I wish to know how my packets travel from my computer to a web server. Please bear with the long post. I will pose lots of question in between and will upvote if you answer any one of them. I am connected to a LAN, where the router gives me the an IP address via DHCP. So, when I switch on my WiFi, I send a UDP broadcast to port 67. The DHCP server receives the broadcast and assigns me an IP address and the DNS server address. Am I correct so far? So now I open my browser and type say "". Browser does a DNS lookup and finds the IP address of It then sends the packet to this address. The computer looks at the dest IP address and looks at its routing table. It sees that the dest IP addr is not on the LAN. So. it send the packet to the default gateway (my router). The router usually provides the DHCP service too.

Q1. The router is connected to my ISP and has a WAN IP and a LAN IP. Is this WAN IP globally visible? or is the router also part of a ISP LAN?

Assuming the router has a globally visible IP address. At this point, it should change the src IP address to its own WAN IP address. The router has a WAN MAC address too. Does it change the src MAC address too? I presume each subsequent router which does not have a globally visible IP address will change the src IP address to its own IP address. I am little confused about this.

Q2. Assuming somehow the packets reach the server and I receive a reply back. How does the LAN router know who this packet is for? Does it use NAT to find this out? Does it use MAC (if it did not change the MAC above)? When does ARP come into the picture?

I know there are two type of switches (Layer 2 and Layer 3). What kind of switches are the typical routers (Linksys etc.)?

I know I am asking too many questions and many/all of them might be noobish/dumb. But I really want to know the answers. Please point out if I missed anything in describing the system. I would appreciate if you can provide links to blogs/articles etc.


I'll give it a shot...

Your first paragraph sounds correct so far (although with various levels of detail, like "the browser does a DNS lookup" which involves quite a few more systems).

Q1: Your WAN IP is usually globally visible, but there are cases where there is actually another ISP formed LAN between you and the internet. When you connect with a mobile phone for example, many ISPs implement carrier-grade NAT, so many mobile phones share the same public ip.

Your second paragraph ist not correct. NAT devices like your box at home change your private lan ip adress to your public WAN address, but all subsequent routers don't change src ip addresses, so your packet arrives at the webserver with your public wan adress in its SRC field. What changes from router to router is the src/dst mac address. Every router will set the dst mac address to the next routing hop.

Q2: Your lan router has a NAT table. This table contains the source port your router used to send the request packet and the corresponding internal ip address. The reply packet will have this port number as destination port. The lan router will then know to which internal client this packet belongs to, replace the destination IP to your internal LAN ip and the destination port to the source port that was used to initiate the connection by your internal device. ARP comes into place to find the MAC adress of a device in the same LAN. The router asks "hey, I have a packet for and I know this IP is somewhere here in that lan, who is it? please gimme your mac address" - the device will then send a ARP response packet containing its MAC address.


Thanks a lot for replying. When I said "I presume each subsequent router which does not have a globally visible IP address will change the src IP address to its own IP address" I meant to ask what happens in the case of an ISP formed LAN? I guess there will be Layer 2 switching (and possible SrcIP replacements) but once the packet reaches a router (with global WAN IP) there will be only Layer-3 routing from there on with no replacements. – Bruce – 2011-06-25T19:10:27.113

If you're in an ISP lan, then there might be several layer 2 switching and several layer 3 routers before you reach the globally visible gateway, that gateway will do NAT (replace the source IP address for outgoing packets and replace the destination address for incoming packets), but the routers inbetween will not replace the IP address. The layer 2 addresses will be replaced, as layer 2 is normally just point to point. – nos – 2011-06-26T11:32:14.167


This question is challenging to answer completely due to the details of the many related issues; however, there are fantastic books on this subject. The one that was most helpful to me was Doug Comer's Internetworking with TCP/IP; I have paid for the cost of that book thousands of times over with the knowledge I gained (and the value my employers placed on it). If your local library has a decent technical section, you should be able to find a copy, even if it's dated (and that shouldn't matter... even the old editions were outstanding).

To address your questions specifically:

  • Q1:

    • Ethernet -> Ethernet mac-addresses have a link-scope and are different for each distinct routed-ethernet-link taken through the network. Destination Mac-Addresses come from ARP; source Mac-Addresses (normally) come from the address burned into the ethernet NIC's HW.
    • IP -> Public IP addresses (such as those from your ISP) have a global scope and should not change, unless there is an administrative issue involved (such as a NAT implementation).
    • NAT -> Your local FW or NAT router normally has two interfaces, one with a local (private) IP address, and the other with a global (public) IP address. When traffic passes through that NAT router, IP and TCP session information in your packets is rewritten and tracked in a connection-state table.
  • Q2:

    • ARP -> ARP is used when a device has a destination IP address, but does not have a current ethernet mac-address associated with that IP address.
    • NAT -> Your NAT router knows how to deliver return traffic, because it inspects the IP / TCP / UDP session information (such as TCP or UDP port number) and remaps back from the translated public address it assigned to your private address (on your LAN)

