DNS by Jared Crandall on Dec 2013

Follow the Bouncing Packet

FtBP: Prerequisites

Part 1/8

One understanding that I think has helped me a great deal in troubleshooting problems, and designing networks and services is the evolution of a network packet as it transverses different pieces of network hardware. Today I will try to cover at a high level, the packet creation process, switching to the local Vlan, packet routing, NATing and firewalls, and VPN IPSEC encapsulation. During this discussion we will track the changes to a network packet in the IP and TCP/UDP headers.

This will be a multipart article and we will start by going over some prerequisites for understanding. This article is written to server admins, and so a deep technical knowledge is not required. If you understand the basics of server administration and the data contained in the prerequisite section I believe you will be able to comprehend, and find this article helpful.

Before we can understand packet routing we need to understand the basic concepts of networking. If you feel comfortable that you know this you can skip the “Prerequisites” section and go on in the article.

Prerequisites:

– Understanding of what a Client and Server are in a true perspective, beyond what the OS install is for.

See: http://www.cbfive.com/blog/post/What-is-a-Network-Client.aspx

– Understanding of at least the first 4 layers of the OSI model

Understanding of the OSI model is can be elusive but I do not expect that you understand a 100% of it at this point. It is enough for this article to know the functions of the lower 4 layers (really just 2 through 4).

– Layer 1 deals with the physical hardware itself. It deals with the electrical signaling of the physical hardware devices.

– Layer 2 is where we get into Switching and Hardware addressing.

– Switching is what we use to send packets on the local network segment/Vlan/subnet (these terms are nearly synonymous)

– A well known example of hardware addressing is a MAC address, this is a globally unique identifier for that piece of network hardware.

– Layer 3 is where routing decisions are made an IP addressing is assigned

– Routing is the process of finding the best path through the network. When packets need to transverse multiple routers each router finds the best “next path”, as he only maintains the data from his own perspective.

– We should all be familiar with IP addressing, at least on some level. Every device on a TCP/IP network has an IP address associated with it. These devices are all organized in to groups, known as subnets/Vlans/segments.

– Layer 4 is where our ROUTED protocols live. The most easily recognized being TCP, but some others that are very commonly used are UDP and ICMP. TCP/IP includes a suite of routed protocols allowing for consistent network data transfer and communications.

– The basic formation of a packet is also needed knowledge. As you will find in most packet discussions, we will ignore the layer 1 data, and for conceptual, and most other pursuits this just works, and so is inconsequential for this discussion.

– Here is an outline of the basic packet formation layers 2-4. We will continue to use this format throughout this article:

L2-[Source MAC: XX-XX-XX-XX-XX-XX | Destination MAC: XX-XX-XX-XX-XX-XX]

L3-[Source IP: X.X.X.X | Destination IP: X.X.X.X]

L4-[Source Port: TCP/UDP X | Destination Port: TCP/UDP X]

– Understanding of Sockets and Ports (look for a future post). Every connection made with TCP/IP uses a network socket. A network socket is made up of an IP address and a port. For instance to login to your workstation (2.2.2.2) using a Domain Controller at 1.1.1.1 you would open a connection that looks much like this (view in a netstat -ano output):

TCP 2.2.2.2:1025 1.1.1.1:389 ESTABLISHED

Packets on the wire

As we go through this series we will go over some examples to help understand the progression of a network packet throughout a network segment. We will start off simple and grow to more and more complicated packet transfers, but before we get to the wire we will need to look at how the data is packaged, and so the packet forms. Please forgive the rudimentary drawings, they are done to preserve load times on this webpage. Here is the network diagram we will be working with in entirety, in our discussion we will walk through piece by piece then a final view in entirety.