Layer 3: Network

The Network Layer (Layer 3) of the OSI model is responsible for logical addressing, routing, and forwarding data packets between devices across different networks. Its key function is to determine the optimal path for data to travel from the source to the destination, even if they are on different networks. This layer abstracts the underlying physical networks, enabling the formation of an internetwork, which allows seamless communication between devices regardless of their physical location or network topology.

Several key protocols operate at Layer 3 of the OSI model. Some prominent ones are:

IP (Internet Protocol)

  • IPv4: The most widely used version of IP, employing 32-bit addresses, which supports approximately 4.3 billion unique addresses. It provides the foundation for communication on the internet by defining how data packets are addressed and routed.

  • IPv6: Developed to overcome the limitations of IPv4, it uses 128-bit addresses, offering an exponentially larger address space, along with improved efficiency, security, and performance enhancements.

ICMP (Internet Control Message Protocol): Primarily used for error reporting and diagnostics in network communication. ICMP messages help manage and control the flow of data and include tools such as:

  • Ping: Uses echo request and reply messages to test connectivity between devices.

  • Traceroute: Helps map the route data takes through the network by identifying each hop.

  • Various error messages (e.g., destination unreachable, time exceeded) help diagnose network issues.

Internet Protocol

The Internet Protocol (IP) is the central protocol in the suite of protocols that form the foundation of the internet. Operating at the network layer (Layer 3) of the OSI model, IP is responsible for logical addressing, routing, and the fragmentation and reassembly of data packets. It enables communication between devices on different networks by providing a standardized method to identify and locate hosts.

IPv4

The most widely used version of IP, it employs 32-bit addresses. Each IPv4 address is represented as four sets of octets (8-bit numbers) separated by dots. For example, an IPv4 address might look like 192.168.1.1. IPv4 provides a finite address space (approximately 4.3 billion addresses), which led to concerns over address exhaustion and the development of a more expansive protocol.

IPv6

Developed to overcome the limitations of IPv4, IPv6 offers a much larger address space using 128-bit addresses. This exponentially increases the number of unique addresses available. IPv6 addresses are written in hexadecimal notation, typically represented in eight groups separated by colons. An example of an IPv6 address is 2001:0db8:85a3:0000:0000:8a2e:0370:7334.

IP Functionality

Logical Addressing

IP addresses act as logical addresses assigned to network interfaces, uniquely identifying each device on the network. These addresses are hierarchical, meaning they are structured to represent network and host portions, making routing more efficient. They can be organized using network classes, subnets, and CIDR (Classless Inter-Domain Routing) notation.

An IP address like 192.168.1.10/24 includes the network portion 192.168.1 and the host portion 10, with a subnet mask of /24 indicating the first 24 bits represent the network.

Packet Structure

IP organizes data into packets for transmission. Each packet consists of a header and a payload (data). The header contains important information such as:

  • Source and Destination IP (where the packet is from and where it's going)

  • Version Number (IPv4 or IPv6)

  • Time-to-Live (TTL) (limits how long the packet can traverse the network)

  • Protocol Type (specifies whether the packet carries TCP, UDP, or another protocol).

Example: In an IPv4 packet, the header could look like: Source IP: 192.168.1.1, Destination IP: 8.8.8.8, TTL: 64.

Fragmentation & Reassembly

IP allows the fragmentation of large packets into smaller pieces when they pass through networks with different Maximum Transmission Unit (MTU) sizes. The receiving host then reassembles these fragments into the original packet, ensuring data integrity across diverse network environments.

IP Addressing Type

IP addresses are classified based on communication methods:

  • Unicast: One-to-one communication. Example: A device sending data directly to another device at 192.168.1.5.

  • Broadcast: One-to-all communication within a subnet. Example: A broadcast address like 192.168.1.255 sends data to all devices on that subnet.

  • Multicast: One-to-many communication to a specific group of devices. Example: A multicast address like 224.0.0.1 is used to send data to multiple designated devices.

Subnetting

Subnetting divides a large network into smaller, manageable sub-networks. This enhances network efficiency by reducing broadcast traffic and improving security by isolating portions of the network.

Example: Subnetting a network with the IP 192.168.1.0/24 into smaller subnets like 192.168.1.0/26 (with 64 addresses) or 192.168.1.0/28 (with 16 addresses).

IP Header Format

The IP header format defines various fields that contain binary values used by IPv4 services to forward packets across networks. Key fields include:

  • IP Source: Indicates the source IP address, i.e., the originating device of the packet.

  • IP Destination: Indicates the destination IP address, i.e., where the packet is being sent.

  • TTL (Time to Live): An 8-bit value that represents the remaining life of the packet. It limits the number of hops a packet can take through the network before being discarded, preventing infinite loops.

  • ToS (Type of Service): An 8-bit binary value used to prioritize packets, determining the quality and precedence of the packet’s handling across the network.

  • Protocol: An 8-bit value indicating the type of data payload the packet is carrying, such as TCP, UDP, or ICMP.

