Skip to main content

Computer networks Part III


TCP/IP is likely the most commonly used pair of protocols in the world and will be the focus of this tutorial. Transmission Control Protocol (TCP) is software that resides on the computer; when the program you are running needs to send data over the network, it hands that data over to the TCP. TCP is used throughout many Internet applications including browsers, e-mail, File Transfer Protocol (FTP) transfers and even some streaming media applications.

TCP is used to guarantee data delivery. The receiving computer’s TCP will notify the sender’s TCP that each packet was received correctly, and if the sender does not get a confirmation that the packet was received, then another packet is sent replacing the lost one. A timer is also used in case the sent packet goes astray. Because both the Ethernet and the Internet are two-way data channels, no forward error correction is used because each packet of data can be acknowledged.

For example, when a file is to be transmitted via FTP, the entire file, which could be any size from a few kilobytes to several gigabytes, is handed off to TCP where it divides the file into segments that in turn are the payload of the IP packets. TCP also includes the port numbers for the packet header. Port numbers tell a computer what sort of service this data is associated with, e.g. an e-mail, FTP, http or Network Time Protocol. Ports allow a program to only see data intended for it.

The Internet Protocol (IP) part encapsulates these segments into an IP packet and adds a header with the destination and source IP address as well as other information about the packet.

This IP packet is then encapsulated into an Ethernet frame for transport over the local Ethernet network. This Ethernet frame includes the MAC address (see below) of both the source and destination. Then this Ethernet frame is sent to the network interface card, and the data is sent over Cat 5 cabling. (See Figure 1.)

MAC address

Each device that plugs into a network must have a unique Machine Access Control (MAC) address. These are 48-bit numbers that identify each network port; if a device has 16, 24 or 48 network ports, it has as many MAC addresses. Many network protocols use the MAC address to direct IP traffic.

When a computer is first plugged into the local network switch, its MAC address is not known to any other devices on the network. When this new computer attempts to send data to another computer using its IP address, it must broadcast a request for the MAC address of the computer with that IP address. Within this request is the IP and MAC address of the new computer so the responding device will know how to reach it. The network switch (which only works with MAC address) will broadcast this request to all of its ports. When the request reaches the computer with the correct IP address, it responds back to the originating computer with its MAC address. The network switch also sees this exchange and adds the MAC addresses for both computers to its ARP cache (see below). At this point, the new computer is finally able to send the data.

This exchange is how both computers and the network switch are able to know how to address and direct the Ethernet frame through the network to its destination. Each time data is sent, all this information must be known. To speed things up and keep the amount of network traffic down, each device remembers this information the first time it happens so it can use it the next time.

Network switches

Network switches are used to connect the various computers on a network. Switches direct data via a computer’s MAC address. When data is sent out from a computer to the network switch, it carries with it the IP and MAC address of the sender and the IP and MAC address of the intended recipient. The network switch looks at the MAC address and directs the data to the correct port of the switch. It does this by keeping a record of which port is connected to which MAC-addressed equipment. This record is kept in a content addressable memory (CAM) table within the switch, which operates at very high speeds and expedites the movement of Ethernet frames through the switch.

The network switch monitors all traffic flowing through it, looking for MAC addresses and keeping a record of them. When a computer needs to send data to another computer, it must first know its IP address and then its MAC address. If it does not already know the MAC address, it sends out an Address Resolution Protocol (ARP) request over the network to all devices asking for the MAC address of the owner of this particular IP address. When the computer with that IP address responds, this data is stored on the requesting computer’s ARP cache so it can use it again. The IP and MAC addresses of the requesting computer are also stored on all the computers on the network that received the request. The MAC addresses for both computers, requesting and responding, are stored on the network switch as well.

Getting an IP address

Each device on a LAN must have a unique IP address, and there are only two ways to get one. The first is to have it assigned manually when the TCP/IP of the computer is first set up. The TCP/IP control panel of most computers requires the following: IP address, subnet mask, default gateway or router and primary and secondary DNS. IP addresses and subnet masks were covered in previous tutorials. The default gateway is the IP address of the local router, which enables the computer to know where to send IP packets with IP addresses that fall outside the range of the subnet mask.

