Jump to content
RESET Forums (homeservershow.com)
  • A (much) more advanced look at Home Networking


    by AJ Peck (aka usacomp2k3)


    I hope ya’ll enjoyed reading An Introduction to Home Networking. That gave an overview of some of the basic features of networking and how it relates to many home users. If you’ll join me for another minute (or twenty) to go a little deeper and explore some of the more advanced aspects of networking. While I will use more examples from my own home network, the concepts and wording should extend to other home environments as well. Beware that this is much more in depth and rather long, so feel free to skip sections as needed. I will, at times, try to simplify terminology (both intentionally and not) and apologize if I’m not 100% accurate when doing so.


    So we left off last time just talking about the basic aspects of IP addresses, so let’s go a little deeper. Each network device needs to have a unique address (or else major problems will exist).

    MAC Address

    Each device on the network is programmed from the factory with a (mostly) unique MAC address, or Media Access Control address. This address is a group of 6 pairs of hexidecimal digits, for example 00-15-58-7D-AC-C1. This means there are 18 billion, billion (1.8447 x10^19) possible combinations. This address is what your switch uses to route information to/from each device. While the network device has its MAC address set with a unique value, this can actually be changed, called spoofing. There aren’t many good reasons to change it, but I thought it was worth noting.


    The MAC address is temporarily tied to your IP address when you are on the network. If you open a command prompt and type in “arp –a” it will show you a list of the locally cached IP addresses and their corresponding MAC addresses. When one devices communicates with another on the network, it does much more than say “Hey, xbox, read this”. It looks at it’s internally cached list of devices and if the destination device is there, it will embed that device’s IP address and MAC address in the packet, along with the sender’s addresses. If the source device doesn’t have information about the destination address beyond the name, it will query the DNS server for information about that name. The DNS server will respond with an IP address, and then the sending device can send out the packet of information to the destination address.

    IP addresses – take 2

    Here’s a screenshot from my router configuration screen.




    The first item to note is the DHCP Server Settings. I have the DHCP (Dynamic Host Configuration Protocol) server turned on, and have told it to assign addresses from .100 to .199 (each of the 4 octets of the address is 1 byte (2^8), and can go from .001 to .255). It pulls the first 3 values from the Router’s IP address (which in this case is This means that all assigned address will be 192.168.0.*. This is known as a class “C” network and you can have 255 devices on this network. DHCP servers have a setting that is called the “Lease Time”. As it sounds, this is the length of time that the DHCP server will reserve the address for a given device. My example above is 3 hours. Let’s look at an example of how this works. The .101 address above was assigned at 8:16pm on April 2nd. (Interesting. Apparently my router’s clock was off. I have since reset it ) What this means is that on or before 11:16pm, the router will try to renew the assignment. If Computer 4 isn’t present at this time, then that .101 address will go back into the pool to be available to assign to the next device which requests an address.


    Many home routers have a feature called “DHCP Reservations”. Just like the name implies, the DHCP server can reserve certain addresses and assign them to specific devices. It does this by use of the MAC address. When a device requests an IP address from the DHCP server, the server will check to see if the requester’s MAC address is in the reserved list. If it is, the device will be assigned the reserved address. If it isn’t, the device will be assigned the next sequential number that is available.


    In the example above, I have 2 devices that have their IP addresses reserved: my HP 4100 LaserJet printer, and my HP ex470 Windows Home Server. This way, whenever a computer needs to connect to either of those devices, the IP address is always the same. Many people ask about assigning a static IP for a device, especially a Home Server. While you can still do this, I personally think it is much easier to use the idea of Reservations to simulate a static IP. If you want a true static IP, then you have to log into the server, go to the network properties, and assign the IP address, DNS server, subnet mask, etc. If you use the reservation, there is no configuration needed on the device, because from its perspective, it is getting assigned a regular address via DHCP. It’s just coincidence that the same address is always assigned. Fun huh.


    One last thing to note here is that your router gets assigned an IP address from your ISP (Internet Service Provider) pretty much the same way. They have a range of addresses to assign to the connected devices. You can go days/weeks/months even with the same External IP address. Or, if there is an network outage or something like that, then things are likely to get shaken up and you’ll get a new address (Assuming you don’t have a static IP like most business-class connections).

    Subnet Mask & Default Gateway

    If you run the “ipconfig” command, you will see what is listed as the subnet mask. This will almost always be The function of the subnet mask is to quickly determine what addresses are in your local network. What the subnet mask says is that all addresses with different numbers in the first 3 octets from the device are in different subnet. All address with the same values in the first 3 are in the same subnet. For example, with a subnet mask of, devices with IP addresses and are in the same subnet, while is on a different subnet. Remember before that the computer had to get the IP address? Well now that it has the IP address, the device will now have to figure out how to connect to that server. So using the other example before, Bing.com is going to have an IP address that is outside pretty much every personal subnet. So the device will now have to figure out how to connect to that server. For addresses outside the device’s subnet, the next step is to contact what is known as the default gateway. This setting is given to the device by the DHCP server or statically assigned. Again, for home uses, the router is going to be the Default Gateway. This means that most home routers serve as the DHCP server, the DNS server, and the Default Gateway. (And again, the ISP is going to serve those same functions for the router on the next step up the chain.) The subnet mask can be set to other values, but for most home networks, this is how it is.


