🌐 Networking Fundamentals Part 3 Protocols & Advanced Concepts

Networking Fundamentals —
Protocols, Routing & VLANs

TCP/IP stack, TCP vs UDP, ports, ARP, NAT, routing, VLANs, and the complete end-to-end journey of a packet to Google and back.

🕐TCP/IP & Transport
🌍ARP, NAT & Routing
🔌VLANs & Packet Journey
🌐  Where We Are — The Big Picture
Introduction

The Big Picture

Parts 1 and 2 covered the first two layers of networking: the Data Link Layer (NICs, Ethernet, Switches, Bridges) and the Network Layer (IP Addresses, Subnet Masks, Gateways, DHCP). Together they allow devices to communicate locally and across different networks.

Part 3 goes deeper — into the protocols that enable reliable communication (TCP/IP), address resolution (ARP), address translation (NAT), intelligent routing, logical network segmentation (VLANs), and finally the full end-to-end journey a packet takes when you visit google.com.

Big Picture: Networking Fundamentals from Physical Connectivity to Logical Communication. Part 1 Data Link Layer with NICs Ethernet Switches Bridges. Part 2 Network Layer with IP Addresses Subnet Masks Gateways DHCP. End-to-End Communication showing Layer 2 local delivery MAC and Layer 3 network delivery IP.
The Big Picture — how Parts 1 & 2 combine into end-to-end communication (Layer 2 local delivery + Layer 3 network delivery)
🕐  TCP/IP Stack
2TCP/IP

The TCP/IP Stack

TCP/IP (Transmission Control Protocol / Internet Protocol) is the set of rules that allows devices anywhere in the world to communicate. Think of it as a delivery company — four layers, each with a specific job, working together to move data from an application on your device to a server on the other side of the world.

#LayerJobKey Protocols
1Application LayerWhat information to sendHTTP, HTTPS, FTP, DNS, SMTP, SSH
2Transport LayerReliability & port numbersTCP, UDP
3Internet LayerIP addressing & routingIP, ICMP, ARP
4Network Access LayerPhysical transmissionEthernet, Wi-Fi
3Application Layer

Application Layer

This is where applications live — Chrome, Firefox, WhatsApp, email clients, file transfer tools. The Application Layer decides what information should be sent. When you open google.com, your browser creates an HTTP request (GET / HTTP/1.1) and hands it to the layer below.

4Transport Layer

Transport Layer

The Transport Layer is responsible for reliability, port numbers, data segmentation, and error recovery. It breaks application data into smaller segments (or datagrams for UDP), adds port numbers so the receiving OS knows which application to deliver to, and handles retransmission of lost data (TCP only).

TCP/IP Stack: What is the TCP/IP Stack (delivery company analogy with 4 layers: Application Transport Internet Network Access), Application Layer (where apps live, Chrome Firefox WhatsApp, HTTP HTTPS SMTP FTP DNS SSH, creates GET HTTP request), Transport Layer (TCP Reliable Connection-Oriented and UDP Fast Connectionless, breaks data into segments, reliability port numbers data segmentation error recovery)
TCP/IP Stack — 4-layer model, Application Layer (what to send, HTTP request), Transport Layer (TCP vs UDP, segmentation)
🔌  Transport Protocols
5TCP

TCP — Transmission Control Protocol

TCP is reliable. It guarantees delivery, correct order, error checking, and retransmission of lost data. Before any data transfers, TCP establishes a connection using the Three-Way Handshake:

StepMessageMeaning
1SYNClient to Server: "Can we talk?"
2SYN-ACKServer to Client: "Yes, I can hear you."
3ACKClient to Server: "Connection established."

Use TCP when: reliability is critical, data accuracy matters. Examples: web browsing, email, file transfer.

6UDP

UDP — User Datagram Protocol

UDP is faster than TCP but provides no guarantees — no delivery confirmation, no ordering, no retransmission. Think of it as throwing a message over a wall: fast, but no confirmation it arrived. Use UDP when: speed and low latency are critical and some data loss is acceptable. Examples: online gaming, voice/video calls, live streaming, DNS queries.

