space (RFC 1918: 10.0.0.0/8, 172.16.0.0/12, 192.168.0.0/16) to share one public IP address. The NAT device rewrites source addresses on outbound packets and maintains a port-mapping table to reverse the translation on inbound replies.

5.4  DNS

The Domain Name System translates human-readable names (example.com) to IP addresses. It is a distributed, hierarchical database organized as a tree of zones, each delegated to an authoritative name server. The resolution sequence for a name not yet in cache:
  1. The client sends a query to a recursive resolver (typically provided by the ISP or a public service such as 8.8.8.8 or 1.1.1.1).
  2. The resolver queries a root name server for the Top-Level Domain server responsible for .com.
  3. The TLD server delegates to the authoritative name server for example.com.
  4. The authoritative server returns the A record (IPv4) or AAAA record (IPv6).
  5. The resolver caches the result for the record’s TTL and returns the address to the client.
Common DNS record types:
Record Purpose
A Maps a hostname to an IPv4 address.
AAAA Maps a hostname to an IPv6 address.
CNAME Alias: maps one name to another canonical name; the resolver follows the chain.
MX Identifies mail exchange servers for a domain, with priority values.
TXT Arbitrary text; used for domain ownership verification, SPF, DKIM, DMARC.
NS Identifies the authoritative name servers for a zone.
SOA Start of Authority: zone metadata including primary NS, serial number, and refresh intervals.
DNSSEC adds digital signatures to DNS responses, allowing resolvers to verify that records are authentic and unmodified. The root zone and most TLDs are signed; DNSSEC adoption at the registrant level is growing but not yet universal.

5.5  Network Tools

The following command-line tools observe and interact with the network stack. Each maps to one or more layers of the TCP/IP model and is available on Linux, macOS, and Windows (some names differ on Windows).
Tool Layer Purpose
ping Internet Sends ICMP echo requests to test reachability and measure round-trip time. ping -c 4 example.com sends four probes and reports min/avg/max RTT.
traceroute / tracert Internet Maps the path a packet takes by sending probes with incrementing TTL values. Each router that drops TTL to zero returns an ICMP Time Exceeded message, revealing its address and latency.
dig / nslookup Application Queries DNS resolvers directly. dig example.com A returns the A-record chain; dig +trace example.com walks the full resolution path from root to authoritative server.
curl Application Transfers data over URLs from the command line. Tests REST APIs, downloads files, and inspects HTTP headers. curl -I https://example.com shows the response headers only.
ssh Application Opens an encrypted remote shell over TCP port 22. Authenticates with password or public key; all traffic is protected by TLS-grade encryption. Also tunnels arbitrary TCP ports.
ss / netstat Transport Lists open TCP and UDP sockets and listening ports. ss -tlnp shows all listening TCP sockets with the owning process. Useful for confirming a service is bound to the expected port.
nmap Transport Scans a host or subnet to discover open ports and running services. nmap -sV <host> attempts service version detection. Also used for security auditing to identify unintended exposed services.
iperf3 Transport Measures TCP or UDP throughput between two hosts. Start a server (iperf3 -s) and run the client (iperf3 -c <host>) to benchmark available bandwidth. Essential for validating Wi-Fi link quality.
ip / ifconfig Internet / Link Displays and configures network interfaces, IP addresses, and routing tables. ip addr show lists all interfaces; ip route show prints the kernel routing table.
tcpdump / Wireshark All layers Captures live packets and decodes protocols at every layer. tcpdump -i eth0 port 443 captures TLS traffic; Wireshark provides a GUI with full protocol dissectors. Indispensable for diagnosing unexpected behavior.

5.6  Epilogue

The layered model separates concerns cleanly: an application using TCP need not know how routing tables are built, and a router need not understand HTTP. Each layer exposes a stable interface and relies only on the layer below it. The next chapter examines how these protocols scale to the global internet and how Wi-Fi connects devices to it wirelessly.

5.7  References

RFC 793 – TCP
RFC 791 – IP
RFC 1034 – DNS Concepts
What is BGP? – Cloudflare Learning
DNS Parameters – IANA