James's TCP/IP FAQ - Understanding IP Addresses

Disclaimer: The information on this page is for informational purposes only. It is not a definitive guide to TCP/IP protocols. Some information is presented in a simplified form that may not be 100% technically accurate, but should suffice as a starting point for people who are new to all this. Feel free to E-Mail me your comments at jvfields@camden411.com

I am preparing a web page covering the use of Internet "connection sharing" technologies because we are finally getting ADSL Internet access here in Southeast Georgia. I realized that many of the terms I was going to use on that page won't make much sense to the average home user. This FAQ is an attempt to provide the necessary background information to bring the beginner up to speed. This FAQ is broken down into 3 parts (I recommend that they be read in order):

Introduction to TCP/IP and IP Routing (This page)
Port Numbers and TCP/UDP Applications
Networking Hardware

Introduction

The Internet is often referred to as a "TCP/IP" network. Every network uses a set of rules to govern how computers send and receive information. These rules are called "protocols." A set of protocols is sometimes referred to as a protocol "suite" or "stack" and all computers on a network have to use the same protocols if they want to talk to one another. "TCP/IP" is the name given to the protocol suite used by computers on the global Internet, and as such it is no surprise that most corporate and home networks are also using TCP/IP as well.

There are many parts to a protocol suite. Some protocols governs the physical characteristics of the network hardware and wires. Some govern the way specific applications talk to one another. The name "TCP/IP" actually refers to two parts of a protocol suite which govern how packets of information get from one computer to another, and how they get to the correct application within a given computer.

IP - Internetworking Protocol (From My House to Your House)

When you send information out over the Internet, something magic happens - your transmission (usually) gets to the right computer out of the millions that make up the Internet. It is the job of the "network layer" protocols to see that this happens. The network layer protocol used on the Internet is called the Internetworking Protocol, or simply IP.

The IP protocol works a lot like sending mail through the postal service. It makes use of addresses to tell where to send the "mail" which in this case is composed of information packets. We break down information into packets because we want lots of computers to be able to talk to one another at the same time, and so we make each computer break the message it has to send into small parts. Those parts are all intermingled together on the wire. Sometimes it is more appropriate to call the parts "frames" but it is most common to call them "packets" and that's what we'll use in this discussion.

IP Addresses

Just like the postal service sending a piece of mail, each packet has to have the address of the computer that is supposed to receive it (the destination address). For reasons we'll get to shortly, every packet also has to have the address of the computer that sent it as well (called the source address), just like putting a return address on a piece of postal mail. Therefore, we can say that each machine that wishes to talk on the network has to have an address - called an IP address. As a general rule, every machine has to have a unique address, although in my FAQ on connection sharing I will talk about ways to violate that rule.

An IP address is made up of four 8-bit numbers. Each of these numbers is separated by a decimal point. Since an 8 bit number can represent the decimal values 0-255, each of the four parts of an IP address can only be in that range. A typical address might look like 209.176.20.69 (this is the IP address of the web server which sent you this page).

Networks - Groups of IP Addresses

IP addresses can be grouped together to form a logical unit called a "network" or a "subnetwork" or a "domain". Don't worry too much about which is correct for now - we'll call this kind of grouping a "network". We can tell whether a computer is part of our own local network by comparing the other computer's IP address to our own, and using something called a "subnet mask" or a "netmask." A netmask tells us that all the computers on our local network have a common set of numbers in the IP address. The netmask defines which part of the IP address identifies the local network, and which part identifies the individual machine.

For example, let's say your computer's IP address is 192.168.1.1. You have a subnet mask of 255.255.255.0. This netmask says that all 8 bits in the first 3 numbers (called octets) are used to define the network, and all 8 bits in the 4th number are used to define individual machines on the network. If you are trying to reach computer 192.168.1.5, the netmask tells us this is on the same network as your own machine. But a computer with IP address 192.168.6.10 would be on another network - notice that part of the first 3 numbers is different.

The reason all this is important is that the computers use IP addresses in their packets, but they also use a different kind of "hardware" address at the wire level. If your computer determines from the netmask and destination IP address that another machine is on your local network, it can send a query out on the local network asking for the hardware address of the other machine and then send the packet. If it determines that the other machine is on a different network, your computer will need to send the packet to a router instead. A router is a device that interconnects two or more networks. More often than not, you'll have a single router that connects your network to the others. This router will be your "default gateway" to the rest of the world.