    Before we go any further, let’s look at the DNS. DNS stands for Domain Name System. Basically, it is a predefined structure for naming devices on a network. Each device on the network has a self-given name that is easily changeable, such as “MediaCenterComputer”. When a device joins the network and gets an IP address via DHCP, the DHCP server gives it information about the DNS server(s) that should be used. For most home networks, the router functions as both your DHCP server and the local DNS server.


    One thing to point out is that there often are multiple DNS servers set. This serves mostly as a fail-over. However, if you have multiple DHCP servers in your network, then you are going to need to make sure that certain settings are made. Let’s look at a semi-common scenario. Say you have your main router, at assigning addresses in the** range. Now if you wanted to put in a second router (maybe the main router isn’t wireless and you want to add a wireless router), then you have to do a couple of things. First, you have to give an IP address to router #2. This can be done by statically assigning one, or by plugging router #1 into the WAN port of router #2. This will allow router 2 to get a DHCP-assigned IP address from router #1. This should also automatically set as a DNS server for router2. When you turn on a wireless device and go to get an IP address, it will get it from router #2 in the 192.168.1.* range. So what happens when the wireless device tries to use the network? Let’s use the example of a laptop trying to connect to Bing.com. The web browser sends a request to Bing.com to receive the web page contents. The first check is the laptop looks in its internal cache (this includes the hosts file) to see if it knows what IP address Bing.com has. If it doesn’t, it will then go to the DNS server that it is configured to. In this case, it is If router #2 doesn’t know Bing’s address, it will then move up the chain one step, which is If router #1 doesn’t know what Bing’s address is, it will move another step, which is most often the ISP’s DNS server. One thing that you will note is that the router that connects to the outside network will oftentimes have multiple DNS server addresses. In addition to being able to move up the chain, the network settings allow multiple DNS servers to be specified. The reason for this is that if the device can’t connect to the first specified DNS server, then it will check the second. Also, if the first DNS server can’t resolve the name (resolve means to associate a device name to an IP address), it will check the 2nd.

    ipv6 vs ipv4

    There is quite a bit of conversation going about this fairly new protocol. While I don’t completely understand every facet of ipv6 (I never claimed to be the source of all knowledge), I will point out the aspects that make a difference to most people. The first and most obvious difference is the addressing space. With ipv4 IP addresses (which is what I have been referencing this whole time, and will continue to do so unless otherwise stated), there are 255*255*255*255 available numbers. If you remember, there are 1.8 E 19 possible MAC addresses, but only 255^4 or 4.2 billion available IP addresses. While that may seem like a lot, just think about how connected devices are becoming in today’s day in age. In short, we are running out of addresses. ipv6 (Internet Protocol version 6) now allows for 3.4 E 38 addresses, which is more than enough for the foreseeable future. The address is arranged in the *:*:*:*:*:*:*:* format, as opposed to *.*.*.* Each of those groups now support 65,536 values, again usually represented in hexadecimal format. The other couple benefits are that the packets are arranged differently (I’ll explain more about packets in a bit, although that will again be limited to ipv4), and the IP addresses are (mostly) unique.


    In terms of adoption, Microsoft added ipv6 to Windows XP in Service Pack 1, and it is present and enabled by default in Windows Vista & Windows 7. In 2008 the IANA (the group that oversees DNS) turned on ipv6 on some of its main DNS servers. Comcast announced in January 2010 that they are running public trials of ipv6. The last step for being able to connect to ipv6 internet sites is that your router needs to support it. Unfortunately there aren’t really any home routers that support native ipv6. There are ways to get around it (6to4) which basically allows for ipv6 over ipv4, but this is a temporary solution until ipv6 is further along in adoption and native ipv6 is possible. Apples Airport Extreme, the Linksys WRT610N, and the D-Link DIR-615, for example, all have 6to4 support built in.


    Anyone that has used Windows 7 and Homegroups has actually used ipv6. Unfortunately I haven’t been able to find as much information as I’d like with details about what aspects of ipv6. All I know is that Homegroup requires the use enabling of ipv6. I hope to update once more details become available.

    Packets & Layering

    The next item that we will look at is layering and packets. When any communication happens across the network, this data is broken into pieces, known as packets. The amount of information being transmitted dictates how many packets are used to send the full message. One interesting thing to note is that when you are sending multiple packets, those packets don’t form a single-file-line down from one the source to destination. As each packet is transmitted, the router decides the best route that said packet should take. A 3 packet message could take 3 different routes from source to destination. Or they could all go together; it is highly dependent on what is going on. The reason for this is that if there is a broken link or there are slowdowns in one segment of the route, the router will send the next packet using a different route so that each one travels as fast as possible.


    Getting back to the packet explanation. Think of each packet as a series of nesting dolls, with each of the dolls called a layer. There is a specific model called the OSI 7-layer Model which is a formal way to describe digital data communication. The TCP/IP model, which is what we will be talking about here, can be thought of as a similar, but less formal way of describing communication that is specifically network traffic. We’ll briefly look at the differences with the OSI model that once we go over the TCP/IP model.




