Computer Networking Fundamentals
How data moves across networks — the layered model, IP addressing, TCP vs UDP, the three-way handshake, HTTP/HTTPS, DNS resolution, and why TLS matters.
- Identify the five layers of the networking stack and the responsibility of each
- Explain how IP addressing and subnetting divide the internet into routable blocks
- Contrast TCP and UDP in terms of reliability, ordering, and overhead
- Describe the TCP three-way handshake and explain its purpose
- Trace an HTTP/HTTPS request from DNS resolution to response
- Explain what TLS provides and why plain HTTP is unsafe for sensitive data
The internet is not a single technology — it is a stack of agreements. Each layer of the stack solves one problem and presents a clean interface to the layer above it, hiding the complexity below. Understanding the layers lets you debug network problems systematically: when something fails, each layer is a distinct hypothesis to test, and the tools (ping, traceroute, curl, Wireshark) each operate at a specific layer.
The layered model
The conceptual framework most useful for application developers is a five-layer model:
Layer 5: Application HTTP, HTTPS, DNS, SMTP, WebSocket
Layer 4: Transport TCP, UDP
Layer 3: Network IP (IPv4, IPv6), ICMP, routing
Layer 2: Data link Ethernet, Wi-Fi (802.11), ARP
Layer 1: Physical Copper wire, fibre, radio wavesPhysical layer — bits on a wire (or in the air). Voltage levels, signal frequencies, and timing. A Wi-Fi card and an Ethernet card speak completely different physical protocols but both deliver frames to the data-link layer above.
Data-link layer — frames between directly connected devices. An Ethernet frame carries a source MAC address, a destination MAC address, and a payload. MAC addresses identify a physical network interface; they are only meaningful within a single network segment. ARP (Address Resolution Protocol) maps IP addresses to MAC addresses on a local network.
Network layer — packets between hosts anywhere on the internet, using IP addresses as the global addressing scheme. Routers operate at this layer: they read the destination IP address of each packet and forward it toward its destination.
Transport layer — conversations between specific processes on hosts. IP
delivers packets to a machine; TCP or UDP delivers them to a specific application
by port number. Port 80 is HTTP, 443 is HTTPS, 22 is SSH. A socket is identified
by the four-tuple (src IP, src port, dst IP, dst port).
Application layer — the protocol the application speaks: HTTP for web, SMTP for email, DNS for name resolution, and so on. Application protocols are where you spend most of your time as a developer.
Each layer encapsulates the layer above: an HTTP request is wrapped in a TCP segment, which is wrapped in an IP packet, which is wrapped in an Ethernet frame. Each layer adds its own header. On receipt, each layer strips its header and passes the payload up.
IP addressing and routing
An IPv4 address is a 32-bit integer, typically written as four decimal
octets: 192.168.1.42. Of the roughly 4.3 billion possible addresses, large
blocks are reserved (private ranges, multicast, loopback). IPv6 uses 128 bits
(2001:0db8:85a3::8a2e:0370:7334) and has effectively unlimited space.
A subnet mask (or CIDR prefix) divides an address into a network part and a
host part. 192.168.1.0/24 means the first 24 bits identify the network; the
remaining 8 bits identify a host within it — giving 254 usable addresses
(.1 through .254; .0 is the network address and .255 is broadcast).
Routers use this prefix to decide whether a packet is destined for a directly
connected network or needs to be forwarded further.
NAT (Network Address Translation) is why you have a private IP (192.168.x.x
or 10.x.x.x) at home but appear to the internet with one public IP: your router
translates outgoing packets' source address to its public IP, and rewrites the
destination of incoming replies.
TCP vs UDP
The transport layer offers two fundamentally different contracts:
TCP (Transmission Control Protocol) provides:
- Reliability — every segment sent is acknowledged; lost segments are retransmitted automatically.
- Ordering — segments are delivered to the application in the order they were sent, regardless of the order they arrived.
- Flow control — the receiver advertises a window size telling the sender how much data it can accept; the sender does not overwhelm the receiver.
- Congestion control — TCP detects packet loss as a signal of network congestion and reduces its sending rate.
This reliability comes at a cost: every connection requires a handshake (see below), every lost packet causes a retransmission delay, and the ordering guarantee means a slow packet holds up all packets behind it ("head-of-line blocking").
UDP (User Datagram Protocol) provides:
- No guarantee of delivery — datagrams may be dropped silently.
- No ordering guarantee — datagrams may arrive out of order.
- No congestion control — UDP sends as fast as the application instructs.
