A network packet is a small chunk of data broken into three parts: a header, a payload, and a trailer. Think of it like a postal letter. The header is the envelope with addresses and handling instructions, the payload is the letter inside, and the trailer is a seal that proves nothing was tampered with along the way. Every piece of data you send or receive online, whether it’s a web page, a video stream, or a text message, travels as a series of these packets.
The Three Parts of Every Packet
At its simplest, a packet is just a sequence of bits (ones and zeros) organized into three sections, each with a specific job.
The header comes first. It contains the source address (where the packet came from), the destination address (where it’s going), and metadata like the packet’s length and what type of data it carries. Routers and switches read this header to figure out where to send the packet next, much like a postal worker reading a zip code.
The payload is the middle section and the actual content being delivered. This could be a fragment of an email, a slice of a webpage’s HTML, or a few milliseconds of a phone call. The networking equipment along the way generally doesn’t look at the payload. It just moves it forward based on what the header says.
The trailer sits at the end. Its primary job is error detection. It contains a small calculated value, typically a 32-bit cyclic redundancy check (CRC), that the sending device generates by running a math formula over the entire packet’s contents. When the packet arrives, the receiving device runs the same formula and compares results. If they don’t match, the packet was corrupted in transit and gets discarded. The Ethernet adapter strips this trailer off before passing the data up to your applications, so software never sees it.
What the Header Actually Contains
The header is where most of the interesting detail lives. For an IPv4 packet, the most common type on the internet, the header includes fields like the version number (IPv4 vs. IPv6), a time to live (TTL) counter that prevents packets from looping endlessly through the network, the source IP address, the destination IP address, and fragmentation fields that help reassemble packets if they were split into smaller pieces along the route. There are also flags like “Don’t Fragment,” which tells routers to drop the packet rather than break it apart.
Layered on top of the IP header, you’ll find a transport-layer header that varies depending on the protocol. TCP headers are complex, containing about ten fields: source and destination port numbers, a 32-bit sequence number that tracks the order of each byte, an acknowledgement number confirming what’s been received, window size for flow control, and six control flags (SYN, ACK, FIN, RST, PSH, URG) that manage connection setup, data flow, and teardown. UDP headers, by contrast, are minimal. They have just four fields, each 2 bytes long: source port, destination port, length, and a checksum. That simplicity is why UDP is faster but less reliable than TCP.
Packets vs. Frames vs. Segments
You’ll often hear the terms “packet,” “frame,” and “segment” used interchangeably, but they refer to data at different layers of the networking stack. At the transport layer, a chunk of data is called a segment (for TCP) or a datagram (for UDP). At the network layer, where IP addresses are added, it becomes a packet. At the data link layer, where physical MAC addresses are added, it becomes a frame. Each layer wraps the previous layer’s data in its own header, like nesting envelopes inside each other. This process is called encapsulation.
So when your computer sends data, a TCP segment gets wrapped inside an IP packet, which gets wrapped inside an Ethernet frame. Each layer’s equipment only reads its own envelope. A switch reads the Ethernet frame to find the MAC address. A router reads the IP packet to find the destination network. The receiving computer’s operating system reads the TCP segment to reassemble everything in the right order.
What an Ethernet Frame Looks Like
Since most local networks use Ethernet, the frame is what a packet looks like at the physical level. An Ethernet frame has nine fields. It starts with a 7-byte preamble, a repeating pattern that lets the receiving hardware sync up with the incoming signal’s timing. Next comes a 1-byte start frame delimiter that signals the actual data is about to begin.
After that, you get two 48-bit (6-byte) address fields: the destination MAC address first, then the source MAC address. These are the hardware addresses burned into network cards. A length/type field follows, indicating either how long the payload is or which protocol (like IPv4) is inside. Then comes the payload itself, which contains the IP packet and everything nested within it. If the payload is too short, padding bytes are added to meet the minimum frame size. Finally, the frame ends with a 4-byte frame check sequence, the CRC value used for error detection.
How Big Is a Packet?
On a standard Ethernet network, the maximum transmission unit (MTU) is 1,500 bytes. That’s the largest payload an Ethernet frame can carry. The total frame, including headers and trailer, is slightly larger, but the 1,500-byte limit is what matters for the data inside. Different network types have different MTUs, but Ethernet’s 1,500 bytes is by far the most common on both home and enterprise networks.
When your data exceeds 1,500 bytes, which it almost always does, the networking stack splits it into multiple packets. A single webpage might require hundreds or thousands of packets. Each one travels independently across the network, potentially taking different routes, and gets reassembled at the destination using the sequence numbers embedded in the TCP header. If any packet arrives corrupted or goes missing, TCP requests a retransmission of just that specific packet rather than the entire file.
Visualizing the Whole Structure
If you laid out a complete packet as it travels over an Ethernet network, it would look something like this from left to right:
- Ethernet header: preamble, start delimiter, destination MAC, source MAC, type/length
- IP header: version, TTL, source IP, destination IP, fragmentation info
- TCP or UDP header: source port, destination port, sequence numbers (TCP), flags (TCP), or just length and checksum (UDP)
- Payload: the actual data being transmitted
- Ethernet trailer: 4-byte frame check sequence for error detection
Each layer’s header sits in front of the previous layer’s content, creating a nested structure. The total overhead from all these headers is relatively small compared to the payload, which is by design. Networking protocols aim to maximize the proportion of useful data in each packet while including just enough metadata to route it correctly and verify it arrived intact.
If you want to see real packets on your own network, free tools like Wireshark capture and display them in real time. You can click on any packet and inspect each layer’s header, field by field, with the raw binary data alongside a human-readable breakdown. It’s the closest thing to literally looking at what a packet looks like as it crosses your network.