This article is a part of a series on Packet Traveling — everything that happens in order to get a packet from here to there. Use the navigation boxes to view the rest of the articles.
- OSI Model
- Key Players
- Host to Host Communication
- Host to Host through a Switch
- Host to Host through a Router
- Packet Traveling – Series Finale
After discussing the makeup of the OSI Model and some of the Key Players involved in moving a packet from one host to another, we can finally discuss the specific functions which occur in allowing Host to Host communication.
At the very core of the Internet is this idea that two computers can communicate with each other. Although it is rare to find situations where two hosts are connected directly to each other, understanding what happens if they were is crucial to understanding everything else that happens when multiple hosts are communicating through a switch or router.
As such, this article will focus on host to host communication, and each individual step involved in the process.
Host to Host Communication
Since there are no Routers in this illustration, we know all the communication is happening within the same network — therefore, Host A and Host B are both configured with IP addresses that belong to the same network.
Each host has a unique IP address and MAC address. Since each host is also a L3 device, they each also have an ARP Table. At the moment, their ARP Tables are empty.
Host A starts by generating some Data for Host B. Host A knows the final destination for this data will be the IP address 10.10.10.20 (Host B). Host A also knows its own address (10.10.10.10), and as such is able to create a L3 header with the required Source and Destination IP Address.
But as we learned earlier, packet delivery is the job of Layer 2, so despite these hosts being directly connected to one another, a L2 header must be created.
The Source of the L2 header will be Host A’s MAC address (aaaa.aaaa.aaaa). The Destination of the L2 header should be Host B’s MAC address, but at the moment, Host A doesn’t have an entry in its ARP Table for Host B’s IP address, and therefore, does not know Host B’s MAC address.
As a result, Host A is unable to create the proper L2 header to deliver the packet to Host B’s NIC at this time. Host A will have to initiate an ARP Request in order to acquire the missing information:
The ARP Request is a single packet which essentially asks: “If there is someone out there with the IP 10.10.10.20, please send me your MAC address.“
Remember, at this point Host A does not know if Host B exists. In fact, Host A does not know that it is directly connected to Host B. Hence, the question is addressed to everyone on the link. The ARP Request is sent as a Broadcast, and had there been other hosts connected to this link, they too would have received the ARP Request.
Also note that Host A includes its own MAC address in the ARP Request itself. This allows Host B (if it exists) to easily respond directly back to Host A with the requested information.
Receiving the ARP Request allows Host B to learn something. Namely, that Host A’s IP address is 10.10.10.10 and the correlating MAC address is aaaa.aaaa.aaaa. Notice this entry is now added to Host B’s ARP Table.
Host B can use this new information to respond directly to Host A. The ARP Response is sent as a Unicast message, directly addressed to Host A. Had there been other hosts on this link, they would not have seen the ARP Response.
The ARP Response will include the information Host A requested: The IP Address 10.10.10.20 is being served by the NIC with the MAC address bbbb.bbbb.bbbb. Host A will use this information to populate its ARP Table:
With Host A’s ARP Table populated, Host A can now successfully put together the proper L2 header to get the packet to Host B.
When Host B gets the data, it will be able to respond without further ado, since it already has a mapping in its ARP Table for Host A.
Summary
Again, it is rare to find two hosts directly connected to each other. But understanding what it takes to get a packet from one Host to another Host is key to understanding how a Switch enables multi-host communication, or a Router enables multi-network communication. Both of these will be the subjects of the next articles in this series.
The key thing to note is a host doesn’t know whether it is connected to a switch or directly to another host. In either case, the host will follow the process outlined above when trying to communicate with another host.
I am thoroughly enjoying this article series! I have been searching for this kind of elegant explanation of networking and OSI layers for a while now, and the animations and images in these articles are great for visual learners like myself.
Sir could you explain the difference between Layer 2 broadcast and Layer 3 broadcast. How the 2 aredifferent in its own perspectives? Also iam curious to know what broadcast address that ARP use for sending ARP request.
