Journey of a Data Packet in the Internet

by Himanshu Arora on August 8, 2012

While majority of the end-users doesn’t care how Internet works, some of you might be curious to understand the basics of how Internet works.

In this article we will try to peel off the first layer on this topic to understand how Internet works by elaborating the journey of a data packet from its source to destination on the Internet. From this perspective, we’ll try to keep the content of this article fairly basic.

Before going further, lets first quickly and briefly understand the concepts of DHCP and DNS.

DHCP

Have you ever thought how your computer gets an IP address? Well, it is important to know that there are two ways through which a computer gets an IP address. One is static while the other is dynamic.

Static method is the one in which the computer administrator manually sets the IP address to the machine. If your machine is connected to a network like LAN then one thing is to be kept in mind that the IP address being set should not be the same as the IP address of any other machine on the same network as this may lead to IP address conflict and none of the two machines will be able to access the internet.

Dynamic method is the one in which the computer (on system boot) asks a server to assign an IP address to it. The protocol used for this process is known as Dynamic Host Control Protocol (DHCP). The server referenced here is known DHCP server. This server is responsible for assigning IP addresses to all the computers on the network. It is the responsibility of the DHCP server to make sure that there is no IP address conflict. If one of the machine goes down and then again boots up then a fresh DHCP request is sent to the server which may assign the same or some different IP address this time.  Usually a pool of IP addresses is given to the DHCP server and it uses only those IP addresses for assignments. This is done to safely use other IP addresses for static assignments without any conflict.

DNS

Most of us would have used google.com for internet search but have you ever thought on how it is made sure that typing google.com in our web browser will actually contact the correct server? Well, to understand this, we need to understand the concept of Domain name server (DNS).

In real life as people are identified by their name, similarly in computer networks, individual computers are identified through the IP address assigned to them. IP addresses can be of two types : public and private. Usually the servers use public IPs as they are contacted by millions of computers world wide. While your computer which is connected behind the router is usually assigned private IP. Since there is a limited number of public IPs that are available so the concept of private IPs in a network (behind a router with public IP) has grown popular and successful. The broader level concept used for this is known as NAT or Network address translation.

Remembering IP address is a bit difficult task for humans so each server also has a name (like google.com). So, end users just need to remember the name and type it in their web browser and hit enter. Now, the lets come to the story about what happens when the user hits enter after typing name in web browser. The first thing which is required is to convert the domain name to the corresponding IP. To accomplish this, a request is sent to the default gateway (which in most of the cases is the router) to contact the DNS server. The router has a configured DNS server IP to which this request is sent.

DNS servers are used to convert the domain name to IP address. When a request is received by the DNS server, it checks whether it has the required information. If this conversion information is not present then the DNS server forwards this request to the other DNS server. In this way, the domain name to IP address conversion is done and is sent back.

Once the IP is known then a normal HTTP GET request to that particular IP is made and things move on.

Post DNS, how things move on?

To understand the following explanation one should have a basic knowledge of TCP/IP protocol suite layers. Still we’ll try to keep the explanation basic here.

  • Once the IP address is known through the DNS process, an HTTP GET request is prepared at the application layer. This request is then forwarded to the Transport layer.
  • There are two protocols (TCP and UDP) that are majorly used at this layer. It is at this layer the requests are encapsulated in form of transport layer packets. If TCP is being used then it also takes care that packet size should not exceed lowest MTU in the path between source and destination. This is done to avoid fragmentation of packet somewhere in the middle of its journey. On the other hand if UDP is being used then this special care is not taken and as a result packets can get fragmented.
  • Once the packet is formed at transport layer, it is pushed to the IP layer. This layer adds the information related to source and destination IP addresses and some other important information like TTL (time to live), fragmentation information etc. All this information is required while the packet is on its way to the destination.
  • After this the packet enters the data link layer where the information related to MAC addresses is added and then the packet is pushed on to the physical layer. So a stream of 0′s and 1′s is sent out of your NIC onto the physical media.