A table of the key IPv4 header fields with detailed purposes:

Field
Purpose

Version

Specifies the IP protocol version (e.g., 4 for IPv4).

IHL (Internet Header Length)

Indicates the length of the header in 32-bit words. This helps in determining where the data starts.

Type of Service (ToS)

Provides information on the priority of the packet and how it should be handled (used for Quality of Service (QoS) purposes).

Total Length

Defines the entire length of the IP packet (header + data) in bytes.

Identification

Used to uniquely identify fragments of a packet. All fragments of a packet have the same identification number.

Flags

Control or identify fragmentation, including a "Don't Fragment" (DF) and "More Fragments" (MF) bit.

Fragment Offset

Indicates the position of the fragment in the original packet, used for packet reassembly.

Time to Live (TTL)

Limits the number of hops a packet can take. Each router that forwards the packet decreases the TTL value by 1, and when TTL reaches 0, the packet is discarded.

Protocol

Specifies the higher-level protocol used in the data portion (e.g., TCP, UDP, ICMP).

Header Checksum

Verifies the integrity of the header by calculating a checksum and comparing it on each hop.

Source Address

Contains the 32-bit IP address of the sending device.

Destination Address

Contains the 32-bit IP address of the receiving device.

Options

Optional field for additional functionalities, such as security or route recording.

Padding

Ensures the header is a multiple of 32 bits (if necessary).

IP Address

An IP (Internet Protocol) address is a unique identifier assigned to each device connected to a network, enabling devices to communicate with each other. It serves as both the logical address for identifying the device and locating it within a network.

Construction

An IP address is typically written in dotted decimal format, separated by periods, such as 192.168.1.1 for IPv4. Each number (octet) represents 8 bits of the total 32-bit IPv4 address.

An IPv4 address consists of two main parts:

  1. Network Portion: Identifies the specific network the device is on. This is the first part of the address.

  2. Host Portion: Identifies the specific device (or host) within the network. This is the second part of the address.

Example (IPv4: 192.168.1.1/24):

  • 192.168.1 is the network portion.

  • 1 is the host portion.

  • /24 indicates that the first 24 bits of the IP address represent the network, leaving the remaining bits for hosts.

Reserved IP Address

Certain IP addresses are reserved for specific purposes and are not assignable to devices for general use. Examples include:

  • Loopback Address (127.0.0.1): Used for testing and diagnosing a local machine.

  • Private IP Ranges: Reserved for internal network use:

    • 10.0.0.0 – 10.255.255.255

    • 172.16.0.0 – 172.31.255.255

    • 192.168.0.0 – 192.168.255.255

  • Broadcast Address (255.255.255.255): Used to send messages to all devices on a network.

  • APIPA (169.254.x.x): Automatically assigned if a device cannot obtain an IP address via DHCP.

Wireshark Example

[Practical with Wireshark]

In a typical Wireshark capture of an HTTP request, you'll see the following encapsulated layers:

  • Frame 1: Captures the entire Ethernet frame.

    • Ethernet II: Source MAC, Destination MAC, EtherType (IPv4).

    • Internet Protocol Version 4: Source IP, Destination IP, TTL, Protocol (TCP).

    • Transmission Control Protocol: Source Port, Destination Port, Sequence Number, Flags (SYN).

    • Hypertext Transfer Protocol: HTTP Request (e.g., GET /index.html).

Frame 1: 66 bytes on wire (528 bits), 66 bytes captured (528 bits) on interface ens33, id 0
Ethernet II, Src: 00:0c:29:9b:39:aa, Dst: 00:50:56:c0:00:01
    Destination: 00:50:56:c0:00:01 (VMware, Inc.)
    Source: 00:0c:29:9b:39:aa (VMware, Inc.)
    Type: IPv4 (0x0800)
Internet Protocol Version 4, Src: 192.168.1.100, Dst: 203.0.113.5
    0100 .... = Version: 4
    Total Length: 52
    Source: 192.168.1.100
    Destination: 203.0.113.5
Transmission Control Protocol, Src Port: 49152, Dst Port: 80, Seq: 0, Flags: SYN
    Source Port: 49152
    Destination Port: 80
    [SEQ/ACK analysis]
Hypertext Transfer Protocol
    GET /index.html HTTP/1.1
    Host: www.example.com

ICMP

ICMP is a protocol closely associated with IP and is used primarily for error reporting and network diagnostics. It helps identify network issues by sending control messages between devices.

Common ICMP messages include:

  • Echo Request and Echo Reply, used in tools like ping to check network connectivity.

  • Destination Unreachable: Sent when a packet cannot reach its destination.

  • Time Exceeded: Used in traceroute to show where packets fail.

DHCP

DHCP is a protocol used with IP to dynamically assign IP addresses to devices on a network, automating and simplifying the configuration process.

DHCP enables devices to automatically receive an IP address, subnet mask, default gateway, and DNS server information without manual configuration. This is especially useful for large networks where managing IP addresses manually would be cumbersome.

Last updated