An easier way is to use Dynamic Host Configuration Protocol (DHCP). This allows computers on a network to be automatically assigned all the information needed to communicate over the network. DHCP works when a new computer sends out a broadcast over the network looking for a DHCP server. When the DHCP server responds, it sends all the IP configuration information the new computer needs. The exchange ends when the computer accepts the IP information. DHCP IP addresses are leased to the requesting computer for a certain time frame, which can be hours or days.

DHCP servers are allocated a range of IP address within the subnet of the network. DHCP servers can be computers or even routers, but there can only be one DHCP server on any subnet or network.

IP addresses can be static (manually assigned) or dynamic (using DHCP). For most computers, a dynamic IP address is easiest, while for other devices such as servers, routers and printers, a static IP address makes it easier for other computers to find these frequently accessed devices.


Domain Name Servers (DNS) are computers that reside on wide area networks that translate human-readable addresses into IP addresses. For example, the URL is the human-readable address such as These names are much easier to remember than a string of numbers for an IP address, but an IP address is required to locate the sites Web servers on the Internet. When you type in a name like, your Internet browser knows to send a request for the IP of TCP/IP uses the IP address in the DNS location to send the request. The DNS computer looks up the name and returns the IP address associated with it. The computer now has the correct IP address and can send messages to asking for its main Web page. This happens each time you type a new URL into your browser.


The request the computer in the aforementioned example sent out was called an ARP request, which is the method devices use to find out another device’s MAC address when only its IP is known. As a device receives an ARP or an answer to its own ARP request, it builds an ARP cache or memory of the IP addresses and associated MAC addresses. Network switches monitor all traffic and build their own CAM, so they know which MAC-addressed device is attached to which of its ports.

Because network devices can be swapped out and to keep the cache from being outdated, APR caches are cleared on a regular basis and new ARP requests must be sent out to obtain the MAC address again. Remember, on an Ethernet network each IP packet sent has to have the IP and MAC address of its destination, and one data transfer may require anywhere from one to thousands of packets to send all the data. Once the first packet is addressed correctly, all the subsequent ones are addressed similarly using the ARP cache.

Try this

Here are several tests you can try on your computer to actually see some of the things covered in the last few newsletters.

Checking the ARP cache and the IP configuration of your computers can be a valuable troubleshooting tool. Checking both is quite easy on a PC or Macintosh computer.

  • ARP on the PC

Under the Start menu select Run. A new window will open; type in “CMD” then hit enter. Type “ARP –A” with a space between “ARP” and “–A.” You will see a list of all known IP addresses with their associated MAC address. (See Figure 2.) (Note: This only works properly on a wired network.)

  • IP configuration on the PC

Under the Start menu select Run. A new window will open; type in “CMD” then hit enter. Type “ipconfig.” Now you will see the IP configuration of this computer with IP address, subnet mask, default gateway, primary DNS and secondary DNS. (See Figure 3.)

  • ARP on the Macintosh

Start the Terminal program from the Utilities folder in Applications. Type “ARP –A” and you will see a list of all known IP addresses with their associated MAC addresses. (See Figure 4.)

  • IP configuration on the Macintosh

Start the Network Utility program from the Utilities folder in Applications. From the bar at the top of the window, choose Info and you will see the present configuration of all the network interfaces on the computer including IP and MAC address.

  • Pinging

Pinging is a simple test you can perform to find out if a particular IP address is in use on a network. When you ping an IP address, you are asking the device that uses it to respond; this lets you know it is on the network and working. Some devices can be programmed to not respond to a ping, but this is uncommon.

  • Ping on a PC

Under the Start menu select Run. A new window will open; type in “CMD” and hit enter. Type “ping ###.###.##.###.” Replace the # with the IP address you are looking for. Try an IP address from the ARP command above. (See Figure 5.)

  • Ping on a Macintosh

Start the Network Utility program from the Utilities folder in Applications. From the bar at the top of the window, choose Ping and type in the IP address and hit start. (See Figure 6.)

Next Time

The next “Transition to Digital” tutorial will explore troubleshooting a real-world computer network problem.