If the destination of the packet is not directly connected to the source computer then through the routing information present on the source computer, the packet is transmitted to the nearest relevant computer node. There can be various nodes in a network like routers, bridges, gateways etc. Each entity has its own importance like a router is used for forwarding the packet, a bridge is used for  connecting networks using same protocol while gateways are used for connecting networks with different protocols.

If we consider a basic network then routers are the main agents which play a vital role in forwarding the packet from source to destination. When the packet first leaves the source computer then the mac address of the relevant router (to which the packet is being transferred) is used as its destination mac address.

When the packet reaches to that router, then the router performs the following action :

  • It decreases the TTL value and recomputes the check-sum of the packet.
  • The router searches its routing information table for the complete host address as specified by the packet’s destination IP address. If found then router takes action to forward the packet to the relevant host.
  • If no such entry is found then the table is searched for the network address derived from the destination IP. If found then router forwards the packet to that particular network.
  • If above two checks fail then the packet is transferred to the the default router as derived from the default entry in its routing information table.

In any of the above cases, whenever the packet is transferred by router to some other router or to the destination, the destination mac address of the packet is changed to the immediate router or destination to which it is being sent. In this way the IP address information in the packet remains the same but the destination mac address changes from one router to another.  So in this way, the packet travels from one router to another until it reaches the destination.

Now, at the destination:

  • The packet is first received at the physical layer which issues an IRQ to the CPU to indicate that some data is arrived and is waiting to be processed.
  • After this the data is sent up to the data link layer where MAC layer is checked to see if this packet is indeed for this computer only.
  • If the above check is passed then this packet is passed to IP layer where some IP address checks and check-sum verifications are done and then it is passed on to the relevant transport layer protocol.
  • Once this is done, then from the knowledge of the ports the information (or the HTTP GET request in our case) is passed on the application listening on that port.
  • This way the request reaches the google web server.

After this the response is formed and transmitted back in the same way as described above.

There you have it. This is how a data packet travels from source to destination in the Internet.


Linux Sysadmin Course Linux provides several powerful administrative tools and utilities which will help you to manage your systems effectively. If you don’t know what these tools are and how to use them, you could be spending lot of time trying to perform even the basic administrative tasks. The focus of this course is to help you understand system administration tools, which will help you to become an effective Linux system administrator.
Get the Linux Sysadmin Course Now!

If you enjoyed this article, you might also like..

  1. 50 Linux Sysadmin Tutorials
  2. 50 Most Frequently Used Linux Commands (With Examples)
  3. Top 25 Best Linux Performance Monitoring and Debugging Tools
  4. Mommy, I found it! – 15 Practical Linux Find Command Examples
  5. Linux 101 Hacks 2nd Edition eBook Linux 101 Hacks Book

Bash 101 Hacks Book Sed and Awk 101 Hacks Book Nagios Core 3 Book Vim 101 Hacks Book

{ 28 comments… read them below or add one }

1 Faisal Hasan August 8, 2012 at 10:35 am

Is it possible to have multiple domain name against a single IP address?
thanks and regards, Faisal

2 vellingiri August 8, 2012 at 10:53 am

Great explanation. Nice tutorial.

3 Jalal Hajigholamali August 8, 2012 at 12:41 pm

Hi,

thanks, helpful article….

4 Biff Martin August 8, 2012 at 3:49 pm

Long and drawn out explanation of how a packet travels between client and server. I could boil this down to just two short paragraphs if you asked me.

5 Anonymous August 8, 2012 at 5:44 pm

Excellent explanation!!

6 vr@gon August 8, 2012 at 5:45 pm

Excellent!!

7 shanil August 8, 2012 at 7:27 pm

Hi Biff Martin, at least he has given a beautiful explanation and using TGS he educates people from all over the world. Please if you cant appreciate his work then i suggest you open your own site and explain things the way you like. Guys are like you should atleast appreciate that someone is doing something and not start jumping up and down like that. I teach CCNA and i have given this explanation to my students and now they say they have understood it well.

No hard feelings.

8 Rocky August 8, 2012 at 8:16 pm

Hi Biff,

Yes, please show your comments for the same.

