Networking Fundamentals Beginner

A computer network is two or more devices connected so they can exchange data. The devices that use the network — laptops, phones, servers, printers — are called hosts or nodes. They are joined by a medium: copper cable, fibre-optic glass, or radio waves (Wi-Fi).

Every host needs a network interface card (NIC) to connect, and every conversation follows agreed rules called protocols. Without shared protocols two machines could send signals but never understand each other — just as two people need a common language to talk.

Networks are classified by the geographic area they cover. A LAN (Local Area Network) spans a small area — one home, office or building — and is usually owned and managed by a single organisation. A WAN (Wide Area Network) connects LANs across cities, countries or continents; the internet is the largest WAN. A MAN (Metropolitan Area Network) sits between them in scale, covering a city or campus.

LANs typically offer high speed at low cost over short distances, while WANs cross great distances using links you usually lease from a telecom provider.

Topology describes how nodes are physically or logically arranged. In a star topology every device connects to a central switch or hub — the most common layout in modern LANs, easy to manage but dependent on the central node. In a bus, all devices share one backbone cable. In a ring, each node connects to two neighbours forming a loop. In a mesh, devices interconnect with many redundant paths, giving high fault tolerance at higher cost.

A full mesh of n nodes needs n(n−1)/2 links, which is why true mesh is reserved for critical backbones.

The OSI (Open Systems Interconnection) model is a conceptual framework that splits networking into seven layers, each with a clear job. From bottom to top: 1 Physical, 2 Data Link, 3 Network, 4 Transport, 5 Session, 6 Presentation, 7 Application.

A popular mnemonic for layers 1→7 is "Please Do Not Throw Sausage Pizza Away". Each layer talks only to the layers directly above and below it, so a change at one layer (say, swapping copper for fibre at layer 1) does not break the others.

Each OSI layer has a distinct role. Layer 1 Physical moves raw bits as electrical, light or radio signals. Layer 2 Data Link groups bits into frames and uses MAC addresses for local delivery (switches live here). Layer 3 Network handles logical addressing and routing with IP addresses (routers live here). Layer 4 Transport provides end-to-end delivery with TCP or UDP. Layer 5 Session sets up and tears down conversations; Layer 6 Presentation handles encryption and data format (e.g. TLS, character encoding); Layer 7 Application is where user-facing protocols like HTTP and DNS operate.

The internet actually runs on the TCP/IP model, a more practical four-layer stack: Link (network access), Internet, Transport, and Application. It maps onto OSI but collapses several layers: TCP/IP’s Application layer covers OSI layers 5, 6 and 7, while its Link layer covers OSI layers 1 and 2.

The Internet layer carries IP, the Transport layer carries TCP and UDP, and the Application layer carries HTTP, DNS, SSH and friends. TCP/IP came first in practice and is the model engineers use day to day.

As data travels down the stack, each layer wraps it with its own header — a process called encapsulation. At the Transport layer the unit is a segment (TCP) or datagram (UDP). The Network layer wraps that into a packet by adding an IP header with source and destination IP addresses. The Data Link layer wraps the packet into a frame by adding a header with MAC addresses (and a trailer for error checking).

On arrival the receiver reverses this — de-encapsulation — stripping each header as the data climbs back up the layers.

A MAC (Media Access Control) address is a hardware identifier burned into every network interface. It is 48 bits long, usually written as six pairs of hexadecimal digits, e.g. 00:1A:2B:3C:4D:5E. The first three bytes are the OUI, identifying the manufacturer; the last three are unique per device.

MAC addresses operate at OSI layer 2 and are used for delivery within a single local network segment. Unlike IP addresses, they are not routed across the internet — they only matter on the local link.

These three devices operate at different layers. A hub is a dumb layer-1 device: it repeats incoming signals out of every other port, so all traffic is shared and collisions are common — essentially obsolete today. A switch works at layer 2: it learns which MAC address lives on each port and forwards frames only to the correct port, creating separate collision domains. A router works at layer 3: it connects different networks and forwards packets between them using IP addresses, choosing the best path.

Rule of thumb: switches connect devices within a network; routers connect different networks together.