💡
Simple Rule
TCP: Registered courier — every page delivered in order, missing pages resent. UDP: Throw message over wall — fast, but no guarantee.
TCP vs UDP: TCP (Transmission Control Protocol) is reliable with guaranteed delivery correct order error checking retransmission, Three-Way Handshake SYN SYN-ACK ACK diagram with Client and Server, TCP Guarantees (Reliable Delivery Ordered Delivery Error Checking Retransmission). UDP (User Datagram Protocol) is faster, no guarantee, Why Use UDP (Online Gaming Voice Calls Video Calls Live Streaming DNS Queries small losses acceptable low latency important), UDP Characteristics (Faster No Guarantee No Ordering No Retransmission). When to Use Which comparison.
TCP vs UDP — reliability guarantees, Three-Way Handshake (SYN/SYN-ACK/ACK), UDP use cases, when to use each
🔌  Ports
7Ports

Ports

Many applications share one IP address. The OS needs a way to know which application should receive incoming data. Ports solve this — they identify specific applications or services on a device. Think of an IP address as an apartment building and a port as the apartment number.

Example: 192.168.1.10:443 — building = IP, apartment = port 443 (HTTPS). Ports live at the Transport Layer and are used by both TCP and UDP.

8Common Ports

Common Ports

PortProtocolUsed For
20/21FTPFile Transfer Protocol
22SSHSecure Shell (Remote Login)
25SMTPSimple Mail Transfer Protocol
53DNSDomain Name System
80HTTPHyperText Transfer Protocol
443HTTPSHTTP Secure (SSL/TLS)
3389RDPRemote Desktop Protocol
3306MySQLMySQL Database
Ports infographic: Section 7 Ports (many apps share one IP, which application should receive data, example 192.168.1.10:443 building is IP apartment is port, Real Life Analogy apartment building with IP Address and Port apartment number, Where Do Ports Belong Transport Layer 4 process-to-process communication TCP Connection-Oriented and UDP Connectionless, Ports identify Applications not devices not networks). Section 8 Common Ports table (FTP 20/21 SSH 22 SMTP 25 DNS 53 HTTP 80 HTTPS 443 RDP 3389 MySQL 3306).
Ports — apartment building analogy, Transport Layer placement, port identifies the application; Common Ports reference table
🔌  ARP & NAT
9ARP

ARP — Address Resolution Protocol

ARP is one of the most important protocols inside LANs. The problem it solves: you know the destination’s IP address, but Ethernet requires a MAC address to actually deliver the frame. ARP answers the question: “Who owns this IP address?”

The ARP process has three steps: (1) PC broadcasts “Who has 192.168.1.20?” to everyone, (2) the target replies with its MAC address via unicast, (3) communication begins. The result is stored in the ARP cache to avoid repeating the broadcast for every packet.

10NAT

NAT — Network Address Translation

Your home devices use private IP addresses (192.168.x.x) that cannot travel across the Internet. NAT, running on your router, translates private addresses to the router’s public IP when traffic leaves your network — and translates incoming replies back to the correct private device.

Why NAT exists
Without NAT, every device would need a public IPv4 address — IPv4 would have been exhausted much sooner. NAT conserves IPv4 addresses and adds a basic layer of security by hiding internal device addresses.
ARP and NAT infographic: ARP (Address Resolution Protocol) problem (IP known but Ethernet needs MAC), ARP Process (1 broadcast Who has 192.168.1.20, 2 destination replies My MAC is AA:BB:CC:DD:EE:FF unicast, 3 communication begins), ARP Cache table (192.168.1.20 AA:BB:CC:DD:EE:FF Dynamic 2:15). NAT (Network Address Translation) problem (private 192.168.x.x cannot travel Internet), How NAT Works (Laptop Phone PC with private IPs to Router with public IP 49.x.x.x to Internet web server), NAT Translation outbound (192.168.1.10:51514 to 49.x.x.x:62001 to 93.x.x.x:80) and return inbound, Why NAT Exists (conserves IPv4 adds security).
ARP (broadcast → unicast reply → cache) and NAT (private → public translation, outbound/inbound, why it exists)
🌍  Routing
11Routing

Routing

Routing means determining the best path for packets to travel from source to destination. When you access google.com, your packet hops through multiple routers: Home Router → ISP Router → Regional Router → Backbone Router → Google. At each step, the router asks: “Where should this packet go next?”

12Router

What is a Router?

A router connects different networks. Unlike switches that ask “Which port?” (based on MAC), routers ask “Which network?” (based on IP). Routers make forwarding decisions using IP addresses and routing tables and perform four key functions: connect different networks, determine the best path, forward packets based on IP, and reduce broadcast domains.

