Think of IP addresses as a sort of hierarchical resolver and MAC’s as the actual driver and physical location of sending/receiving packets. A packet with a destination and source IP/MAC is sent from a client’s NIC out. Once it hits the switch, the switch checks it’s MAC table to see if it knows the destination IP and it’s associated MAC, if not, it forwards the frame to the router. The router receives it, strips the ethernet frame, checks routing table, ARP’s if needed with destination IP, then takes the mac tied to that IP and adds a new ethernet frame for the next set. It forwards this packet using the MAC address of the next interface. IP’s are only used as a sort of hierarchical resolver. So if destination IP is 140.123.111.32, your client will first check it’s own routing table, lets say it’s on the 192.168.1.0 network, which obviously our destination IP isn’t on, so it gets forwarded it’s default gateway. Then once the packet is received by the router, it repeats this process. The router is essentially asking it’s routing table, “does anyone know who this IP belongs to?”. If it doesn’t belong to that table, it will be forwarded again higher up in the hierarchy to routers with more specific and larger routing tables(edge>core>backbone). So it’ll find where the 140 subnet, then the 140.123., etc.(depending on the subnet mask respectively). Think of it similarly to how DNS functions.

The Hierarchy

1. IP decides WHERE (which network, which device)
2. Routing table decides PATH (which way through the routers)
3. ARP finds MAC (how to reach the next hop locally)
4. MAC delivers(physical frame transmission)
5. Repeat

Source to Destination Communication Process

The source-to-destination communication process describes how data travels through network layers from the sending device to the receiving device, involving encapsulation at the source and de-encapsulation at the destination.

Layer-by-Layer Process

• Application Layer (Layer 7): User creates data (email, web request, file transfer)
• Presentation Layer (Layer 6): Data formatting, encryption, compression applied
• Session Layer (Layer 5): Session establishment and management
• Transport Layer (Layer 4): Segments created with port numbers (TCP/UDP headers added)
• Network Layer (Layer 3): Packets created with IP addresses (source and destination IP)
• Data Link Layer (Layer 2): Frames created with MAC addresses (source and destination MAC)
• Physical Layer (Layer 1): Conversion to electrical signals, light pulses, or radio waves

Encapsulation Process (Source)

• Data → Segments → Packets → Frames → Bits
• Each layer adds its own header (and trailer at Layer 2)
• Layer 4 adds TCP/UDP header with source/destination ports
• Layer 3 adds IP header with source/destination IP addresses
• Layer 2 adds Ethernet header/trailer with source/destination MAC addresses
• For example: Web traffic uses TCP port 80/443, gets IP addresses for routing, then MAC addresses for local delivery

De-encapsulation Process (Destination)

• Bits → Frames → Packets → Segments → Data
• Each layer strips its header and processes the information
• Layer 2 checks MAC address to confirm correct destination
• Layer 3 checks IP address and processes routing information
• Layer 4 checks port number to deliver to correct application
• Data is reassembled and delivered to the target application

Protocol Data Units (PDUs)

Addressing at Each Layer

• Layer 4: Port addresses (0-65535, with well-known ports 0-1023)
• Layer 3: Logical addresses (IPv4: 32-bit, IPv6: 128-bit)
• Layer 2: Physical addresses (MAC: 48-bit, burned into NIC)
• Layer 1: No addressing (pure signal transmission)

Real-World Example: Web Browsing

1. User types URL → Application layer generates HTTP request
2. TCP segment created → Port 80 (HTTP) or 443 (HTTPS) added
3. IP packet created → Source IP (your PC) and destination IP (web server) added
4. Ethernet frame created → Source MAC (your NIC) and destination MAC (default gateway) added
5. Physical transmission → Converted to electrical signals on copper or light on fiber
6. Router processing → Layer 3 device removes Layer 2 frame, examines IP packet, creates new frame for next hop
7. Destination processing → Reverse process delivers HTTP request to web server application

Key Concepts for Troubleshooting

• Same subnet communication: Source and destination communicate directly using MAC addresses
• Different subnet communication: Requires default gateway (router) - destination MAC is gateway’s MAC, not end device
• ARP (Address Resolution Protocol) resolves IP addresses to MAC addresses for local delivery
• Each router hop creates new Layer 2 frame while preserving Layer 3 packet information

Vocabulary

• Encapsulation: Process of adding headers (and trailers) as data moves down the OSI stack
• De-encapsulation: Process of removing headers as data moves up the OSI stack at destination
• PDU (Protocol Data Unit): Name for data at each layer of the OSI model
• ARP: Protocol that maps IP addresses to MAC addresses on local network
• Default Gateway: Router interface that provides path to remote networks

Notes

• Remember the acronym: Data → Segments → Packets → Frames → Bits (All People Seem To Need Data Processing)
• Layer 2 addressing changes at each router hop, but Layer 3 addressing remains constant from source to destination
• Critical for troubleshooting: Understanding which layer is failing helps determine if issue is physical, switching, routing, or application-related
• Use ping to test Layer 3 connectivity, traceroute to see Layer 3 path, packet captures to examine all layers
• In military/government networks, additional security headers may be added at multiple layers for classification and encryption purposes