Layers of the Internet Protocol Suite

As we begin to discuss network development it is essential that you have a good understanding of how the layers in the Internet Protocol Suite work. This knowledge is required to use packet capture libraries like libpcap or packet construction libraries like libnet but it is also very useful when troubleshooting your applications.

This post will, hopefully, give you a good introduction of how the layers work together but to really understand the layers you will need to spend time looking at and dissecting packets. Wireshark is an excellent tool to look at what packets are going though your network but it is a lot more fun to write your own packet-capturing tool with libpcap. My book, iOS and OS X Network Programming Cookbook, has a chapter on libpcap and shows how to write a packet capturing application for OS X. I also plan on posting tutorials on libpcap in this blog.

So what are the layers of the Internet Protocol suite and why should you care about them? When computers on an IP network, like the Internet, want to communicate they exchange packets. These packets contain two types of information, which are:

Control Information (header): This header provides the information needed to route, assemble and verify the packet.

User Data (payload): This is the data which is more commonly referred to as the payload. This can be anything from web pages to PDF files to streaming video.

A packet contains several headers that are layered. These layers are:

Link Layer: There are many types of network connections. The link layer defines the method in which the hosts communicate over the network. This can also be referred to as the Physical layer.

Internet Layer: The Internet layer defines the addressing and routing structures used. There are two versions of addressing structure these are IPv4 and IPv6.

Protocol (transport) Layer: The protocol layer (Commonly referred to as the Transport layer) provides a uniform networking interface that hides the underlying network connections. This is also where larger payloads are broken up into multiple packets if needed.

Application Layer: The application layer is where high-level protocols such as HTTP and FTP reside. This is usually where the payload that is being sent to the other application or device is added.

The biggest strength of this model is that each layer is independent and does not rely on the layers below it. For example, the Application Layer does not need to know anything about how the Link Layer is going to handle the packet.

When a packet is built each layer wraps (or encapsulates) the layer above it. Therefore the Protocol Layer encapsulates the Application Layer. The Internet Layer encapsulates the Protocol Layer which has already encapsulated the Application Layer. Finally the Link Layer encapsulates the Internet Layer which has already encapsulated the Protocol Layer which has already encapsulated the Application Layer.

When a packet is received the headers are peeled away in reverse order. Once the device receives the packet the Link Layer header is removed and the packet is passed up to the Internet Layer. The IP header is then removed and the packet is passed up to the Protocol Layer. Finally the protocol header is removed and the packet is then passed to the application. A picture below shows the order that a packet is built and peeled apart.