13Switching vs Routing

Switching vs Routing

FeatureSwitching (Layer 2)Routing (Layer 3)
UsesMAC AddressIP Address
Works atData Link Layer (L2)Network Layer (L3)
PurposeMove frames within same networkMove packets between networks
Simple ruleSwitch = Inside CityRouter = Between Cities
Routing Router and Switching vs Routing infographic: Section 11 Routing (determining best path for packets, example to google.com through Home Router ISP Router Regional Router Backbone Router Google, each router decides where should packet go next). Section 12 What is a Router (connects different networks, uses IP not MAC addresses, Network A 192.168.1.0/24 and Network B 10.0.0.0/24 via Router, Switch asks which port Router asks which network, Router Functions connect different networks determine best path forward packets reduce broadcast domains). Section 13 Switching vs Routing table (Layer 2 MAC Data Link frames within network vs Layer 3 IP Network packets between networks, Simple Rule Switch Inside City Router Between Cities).
Routing (packet path to Google), What is a Router (IP-based, connects networks), Switching vs Routing comparison (Layer 2 MAC vs Layer 3 IP)
🔌  VLANs
14VLAN

VLAN — Virtual Local Area Network

One of the most important enterprise networking concepts. VLANs allow one physical switch to behave like multiple logical switches. Without VLANs on a switch with HR, Finance, and Engineering departments: everyone is on the same Layer 2 network, broadcasts reach everyone, ARP reaches everyone, and traffic is less isolated.

With VLANs: assign VLAN 10 = HR, VLAN 20 = Finance, VLAN 30 = Engineering. Each VLAN is a separate broadcast domain. Frames are forwarded only within the same VLAN. Traffic between VLANs requires a router (Layer 3 device). Result: logical segmentation on one physical switch.

🔒

Better Isolation

HR cannot see Finance traffic even on the same switch.

Better Performance

Reduces unnecessary broadcast traffic across all ports.

Manageability

Organize network logically regardless of physical location.

🏛

Enterprise Standard

Essential in any production network with multiple departments.

VLAN infographic: VLAN stands for Virtual Local Area Network. Why VLAN Exists (one switch with HR Finance Engineering without VLAN everyone same L2 network broadcasts reach all). VLAN Solution (VLAN 10 HR VLAN 20 Finance VLAN 30 Engineering separate L2 networks). Key Concept (Switch decides which port vs VLAN decides which network using VLAN membership). How VLAN Works (ports assigned to VLANs, frames forwarded only within same VLAN, inter-VLAN needs router, one physical switch multiple logical switches). Port vs VLAN table (Port in Transport Layer used by Applications example 443 3306 22 identifies Application/Service vs VLAN in Layer 2 used by Switches example VLAN10 20 30 identifies Network/Broadcast Domain). Think Simple Terms (Port equals Apartment Number VLAN equals Entire Apartment Building). VLANs create multiple virtual networks improve security performance reduce broadcast essential in enterprise.
VLAN — why it exists, VLAN solution (logical segmentation), how VLANs work (4 steps), Port vs VLAN comparison, apartment building analogy
15Access Ports

Access Ports, Trunk Ports & VLAN Tagging

Access Ports

An access port belongs to exactly one VLAN. It connects end devices (PCs, printers, phones) to the switch. Frames leaving an access port are untagged — the device has no idea it’s part of a VLAN.

16Trunk Ports

Trunk Ports

A trunk port carries multiple VLANs over a single physical cable — used to connect switches together. Traffic on a trunk contains VLAN tags so the receiving switch knows which VLAN each frame belongs to.

17VLAN Tagging

VLAN Tagging — IEEE 802.1Q

VLANs use the IEEE 802.1Q standard. When traffic leaves an access port and enters a trunk, the switch inserts a 4-byte tag into the Ethernet frame containing the VLAN ID. This tag tells other switches which VLAN owns the frame. When the frame reaches its destination access port, the tag is removed.

Access Ports Trunk Ports and VLAN Tagging: Section 15 Access Ports (belongs to single VLAN, PC connected via switch port to VLAN 10, used for PCs Printers Phones, access port equals 1 VLAN untagged frames belong to that VLAN). Section 16 Trunk Ports (carries multiple VLANs, Switch A connected via Trunk to Switch B, traffic contains VLAN tags multiple VLANs share same cable, carries VLAN 10 20 30, trunk port equals many VLANs tagged frames carry VLAN info). Section 17 VLAN Tagging IEEE 802.1Q (switch inserts info into Ethernet frame, example VLAN tags VLAN 10 or VLAN 20, tells other switches which VLAN owns frame). How VLAN Tagging Works 802.1Q showing Ethernet frame with Preamble Destination MAC Source MAC 802.1Q Tag TPID 0x8100 TCI VLAN ID Priority EtherType Payload FCS.
Access Ports (single VLAN, untagged), Trunk Ports (multiple VLANs, tagged), VLAN Tagging IEEE 802.1Q (4-byte tag in Ethernet frame with TPID and TCI fields)
📌  Broadcast Domains & The Packet Journey
18Broadcast Domain

Broadcast Domain

A broadcast domain is a group of devices that receive each other’s broadcasts. Without VLANs, an entire switch is one broadcast domain — every device receives every broadcast. With VLANs, each VLAN becomes its own separate broadcast domain, reducing unnecessary traffic and improving security.