Great work. Thanks!
Its a very good source to understand networking.
Very nice explanation
Consider Host A and Host B are connected in the same network through a switch.Host C is in different network. Both the networks are connect through a Router. Case 1: A wants to send something to B. So it know the ip address, but not the MAC address. So how does it talk to B to get its MAC address? It asks the Switch or Router directly? what will happen?
Case 2: A wants to talk to C. So who will confirm that it belongs to a different network? how to get its MAC address?
Anding process(based on subnet mask) will confirm that host c is belongs to another network.as you asked above if the destination is belongs to same network source host will send the ARP request through switch to get mac address of the destination host otherwise the source host should wants to know the gateway router mac address to send the data to router, from the router the layer2 header again added to packet to know the mac address of the next hop(where the destination host is connected to).
Hi Arjunkrishna. I’ve outlined the process in this Youtube video:
https://www.youtube.com/watch?v=QPi5Nvxaosw
from what I learned so far from reading this excellent explanation:
CASE 1:
If both hosts are on the same network, no router has to be involved to communicate
between them, so the ARP request goes directly through the switch to the host.
CASE 2:
from the IP adress you know that the host belongs to a different network, so the ARP request goes to the router
Yes, exactly!
You have a very good way of explaining concepts. Wish I had seen articles like this when I was first getting into the business.
One correction I’d like to make. You stated:
The ARP Response is sent as a Unicast message, directly addressed to Host A. Had there been other hosts on this link, they would not have seen the ARP Response.”
Technically, that’s not correct. If other hosts were on the link, they WOULD have seen the unicast message. They just would have ignored. t.
Hi Buck, glad you enjoyed the articles =)
The ARP Request is sent as a broadcast and is seen by everyone on the link. The ARP Response is sent unicast and is seen only by the intended target.
The only exceptions would be if you are using a Hub — in which case everyone sees every frame. Or, if the Switch didn’t have the destination MAC address of the original requester in its MAC address table — which it would have from the initial ARP Request.
You can see the process illustrated in this video about Address Resolution Protocol.
But this article is about host to host without switches/routers right? If I had just 2 devices then I could have used crosslink cables. But if I have more than 2 devices, then I will have to use a hub (since no switches/routers allowed). So the ARP response though Unicast will be in flood mode right?
If there are just two devices directly attached, there is no switch to do the flooding. Remember, the host is want sends the ARP Request/Response, and therefore decides whether the frame is a Broadcast or Unicast. The switch simply reacts by Flooding or Forwarding as necessary (see the next article in the series for details).
Simply, Excellent !!!!!Excellent !!!!!Excellent !!!!!Excellent !!!!!Excellent !!!!!Excellent !!!!!Excellent !!!!!Excellent !!!!!
I like your article very very much! Very easy to understand. Use simple words to explain the complex network, only master can do this.
Very good explanation , I enjoyed it.
But i have a Beginner question , could you help me understand this Ed Harmoush ?
How host A knows the Ip address of Host B but dosent know the mac address ?
Thank you
Hi Joe, good question.
Suppose an administrator jumped on Host A and used the command
ping 10.10.10.20
. In such case, Host A was provided the IP address it was trying to reach, but not the MAC address. Host A will now use ARP to discover the associated MAC address.Hope it helps.
Hi Ed Harmoush
Thank you so Much : )
I have only one question. How does host A knows the IP address of host B? please do respond I must know this.
Hi Arpit. Joe asked the same question just above, and I gave him an answer. Hope that helps.
I am really stupid !!!!!!! After six years to experience still, I am struggling to understand the packet flow from end to end network. The good thing is this article helped me a lot. THANK YOU Much !!!!!!!!!!!
great article, explains the complex thema in a simple and easily comprehensable way
Thanks For All Your Article
You Gived me Better Understanding About Network 😀
One minor nit with your choice of MAC address for your examples:
bb:bb:bb:bb:bb:bb is not a valid station MAC address, it has the broadcast bit set.
