I can't stand the OSI model. It means nothing to me when I packet sniff. So here I'll explain "briefly" and practically what TCP packets are and how they travel.

Now like the OSI, a packet is composed of several layers. The top of this data packet is the network information. It includes the sender's MAC address (the ID for their network card) and the reciever's MAC address. It also includes the network type (token ring, ethernet, wireless of some sort, etc)

Next comes the IP layer which is usually 20 bytes long. It contains the sender's IP address, and the recievers IP address. It also includes various other information useful for the ROUTING of the packet - that is, packet transfer information. It is the IP which identifies a computer on the internet, and from which it is determined where the packet has come from, and where it will go. The sender's IP is included so that the recieving computer knows to whom it should reply. Kind of like email. You need a return address to get a reply.

Next comes the TCP or UDP or ICMP layer. The TCP layer is also usually 20 bytes and is used when you make a connection between two computers. Within the TCP, UDP and sometimes ICMP layers the port information is stored. The port is what a program listens on for a connection from another computer. There are ports from 1 to 65535 which may be used for communication. The TCP layer also includes other information which says what kind of packet it is. There's the connection request packet (SYN) an acknowledgement packet (ACK) and a packet which indicates that the user wishes to close the connection (FIN).

Now finally we come upon the data layer. The data layer is what programs use to communicate. When you open telnet to connect to another machine, the text you send is placed in this layer. Every program has a language that you must speak for it to understand. Above in my email example, I had to enter the commands just the right way for the email program on the other computer to understand me. standardization made it so that almost every time, if you connect to port 80 - you must speak the HTTP language (to ask for webpages and retrieve them). If you connect to port 21 you must speak the FTP language to login and move about on the remote file system.

To be a good hacker, you must learn as many languages "protocols" that you can so that you know how to talk to all these servers out there and perhaps trick (exploit) them into doing things for you they're not supposed to do.
_________________________
Domain Registration, Hosting, Management
http://www.dollardns.net