Networking

Basic examples

Example TCP [RST, ACK] sent by server

Example TCP [SYN, SYN-ACK, ACK] 3 way handshake

Example TCP SYN with no response from the server timeout

HTTP/1.1

Request response lifecycle simplified overview

curl https://devon.ninja

  1. Perform DNS lookup to resolve hostname to an IP address (performed over UDP)

  2. Perform 3 way TCP handshake on host to establish a connection

  3. Send HTTP GET request

  4. Receive HTTP response

  5. Client initiates the TCP connection termination

HTTP lifecycle detailed overview

DNS query overview

../_images/dns_query_flowchart.svg

What happens when I run curl https://devon.ninja? In this example we’ll assume we’re running Ubuntu 16.04

First the hostname needs to be resolved to an ip address.

The DNS query is first sent to the OS DNS stub resolver (in our case that would be systemd-resolve). If the query was cached the stub resolver would return a response, if not it makes a request to a DNS recursor.

The recursive resolver (1.1.1.1 in this example) will either return a cached response or make a request to a root nameserver with the domain ninja. The root nameserver will respond by directing the resolver to a .ninja TLD nameserver. The TLD will then respond with an authoritive nameserver.

The DNS recursor makes a final query to the authoritive nameserver which returns the IP address of the host.

HTTP request overview

Here is the request line and headers of the HTTP request.

GET / HTTP/1.1
Host: devon.ninja
User-Agent: curl/7.47.0
Accept: */*

This is the request line, it indicates the path that we're requesting

GET / HTTP/1.1

This indicates the version of HTTP that we're using

GET / HTTP/1.1

The host information isn't used for routing since this occurs at layer 7

Host: devon.ninja

The User-Agent header can be useful for identify different HTTP clients, but it can easily be spoofed

User-Agent: curl/7.47.0

The server responds with the status line 1, response headers and an optional body.

HTTP/1.1 200 OK
Date: Fri, 12 Jul 2019 00:19:41 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
Set-Cookie: __cfduid=d8fa0fefd9a72c6dd0ac815c34b2440d21562890781; expires=Sat, 11-Jul-20 00:19:41 GMT; path=/; domain=.devon.ninja; HttpOnly; Secure
x-amz-id-2: U1BCfYrqfPLuwPRUZOTiXYQ0hx+VbCbEgUxhRTtjTp7GtzqPUJS44QlKZFjMbA3e84rz6FbJVdQ=
x-amz-request-id: 92B036793F633E6D
Last-Modified: Tue, 04 Jun 2019 02:42:38 GMT
CF-Cache-Status: HIT
Age: 276148
Expires: Sat, 13 Jul 2019 00:19:41 GMT
Cache-Control: public, max-age=86400
Accept-Ranges: bytes
Expect-CT: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
Server: cloudflare
CF-RAY: 4f4ed8d609a4c17a-IAD

<!DOCTYPE html>
<html lang="en">
...
</html>

TCP session overview

  1. 3 way handshake used to establish the connection 2

client [SYN]      -> server
server [SYN, ACK] -> client
client [ACK]      -> server

  1. Connection termination can be initiated by either the client or the server

Example of a client terminating the connection:

client [FIN, ACK] -> server
server [FIN, ACK] -> client
client [ACK]      -> server

References

1

https://tools.ietf.org/html/rfc2616#section-6.1

2

http://www.tcpipguide.com/free/t_TCPConnectionEstablishmentProcessTheThreeWayHandsh-3.htm