By Jeff Kabachinski, MS-T, BS-ETE, MCNE

When researching data packets, we come across Transmission Control Protocol (TCP) and Internet Protocol (IP): two of the prevalent networking protocols. TCP resides at the transport layer of the Open Systems Interconnection (OSI) model (layer 4) and is concerned with whether all the necessary packets arrive intact. IP, on the other hand, resides at the network layer (layer 3) and locates you on a wide area network (WAN)—an entity consisting of at least two local area networks (LANs) and/or other WANs. Moreover, TCP/IP is also the name of a networking operating system that’s been around for years and is like a well-oiled machine.

Table 1: The IPv4 Class System

Main IPv4 Address Classes IPv4 Address Range Available Addresses for Network IDs Available Addresses for Network Nodes
Class A 1 – 126.X.X.X 125 > 16 million
Class B 128-191.0-255.X.X 16,002 > 64,000
Class C 192-223.0-255.0-255.X ~2 million 254


IPv4 Addressing

IPv4 addresses have three main classes and are four bytes in length, with each byte written in decimal notation and separated by a period. Their class reveals the number of bytes in the address and, therefore, how many nodes can exist on each network. A class “A” address, for instance, uses just the first byte for the network ID. And routers and other interested parties will know to use the first byte as the network ID based on its value. A value between one and 126 indicates a class “A” address—for example,

The node locations are set to zero to give the network its numerical name. Class “B” addresses are determined by the value of 128 through 191 for the first byte (e.g, If the first byte has a value within this range, the router will know that the first two bytes are to be used to identify the network.

Jeff Kabachinski

Jeff Kabachinski

Finally—you guessed it—class C networks use the leading three bytes to identify the network. If the value of the first byte falls between 192 and 223, the router will know it’s a class C address (e.g, Table 1 summarizes the IPv4 class system. Note that in the address range column, an X represents a node identifying number, which can range from one to 254.

The IPv4 address indicates your location on a WAN. and, locally, the IP address is resolved to the MAC layer or Ethernet address. You can see the connection by going to a command line prompt and typing “ARP -A” (address resolution protocol). In Microsoft Windows, key the Windows logo (usually to the left of the spacebar) and the letter “r” simultaneously; this will open the run command line window. And to open the command line window, type “CMD.” Note that by typing “ARP -?” instructions about the ARP will appear.


Disassembling IP

Once Ethernet verifies a packet at its level, it opens the data field, extracts the data, and passes it onto the next software program. IP—one of roughly 200 applications within the TCP/IP suite of protocols—is the next software program at layer three. Remember: Not only is TCP/IP the name of the most common network operating system, TCP and IP are specific applications within the TCP/IP’s network operating system suite.

The IP software recognizes and understands the data extracted from the Ethernet packet as its own envelope or packet. The beginning of the packet also features IPv4 addressing, and—similar to an Ethernet structure—discloses the WAN’s location. The IPv4 header checksum—aka: the area where the header is validated—follows network-level addressing. (Figure 1)

Then there’s my favorite field: the field for “other information.” When TCP/IP was first defined, it was part of the UNIX operating system—which the Digital Equipment Company freely gave colleges and universities. So you may see UNIX of Southern California—University of California, Berkley’s version—and Sun UNIX by Sun Systems in Colorado. Because different entities tweaked and revised the platform, several versions of UNIX and the embedded TCP/IP emerged.

Part of the “other info field” tells you which version of TCP/IP the packet is using. It also has a time-to-live counter—which means that it will go to its default router if it doesn’t know where to forward a packet from the routing table. And every time a router forwards to its default router, it decrements the time to live counter by one. Eventually, if no route can be found, the counter will reach zero and the suspect packed will be discarded. There is a method to the madness, however: Such a tactic prevents bogus packets from roaming the Internet forever.

After the information field is the payload­—or the data carried by the IP packet. Next, the packet is examined to make sure that both the checksum at the header and the network level address are accurate. The data is then extracted and moved or translated to the next software program. In this case, it will be the TCP part of the TCP/IP protocol. In the next installment of my Networking column, we’ll delve into TCP and its partner at layer 4–the User Datagram Protocol.

Jeff Kabachinski, MS-T, BS-ETE, MCNE, has more than 20 years of experience as an organizational development and training professional.