What happens when you access google.com in your browser?

Reference: https://github.com/alex/what-happens-when

Checkout internet protocol suite

Check HSTS list

  1. It does a check against HSTS
  2. If website is in the list, the browser sends its request via HTTPS instead of HTTP.
  3. Initial request is sent via HTTP.
    • If website wants to be secure, it can still use HSTS policy, it will send user a response indicating as such.

DNS lookup

  1. Look into browser cache

    • firefox - about:networking#dns
  2. If cannot find: look into hosts file to resolve hostname.

  3. Make request to DNS server configured in your network

    • Usually your local router / ISP’s caching DNS server

      > $ cat /etc/resolv.conf
      # Generated by resolvconf
      options edns0
    • If DNS server is on the **same subnet **, network library follows the ARP process for the dns server

    • If DNS server is on the different subnet, it follows the ARP process for the default gateway IP.

ARP Process

This is used to find the MAC address of the DNS server in the network.

Prerequisites: https://en.wikipedia.org/wiki/MAC_address

  1. Check the arp table first, see check linux arp table If it exists, return MAC address.
  2. Use ip route / route to get routing tables If it exists on any subnet in the routing table (use netmask + dest to determine). Use the interface which gives access to the correct subnet with the dns table. Otherwise, use the default gateway (indicated by
  3. Look up the mac address of the selected network interface e.g. ifconfig wlo1: ether 04:ea:56:86:c6:8f
  4. Send link layer broadcast:
    Sender MAC: <selected interface mac addr>
    Sender IP: <selected interface ip>
    Target MAC: FF:FF:FF:FF:FF:FF (broadcast)
    Target IP: <target ip - see resolv.conf>
  5. If your computer is connected to the router, router responds with ARP Reply.
  6. If your computer is connected to Hub, hub broadcasts ARP request to all ports, if router is connected on same wire, it responds with ARP reply.
  7. If computer is connected to switch, switch check CAM/MAC table to see which port has MAC address we are looking for. If switch has no entry, it broadcasts to all tables. If your on same wire it sends ARP reply.

ARP reply:

Sender MAC: target:mac:address:here
Sender IP: target.ip.goes.here
Target MAC: interface:mac:address:here
Target IP: interface.ip.goes.here

Now the network library has target MAC as well, so it can resume DNS process:

  • DNS client establishes a socket to UDP port 53 on DNS server, using src port > 1023.
  • If response size too large, TCP/IP will be used. TCP can be chunked?
  • If local/ISP server does not have the request, recursive search is requested by client. The local DNS server iteratively checks DNS server until SOA reached or until answer is returned.

Q: Why recursive or iterative DNS?

Sending to IP

Q: How is destination port determined? A: defaults to 80 for http, 443 for https

  • How does the router route the packet to AS, border routers etc…?
  • Notes on Time to Live