    There are four layers in the TCP/IP model. The innermost layer is the Application Layer. There is nothing here except the actual data, such as the HTTP from a web page. The next layer that surrounds this is the Transport Layer. For our example, this is the TCP information. It gives the port information, both source and destination. It also contains the checksum and size of the Application Layer. The checksum value is used to ensure that there is no corruption in the data. Next is the Internet Layer. This contains the IP address, both source and destination. The last layer is the Link Layer. This holds the MAC address, both source and destination.


    So to compare this to the OSI model, the TCP/IP Application layer is roughly the same as layers 7, 6, and 5 of the OSI combined. The Transport Layer is basically Layer 4, the Internet Layer is basically the 3rd Layer, and the Link Layer is a combination of layers 1 & 2.




    So what do these layers have to do with devices? Well if you think about each stage of the layers, there is different information there. When the data leaves the application (say, Google Chrome) it gets wrapped up as the application layer, then wrapped up into the transport layer with the port information. This is then wrapped up into the Internet  layer with the IP addresses and finally the Link Layer with the MAC Addresses. When this packet leaves your computer, it is a complete packet. The first stop is almost always a switch. A switch is called a Layer 2 device, because it opens up the packet to inspect the contents of the 2nd layer. So it is looking at the MAC address to determine where to send the packet. A router operates on the 3rd layer. It looks at the IP address to determine where to send the information. It has to unwrap 2 layers to get this information. Sometimes this information is changed, an aspect we’ll look into in the section on NAT.

    Jumbo Frames

    So how big can each of these packets be? The normal Ethernet spec says that they can be a maximum of 1500 Bytes. This is the size of the data and the layers around it (not including the Link Layer). So why would you want a bigger packet size? Well if we increase the amount of actual information on the Application Layer and the amount of data in the other layers remain the same, we’ll have a higher ratio of data to wrapper. So on a TCP/IP connection, we’re looking at around 40 bytes/packet. That’s about 3% of a 1500 byte packet. If we increase that to an 9000 byte packet, that’s 0.4% of the packet. The other aspect that is a positive is the work involved in each packet. There is processing that takes place on the device as well as the switch/router and every stage in the process for each packet. Even though it only takes milliseconds, if we increase the packet size by a factor of 6, the amount of work on those devices doesn’t increase, thus allow more data to pass with the same amount of processing.


    The term Jumbo Frame is used when talking about any packet size greater than 1500 bytes. 100mbit Ethernet (or slower) cannot transfer packets greater than 1500 bytes. Some (not all) gigabit switches can, however. They can support packets up to 9000 bytes (or higher). This means that in some scenarios, you can improve the performance of your network by turning on jumbo frames in your network card’s settings.


    But what are the downsides? The first is that a large packet is more likely to encounter corruption during transmission. It also means that there is more data to resend if there is an error. However, with most networks being very robust, this is a mostly vestigial problem. The biggest problem is that in order to transmit the larger packets, all devices in the path need to support jumbo frames. This works OK if you are just going from PC 1 to your WHS, both of which support Jumbo Frames over a switch that supports Jumbo Frames. However, if you are transmitting data to an xbox or to the internet, neither of those support jumbo frames and so either the packets will be lost, or the router will have to manually split each packet up, an operation that will slow things down enough that it would be faster to transmit at the 1500 byte limit. There are ways to manage jumbo frames in a mixed environment, but those usually deal with VLAN’s and the home user is not likely to have the hardware required for such things, nor want to mess with the complications introduced therein. While a good idea, I think we have a little bit longer before we can go down that route. That’s why I personally recommend most home users no enable jumbo frames. If you do, make sure you do your research.


    Many routers have a feature that is called the DMZ, or DeMilitarized Zone. The idea behind this is that you can put a device in the DMZ, and it basically will be in front of the firewall, and not behind it. This means that the device is openly exposed to the internet. Most home users wouldn’t want this with a regular PC, or even a server (except in rare cases such as pfsense or similar). The one exception to this for home uses could be a VOIP phone. Removing the packet filtering of the router’s firewall could potentially improve the calls. I don’t have VOIP, so I’d advise doing more research before trying this option, but it might be worth looking into for some.


    While this really isn’t an issue any more, network connections used to have to be manually configured with the proper duplex setting. In the connection properties, you can configure it to be either half duplex, or full duplex. Half duplex meant that information was only travelling over the wire in one direction at a time. This meant that for a 100mbps connection set at half-duplex, only 100mbps of data could travel. In full-duplex mode, this is increased to 200mbps, 100mbps in each direction simultaneously. Most of the time devices were set to autoconfigure and so this setting was never seen by most users. Since hubs are no longer in use, pretty much all connections are set to full duplex. In fact, some network drivers don’t even give an option for full duplex with gigabit:




    Most people have probably heard of certain network cables called crossover cables. These type of cables were originally required for doing direct connections between computers. The reason for this is that in order for communication to happen across the ethernet cable, the send pins on one end have to be connected to the receive pins on the other end and vice-versa. The network switches would assume that most devices plugged into them are end-point devices like computers. Thus they would internally switch the transmit and receive pins, so when the data was routed to the destination device, the send and receive pins would line up right. However, if you are connecting a device to another device by way of 2 switches instead of 1, then you’re going to double-switch the pins and things won’t line up right. When going from a hub/switch to another switch, you often had to use the “uplink” port instead of the regular, which is an uncrossed connection.