Yeap. I wanted to keep things simple for the examples in this article =)
Hello Ed, Thanks for the wonderful articles. I have a very basic question. What was the need for Layer 2? Why couldn’t the functions of L2 be combined with L3 itself? In the sense that, L3 header has the source and destination IP address, so it could very well use ARP to get the MAC address of the recipient. What advantages do we get by separating these functions into 2 different layers?
Also the ARP requests, do these also follow the path of the 7 layer OSI model? How does this work?
Regards,
Kiran Hegde
First of all, this is really good and useful article. It would be greatly appreciated if you can do similar ones for IPV6.
Thank you
What I still do not understand and can’t seem to find in all the ARP Explanations I have read, is how does the sending computer already know the IP of the computer it wants the MAC Address from?
That IP is provided “before” the ARP process. Meaning when the computer initiates ARP, the IP is already known. For instance, if I jumped on Host A and typed “ping 10.10.10.20”, then I (the user) have provided the IP address for Host A, and now it can initiate ARP.
In the real world, the IP is often provided by DNS. Meaning, I type “www.google.com” in my address bar, and DNS supplies Google’s IP address. And now, ARP can begin.
This might help if you’re looking for another resource on ARP: https://www.youtube.com/watch?v=QPi5Nvxaosw
Is this ping also sent automatically using local transmission? Behind the scenes the computer sends automatically a ping for 255.255.255.255 to talk to all computers on the local network?
Again, Thaanks a million, I’m enjoying reading every article in this series (actually I cant stop :D)
the diagram , the structure of the topics & how everything is connected together is perfect and well made. I hope you continue adding more network topics with simplified yet good explanation like this one
Thanks again, Ami =). Glad you are getting a lot out of the series!
You’re welcome! The plan is to keep making content. I’m working on recreating this series in video form on Youtube as we speak, in fact.
Since the computer understands logical address and physical address, can I say that it acts on the network layer and on the link layer of the OSI model? And the only device that acts on all layers of the OSI model would be the Gateway?
You could say that, yes. But keep in mind the computer also can use TCP or UDP, and various network applications. So typically it’s considered that PC’s operate at all layers of the OSI model.
As for Gateways, it depends what you mean by it. If you mean application layer gateways, then yes, they operate on all layers. If you simply mean “gateway” as in “default gateway” i.e., nearest Router, then no, Routers operate up to Layer 3.
But keep in mind, these aren’t strict rules. See the end of this video for more details:
https://www.youtube.com/watch?v=0aGqGKrRE0g
Yes, I forgot to mention in the question that it is a Windows Server computer as a Gateway. In the case of a “Standard Gateway – Home Router” does it operate only at the network layer as you said correct?
Yes, mostly. Home Routers are just simple L3 devices.
But more and more the home routers come with additional features. Things like a UI you can log into and change settings or see who is connected, etc. Those elements would be considered “applications”, meaning that particular home Router operates at layer 7.
Remember, “Routing” is simply the function of moving packets between networks — this is a purely Layer 3 task. A “Router” as we know it is a device who’s primary purpose is Routing, but not it’s only purpose. Some of those other purposes might require the Router to operate “above” Layer 3. Hope this helps.
Thank you very much for responding. I learn a lot from your articles. Amazing didactics.
Explanation is really great
Glad you enjoyed it!
Great work sir.
Thank you very much.
You’re welcome =)
Since there are no Routers in this illustration, we know all the communication is happening within the same network.
Yes we do, but how is that known by the elements involved – is it just a case of both ip addresses being within the same subnet defined by the netmask associated with the sending interface? Though presumably that can get more complicated when two networks are bridged? I’m puzzled how this is resolved in general; ie given a destination ip, what determines if we query ARP for its mac address, or do a lookup in the routing table?
> is it just a case of both ip addresses being within the same subnet defined by the netmask associated with the sending interface
Yes, 100% =) The sending device is using their own IP/Subnet Mask to determine which target hosts are “within the network” and which are on “external networks”.