Search code examples
network-programmingroutestcpmac-addressipv4

Journey of a TCP packet and changes (Ip address and port happens) in every hop


I'm trying to understand what sort of structural changes happens to the IP packet during the Hop.

Allow me to please explain my question with example.

traceroute -w 1 google.com

traceroute to google.com (216.58.199.174), 64 hops max, 52 byte packets
 1  192.168.0.1 (192.168.0.1)  1.055 ms  0.857 ms  0.822 ms
 2  10.0.0.1 (10.0.0.1)  2.038 ms  1.477 ms  1.540 ms
 3  * * *
 4  114.79.130.1.dvois.com (114.79.130.1)  3.091 ms  2.076 ms  2.329 ms
 5  10.241.1.6 (10.241.1.6)  3.245 ms  3.102 ms  3.358 ms
 6  10.240.254.140 (10.240.254.140)  4.388 ms  2.149 ms  2.319 ms
 7  10.240.254.1 (10.240.254.1)  3.067 ms  3.336 ms  2.852 ms
 8  10.241.1.1 (10.241.1.1)  2.542 ms  2.339 ms  3.231 ms
 9  1.186.191.10.dvois.com (1.186.191.10)  3.046 ms  3.076 ms  3.382 ms
10  216.239.62.212 (216.239.62.212)  3.290 ms  3.559 ms  3.466 ms
11  209.85.143.5 (209.85.143.5)  3.699 ms  3.250 ms  4.062 ms
12  bom05s08-in-f174.1e100.net (216.58.199.174)  3.739 ms  4.038 ms  3.803 ms

Assuming that I'm making a request to google.com

The first thing the IP packet originated from my machine would do add this bit inside packet.

  1. (My machine) source IP i.e assuming it is 192.168.0.100
    • also a port number is assigned from where the request was originated for simplicity let assume it is 6000
  2. destination IP i.e google.com IP 216.58.199.174 (also the destination port is assigned for simplicity let assume it is 80)
  3. my mac address

There other detail as well that an IP packet contain but let just focus on these 3 part

Now I know IP packet are transferred from source to destination with help of other devices / routers in hops (as can be seen in the traceroute output)

But what I'm not clear of whether the source IP & port inside the IP packet are update in Hop.

I'm assuming it does because that way it response coming from the server (google server over here) can be relayed back to the intended originator of the request (that is my laptop browser window).

So If what I'm assuming is correct. Here how things work then

On 1st Hop to my router my router update the source IP to 192.168.0.1 and source port to 6001(lets assume) Internally it maintain a reverse entry table telling that If I ever happen to receive a response on 192.168.0.1 at port 6001 then I have to route it to 192.168.0.100 to port 6000.

Like wise in each Hop(hop to 114.79.130.1.dvois.com , 1.186.191.10.dvois.com and others) a entry is update i.e source IP and source port(in IP packet) and reverse mapping is maintain to relay the response back.

Is my understanding correct?. Also a what happen to MAC in hop.


Solution

  • You need to look at the network layers. An application will send data to the Transport Layer, e.g. TCP.

    TCP has addresses called ports, and the application is assigned to one of the addresses, port 6000 in your example. TCP will segment these data and put TCP headers on the data segment. The TCP headers include the source and destination port number.

    TCP will send the segments to layer-3 (IPv4 or IPv6). IP will encapsulate the TCP segments into IP packets. The IP packet headers will contain the source and destination IP addresses.

    IP will send the IP packets to layer-2, e.g. ethernet. Not all layer-2 protocols use MAC addresses. MAC addresses are used by IEEE LAN protocols. Other layer-2 protocols use something else, or nothing at all for addressing. Ethernet will encapsulate the layer-3 IP packets in layer-2 ethernet frames. The ethernet frames will have the source and destination MAC addresses. The host (your computer) will mask both the source and destination layer-3 IP addresses to determine if the destination address is on the same LAN. If the destination is on the same LAN, the frames will be addressed with the MAC address of the destination host, otherwise they are addressed with the MAC address of the configured gateway as the destination host. This will require resolving the layer-3 addresses to the layer-2 addresses. ARP (Address Resolution Protocol) will look to see if the destination host MAC address is in its ARP cache. If not, it will send an ARP request to get the destination MAC address.

    Layer-2 will then send the frames to layer-1 (physical interface) to be encoded and placed on the wire.

    When the frame is received by the router, the layer-2 frame, including the MAC addresses, is stripped off the packet and discarded, losing the original MAC addresses. The router will decrement the TTL and create a new header checksum, and inspect the layer-3 IP packet for the destination address. The router will then look up how to get to the destination IP address in its routing table. If it doesn't find a route to the destination IP address in its routing table, the packet is discarded, otherwise the router will switch the packet to the next interface toward the destination and create a new layer-2 frame for the new interface. If the next interface is a WAN interface, it may use something like PPP that doesn't use MAC addresses.

    The next router in the path will get the new frame, and it will repeat the routing process. This happens until the packet gets to the last router, and the last router will put on a frame for the destination LAN. The destination host will process in reverse order from the sending host. The destination host will have the source layer-3 and layer-4 addresses from the packet and segment, and it can send back to the source using those addresses in the same manner that the original host was the sender.

    Routers are layer-3 devices, and they only look at the layer-3 packet, not into the layer-4 segment. A router will only change the TTL and Header Checksum fields of the packet.