    Once again, our lives have been made easier, because, recently, almost all switches/routers have ports that are “auto MDI/MDIX”. This means they will automatically detect whether the pins need to be straight as in MDI (Medium Depending Interface) or need to crossed in MDIX (MDI crossover). In fact, with gigabit, not only are the network switches auto MDI/MDIX, most NICs (Network interface cards) are as well. This means that you no longer have to hunt for a crossover cable when running directly between computers (such as I believe the HP ex49* series requires for reimaging the server).


    The network communication on most home networks is filled with a myriad of different data types. You might be downloading e-mails through Outlook in the den, streaming TV from your Media Center to the xbox in the living room, Twittering via your Zune HD, watching Hulu in the bedroom, and talking on a VOIP phone in the kitchen. Each of those activities have different requirements. The Media is more sensitive to latency because it will get choppy. Your e-mail isn’t as time sensitive, but you need to make sure all of the data gets there eventually. The ideal goal is to prioritize all of the different traffic so that each activity works as it needs to.


    Enter Quality of Service, aka QoS. Some routers have a checkbox for turning this feature on. No longer will all packets be treated equally, but those that need special attention will get it. The idea is that  when a packet gets sent out of the device into the network, it will be assigned a QoS priority.


    As with all things network, there a couple different protocols used to control QoS. In the 802.1p spec, there are effectively 8 different priority levels: 0 = “Best Effort”; 1 = “Background”; 2 = “Spare”; 3 = ”Excellent Effort”; 4 = “Controlled Load”; 5 = “Video”; 6 = “Voice”; and 7 = “Network Control”. These are in rough order from lowest priority to highest.


    The other protocol that is used is called WMM, or Wireless Multimedia Extensions or Wi-Fi Multimedia. This is based on the 802.11e spec. This protocol is simpler in that there are 4 different categories: Voice, Video, Best Effort, and Background as defined in the 802.1q spec. For the most part, most wired networks can handle the bandwidth required for home use and it is the wireless that struggles. Wireless also struggles much more with the latency that isn’t a problem for most wired connections.


    The last item to take into account is what Windows uses. Windows Vista and Win 7 use what is called qWave or Quality Windows Audio/Video Experience. This is a protocol that is exposed to applications for use. It has to be specifically called by the application; windows won’t detect and assign priority levels. Media Center, for example, is written to be qWave aware and can adjust the streams to Extenders using the qWave protocol.

    Windows Rally

    Starting with Windows Vista, Microsoft introduced a platform called Windows Rally. This is a conglomerate of a few different technologies that are exposed to developers by way of an API. Devices that have the Windows Vista Logo are required to implement these tools when applicable. In addition to qWave seen above, there are 4 other main parts of this: LLTD, Windows Connect Now, DPWS, and PnP-x.


    Windows Connect now is Microsoft’s interpretation of the WiFi Simple Configuration protocol, a way to share network keys and such via a USB key, for example. DPWS or  Devices Profile for Web Services allows a simpler way for applications to communicate with services hosted across the network or on the internet. One specific application of this is uPnP, something we’ll discuss in depth later. The other aspect within DPWS is called Function Discovery. Basically with Function Discovery and PnP-X, it lets an application interact with another application or device with respect to what the device can do, not where it is or how it is connected. This would let an application interact with a printer the same if it is connected via USB, a network printer, or a printer connected via USB to another computer and shared across the network. Basically, Windows will handle the details so that the application doesn’t have to.


    LLTD, Link Layer Topology Discovery, is a way that Windows sees other devices on the network. It scans the network and “discovers” devices that are connected. In addition to seeing just the fact of their existence, it also detects information about the devices, such as the IP address, model #, etc. If you have ever looked at the Network Map that Windows Vista and Windows 7 produce, this is the mechanism by which those devices are discovered and the map is made.


    Most home internet connections provided by the ISP only allow for a single external IP address (partially due to the shortage of ipv4 addresses). In order to have more than 1 device be able to connect to the internet, routers implements a feature called NAT, or Network Address Translation. The simplest way to explain how this works for home users is that if you remember that each packet contains both origin and destination IP addresses as well as port numbers. For example, when Computer1 is requesting a webpage from Google, the packet that leaves Computer1 says the from->to relationship is –> However, 192.168.*.* is an internal IP address, so Google would not be able to talk to that directly. Instead, the router makes a slight change to this packet before sending it out to the internet. It changes the source IP address to be the ISP-assigned IP address,, in my case. That way, when Google has received the request, it will send the webpage back to that address. But once that packet comes back, how does the router know which computer to send the request to? Basically it has a list of the request that were sent out, so when it sees the response, it will route the request to that computer. So how does the route keep track? Some of them implement PAT, Port Address Translation. Basically instead of the router changing the packet to –>, it changes the port to a specific number that is temporary assigned to that computer, 15345, for example. When Google sends the request back on port 15345, the router will remember that that is a port that was assigned to Computer1 and will change the packet back to –> Let’s illustrate this with a diagram:



    Port Forwarding

    In the NAT description above, I said that the router will only pass incoming packets to computers that were waiting on them. What if you had a web server that you wanted people to be able to access from the internet? In order for those packets to be forwarded to your server, the router would have to be told to do so. Most routers allow for what is called port forwarding. This will allow all incoming packets on a specific port to be passed on to a device inside the network. Using the same IP addresses from above, the router would change the destination address in the packet from to and pass that on to Computer1.