BR
Rocky

9 Avinash August 8, 2012 at 8:41 pm

Thank You.
Very helpful article.

10 Ethan August 9, 2012 at 4:14 am

as plain as I expected,but could do better if give some Debian Linux examles

11 Nick August 9, 2012 at 11:19 am

A good explanation for people who are just learning about some of these things. My computer classes barely touched on networking, all we learned was the names of the layers.

12 Walter August 9, 2012 at 12:15 pm

DHCP is Dynamic Host Configuration (not Control) Protocol

13 Tariq August 9, 2012 at 2:43 pm

Nice.

You could complete the packet journey by describing how the packet travels back to the source.

14 Jem Stanners August 9, 2012 at 5:40 pm

As always, very helpful. I have been teaching computers and electronics for nearly 40 years now, and I personally find that you take a very nice middle-of-the-road difficulty level on your explanations without hiding behind jargon. I always learn SOMETHING from your posts, and if it is a new topic to me, it is never too difficult either.
The hardest thing in teaching technology is to decide what level to pitch your presentation to, and you do it brilliantly.
Two paragraphs? I could say it in two WORDS. “It works.” But that wouldn’t help anyone! LOL
So stick with what you do. Nobody else is doing it as well as you. In fact, your dedication to helping others is fantastic. I for one hope that you are able to keep it up for many years to come! Best Regards..

15 Mayank August 10, 2012 at 2:09 am

V.Well written. Thanks

16 Swapnil August 10, 2012 at 9:58 am

Great work. Really appreciate your time and hard work in putting up difficult as well as obvious articles which do require a detailed explanation. Hats off! Keep up the good work.

17 Suhail August 10, 2012 at 12:31 pm

Fantastic explanation

18 Santhosh August 17, 2012 at 10:34 pm

Great article.
Really helpful in getting clear idea about packet journey.

19 Karthigayan August 18, 2012 at 1:06 am

Superb article.Crisp and Clear .Thumbs Up !!!!

20 Anonymous August 22, 2012 at 2:06 am

very good article !

21 Zach August 27, 2012 at 10:18 am

Great article! Always informative for any level. The one gripe I have is I’d like to see more visual aids in these articles. I’m a very visual learner, and I know others out there are the same. Visual aides really drive home to make a solid point.

22 Anonymous March 29, 2013 at 12:21 pm

Best article …very informative thank you very much.

23 Anonymous April 10, 2013 at 12:36 am

very good article. beginners like me can understand very well since u have not used any technical words

24 Rafael May 14, 2013 at 6:31 pm

This documents are a great source of information. I used them all the time in my classes. I would love to have follow up questions related to the article that can be assigned to the students. Thank you.

25 Anonymous May 20, 2013 at 9:03 pm

its dynamic host configuration protocol… i just loved your article.. thnx :)

26 Network Novice May 27, 2013 at 10:13 am

Excellent article! You made a confusing topic, understandable. Thx

27 Cody February 28, 2014 at 10:45 pm

Re: “Is it possible to have multiple domain name against a single IP address?
thanks and regards, Faisal”

Yes. You can also have aliases (canonical names aka CNAMES in DNS speak) for the same name (e.g., if google.com maps to 74.125.224.166 – which it does, among many others [yes you can have more than one IP per domain too] then you can also have an alias http://www.google.com which maps to 74.125.224.166 by way of mapping to google.com. google does not use CNAMES in this case). If you really want more information look up DNS A records, DNS PTR (that is the reverse of A records) records and DNS CNAME records (it might not be for the faint of heart, though… I don’t know as I’ve never had a problem with DNS or networking). For IPv6 the A record is known as AAAA record.

28 Cody February 28, 2014 at 10:48 pm

Meh, the site converted the name I used for the alias to a URL. Any way, let me try it a different way: you can alias www to point to the name of domain without the www, and the same with other names (meaning www is not the only one you can alias). This is known as a DNS CNAME record (there are some limits to it related to other record types though but I won’t get into that).

Leave a Comment

Previous post:

Next post: