Network Protocols: What They Are and How They Work

A network protocol is a set of rules and agreements used to facilitate communication between devices at a specific network layer. Protocols define and regulate how information is exchanged between participants in computer networks. Many protocols are involved in network operation. For example, loading a webpage in a browser is the result of a process governed by several protocols:

• HTTP: The browser forms a request to the server.
• DNS: The browser resolves the domain name to an IP address.
• TCP: A connection is established, and data integrity is ensured.
• IP: Network addressing is performed.
• Ethernet: Physical data transmission occurs between devices on the network.

These numerous protocols can be categorized according to the network layers they operate on. The most common network models are the OSI and TCP/IP models. In this article, we will explain these models and describe the most widely used protocols.

Key Terminology

This section introduces essential network-related terms needed for understanding the rest of the article.

Network. A network is a collection of digital devices and systems that are connected to each other (physically or logically) and exchange data. Network elements may include servers, computers, phones, routers, even a smart Wi-Fi-enabled lightbulb—and the list goes on. The size of a network can vary significantly—even two devices connected by a cable form a network. Data transmitted over a network is packaged into packets, which are special blocks of data. Protocols define the rules for creating and handling these packets.

Some communication systems, such as point-to-point telecommunications, do not support packet-based transmission and instead transmit data as a continuous bit stream. Packet-based transmission enables more efficient traffic distribution among network participants.

Network Node. A node is any device that is part of a computer network. Nodes are typically divided into two types:

• End Nodes. These are devices that send and/or receive data. Simply put, these are sources or destinations of information.
• Intermediate Nodes. These nodes connect end nodes together.

For example, a smartphone sends a request to a server via Wi-Fi. The smartphone and server are end nodes, while the Wi-Fi router is an intermediate node. Depending on node placement and quantity, a network may be classified as:

• Global Network. A network that spans the entire globe. The most well-known example is the Internet.
• Local Network (LAN). A network covering a limited area. For example, your home Wi-Fi connects your phone, computer, and laptop into a local network. The router (an intermediate node) acts as a bridge to the global network. An exception to geographic classification is networks of space-based systems, such as satellites or orbital stations.
• Distributed Network. A network with geographically distributed nodes.

Network Medium. This refers to the environment in which data transmission occurs. The medium can be cables, wires, air, or optical fiber. If copper wire is used, data is transmitted via electricity; with fiber optics, data is transmitted via light pulses. If no cables are used and data is transmitted wirelessly, radio waves are used.

OSI Model

In the early days of computer networks, no universal model existed to standardize network operation and design. Each company implemented its own approach, often incompatible with others.

This fragmented landscape became problematic—networks, which were supposed to connect computers, instead created barriers due to incompatible architectures. In 1977, the International Organization for Standardization (ISO) took on the task of solving this issue. After seven years of research, the OSI model was introduced in 1984.

OSI stands for Open Systems Interconnection, meaning systems that use publicly available specifications to allow interoperability, regardless of their architecture. (This "openness" should not be confused with Open Source.)

The model consists of seven network layers, each responsible for specific tasks. Let’s look at each:

1. Physical Layer

This layer deals with the physical aspects of data transmission, including transmission methods, medium characteristics, and signal modulation.

2. Data Link Layer

The data link layer operates within a local network. It frames the raw bit stream from the physical layer into recognizable data units (frames), determines start and end points, handles addressing within a local network, detects errors, and ensures data integrity. Standard protocols are Ethernet and PPP.

3. Network Layer

This layer handles communication between different networks. It builds larger networks from smaller subnets and provides global addressing and routing, selecting the optimal path. For example, the IP protocol, which gives each device a unique address, operates at this layer. Key protocols are IP and ICMP.

4. Transport Layer

The transport layer ensures end-to-end communication between processes on different computers. It directs data to the appropriate application using ports. Protocols such as:

• UDP — Unreliable transmission of datagrams.
• TCP — Reliable byte-stream transmission.

5. Session Layer

This layer manages communication sessions: establishing, maintaining, and terminating connections, as well as synchronizing data.

6. Presentation Layer

Responsible for translating data formats into forms understandable to both sender and receiver. Examples: text encoding (ASCII, UTF-8), file formats (JPEG, PNG, GIF), encryption and decryption.