- Low overhead — just 8 bytes of header vs 20+ for TCP.
UDP is the right choice when low latency matters more than reliability: DNS queries, live video/audio streaming, multiplayer games, and the QUIC protocol (which implements its own reliability on top of UDP to avoid OS-level head-of- line blocking). If your application can tolerate occasional lost packets, or can implement its own selective retransmission, UDP gives you control that TCP doesn't.
HTTP/3, the latest version of the web's primary protocol, runs over QUIC (which runs over UDP) instead of TCP. The motivation: QUIC implements multiple independent streams within a single connection, so a lost packet only stalls the stream it belongs to, not all streams — eliminating HTTP/2's head-of-line blocking problem.
The TCP three-way handshake
Before any application data flows over TCP, the two endpoints must agree that a connection exists. They do this with three messages:
Client Server
|------ SYN (seq=x) -------->| "I want to connect; my starting sequence is x"
|<-- SYN-ACK (seq=y, ack=x+1)| "OK; my starting sequence is y; I acknowledge x"
|------ ACK (ack=y+1) ------->| "I acknowledge y; connection is established"
| |
|==== application data ======>|SYN (synchronise) — the client picks a random initial sequence number x and sends it. The sequence number ensures that data segments are assembled in the correct order and that retransmitted data is not confused with new data.
SYN-ACK — the server acknowledges the client's sequence number (x+1 means "I got everything up to and including x") and sends its own random initial sequence number y.
ACK — the client acknowledges the server's sequence number. The connection is now established from both sides.
This costs one full round-trip before any application data can be sent. HTTPS adds a TLS handshake on top. HTTP/3 (QUIC) merges the transport and cryptographic handshakes into a single round-trip to reduce this latency.
When closing, TCP uses a four-way FIN/ACK exchange (or a simultaneous close) to drain any remaining in-flight data before teardown.
HTTP/HTTPS and the request-response cycle
HTTP is a text-based, request-response protocol at the application layer. The client sends a request (method, path, headers, optional body); the server returns a response (status code, headers, body).
GET /search?q=cache+locality HTTP/1.1
Host: example.com
User-Agent: Mozilla/5.0
Accept: text/html
---
HTTP/1.1 200 OK
Content-Type: text/html; charset=utf-8
Content-Length: 3421
<!DOCTYPE html>...HTTPS is HTTP carried over a TLS (Transport Layer Security) connection. TLS adds:
- Authentication — the server presents a certificate signed by a trusted Certificate Authority, proving it is who it claims to be.
- Encryption — all data after the handshake is encrypted. An attacker who intercepts the packets sees only ciphertext.
- Integrity — a MAC (message authentication code) on each record detects tampering; any altered packet is rejected.
Without TLS, any router or ISP between client and server can read your passwords, session tokens, and personal data in plaintext. With TLS, only the endpoints can read the application data.
DNS resolution
Domain names (example.com) must be translated to IP addresses before TCP can
establish a connection. DNS (Domain Name System) is the distributed database
that does this.
When you type example.com in a browser:
- The OS checks its local DNS cache. Cache hit → done.
- The OS queries a recursive resolver (usually your ISP's or 8.8.8.8).
- The resolver checks its cache. Cache hit → returns the IP.
- If not cached, the resolver queries a root name server for
.com. - The root directs it to a
.comTLD name server. - The TLD name server directs it to
example.com's authoritative name server. - The authoritative server returns the IP address (an
AorAAAArecord). - The resolver caches the result (for the record's TTL) and returns it to the OS.
Each DNS record has a TTL (time to live) in seconds. Low TTLs (60 s) allow quick IP changes during failover; high TTLs (86400 s) reduce DNS latency. The resolver's and OS's caches mean most lookups skip steps 4–7.
DNS responses are not encrypted by default (DNS over UDP, port 53). Your ISP and any on-path device can see — and theoretically alter — which domains you look up. DNS over HTTPS (DoH) and DNS over TLS (DoT) solve this by encrypting DNS queries, but require explicit configuration or a browser that supports them natively.
Where to go next
The network stack terminates at the Operating Systems track — specifically the
section on system calls, because every socket operation (connect, read,
write, close) crosses the user/kernel boundary via a syscall. For persistent
data sent across networks, the Database Internals track covers how databases
ensure that the data arriving over a connection is durable and consistent.
Knowledge check
- 1.At which layer does a router primarily operate when forwarding a packet across the internet?
- 2.UDP guarantees that datagrams arrive in the same order they were sent.
- 3.Which of the following does TLS provide when used with HTTPS?