Introduction to TCP/IP and Data Flow
Source: Dev.to
1. Data Flow
Data flow in computer networks refers to the structured movement, management, and transformation of data packets between devices, ensuring efficient, error‑free transmission.
Data flow generally involves preparing data at the source, moving it through network infrastructure (routers / switches), and reconstructing it at the destination.
Direction of Transfer
Data flow can be categorized by direction:
| Mode | Description | Example |
|---|---|---|
| Simplex | One‑way only | Computer → printer |
| Half‑Duplex | Two‑way, but not simultaneously | Walkie‑talkie |
| Full‑Duplex | Simultaneous two‑way communication | Telephone call |
Encapsulation and Decapsulation
Encapsulation
The process of adding protocol information (headers and trailers) to data as it moves down the network stack from the sender.
Decapsulation
The reverse process at the receiver, where each layer removes its corresponding header/trailer to reveal the original data.
2. Network Layers Overview
Layer 1 — Physical Layer
The Physical Layer is responsible for transmitting raw binary data (0 s and 1 s) over the physical medium.
Transmission Types
- Radio transmission – Wi‑Fi, Bluetooth (short distance)
- Microwave transmission – Cellular networks (4G, 5G)
- Fiber‑optic transmission – High‑speed long‑distance communication
Fiber splicing machine joins two fiber cables permanently using an electric arc, minimizing signal loss.
Layer 2 — Data Link Layer
The Data Link Layer (Layer 2 of the OSI model) handles local‑network communication and uses MAC addresses for device identification. It organizes raw bits from the Physical Layer into frames and ensures reliable node‑to‑node transfer.
Key Aspects
| Aspect | Description |
|---|---|
| Sublayers | LLC – handles network protocols and flow control; MAC – manages hardware addressing and medium access |
| Framing | Encapsulates network‑layer packets into frames with a header (source/destination MAC) and trailer (error checking) |
| Physical Addressing | Uses 48‑bit hexadecimal MAC addresses to identify devices on a LAN |
| Error Control | Detects/corrects errors (e.g., Frame Check Sequence / CRC) |
| Flow Control | Regulates data rate to prevent a fast sender from overwhelming a slow receiver |
| Access Control | Determines which device may use the physical medium at any given time |
Quick Reference
| Item | Detail |
|---|---|
| Devices | Switches |
| Address type | MAC address (48‑bit hex) |
| Frame format | Ethernet header |
| Scope | Local network (LAN) |
Important Note
- MAC addresses were designed for delivery, not security.
- They can be spoofed.
MAC Address Spoofing
- Can a device claim another MAC? Yes – this is called MAC spoofing.
- Why switches accept it: Switches operate at Layer 2 and do not authenticate the MAC source.
Layer 2 Security Mechanisms
| Mechanism | What it does |
|---|---|
| Port Security | Limits MAC addresses per port; binds MAC to a specific port; can disable the port on violation |
| 802.1X Authentication | Requires device authentication via a RADIUS server; stronger than MAC‑based security |
| DHCP Snooping | Tracks legitimate DHCP assignments; blocks rogue DHCP servers |
| Dynamic ARP Inspection (DAI) | Validates ARP packets; prevents ARP spoofing |
| Network Access Control (NAC) | Checks device compliance; enforces security policies |
Layer 2 Security Conclusion – Layer 2 was designed for efficient communication, not security. Real security relies on multiple layers (defense‑in‑depth).
Layer 3 — Network Layer
The Network Layer (Layer 3) enables communication between networks using IP addressing and routing. It manages logical addressing, packet routing, and forwarding to ensure data traverses different, interconnected networks.
Key Aspects
| Aspect | Description |
|---|---|
| Routing | Determines the most efficient path from source to destination |
| Logical Addressing | Uses IP addresses to uniquely identify devices across networks (distinct from MAC addresses) |
| Packetizing | Encapsulates transport‑layer segments into packets on the sender and reassembles them on the receiver |
| Forwarding | Moves packets from a router’s input interface to the appropriate output interface |
| Protocols | IP, ICMP, IGMP (among others) |
Devices
- Routers – forward packets between networks (WAN)
Address Type
- IP address (IPv4 or IPv6)
IP Address Spoofing (Layer 3)
Similar to MAC spoofing, IP addresses can be faked.
| Scenario | Effect |
|---|---|
| A – Same‑Network Conflict | Two devices use the same IP → IP conflict → network instability |
| B – Fake Source IP | A device sends packets pretending to be another IP → impersonation, possible denial‑of‑service or man‑in‑the‑middle attacks |
IP Spoofing Countermeasures
- Layer 3 Security Mechanisms
- Ingress / Egress Filtering – Drops packets with invalid source‑IP ranges.
