2

I can't visualize in my mind the network traffic flow. eg. If there are 15 pc's in a LAN

  • When packet goes from router to local LAN, do it passes all the computers?
  • Does it go to the ethernet card of every computer and those computers accept the packet based on their physical address?
  • To which pc the packet will go first? To the nearest to the router? What happens if that first pc captures that packet(though it is not for it)?
  • What happens when a pc broadcast a message? Do it have to generate 14 packets for all the pc's or only one packet reach to all pc's? If it is one packet and captured by first pc, how other pc's can get that?

I can't imagine how this traffic is exactly flows? May be my analogy is completely wrong. Can anybody explain me this?

Kyle Brandt
  • 82,107
  • 71
  • 302
  • 444
user58859
  • 518
  • 3
  • 7
  • 17
  • 15
    For once I'm actually *hoping* this is a homework question, please tell me you have literally zero responsibility for network management. – Chopper3 Jan 13 '11 at 15:36
  • 1
    @Chopper, judging by the OP's other questions I think this is a student. – tombull89 Jan 13 '11 at 15:49
  • 3
    I tried to picture clusters of information as they move through the computer. What did they look like? Ships? Motorcycles? Were the circuits like freeways? I kept dreaming of a world I thought I’d never see. And then, one day, I got in. – Tom O'Connor Jan 13 '11 at 17:25
  • 2
    this is not a homework question. Yes, I am a student. I just want to learn and there is nothing more than that. – user58859 Jan 13 '11 at 18:31
  • @Tom O'Conner: I was sorely tempted to comment that myself. – tombull89 Jan 14 '11 at 10:38
  • @tombull89 I couldn't resist. – Tom O'Connor Jan 14 '11 at 12:08

6 Answers6

22

The exact procedure depends on the type of networks, the topology, and the equipment. I will attempt to describe the process with regard to most Ethernet networks.

Terms:

  • MAC Address: Like a Social Security Number. It doesn't change as you move
  • IP Address: Like an address, when you move (over long distances), it changes.
  • TCP Packet: Data with TCP Port information (sometimes referred to as a TCP Segment)
  • IP Datagram: Data with IP information
  • Ethernet Frame: Data with MAC information

The IP Address is divided into two parts, the network and the node. The subnet you configure on your computer or router determines what network an IP address is on. You need to configure an interface with an IP Address (and subnet) to route to it.

Depending on your router, there are several things that might happen when it receives a packet:

Home Router (NAT Gateway)

  1. Packet comes in on Router
  2. Router extracts IP address from IP Datagram
  3. Router checks destination, 3. If the address is not the current router, it usually drops the packet (read below if its more than a NAT gateway)
  4. Router extracts port number from the packet 5 Router checks forwarding tables to see if that port is associated with an internal IP Address
  5. If yes: Delivers it (see below)
  6. Otherwise: Drop

"Real Router"

  1. Packet comes in on Router
  2. Router extracts IP address from IP Datagram
  3. Router checks to see if it is a part of destination IP network
  4. If yes: delivers it (see below)
  5. Otherwise, check the TTL (also from the IP Datagram) to see if it should be dropped or signalled as undeliverable.
  6. If still deliverable, check routing table for network destination, forward it to next router if known.
  7. Otherwise, forward it to the default gateway, drop the packet, or send it an ICMP response that its undeliverable. (depends on configuration)

Delivery (Ethernet)

  1. Router checks to see if IP address is in its ARP table (IP address to MAC addresses).
  2. If not, send an ARP request to locate the MAC address.
  3. Once an ARP response is recieved, send the packet to that MAC address.

The ARP request is a broadcast frame, so every computer sees the request. If there is no response, it may be silently dropped or responded to. The router only sends one frame for the broadcast (if its also bridge, it may send it out on each interface the bridge is on). To send broadcast frames, there is a special address called the Broadcast Address. On Ethernet networks, the address is FF:FF:FF:FF:FF:FF (all 1s in binary).

Bridges (including switches) recognise frames directed to FF:FF:FF:FF:FF:FF as a broadcast, and transmit it on every port. Some bridges (like managed switches), keep track of ARP requests themselves, so that they do not need to broadcast and simply reply with what's in their ARP cache. Firewalls can be configured to block these broadcasts, but it may have decremental effects to the IP network (the sides of the firewall can no longer talk to each other without a router).

Getting from the router to the node depends on the hardware (usually a bridge, a switch, or a hub)

Bridge

A bridge takes things input from one port, and sends it to one (or more) ports. Technically, switches are bridges, but a Firewall or Wireless Access Point are also bridges.

