The network stack

The internet is not a single technology — it is a stack of agreements. Each layer of the stack solves one problem and presents a clean interface to the layer above it, hiding the complexity below. Understanding the layers lets you debug network problems systematically: when something fails, each layer is a distinct hypothesis to test, and the tools (ping, traceroute, curl, Wireshark) each operate at a specific layer.

The layered model

The conceptual framework most useful for application developers is a five-layer model:

Layer 5: Application   HTTP, HTTPS, DNS, SMTP, WebSocket
Layer 4: Transport     TCP, UDP
Layer 3: Network       IP (IPv4, IPv6), ICMP, routing
Layer 2: Data link     Ethernet, Wi-Fi (802.11), ARP
Layer 1: Physical      Copper wire, fibre, radio waves

Physical layer — bits on a wire (or in the air). Voltage levels, signal frequencies, and timing. A Wi-Fi card and an Ethernet card speak completely different physical protocols but both deliver frames to the data-link layer above.

Data-link layer — frames between directly connected devices. An Ethernet frame carries a source MAC address, a destination MAC address, and a payload. MAC addresses identify a physical network interface; they are only meaningful within a single network segment. ARP (Address Resolution Protocol) maps IP addresses to MAC addresses on a local network.

Network layer — packets between hosts anywhere on the internet, using IP addresses as the global addressing scheme. Routers operate at this layer: they read the destination IP address of each packet and forward it toward its destination.

Transport layer — conversations between specific processes on hosts. IP delivers packets to a machine; TCP or UDP delivers them to a specific application by port number. Port 80 is HTTP, 443 is HTTPS, 22 is SSH. A socket is identified by the four-tuple (src IP, src port, dst IP, dst port).

Application layer — the protocol the application speaks: HTTP for web, SMTP for email, DNS for name resolution, and so on. Application protocols are where you spend most of your time as a developer.

Each layer encapsulates the layer above: an HTTP request is wrapped in a TCP segment, which is wrapped in an IP packet, which is wrapped in an Ethernet frame. Each layer adds its own header. On receipt, each layer strips its header and passes the payload up.

IP addressing and routing

An IPv4 address is a 32-bit integer, typically written as four decimal octets: 192.168.1.42. Of the roughly 4.3 billion possible addresses, large blocks are reserved (private ranges, multicast, loopback). IPv6 uses 128 bits (2001:0db8:85a3::8a2e:0370:7334) and has effectively unlimited space.

A subnet mask (or CIDR prefix) divides an address into a network part and a host part. 192.168.1.0/24 means the first 24 bits identify the network; the remaining 8 bits identify a host within it — giving 254 usable addresses (.1 through .254; .0 is the network address and .255 is broadcast). Routers use this prefix to decide whether a packet is destined for a directly connected network or needs to be forwarded further.

NAT (Network Address Translation) is why you have a private IP (192.168.x.x or 10.x.x.x) at home but appear to the internet with one public IP: your router translates outgoing packets' source address to its public IP, and rewrites the destination of incoming replies.