What Happens In Network When You Enter URL Into Web Browser?

What happens in network when you enter URL into web browser? Answer of this question shows how far and how deep the candidate can think!  No one expects precise answer but understanding of packet flow in a network.

Let me give a try. First keep the picture of OSI model in your mind. Remember it is just for reference; don’t expect that every machine connected with internet\intranet follows it accurately in sequence.

When you enter an URL on web browser, your machine tries to connect web server. By default connection is made on port number 80. So, machine creates a TCP socket using socket() and connect() calls and tries to connect on web server’s port no. 80 which is created by using socket(), bind(),  listen() and accept() calls. And the TCP three way handshake starts.

TCP three way handshake

TCP three way handshake

1. Send SYN along with Max Segment Size, SACK_PERM if supported, window size, initial sequence number

2. Send SYN along with Max Segment Size, SACK_PERM if supported, window size, initial sequence number and ACK of received SYN.

3. ACK

After receiving ACK of their sent SYN each party goes in ESTABLISHED tcp state and data transfer can start.

But we typed URL like example.com to make a connection and computers don’t understand human language they understand binary. Your computer needs the corresponding IP address of example.com, only then it can make a connection. Now from where to get this IP address? Historically the mapping was in hosts file located in path /etc/hosts for *inx based systems and %SystemRoot%\system32\drivers\etc\hosts for windows based.

Today it is not feasible to stored whole internet in this file. To solve this problem we have domain name system services (DNS). First we need IP address of this DNS server which can resolve our query of domain name into IP address of destination server. Normally you will get the DNS IP address through DHCP server (which is another story) when an IP is assigned to your machine or you can use some public DNS IP addresses, like 4.2.2.2 or 8.8.8.8. Since this DNS is service running on some other machine in network, so it must be associated with a port number. Port 53 is for DNS service and which runs over UDP protocol.

Before making any TCP connection your machine queries a DNS server to get the corresponding IP address. Same way like TCP socket, UPD socket is created by your machine to connect the DNS server. If you are directly using IP address on your browser then this step is skipped.

But these are not the only thing which happens. There are many more since our packet goes through many nodes which are between source and destination.  You are sitting in LAN having private IP address configured on your machine and these IP address are not recognized over public IP addressing scheme of Internet. Here routers and firewalls come into the picture. They translate the private IP into public IP address using NATing. They are also the default gateway from where our packet goes to the Internet. And the default gateway is configured in your machine. When machine doesn’t know where to forward the traffic if sends towards the default gateway.

Let’s understand more scenarios. The website which you want to visit could be hosted in your local LAN within range of your local network. Same way DNS server could be in your local LAN. Whenever your machine tries to connect to a destination it checks whether the destination address falls in local network or it is beyond the range of its network. If the destination doesn’t fall in local network the packet is forwarded to the default gateway. Else default gateway can be skipped and switching comes into picture. Your local machine tries to find out the mac address of corresponding destination IP address. If the entry is not in ARP cache then broadcast an ARP request to get the mac address. Henceforth talk directly with the destination machine.

One thing we need to understand is that whenever your machine wants to talk with any immediate node in network it must have an ARP entry for it. Unplug and plug your Ethernet cable and take packet capture you can see that whenever you Ethernet card come up it send an ARP request to default gateway, because it is the only path to reach destination if no other route is configured.

Now we got that when a packet leaves the Ethernet card it has to go through switches and routers. They also do the complex task of forwarding the packet to the destination. Switches are source learners based on that they create mac tables. Which contains a list of mac addresses which it has learned for its particular Ethernet port. They know on which port source machine is connected and on which port default gateway is connected. Now routers have complex task of delivering the IP packet to the destination. They have routing tables based on static and dynamic routing.  In dynamic routing things are more complex which includes protocols like OSPF and BGP. After all such complex computing you packet reaches the destination and same process is followed when the reply comes back.