Switch

A switch remembers which port has which MAC address. (Usually, it'll learn it from the ARP response). The switch will send the frame (which contains a packet), to the destination port. In the rare instances that the switch doesn't know the MAC address, it behaves like a Hub and sends the information to every address.

Hub

A hub will not remember which port has MAC address. A hub will always send the frame to every port. There are a lot of problems (like collisions) associated with hubs.

Delivery (again)

Finally, the frame at this point will continue until on hubs and switches until it reaches its destination or is dropped. Things like STP exist to prevent it from being forwarded forever.

Reece45
  • 709
  • 4
  • 15
  • 1
    That's a nice answer. – Chopper3 Jan 13 '11 at 16:45
  • "The ARP request is a broadcast request, so every computer sees the request." Can you tell me how every pc can get the ARP broadcast? What this broadcast exactly mean? it's a packet? Do the router generate separate packet for each pc? (sorry for the same question again but I am unable to understand.) – user58859 Jan 13 '11 at 18:36
  • @chopper3 Thanks, I hope I made it nicer :) – Reece45 Jan 13 '11 at 20:34
  • 1
    @user58859 I've updated the question to answer your question. The router only sends out one ARP request and sends it to FF:FF:FF:FF:FF:FF (a broadcast address). All of the bridges/switches/hubs are responsibly for sending that ARP request to every port that's connected. – Reece45 Jan 13 '11 at 20:34
  • +1 -- Welcome to Serverfault ALreece – grufftech Jan 13 '11 at 22:02
  • +1 for an overall excellent answer however I don't agree with the distinction you make between Bridges, Switches and Hubs. This is more of a minor quibble about definitions though - the 802.1D standard defines what a bridge is and the common understanding of what a hub is can't be a bridge. This classic SF question digs into the origin of the term Switch extremely well and comes to the conclusion that the key difference is that "Switch" is a really just a commercial term http://serverfault.com/questions/78184/whats-the-difference-between-a-bridge-and-a-switch . – Helvick Jan 14 '11 at 09:34
  • @Helvick I'm not sure I got it from the link, but I understand the difference now. I've updated the answer, I hope it fixes that distinction. – Reece45 Jan 14 '11 at 11:16
4

May I suggest you read the excellent article family on Wikipedia regarding Ethernet?

Sven
  • 97,248
  • 13
  • 177
  • 225
  • -1 - no, because that's not what we're here for – Mark Henderson Jan 13 '11 at 22:08
  • Mark, I (obviously) disagree. I don't see any value in duplicating effort when a link to a good resource will explain the topic, especially in a case like this where the question is about a fundamental concept. If there are questions open after reading the resources, that's where SF get useful. – Sven Jan 13 '11 at 23:03
3

For a very simplistic, but well done overview of how packets in the internet work, there is an old animated movie that describes it well. The short movie is nicely done, and a good intro for non-techie types. Go to Warriors of the Net and look for the movie link.

Bill
  • 131
  • 2
2

First make sure you have a good grasp on the OSI model layers. In this case, particularly Layer 2 (The Data Link Layer) and Layer 3 (The network Layer). Since we are talking about packet flows on a LAN -- We are mostly talking about Layer 2.

Computers are generally plugged into a network switch (Which are Layer 2 devices) these days. Because of this the switch will only send the packet to a specific physical destination port that has the Layer 2 Hardware address (MAC Address) of the PC that the packet is destined for registered in the switch's MAC address table.

(There used to be hubs and the packet would be sent to all computers, and the computer just ignored ones that were not destined to it -- these are not very common any more)

There are a lot of pieces to having a good grasp on packet flows even at the LAN level. The OSI model will help you organize the pieces of information until you have enough pieces to put it all together.

Kyle Brandt
  • 82,107
  • 71
  • 302
  • 444
1

The answer to this is "it depends". However, the most common answer today is a bit more precise. In most current systems, a router is connected to a switch. Any PCs on the router's LAN are also connected to that switch, possibly through an intermediate switch. The switch knows what MAC addresses are connected to it, and can ask (via an ARP request) who has the IP address of the packet's destination. Once it knows that, it knows where to send the packet. Broadcast packets would go out to all the switch's ports.

In shared-media situations (old-style hubs), it's a little different, in that all the systems connected to the hub will see every packet, but the network stack is set up (typically) to ignore packets that aren't broadcast, or sent to the system's IP address. This is a lot less common now, however, as most networks use switches instead of hubs.

Harper Shelby
  • 441
  • 2
  • 4
0

See if you can get a copy of cisco packet tracer. It's really handy when learning about these things.

Sirex
  • 5,447
  • 2
  • 32
  • 54
  • Warning though: Packet Tracer is a simulator and does not implement (correctly) all routers features. – petrus Apr 13 '12 at 17:30