    Each port can be individually assigned an internal IP address to be sent to, or some routers let you configure a range of ports that all go to a common place. One thing to keep in mind is that if you are to enable this setting, you will need to make sure that the device to which you will be forwarding packets has a consistent IP address. This means using the IP reservation or manually assigning a static IP.


    PoE stands for Power Over Ethernet. If you remember, cat5/6 cables have 4 pairs of 24-gauge wires. The 802.3af and 802.3at specs allow for 2 pairs to be used for transmitting 48 volts of DC power. When you have a network port on a PoE-aware switch and you plug a device into the other end of the network, the switch will see if if the devices supports PoE, and if it does, it will provide the power. If it doesn’t, it won’t (this prevents frying equipment). Cat 5e cables allow for between 10 to 350 mA of current, which allows for a maximum load of approximately 13W. You can also use an injector, an in-line device that provides power on an otherwise unpowered network cable.


    So why would you want this? There are a couple of scenarios. If you have an entertainment center with 2+ devices that have network connections (xbox 360, TiVo, PS3, Roku, etc), you’d pretty much have to put in a switch. This also would mean powering said switch with a wall-wart transformer that takes up valuable space on an outlet strip and running the power cable. With PoE, you can power the switch entirely from the network cable that is connected in your wiring closet (or wherever your central point is for networking). The other application, that is used in many businesses, is for Wireless Access Points. If you want to have a couple of access points in your house, you can put them wherever you want that can be reached by a network cable, including inside walls. You don’t have to worry about running power to the access point, which makes the positioning much simpler. The other application I want to mention is VOIP phones. Copper-line phones can actually run off of the 48V that is provided over the telephone line, and similarly, some VOIP phones can run off of the 48V provided by PoE. Injectors can be found for $30 or so online, and an 8-port gigabit switch with 1-port PoE is $100 online. Prices go up from there.


    While all of this talk has been about regular cat5/6 ethernet connections or 802.11 wireless, there are also other ways for devices to communicate with each other. There are 2 in particular that I want to mention. They are Powerline and MOCA.


    Powerline  communication is the general name given to devices that can use existing 110V or 220V power cables to run data along with power. There are many different protocols in this arena and are largely incompatible with each other. One of the more popular implementations is called HomePlug. Originally released in 2001 this allowed for speeds up to 14mbps. The recent HomePlug AV spec allows for speeds up to 189mbps which is fast enough for many applications, although it is not as fast as gigabit ethernet. The way most power systems work is simply as a bridge, meaning you plug one powerline adapter into both your router and a power outlet and then have a 2nd adapter in another room plugged into a power outlet and another device (such as a switch). If it is impractical to run network cables within your walls (for example, in a rental) and you can’t run a cat5 cable down the hallway, Powerline is a decent alternative. It provides much more stability than wireless, and generally higher speeds. HomePlug specifically also allows for AES encryption which should make it fairly secure.


    MoCA is a data transmission technology that allows for information to be passed across Coaxial cable. The current 1.1 standard can support up to 175mbps. MoCA is different from both Ethernet and HomePlug in that it can be used as a bridge, but there are also devices that have MoCA adapters built right in. For instance, with Verizon FIOS, the DVR’s can pull content off other DVR’s or the internet through the coax input because the cable modem also functions as a MoCA adapter. There are many other devices in the market that are likely to incorporate MoCA technology in the very near future. One item to note is that the signal is degraded any time that it passes through a splitter or a booster, and there will be a corresponding drop in speed.


    Wake on LAN is a very neat little feature that isn’t always straightforward to implement. (I’ll leave the practical application of it for another post if there is interest). Basically, when you put your computer to sleep, the Network port is still partially active. You can send a magic packet from another computer that will trigger the network card to wake the PC up. This magic packet is a very specific piece of data that is destined to the MAC address of the network card in question.


    WoL is used in the Home Server environment for backing up computers. If you remember, when you install the connector or configure the backups, it will ask you if you want the computer to wake up for backups. If you answer yes, then, when the time comes for the computer to be backed up, the WHS will send the magic packet to any computer that is in sleep mode so that it can be backed up.


    Wake on LAN works for both hardwired computers and also wirelessly connected ones. Part of the WMM spec mentioned above allows for Wake on LAN over a wireless connection. From the research I’ve done, this is disabled by default in Windows 7.


    SPI stands for Stateful Packet Inspection. This is the heart of the firewall in most consumer routers. The quick description is that the router looks at all incoming packets and discards those that aren’t legit. As was mentioned above, the first check is to look at the NAT tables. If an incoming packet is expected, it is passed along without delay. It is called “stateful” because the device can work more efficiently by tracking packets in groups, instead of individually. When a 200 KB webpage is being downloaded, it will take quite a few packets to transmit all that data. As such, the first packet that is inbound establishes a handshake, which costs cpu time (measured in milliseconds). Subsequent packets in that train go through directly, without incurring this cost. After a period of time, the session that was created will time out and new requests will have to create a new session.


