The first layer of the DARPA model is the Network Interface Layer; it links the local host to the local network hardware. This loosely maps to the Physical and Data Link layers of the OSI reference model. The Network Interface Layer makes the physical connection to the network, be it wireless, Ethernet cables, or Token Ring cables (an IBM legacy protocol). In each case a frame is generated with data from the upper layers. The Internet Layer transfers the packets between systems (or hosts). A host, in this definition, can be a client, server, or a peer in a peer-to-peer transfer. Each packet will contain address information relating to the source and destination of the packet. The Transport Layer is responsible for providing communication between applications residing on different hosts. This can also be called the host-to-host layer. Depending on the application, the Transport Layer will provide two types of service—a reliable service (TCP) or an unreliable service (UDP). In a reliable service the receiving station acknowledges the receipt of a datagram. The unreliable service does not provide a mechanism to acknowledge packets. The top layer of the DARPA model is the Application Layer. This is where actual applications like Trivial File Transfer Protocol and Telnet reside.

So we have seen a network packet and where it lives in the TCP/IP model. Next let’s look at the IP packet. The IP packet is how the TCP packet finds which computer it is destined for. The Internet Protocol is defined in RFC 791 (http://info.internet.isi.edu:80/in-notes/rfc/files/rfc791.txt). IP provides the most basic level of service in the Internet. IP is the basis upon which the other protocols stand. IP provides the protocol above it with a basic service model. IP is similar to a postal service (like the ones in which you get your bills). Using an address scheme, a packet is routed from a source to a destination, much like a letter having a street address. Overall IP does not promise a perfect network connectivity service, hence it is known as a Best Effort Service. If you send a postal message from your house, you rely on this best effort believing that your message will arrive at its destination. Without special handling you will not know if the letter (like your utility bill) has been delivered to its intended destination.

Once the packet has been created, it is routed from a source system to a target system:

In this example, the Laptop computer is sending an IP packet to the Server. The Source IP Address is 10.10.10.11 and the Target address is 10.10.10.12. Using this nomenclature the server now knows how to respond back to the Laptop computer. This address scheme is how computers talk to each other on the Internet or any IP network. So back to our postal analogy: the IP address is much like the address on the letter, or the address of your house. So the letter (packet) is dropped into the postal box and it is sent via a network of postal employees, with one finally dropping the letter at your house or mailbox. In this example we have delivered a message to your house. But how do we know the person that should be receiving the message? This same question and its subsequent solution also present themselves in networking. TCP rides in the network packet after the IP packet. The TCP packet contains information about the application. Although IP routes packets through the Internet using the destination address, more information is needed to identify which application on the destination host should receive the data once it arrives. This is accomplished via ports.

Both sending and receiving applications are assigned port numbers to send and receive data. Coupled with the source and destination IP address, the source and destination port number, a small integer number, identifies which application is associated with any given data transfer. As mentioned before, the IP address is like the addressing scheme of a postal service. Once the Postal Service delivers the letter to your house, further addressing on the letter (the recipient’s name which appears above the destination address) determines who actually gets the letter. This is where TCP helps out. The TCP port addresses (source and target) provide a mechanism to direct data to a specific application. Once the IP packet arrives at the host then the port determines which application receives the data. The addressing scheme in IP uses 2 bytes of data to determine how to deliver the message. With 2 bytes (16 bits) of data you can have up to 65,000 different ports per IP address—that is, 65,000 different recipients per IP Address.

Port numbers are divided into three ranges:

To ensure consistency across networks, the Internet Assigned Numbers Authority (IANA: http://www.iana.org/) assigns specific port numbers to popular applications. The port numbers are known as well-known port numbers and are de facto standards. For that reason, you can expect SMTP mail service to always be available on port 25, NNTP news service to be on port 119, HTTP to be served on port 80, HTTPS encrypted web traffic to be sent on port 443, Telnet to be available via port 23, and so on. For more information on well known port assignments please consult http://www.iana.org/assignments/port-numbers.

The use of ports is actually a very simple process. In the TCP world there is a listener device (that listens for communications sent to a specific port number) and the instantiation device (that establishes communication to a specific address and port number). One example would be a client and a server. The server would be the listener, example: port 80 for an HTTP web server. The client, in this example, would use a random port to communicate out to the server’s port 80. The random port used by the client is known as an ephemeral port number. Ephemeral ports are temporary ports assigned by a machine’s TCP/IP stack, and are assigned from a pre-determined range of ports. When the TCP connection terminates, the use of the client (ephemeral) port is terminated and then is available for reuse.