19Packet Journey

How a Packet Travels to Google

This is the complete end-to-end journey that combines everything from Parts 1, 2, and 3:

StepWhat happensLayer/Protocol
1User types google.com in browserApplication Layer
2DNS resolves google.com → 142.250.72.14DNS (Port 53)
3Browser creates HTTPS requestHTTP/HTTPS (Port 443)
4TCP creates connection (Three-Way Handshake)TCP, Transport Layer
5IP layer creates packet (adds Source & Destination IP)IP, Network Layer
6ARP finds gateway’s MAC addressARP, Data Link Layer
7Ethernet frame created (Source & Destination MAC added)Ethernet, Data Link Layer
8NIC transmits data as bits onto the wirePhysical Layer
9Switch forwards frame based on MAC address tableLayer 2 Switching
10Router receives packet, checks destination IPLayer 3 Routing
11NAT converts private IP → public IP (203.0.113.5)NAT
12Internet routers forward packet to GoogleInternet Routing
13Google server processes requestApplication Layer
14Response follows reverse path back to your deviceAll layers reversed
Broadcast Domain and How a Packet Travels to Google: Section 18 Broadcast Domain (without VLANs entire switch is one broadcast domain, with VLANs VLAN 10 and VLAN 20 are separate broadcast domains reducing unnecessary traffic). Section 19 How a Packet Travels to Google (14 steps: 1 user types google.com 2 DNS resolves to IP 3 browser creates HTTPS 4 TCP creates connection port 443 5 IP layer creates packet src+dst IP 6 ARP finds gateway MAC 7 Ethernet frame created src+dst MAC 8 NIC transmits bits 9 Switch forwards by MAC table 10 Router checks destination IP 11 NAT converts private to public IP 12 Internet routers forward 13 Google processes 14 response returns, Network Path Overview showing Your Device Switch Router/Gateway NAT Internet Google Server).
Broadcast Domain (per VLAN), and How a Packet Travels to Google — complete 14-step end-to-end journey with all protocols
Reference

Part 3 Summary

✅ Key Concepts from Part 3
  • TCP/IP Stack — 4 layers: Application (what to send), Transport (reliability+ports), Internet (IP routing), Network Access (physical).
  • Application Layer — where apps live; creates HTTP/HTTPS/FTP/SSH/DNS/SMTP requests.
  • Transport Layer — breaks data into segments; uses port numbers; TCP (reliable) or UDP (fast).
  • TCP — Transmission Control Protocol; Three-Way Handshake (SYN/SYN-ACK/ACK); guarantees delivery, order, error checking, retransmission.
  • UDP — User Datagram Protocol; no guarantees, lower latency; for gaming, voice, video, DNS.
  • Ports — identify applications (not devices); live at Transport Layer; IP = building, Port = apartment. Key ports: SSH 22, HTTP 80, HTTPS 443, DNS 53.
  • ARP — Address Resolution Protocol; resolves IP → MAC via broadcast; result stored in ARP cache.
  • NAT — Network Address Translation; translates private IPs → public IP at router; conserves IPv4 addresses.
  • Routing — determining best path for packets across networks; each router decides "where next?"
  • Router — Layer 3 device using IP addresses; connects different networks; uses routing tables.
  • Switching vs Routing — Switching (L2, MAC, within network). Routing (L3, IP, between networks).
  • VLAN — Virtual LAN; one switch = multiple logical networks; better security, performance, isolation.
  • Access Port — belongs to one VLAN; untagged frames; connects end devices.
  • Trunk Port — carries multiple VLANs; tagged frames; connects switches.
  • 802.1Q — VLAN tagging standard; switch inserts 4-byte VLAN ID tag into Ethernet frame on trunks.
  • Broadcast Domain — group receiving broadcasts; each VLAN = one broadcast domain.
  • Packet to Google — 14 steps: DNS → TCP → IP → ARP → Ethernet → Switch → Router → NAT → Internet → Google → reverse path.
🏦
Congratulations
Parts 1, 2, and 3 together cover the complete networking fundamentals stack — from physical hardware through IP addressing to application protocols and how it all combines into real-world communication.

Networking Fundamentals — Part 3: Protocols, Routing & VLANs