7. Application Layer

The user-facing layer where applications operate. Examples include web browsers using HTTP, email clients, and video/audio communication apps.

Some OSI protocols span more than one layer. For instance, Ethernet covers both the physical and data link layers.

When data is sent from one node to another, it passes through each OSI layer from top to bottom. Each layer processes and encapsulates the data before passing it to the next lower layer. This process is called encapsulation.

On the receiving end, the process is reversed: each layer decapsulates and processes the data, from bottom to top, until it reaches the application. This is called decapsulation.

While the OSI model is not used in practical network implementations today, it remains highly valuable for educational purposes, as many network architectures share similar principles.

TCP/IP

While the OSI model was being developed and debated over, others were implementing practical solutions. The most widely adopted was the TCP/IP stack, also known as the DoD model.

According to RFC 1122, the TCP/IP model has four layers:

1. Application Layer
2. Transport Layer
3. Internet Layer (sometimes just called "Network")
4. Link Layer (also called Network Access or Interface Layer)

Though different in structure, TCP/IP follows the same fundamental principles as OSI. For example:

• The OSI session, presentation, and application layers are merged into a single application layer in TCP/IP.
• The OSI physical and data link layers are merged into the link layer in TCP/IP.

Since terminology may vary across sources, we will clarify which model we are referring to throughout this article.

Let’s take a closer look at each layer and the protocols involved, starting from the bottom.

Data Link Layer in TCP/IP

As mentioned earlier, the Data Link Layer in the TCP/IP model combines two layers from the OSI model: the Data Link and Physical layers. The most widely used data link protocol in TCP/IP is Ethernet, so we’ll focus on that.

Ethernet

Let’s forget about IP addresses and network models for a moment. Imagine a local network consisting of 4 computers and a switch. We'll ignore the switch itself; in our example, it's simply a device that connects the computers into a single local network.

Each computer has its own MAC address. In our simplified example, a MAC address consists of 3 numbers, which is not accurate in reality.

MAC Address

In reality, a MAC address is 48 bits long. It’s a unique identifier assigned to a network device. If two devices have the same MAC address, it can cause network issues.

The first 24 bits of a MAC address are assigned by the IEEE — an organization responsible for developing electronics and telecommunications standards. The device manufacturer assigns the remaining 24 bits.

Now, back to our local network. If one computer wants to send data to another, it needs the recipient's MAC address.

Data in Ethernet networks is transmitted in the form of Ethernet frames. Ethernet is a relatively old protocol, developed in 1973, and has gone through several upgrades and format changes over time.

Here are the components of an Ethernet frame:

• Preamble indicates the beginning of a frame.
• Destination MAC address is the recipient’s address.
• Source MAC address is the sender’s address.
• Type/Length indicates the network protocol being used, such as IPv4 or IPv6.
• SNAP/LLC and Data are the payload. Ethernet frames have a minimum size requirement to prevent collisions.
• FCS (Frame Check Sequence) is a checksum used to detect transmission errors.

ARP

So far, we’ve talked about a simple local network where all nodes share the same data link environment. That’s why this is called the data link layer. However, MAC addressing alone is not enough for modern TCP/IP networks. It works closely with IP addressing, which belongs to the network layer.

We’ll go into more detail on IP in the network layer section. For now, let’s look at how IP addresses interact with MAC addresses. Let’s assign an IP address to each computer:

In everyday life, we rarely interact with MAC addresses directly — computers do that. Instead, we use IP addresses or domain names. The ARP (Address Resolution Protocol) helps map an IP address to its corresponding MAC address.

When a computer wants to send data but doesn’t know the recipient’s MAC address, it broadcasts a message like: "Computer with IP 1.1.1.2, please send your MAC address to the computer with MAC:333."

If a computer with that IP exists on the network, it replies: "1.1.1.2 — that’s me, my MAC is 111."

So far, we've worked within a single network. Now, let’s expand to multiple subnets.

Network Layer Protocols in TCP/IP

Now we add a router to our local network and connect it to another subnet.

Two networks are connected via the router. This device acts as an intermediate node, allowing communication between different data link environments. In simple terms, it allows a computer from one subnet to send data to a computer in another subnet.