- Unicast Reverse Path Forwarding (uRPF) – Checks if a packet arrived on the correct interface; drops spoofed packets.
- IPSec – Adds authentication and encryption; verifies sender identity cryptographically.
- TTL Monitoring – Detects abnormal hop‑distance values.
- Firewall Rules –
- Blocks private IP addresses on the public side.
- Blocks internal IP addresses on the external interface.
Layer 4 – Transport Layer
The Transport Layer provides communication between applications. It enables end‑to‑end data transfer, ensuring reliability, ordering, and error‑free delivery. It handles segmentation, flow control, and error correction, passing data from the Session Layer to the Network Layer via protocols such as TCP and UDP.
Key Responsibilities & Functions
- Segmentation & Reassembly – Breaks large data units from the Session Layer into smaller segments and reassembles them at the destination.
- Service‑Point Addressing (Ports) – Uses port numbers to direct traffic to specific applications (e.g., HTTP, FTP).
- Connection Control – Offers connection‑oriented service (TCP) for reliable delivery or connection‑less service (UDP) for faster, best‑effort delivery.
- Flow Control – Regulates transmission speed to prevent a fast sender from overwhelming a slow receiver.
- Error Control – Detects errors and triggers retransmissions to maintain data integrity.
- Multiplexing & Demultiplexing – Allows multiple applications to share a single network connection simultaneously.
Protocols
| Protocol | Type | Typical Use Cases |
|---|---|---|
| TCP | Connection‑oriented, reliable | Web browsing, email, file transfers |
| UDP | Connection‑less, best‑effort | Streaming, gaming, VoIP |
Key Concept: Port numbers identify the application or service handling the traffic.
Layer 5 – Session Layer
The Session Layer manages, maintains, and terminates connections (sessions) between applications on different devices. It establishes dialogues, creates checkpoints for recovery, and supports data exchange in simplex, half‑duplex, or full‑duplex modes.
Key Aspects
- Session Management – Establishes, maintains, and terminates connections.
- Dialogue Control – Controls communication flow, enabling full‑duplex or half‑duplex exchanges.
- Synchronization & Recovery – Inserts checkpoints; after a failure, only data after the last checkpoint needs retransmission.
- Protocols – NetBIOS, RPC (Remote Procedure Call), PPTP.
Layer 6 – Presentation Layer
The Presentation Layer acts as a “translator” for the network, ensuring that data sent from one system’s application layer can be understood by another’s.
Primary Roles
- Data Translation – Converts between formats (e.g., EBCDIC ↔ ASCII) for interoperable communication.
- Encryption & Decryption – Secures data using protocols such as SSL/TLS.
- Data Compression – Reduces data size to improve transmission speed (e.g., JPEG, MPEG, GIF).
Common Protocols & Standards
| Category | Examples |
|---|---|
| Text/Data | ASCII, EBCDIC, XML, JSON |
| Security | SSL, TLS |
| Images | JPEG, PNG, GIF, TIFF |
| Video/Audio | MPEG, AVI, MIDI |
Layer 7 – Application Layer
The Application Layer is the topmost OSI layer that directly interfaces with end‑user software (web browsers, email clients, etc.) to initiate network communication. It interprets user intent and manages application‑level protocols, enabling data exchange, authentication, and resource sharing.
Key Aspects
- Function – Provides services directly to applications, allowing software to send/receive data without being the application itself.
- Protocols – HTTP/HTTPS (web), SMTP/IMAP (email), FTP (file transfer), DNS (name resolution).
- Interaction – Transforms user requests into network‑compatible formats and vice‑versa.
- Security & Load Balancing –
- Web Application Firewalls (WAFs) protect against application‑level attacks (e.g., HTTP floods).
- Content‑based load balancing distributes traffic based on request characteristics.
Example: When a user clicks a link, the web browser uses HTTP/HTTPS (Layer 7) to request the page.