Web Browsing

So what happens when you type a URL in a browser? I type www.google.com, hit enter and it loads the google site magically, right? No. Actually, the process might appear fast and easy but behind the scenes, it is a long journey back and forth, so to speak. Apart from being a common interview question, it is something that might have cropped up in your mind at one point in time. Well, let me attempt to address this from three different perspectives: the general perspective, the networking perspective and the network security angle. I have coined these terms and it is in no way official terminologies.

The General Perspective

  1. A URL is typed in a browser, say www.asili.photos.
  2. The browser will check the requested object is in the browser cache. If it is found, skip to step 8.
  3. If not, the browser will perform a DNS Lookup. In this process, it will first resolve the domain name, www.asili.photos, into the corresponding IP address of the server where it is hosted (in this case 107.180.50.228). It works in these series of events;
    1. Checking the browser cache to resolve DNS queries
    2. If not available, it will check the OS cache
    3. If not available, it will check the Router cache
    4. If not available, it will check the ISP cache
  4. Browser initiates a TCP connection with the server
  5. The browser sends a HTTP GET request to the server with some metadata in form of headers
    1. User-Agent: specifies browser properties
    2. Accept-Encoding: specifies the response type
    3. Connection: keeps the TCP connection open
    4. Cookies: metadata that is stored on the client side. Only applicable if the server implements cookies
  6. The server will handle the incoming request through a web server (Apache, Nginx, GWS, etc). In my case, www.asili.photos uses Apache web server. The Apache server passes the request to the proper request handler (PHP, Python, Go, Java, Ruby, etc). Since www.asili.photos is witten in PHP, the server will pass the request to the PHP handler and prepare the environment to execute the index.php file.  The PHP file will generate a HTML response that is sent back to the browser using HTTP protocol.
  7. The browser receives the HTTP response. The response contains a response code from the server, where ‘x’ represents zero or a positive integer;
    1. 1xx: informational message only. Example: 101 – Switching protocol.
    2. 2xx: successful connection. Example: 200 –  Ok, the request has succeeded.
    3. 3xx: redirect to another URL. Example: 301 –  Moved permanently.
    4. 4xx: error on the client side. Example: 404 –  Not found.
    5. 5xx: error on the server side. Example: 500 – Internal server error.
    6. The server also sets various headers for proper rendering of content
      1. Content-Type: content to show
      2. Content-Length: number of bytes in response
      3. Content-Encoding: browser to decode data
  8. The browser displays the HTML content in phases;
    1. It first renders the barebones structure
    2. Hyperlinks
    3. Images
    4. Static files like JS and CSS
  9. Client interacts with the server. For login purposes, the HTTP request sent to the server would be POST instead of GET.

The Networking Perspective

Direct communication is only possible between devices on the same network. Routers are the devices that connect different networks together. The interface on the router that performs remote communication is called a default gateway.

When you type a URL on the browser, it i resolved into an IP address DNS. The host, that is the computer you are using, sends an ARP request that is broadcast to all devices in the network. The ARP request sent is looking for the MAC address of the hosts default gateway. It looks for the default gateway after first determining that the IP address of the destination server does not belong to the same subnet and therefore the communication is remote.

The gateway will send its MAC address in a unicast ARP reply to the host. The host now sends traffic with a destination IP address which could be two, five, ten or more routers away.

The Network Security Angle

This process is usually referred to as the three-way handshake. It follows these steps;

  1. The source host sends a TCP segment using a dynamic port. It raises the SYN flag.
  2. The destination host acknowledges receipt of the TCP packet and raises the SYN ACK flag. At this point, the sequence number is incremented by 1.
  3. On the source host, the response also adds 1 to the acknowledgement number and the ACK flag is raised.
  4. Upon receipt of the payload, the destination host initiates an RST that is logged in the file. Now if you have ever conducted a port scan for network security purposes using tools like Nmap, it is imperative to know that, depending on the scan you are performing, RST should never be logged as it will show the presence of port scanning activity.

Image courtesy of https://interface.ca