Packet Flow

Welcome back to the next installment in our interview prep series. In our previous article, we covered the IPv4 header, and today we'll explore a crucial topic: packet flow.

Imagine we have two hosts directly connected to each other. Host A has a MAC address of 0A, and Host B has 0B. They've been assigned the IP addresses 10.1.1.1/24 and 10.1.1.2/24, respectively. As we discussed earlier, each host maintains an ARP table where it associates its IP address with its MAC address. These entries are retained for 4 hours. So, Host A would have an entry (10.1.1.1 – 0A), and Host B would have an entry (10.1.1.2 – 0B).

As network engineers, what's the first thing we do with two hosts? Right, we ping from one to the other. Let's say we initiate a ping, which is an echo request from Host A to Host B. This echo request (Type 8) is handed to the Layer 3 (L3) protocol, which encapsulates it into a packet. The IP header adds the source IP as 10.1.1.1 and destination IP as 10.1.1.2, with a protocol field set to 1, indicating the encapsulated data is ICMP. Additionally, it assigns a TTL value of 128 (for Windows), 255 (for Cisco IOS), or 64 (for Linux). Next, this packet moves to the Layer 2 (L2) protocol, which adds an Ethernet header. It reads the MAC address from the ARP table and fills in the source MAC as 0A. However, for the destination MAC address, it checks the destination IP and then the ARP table. Finding no entry, it holds this packet. The Ethernet header also includes a type field with a value of 0x0800 for IPv4 data. However, the frame isn’t fully encapsulated due to the lack of a destination MAC address.

At this point, L2 hands over the responsibility to the ARP protocol to fetch the MAC address of the destination host. ARP generates an ARP request packet with the source IP as 10.1.1.1, destination IP as 10.1.1.2, source MAC as 0A, destination MAC as 00 (empty), and an opcode of 1 (ARP request). This ARP request, encapsulated with source MAC 0A and destination MAC FF (broadcast), type 0x0806 (indicating ARP data), is sent through Layer 1 as bits on the physical medium. Host B receives and accepts this broadcast frame, removes the Ethernet header, and hands the payload to ARP. ARP identifies the packet as an ARP request for its IP address, adds the entry to its table, and generates an ARP reply. This reply contains the source IP as 10.1.1.2, destination IP as 10.1.1.1, source MAC as 0B, destination MAC as 0A, and an opcode of 2 (ARP reply).

Now, this ARP reply, with the correct MAC address of Host B, is encapsulated with an Ethernet header (source MAC 0B, destination MAC 0A, type 0x0806) and sent back to Host A. Host A accepts this frame, and ARP adds the entry to its table. Meanwhile, the ICMP echo request, now equipped with the destination MAC address, continues its journey. However, it's worth noting that an ICMP echo request sets a timer for 2 seconds. If it receives no reply within this timeframe, it will drop the request. This explains why the first packet may be dropped when pinging an unknown host, as ARP may take more than 2 seconds to retrieve the MAC address. Typically, Windows OS generates 4 ICMP echo requests, with pinging starting from the second packet once the MAC address is obtained via ARP.

要查看或添加评论,请登录

Jugal Modi的更多文章

  • Packet-Flow in different networks

    Packet-Flow in different networks

    Welcome back to another article on the journey of cracking an interview. The previous article discussed the packet flow…

  • IPv4 Header

    IPv4 Header

    Welcome back to another article for interview preparation. We have already discussed the basics of switching in all the…

  • Improvements in STP

    Improvements in STP

    PortFast Welcome back to a new article. This article would be quite short and focuses on improvements in STP.

  • STP RECONVERGENCE

    STP RECONVERGENCE

    As this article requires great detail, I took help from the internet and would like to credit INE.com for this.

  • STP Example

    STP Example

    I hope you know the basics of STP, like what are the different port roles and how does it elect a root port and…

  • Introduction to STP

    Introduction to STP

    One of the most important topic for an interview is STP(Spanning Tree Protocol). Let’s start discussing about it.

  • VTP(VLAN Trunking Protocol)

    VTP(VLAN Trunking Protocol)

    Today's article is about VTP, which stands for VLAN Trunking Protocol. It's a Cisco proprietary Layer-2 protocol.

  • Dynamic Trunking Protocol

    Dynamic Trunking Protocol

    Welcome back to a new article on Networking Concepts. Let me first answer the question which was asked in the previous…

  • But what is a VLAN?

    But what is a VLAN?

    As we have already gone through the switching process in previous articles, we must think about a situation where we…

  • Unknown facts about process switching.

    Unknown facts about process switching.

    In the previous article, we learned how a switch learns about MAC addresses and stores them in the CAM table. You can…

社区洞察

其他会员也浏览了