    Most network traffic in the home is of the TCP nature, or Transmission Control Protol. The other type is UDP, or User Datagram Protocol. Let me explain the difference in a basic, overly simplistic manner: TCP packets make sure that they arrive at the destination intact while UDP packets do not. TCP connection must establish handshakes before a connection can be made. If a TCP packet is lost, the packet will be automatically resent by the network card without the knowledge of the receiving or sending application. Also, if 2 packets take different routes from the same Point A to Point B, the device will wait for the first packet to get there before reading the first.


    UDP is different. The sending device doesn’t care if the packet got there or not. It won’t resend it, unless specifically requested to by the recipient. It also doesn’t care about the order that the packets arrive. This is a more lightweight protocol that has some specific uses. For example, when you are streaming audio or video, if the packet doesn’t arrive when it’s supposed to, it is too late. There is no time to wait for the packet to be resent. Thus, it doesn’t make sense to use a protocol that forces packets to be resent as this is a waste of time/bandwidth. Also, packets can be sent from 1 device to many, without having to make individual connections with each receiving device. For example, in workplaces that use Ghost to image PC’s, hundreds of machines can be imaged at the same time because the server will broadcast the image to all the devices. It is left up to the application to do error-checking and to send requests for data. As such, in a ghost session, after the image has been broadcasted to the 100 machines, any individual machine that was missing a packet would send a request for it to be resent.


    In the discussion of  ports above, there are 65,536 theoretical ports available for use. This is per protocol, meaning that there are 65k TCP ports and 65k UDP ports. Two applications can talk using the same port if one is using TCP and the other UDP. In the port forwarding section, it is important to specify if the port is for use over TCP or UDP.


    While I won’t got into too much depth here, there are some basic things that need to be understood about UPnP. Universal Plug and Play is a standard that was developed to allow devices to learn more about each other and the abilities that they have. For example, rather than the user having to manually tell a music server which devices exist on the network that can play back audio, the music server can just look for itself. A device’s UPnP information is displayed as metadata in the form of XML.


    There are some basic aspects to UPnP that allow it to work. First off, the devices need to discover each other. When a device joins the network, it broadcasts a message (using UDP port 1900) to anyone on the network that is listening giving a brief explanation of what it is. After this, existing devices that might be interested in those functionalities poll the new device for more specific information. This is where the XML data is presented. It also tells what commands the device will accept and how it can be controlled.


    You can use a device such as UPnP Inspector to see what UPnP devices are on your network and what they support. This can be helpful when dealing with media streaming  as you can look to see what formats a server or a client supports.


    The 2 most important uses of UPnP (in my opinion) in the home are for routers and DLNA. I’ve already talked about DLNA in a previous post, so I won’t rehash it any more than to say that I think it is a great technology and I can’t wait for RVU to get here. For routers that are UPnP capable, the port forwarding can be set using UPnP. Windows Home Server has this functionality built-in. That said, rogue applications can also create port forwarding rules in theory, so manually forwarding the ports might be a better idea.


    VLAN is short of Virtual LAN, or Virtual Local Area Network. The general idea is that if you ever wanted to have 2 independent networks but didn’t want to physically separate them, you can implement a VLAN setup. For example, some networks switches support the functionality that you can assign any of the ports to any given VLAN. You could have ports 1-4 in one VLAN and 5-8 on a second. Some managed switches support doing this even more virtually in that you can assign a specific computer to a VLAN by assigning the MAC address regardless of what port on the switch it is plugged into. Most businesses use VLANs in one form or fashion. A couple of scenarios where it might be useful is if you are running 2 wireless LAN’s, you could have 1 of them open with no encryption and the 2nd encrypted. Company laptops would know to connect to the latter, but employee’s with iPod touches or Zune HD’s could use the former for basic web traffic. That way you ensure that the devices in the open network can’t access the company network. For home users, there are few applications where this is useful. The one that I can think of is that if you are hosting a LAN party with some friends, you could set up a VLAN for the new computers and isolate them from your person machines. This way you can still provide internet access to your guests but don’t have to worry about your h4ck3r buddy pulling up your banking information off your wife’s computer (WAF--).


    The last topic I want to talk about is VPN, or Virtual Private Networks. The basic idea is that while you are physically away from one network, you can “trick” the applications into thinking that they are still on that network by creating a secure tunnel between that network and your current one. That’s the basic idea.


    In practice, there are a bajillion (highly technical term) different ways to accomplish this, all encompassed in the name “VPN”. There must exist a device, either hardware or software, one each of the 2 networks that are being bridged. These devices talk to each other and establish a tunnel. This tunnel allows devices/applications on one network to transparently communicate with devices/applications on the other network without realizing the separation. One way to do this is by buying a $90 Linksys BEFSX41 router that can serve as a VPN host to 2 devices.


    The most common scenario is for a business network to have a VPN appliance in their network. They then install software on the laptops of employees that will allow the laptops to connect to said VPN appliance when at home or on the road. This will create a secure connection that allows for transferring files/e-mail in the safest possible manner.


    I have personally seen 2 main types of VPN connections. The first is an L2TP/IPsec connection. Microsoft has built the L2TP/IPsec client into Windows. The specific implementation that I used passed all traffic through the tunnel and out the other side. The upside is that the computer works 100% as if it was on the other network. Let’s look at an example where your computer is on network 2 and there is a tunnel to network 1. The downside is that there will be a slowdown in data transmitted from the internet because the data will have to go to network 1, then through the tunnel to network 2. The tunnel is often bottlenecked by the upload speed of network 1. The other downside is that if network1 has a web filter or a tight firewall, you might be unable to access web content you would if not on the tunnel.