Finding IP Addresses of Other Computers

So - we have a lot of information that we need to know in order to send packets to another machine. We need to know the IP address of the destination computer, the IP address of our own computer (the source), the subnet mask that defines our local network, and the IP address of the router that acts as our default gatway. How do we find out all of these pieces of information? Let's start with the IP address of the OTHER computer.

When you want to look at my web site, you don't type in 209.176.20.69 on the URL bar in your web browser. You type in www.camden411.com, or perhaps you click on a link in another web page that points to that name. Most of the machines we need to reach on the Internet have these "names" that are more like plain English than a collection of numbers. Somehow your computer translates from the name to the IP address. There is no real magic here - it's a staightforward lookup in a file somewhere that says "www.camden411.com = 209.176.20.69". This file can be resident locally on your computer, but that wouldn't be practical on a huge Internet with millions of possible computers for us to talk to.

Instead, we usually put these files on special servers called Domain Name Service (DNS) servers. Each network runs its own DNS servers with the lookup tables for all the local machines. Further, a properly configured DNS server also knows how to reach other DNS servers on the Internet for information it doesn't have in the local tables. You tell your computer the IP address of the DNS servers, and whenever you try to get to another machine by name, your computer will ask the DNS server to find out the IP address for you.

Although using DNS servers relieves us from having to know the IP addresses of all those potential destination machines, it does require us to know something in addition to the information we listed above - that is, we have to know the IP addresses of the DNS servers themselves. So now, our list of things we have to know is:

Source IP Address (our own computer)
Subnet Mask (defines our local network)
Default Gateway IP Address (the router to everything else)
DNS Server Addresses (to look up destination IP addresses)

Finding Our Own IP Address (And Other Stuff)

Where do we get all that information? There are two general methods for defining all this stuff. The first is a manual process of assigning all these numbers and configuring them on the local machine. This works fine for small networks with only a handful of computers, and for people who know how to do the configuration without screwing up their computers.

For larger networks, and for end-users who may not have the knowledge to manually configure everything, there are automated or "dynamic" methods of having it done for us. The most common on business networks is called DHCP - Dynamic Host Configuration Protocol. If your computer is configured to use DHCP, every time it is booted the computer will send out a request on the network asking for the basic network configuration settings. A special server (a DHCP server) will respond with an IP address for the computer to use, the subnet mask, the gateway router address, and the DNS server addresses.

On dialup networks such as those run by many Internet Service Providers, we connect using PPP (Point-to-Point Protocol) which does something similar to DHCP, except that the user is normally required to supply a username and password as well. Once the user is authenticated, the same types of information are sent to the computer - IP address, subnet mask, gateway router address, and DNS server addresses.

How The Addresses Are Used

So - let's look at a simplified example of all this in action. Let's suppose you know none of the details of how you are connected to the Internet, except that you dial up your provider when you want to surf. You click on the "dialup networking" icon and the modem dials. You may be prompted for a username and password (or you might have instructed your computer to remember them for you and supply them automatically). Once authenticated, your Internet provider will assign your computer an IP address, a subnet mask, a gateway router, and DNS server addresses.

Now you fire up a web browser (Internet Explorer or Netscape) and on the URL bar at the top you type "www.camden411.com." First, your computer needs to know the IP address of that computer. It doesn't - but it does know the IP addresses of the DNS servers. Your computer formulates a query to send to the DNS server asking for the IP address of www.camden411.com. The DNS server doesn't know that address either, but it knows how to forward the request along to the DNS server for the camden411.com domain, which does know the answer. The IP address for www.camden411.com is sent back through your DNS server to you. Now your web browser software can formulate packets to send to the actual computer running that web site. Each packet will contain both the destination IP address of the web server and also your own IP address as the source. This is important - the web server has to know where to send the replies! Since the IP address of the web server is not on the local network, your computer will actually give the packets to the default gateway router. That router will forward it along to the router that acts as a gateway for the camden411.com network (probably not directly - there may be many routers in between).

Next Up: Port Numbers...

Now that you have a basic understanding of how packets get from one computer to another through a network, you are ready to learn how packets coming into your machine get routed to the right application - how the web packets get to the browser, E-Mail packets get to the mail software, etc. Check out my page on Port Numbers to start learning!