How does a device know it’s sending data outside its own subnet?

Every network has a parameter called a subnet mask. By applying this mask to a node’s IP address, the device can determine the subnet address. This is done using a bitwise AND operation.

You can check the subnet mask in Windows using the ipconfig command: 

In this example, the mask is 255.255.255.0.

This is a common subnet mask. It means that if the first three octets of two IP addresses match, they are in the same subnet.

For example:

• IP 1.1.1.2 and 1.1.1.3 are in the same subnet.
• IP 1.1.2.2 is in a different subnet.

When a device detects that the recipient is in another subnet, it sends data to the default gateway, which is the router’s IP address.

Let’s simulate a situation:

A device with MAC 111 wants to send data to the IP 1.1.2.3. The sender realizes this is a different subnet and sends the data to the default gateway. First, it uses ARP to get the MAC address of the gateway, then sends the packet.

The router receives the packet, sees that the destination IP is different, and forwards the data. In the second subnet, it again uses ARP to find the MAC address of the target device and finally delivers the data.

IP Protocol

The IP (Internet Protocol) was introduced in the 1980s to connect computer networks. Today, there are two versions:

• IPv4 – uses 32-bit addressing. The number of available IP addresses is limited.
• IPv6 – uses 128-bit addressing and was introduced to solve IPv4 address exhaustion. In IPv6, ARP is not used.

Both protocols serve the same function. IPv6 was meant to replace IPv4, but because of technologies like NAT, IPv4 is still widely used. In this guide, we’ll focus on IPv4.

An IP packet consists of the following fields:

• Version – IPv4 or IPv6.
• IHL (Internet Header Length) – indicates the size of the header.
• Type of Service – used for QoS (Quality of Service).
• Total Length – includes header and data.
• Identification – groups fragmented packets together.
• Flags – indicate if a packet is fragmented.
• Fragment Offset – position of the fragment.
• Time to Live (TTL) – limits the number of hops.
• Protocol – defines the transport protocol (e.g., TCP, UDP).
• Header Checksum – verifies the header’s integrity.
• Source IP Address
• Destination IP Address
• Options – additional parameters for special use.
• Data – the actual payload.

Transport Layer Protocols

The most common transport layer protocols in TCP/IP are UDP and TCP. They deliver data to specific applications identified by port numbers. Let’s start with UDP — it’s simpler than TCP.

UDP

A UDP datagram contains:

• Source port
• Destination port
• Length
• Checksum
• Payload (from the higher layer)

UDP’s role is to handle ports and verify frames. However, it does not guarantee delivery. If some data is lost or corrupted, UDP will not request a retransmission — unlike TCP.

TCP

TCP packets are called segments. A TCP segment includes:

• Source and destination ports
• Sequence number
• Acknowledgment number (used for confirming receipt)
• Header length
• Reserved flags
• Control flags (for establishing or ending connections)
• Window size (how many segments should be acknowledged)
• Checksum
• Urgent pointer
• Options
• Data (from the higher layer)

TCP guarantees reliable data transmission. A connection is established between endpoints before sending data. If delivery cannot be guaranteed, the connection is terminated. TCP handles packet loss, ensures order, and reassembles fragmented data.

Application Layer Protocols

In both the TCP/IP model and the OSI model, the top layer is the application layer.

Here are some widely used application protocols:

• DNS (Domain Name System) – resolves domain names to IP addresses.
• HTTP – transfers hypertext over the web, allowing communication between browsers and web servers.
• HTTPS – does the same as HTTP, but with encryption for secure communication.

DNS servers use UDP, which is faster but less reliable. In contrast, protocols like FTP and HTTP rely on TCP, which provides reliable delivery.

Other popular application protocols include:

• FTP (File Transfer Protocol) – for managing file transfers.
• POP3 (Post Office Protocol version 3) – used by email clients to retrieve messages.
• IMAP (Internet Message Access Protocol) – allows access to emails over the internet.

Conclusion

This guide covered the most commonly used protocols in computer networks. These protocols form the backbone of most real-world network communications. In total, there are around 7,000 protocols, many of which are used for more specialized tasks.