    The 2nd type that I’ve seen is an SSl based VPN. The implementation I used allows data that is destined to network 1 to get there without delay, but data that isn’t, such as web data, goes straight to the internet and ignores the tunnel. This has the benefit of making web data much faster, and also allows you take take advantage of content in both networks simultaneously (such as streaming content from your media center while checking your corporate e-mail. The downside is that not all data is routed securely. For example, when I was using method 1, whenever I would jump on an unsecure wireless connection at a friends house or McDonalds, I would instantly connect the VPN because I know all traffic would be encrypted and no one would be able to read any packets they intercepted. This wouldn’t work using method 2.


    I applaud anyone who had read this far. I hope that this will server as a resource for any questions, or at least a place to get a basic understanding of the complexities of networking. I don’t admit to being an expert in most of the nitty-gritty details, but I hope that the bit of wisdom I can share helps you to better learn for yourself.


    Special thanks to no-control for help in proof-reading.


    More information on ipv6:






    Also check out Wikipedia. it is an invaluable resource.


    User Feedback

    Recommended Comments

    Excellent write up. Everyone should bookmark this for future reference. Very impressive collection of terms and explanations.
    Link to comment
    Share on other sites

    Good job man, Like I said before that is a TON of work you put in there. I'm with pcdoc, this is a great primer on networking. Excellent reference.
    Link to comment
    Share on other sites

    awesome write up. first one seemed a little scarce but i know it was an intro piece. that's a dlink router you have in your screenshot right? what model?
    Link to comment
    Share on other sites

    Wow, that's a lot of good work. I especially appreciate the clear analogies used. I really didn't understand Packets & Layering before reading this, and the NAT section really cleared the mist for me. I have learned a lot here. Bookmarked! Thank you very much. Stan
    Link to comment
    Share on other sites

    I've kept this page open for a long time because I didn't have time to read the whole thing in one sitting. Great read, I have had a decent understanding of networking for some time, with much of the details quite fuzzy. This cleared up a lot of questions that I had. Thanks for taking the time.
    Link to comment
    Share on other sites

    Create an account or sign in to comment

    You need to be a member in order to leave a comment

    Create an account

    Sign up for a new account in our community. It's easy!

    Register a new account

    Sign in

    Already have an account? Sign in here.

    Sign In Now

  • Our picks

    • I throw this out every once in a while.  Is anyone interested in writing up "semi-formal" reviews here on the forums?  I say semi-formal because they don't have to be pro level, just a good attempt at telling the story about the gear.  Something you have purchased lately.  You don't have to go buy stuff, just incorporate what you have already have purchased.  Hit me up with any questions.  You never know where it will lead!
        • Like
      • 3 replies
    • D-Link has dropped a couple of new products and additions to their lineup of smart home gear.  Hold on because there is a lot of gear!
      Let's start with cameras.  D-Link has new Wi-Fi cameras, the Full HD Pan and Tilt Pro Wi-Fi Camera (DCS-8302LH) and Full HD Indoor and Outdoor Pro Wi-Fi Camera (DCS-8526LH).  These are not just new, and good looking cams, they can now perform people detection and glass break detection.  The new cameras also feature expanded ways for customers to save video, including ONVIF Profile S, which enables custom storage and streaming options to personal NAS devices, built-in storage microSD capacity up to 256 GB, as well as free and paid cloud storage options. 

      This year's camera models include both an indoor and an outdoor model. The outdoor model features a spotlight and siren that can be triggered when motion is detected, deterring potential intruders. The indoor model pans around to give a full 360-degree view of any room and tracks motion. Both include two-way audio. 
      Full HD Pan and Tilt Pro Wi-Fi Camera is the model (DCS-8302LH), available in Q2, 2020, and retail pricing will be $99.99.
      Full HD Indoor and Outdoor Pro Wi-Fi Camera is the model (DCS-8526LH), available in Q3, 2020, and retail pricing will be $119.99.
      One of my favorite products is Wi-Fi.  D-Link has a whole lot of new products coming including Wi-Fi 6, Mesh, Alexa and Google Assistant integration, IFTTT, Parental Controls, and more!

      There are so many new SKU's that I can't make heads or tails of them!  I'm going to be speaking with D-Link more this week and will sort all of these out. I do want you to see all they are offering and what the release date and projected retail pricing will be.