An IP address is a logical address used to route data across networks at OSI layer 3. IPv4 addresses are 32 bits, written as four decimal octets like 192.168.1.10, giving about 4.3 billion addresses. Because that pool is exhausted, IPv6 uses 128 bits, written in hexadecimal like 2001:db8::1.

An IPv4 address has a network portion and a host portion, split by a subnet mask such as 255.255.255.0 (or /24). Some ranges are private (e.g. 192.168.0.0/16, 10.0.0.0/8) and are reused inside many LANs.

To deliver a packet on the local network a host must turn a destination IP address into the matching MAC address. The Address Resolution Protocol (ARP) does exactly this. The sender broadcasts "Who has 192.168.1.20? Tell me your MAC", and the owner replies with its hardware address. The result is cached in an ARP table to avoid repeating the lookup.

So IP gets the packet across networks (layer 3), but on each local hop ARP resolves the next MAC so the frame (layer 2) can actually be delivered. IP is logical and routable; MAC is physical and local.

The two main Transport-layer protocols offer different trade-offs. TCP (Transmission Control Protocol) is connection-oriented and reliable: it sets up a connection with a three-way handshake (SYN, SYN-ACK, ACK), numbers bytes, retransmits losses and delivers data in order. It suits web pages, email and file transfer.

UDP (User Datagram Protocol) is connectionless: it just fires datagrams with no handshake, ordering or guaranteed delivery, trading reliability for low latency and overhead. It suits live video, voice (VoIP), online gaming and DNS lookups, where speed matters more than re-sending a lost packet.

A single host runs many network programs at once, so the Transport layer uses port numbers to direct traffic to the right one. A port is a 16-bit number (0–65535). Ports 0–1023 are well-known: HTTP uses 80, HTTPS 443, SSH 22, DNS 53. A socket is the combination of an IP address and a port, e.g. 192.168.1.10:443.

A connection is uniquely identified by the four-tuple (source IP, source port, destination IP, destination port) plus protocol, which is how one server can hold thousands of simultaneous connections on the same port.

Several protocols dominate everyday networking. HTTP (port 80) and its encrypted form HTTPS (port 443) carry web traffic. DNS (port 53) translates human-friendly names like example.com into IP addresses. DHCP automatically hands out IP addresses, masks and gateways to hosts when they join a network. SSH (port 22) gives a secure remote shell, while FTP (ports 20/21) transfers files. ICMP carries diagnostic and error messages (used by ping). ARP maps IP to MAC on the local link.

Knowing the default ports helps you read firewall rules and troubleshoot connectivity quickly.

These three terms describe network performance and are often confused. Bandwidth is the maximum data rate a link can carry, measured in bits per second (e.g. 100 Mbps) — like the width of a pipe. Throughput is the data rate you actually achieve, always at or below bandwidth, reduced by congestion, overhead and errors. Latency is the time a single packet takes to travel from source to destination, measured in milliseconds; round-trip time (RTT) is there and back.

A link can have huge bandwidth yet feel sluggish if latency is high — for example a satellite link with great capacity but a long delay.

NAT (Network Address Translation) lets many devices on a private network share a single public IP address. Your home router holds one public IP from your ISP but assigns private addresses (like 192.168.x.x) to your devices. When a device sends traffic to the internet, the router rewrites the source address to its own public IP and remembers the mapping, so replies can be sent back to the right internal host.

The common form, PAT (Port Address Translation, or "NAT overload"), distinguishes connections by port number. NAT conserved scarce IPv4 addresses and incidentally hides internal hosts from the outside.

Two classic tools diagnose connectivity. ping sends ICMP echo-request packets and waits for echo replies, telling you whether a host is reachable and the round-trip time. traceroute (or tracert on Windows) reveals the path packets take, listing each router (hop) along the way and how long each takes, by sending packets with increasing TTL values so each hop in turn reports back.

A typical workflow: ping your gateway, then a public IP like 8.8.8.8, then a domain name. If the IP pings but the name fails, the problem is DNS. If nothing past the gateway responds, traceroute shows where the path breaks.