Secplicity Blog

Cybersecurity Headlines & Trends Explained

How Data Moves Across a Network

 

Building on the Networking Basics article previously written and a high-level overview of How Servers Serve Content, I wanted to write about how data actually moves over a network. That is, what happens when a user on a network node communicates with another networked node. There are two main models that are accepted: the Open Systems Interconnection (OSI) model separates duties into seven distinct layers and the TCP/IP model does so in four distinct layers. Regardless which model you reference, the core concept is the same in that they both separate the duties of transmitting data into different layers. Figure 1 depicts the OSI model, Figure 2 compares and contrasts the OSI model with the TCP/IP suite. 

 

Figure 1: OSI Model depicting its seven layers with example objects in each layer, as well as their data units and function 

 

Figure 2: Comparing and contrasting the  OSI Model vs TCP/IP Model. 

From Host A to Host B 

As an average user, the most common way of interacting with a computer would be via an application. Whether browsing the web, checking emails, or listening to the latest episode of The 443 Podcast, typical usage entails clicking and typing. All the processing that a computer does is in the background and automatic, fortunately, as the technical details can get a tad complicated. When conducting network-based activities, actions are carried out by the underlying operating system (OS) and includes the need to transform a user’s request into a network-appropriate format. After a request is made, it is transformed by the underlying OS into a payload or data (refer to Figure 1 Data unit column values). Since this payload is made at the Application Layer (Layer 7 of OSI, Layer 4 of TCP/IP Model), think of it as that application’s way of formatting the data by means of the specified protocol. If a user is using a web browser, they’ll be making HTTP requests, email usage would entail IMAP/POP3/SMTP, etc. Data on any layer is referred to as a protocol data unit (PDU). Each subsequent layer encapsulates the previous layer’s PDU with that layer’s respective headers and is then sent to the next layer. Since we start on the Application Layer, there is only that layer’s payload data. When that layer’s PDU is sent to the next layer (following the TCP/IP model, it would be Transport Layer but OSI has a few intermediary layers), the PDU is known as a segment if TCP is used as the Transport protocol or datagram if UDP is used instead. Once received by the Transport Layer (most common would be the use of TCP to ensure proper message delivery), this layer encapsulates the Application Layer’s PDU with the source and destination ports. Moving down the line, the Internet Layer would receive the Transport Layer’s PDU, encapsulate it with the source and destination IP addresses, then send the entire packet to the appropriate recipient. Once the recipient’s network gateway device (granted there is one, perhaps a firewall or router, and the server isn’t directly connected to the Internet) receives the packet, it does what it does and finds the actual local host that should receive the data. Gateway devices keep track via port forwarding, or Static NAT’ing, specific service ports to their respective service server system(s). The gateway device, if applicable, would determine the Media Access Control (MAC) address of that system by means of address resolution protocol (ARP), then encapsulate the packet, yet again, into a frame that is then received by the system offering the service. I know, that’s a lot of new terms but there are specific terms used to distinguish the clearly separated duties of each layer. In a more concise and simplified explanation:

  • Host A’s machine encapsulates the users’ request into an Application Layer PDU
  • The PDU gets sent to the Transport Layer and is encapsulated with the appropriate headers (port numbers), transforming the PDU into either a segment (TCP, reliable) or datagram (UDP, not so reliable)
  • Transport Layer’s PDU then gets sent to the Internet Layer and takes the form of a packet At this point, Host B can be local or remote to Host A but the involved hosts are still referenced by IP addresses. If Host B was indeed local, ARP would determine the MAC address and send it directly to Host B as a frame. Should Host B’s MAC address not be resolved, then Host A would send the packet to its network’s gateway device, which would route the packet over the Internet, where Host B’s gateway device would ARP on that side.

Conclusion 

This post can seem like a lot to take in and truthfully, it is. There is more going on behind the scenes, but I hope that this provides some clarity as to what happens when transmitting data over a network - local traffic or requiring Internet routing. To sum up expected takeaways, I’d say that it is important to understand that network requests undergo scrutiny to ensure proper delivery and interpretation between hosts; this includes identifying the sender and receiver of the request, which service ports and protocol is used in the messaging, along with other applicable parameters that may ensure proper message delivery. Both the TCP/IP and OSI models can be used as a reference point but the TCP/IP model simplifies the layers, whereas the OSI model displays more granularity in how transmitted data is acted upon to get from point A to point B. As you read through this blog, refer to the depicted figures as a visual aid to help with your thought process. To recap the new terminology:

  • Payload – the actual data that needs to get from point to point
  • PDU – protocol data unit; the payload data being transmitted between different layers
  • Protocol – explicit details on how data is transmitted between electronic devices; HTTP, IMAP, etc.
  • Encapsulates – the act of taking a PDU and adding a header or footer to it as the PDU is passed between layers of the TCP/IP or OSI models
  • Datagram – a UDP Transport Layer payload; header includes source and destination ports
  • Segment – a TCP Transport Layer payload; header includes source and destination ports
  • Packet – Internet Layer payload; header includes source and destination IP addresses
  • Frame – a Data Link Layer payload; includes headers and footers of payload

  References Kumar, R. (Blogger). (December 1, 2017). OSI MODEL vs TCP/IP MODEL [Figure 2]. Retrieved from http://www.easybib.com/guides/citation-guides/apa-format/how-to-cite-a-photo-digital-image-apa/ Feltus, F. et all (Research Article). (September 2015). The Widening Gulf between Genomics Data Generation and Consumption: A Practical Guide to Big Data Transfer Technology[Figure 1]. Retrieved from https://www.researchgate.net/figure/seven-layer-open-systems-interconnection-osi-model-this-model-of-data-communication_fig2_283175141

Share this:

Filed under: Research