      AC1900 Scalable Mesh Wi-Fi Router (COVR-1900-US), Q1 2020, $119.99
      AC1750 Mesh Wi-Fi Router (DIR-1750-US), Q1 2020, $99.99
      AC1900 Mesh Wi-Fi Router (DIR-1950-US), Q1 2020, $119.99
      AC1750 Mesh Wi-Fi Range Extender (DAP-1755-US), Q1 2020, $99.99
      AC1950 Mesh Wi-Fi Range Extender (DAP-1955-US), Q1 2020, $109.99
      Smart AX1500 Mesh Wi-Fi 6 Router (DIR-X1560-US), Q1 2020, $119.99
      Smart AX1800 Mesh Wi-Fi 6 Router (DIR-X1870-US), Q2 2020, $139.99
      Smart AX2400 Mesh Wi-Fi 6 Router (DIR-X2460-US), Q3 2020, $159.99
      Smart AX5400 Mesh Wi-Fi 6 Router (DIR-X5460-US), Q1 2020, $279.99
      AX1800 Mesh Wi-Fi 6 Range Extender (DAP-X1870-US), Q2 2020, $129.99
      AX1800 Whole Home Mesh System (COVR-X1872-US), QX22020, $269.99
        • Like
      • 0 replies
    • RESET Merch Shop
      Get ya Merch here!  I've created a T-Shirt shop with the famous RESET paperclip. I've pasted that clip on just about everything so you can wear it around town!  Cable bags, Coffee Mugs, T-Shirts, and more. 
      or you can get it it via
      Here is the main design.

      Below is a part of the order that I put in!  

      The Heather Grey above is the Extra Soft version and it is awesome.  I highly recommend the softness!    The "Chili Red" is the Tri-Blend and probably my favorite feel and color.

      This is the Zip-Up Hoody, Heather Indigo, Sponge Fleece, Men's, Large.  In my podcast I couldn't remember what style it was but it is Sponge Fleece. It's REALLY soft on the inside. Soft outside as well. The only problem is with the zip up hoody the logo is on the back. Regular hoody, it will be on the front.
      or you can get it it via
      Thank you for supporting this community. Everything you purchase will help keep the lights on the hard drives spinning.
      • 0 replies
    • OneDrive Personal Vault and expandable storage
      Microsoft's OneDrive has a few new features and options worth pointing out.  Personal Vault and Expandable Storage.
      Personal Vault is a protected area in OneDrive that can only be accessed with a strong authentication method or a second step of identity verification, such as your fingerprint, face, PIN, or a code sent to you via email or SMS. 
      Personal Vault gives you an added layer of protection for your most important files, photos, and videos—for example, copies of documents such as your passport, driver’s license, or insurance information—should someone gain access to your account or device.
      Plus, this added security won’t slow you down. You can quickly access your important documents, photos, and files with confidence wherever you are, on your PC, OneDrive.com, or your mobile device.

      Beyond a second layer of identity verification, Personal Vault also includes the following security measures:
      Scan and shoot—Using the OneDrive app, you can scan documents or shoot photos directly into your Personal Vault, keeping them off less secure areas of your device, like your camera roll.
      Automatic locking—No need to worry about whether you left your Personal Vault or your files open—both will close and lock automatically after a period of inactivity.
      BitLocker encryption—On Windows 10 PCs, OneDrive automatically syncs your Personal Vault files to a BitLocker-encrypted area of your local hard drive.
      Restricted sharing—To prevent accidental sharing, files in Personal Vault and shared items moved into Personal Vault cannot be shared.
      Taken together, these security measures help ensure that Personal Vault files are not stored unprotected on your PC, and your files have additional protection, even if your Windows 10 PC or mobile device is lost, stolen, or someone gains access to it or to your account.
      Expandable Storage
      If you are and Office 365 Subscriber you get 1 TB of OneDrive storage space with all the other Office goodies like Word, Excel, etc.  I know personally that I have gone over the 1TB limit and have always wanted to be able to add additional storage to my account.  Now you can!

      Pick and option and keep on hoarding, errr, I mean saving! Cancel anytime, upgrade at any moment.
      • 1 reply
    • Ubiquiti adds new items to the Unifi Line including UAP Flex HD and the Unifi Dream machine
      Ubiquiti has been busy.  There area ton of new items to recently released and I'm going to share two of my favorites.
      The UAP Flex HD and the Unifi Dream machine. The Flex HD is a mouthful of descriptors like most of UI gear is.  It's a 2Ghz 2x2 MIMO, 5GHz 4x4 MU-MIMO, POE, Indoor/Outdoor, multi mount, mesh point that is no bigger than a can of Coke.

      You will still need the Unifi controller although you can configure it with basic functionality with the Unifi App.  I've always found it's best to configure with your controller and then use the app as an add-on.  There are several mounting options that include sitting it on a shelf! That is something that Unifi has not had before unless you count the ceiling AP I have awkwardly mounted placed on top of a few books.  It can be found on the Unifi store for $179.
      The Dream Machine is an altogether different beast that I hope lives up to its naming.  This is the gateway drug, for lack of a better term, to the Unifi world.  The starter kit.  It is an Access Point, Gigabit Switch, Security Gateway, and the Cloud Key all in one package.  The latter being the most significant as this is something that has deterred new users from getting started with Unifi.  Requiring new users to purchase a $100 item just to run the AP's has been somewhat of a roadblock in the past.  Granted, that is improving every year with the ability to run it in the cloud, on a NAS, a Pi, Docker, MacOS, and of course Windows, it is still a barricade to getting up and running when manufacturers such as Eero offer simplicity in an app.

      The switch includes 4 LAN Ports and 1 WAN port.  All of which are Gigabit and security services such as IPS are rated at Gigabit speed. It's $299 in the Unifi store but I'm unsure how nicely it will play with other Unifi gear.  This may be a nice "first AP" with its built in Cloud Key if you can add additional units or other Unifi access points.
      • 4 replies
  • Create New...