logo

Networking

🌱 2024-07-03

#leetcode

  • HSTS (HTTP Strict Transport Security)

    • The browser checks its "preloaded HSTS (HTTP Strict Transport Security)" list. This is a list of websites that have requested to be contacted via HTTPS only.

  • DNS Lookup

    • Browser checks if the domain is in its cache. (to see the DNS Cache in Chrome, go to chrome://net-internals/#dns).
    • If not found, the browser calls gethostbyname library function (varies by OS) to do the lookup. (check hosts file)
    • local router or the ISP's caching DNS server
    • If the DNS server is on the same subnet the network library follows the ARP process below for the DNS server.
    • If the DNS server is on a different subnet, the network library follows the ARP process below for the default gateway IP.

  • ARP process (Address Resolution Protocol)

    • The ARP cache is first checked for an ARP entry for our target IP. If it is in the cache, the library function returns the result: Target IP = MAC.
    • If not present, checks route table - sends layer 2 (data link layer of OSI model) ARP request
    • Send APR request and depending on the hardware get a ARP reply
    • Once we have the IP address a socket to UDP port is established (1023), if too large TCP is used

  • Opening a socket

    • Once we have IP address, it takes the port number from URL (http-80, https-443) and makes a call to system library function called socket to open a TCP connection

      • Passed to transport layer where TCP segment is crafted. Destination port is added to header, a source port is chosen from within kernel's dynamic port range
      • Next, network layer which wraps an additional IP header. IP address of destination server is also added
      • Link Layer

    • TCP connection flow

      • Client chooses initial sequence number (ISN) and sends packet to the server with SYN bit set to indicate it is setting ISN
      • Server receives SYN and if it is ok to receive
        • Server chooses its own ISN
        • sets SYN to indicate its choosing its ISN
        • Server copies the (client ISN + 1) to its ACK field and adds ACK flag to indicate acknowledgement of first packet
      • Client ack the connection by sending a packet
        • Increases its own sequence number
        • Increases the receiver ack number
        • sets ack field
      • Data transfer
        • As one side sends N data bytes, it increases its SEQ by that number
        • When the other side acks the packet, it sends an ack packet with the ACK value equal to last received sequence
      • Close connection
        • closer sends FIN
        • other side ACKs fin and sends its own fin
        • closer acknowledges the FIN with ACK

    • TLS handshake (Transport Layer Security)

      • client computer sends a ClientHello message to the server with its TSL version list of cipher algorithms
      • server sends ServerHello message to the client with TLS version, selected cipher, compression methods and server's public certificate signed by CA(Certificate Authority) [The certificate contains a public key that will be used by the client to encrypt the rest of the handshake until a symmetric key can be agreed upon.]
      • Client verifies server digital signature. Client generates a pseudo-random bytes and encrypts this with the server's public key. This is used to determine the symentric key
      • The server decrypts the random bytes using its private key and uses these bytes to generate its own copy of the symmetric master key.
      • The client sends a Finished message to the server, encrypting a hash of the transmission up to this point with the symmetric key.
      • The server generates its own hash, and then decrypts the client-sent hash to verify that it matches. If it does, it sends its own Finished message to the client, also encrypted with the symmetric key.
      • From now on the TLS session transmits the application (HTTP) data encrypted with the agreed symmetric key.

    • Packet is dropped

      • TCP congestion control
        • cubic and New Reno algorithms
        • Client chooses a congestion window based on Maximum segment size of the connection
        • For each ack packet, the window doubles until it reaches the slow-start threshold
        • After reaching the slow-start threshold, the window increases additively for each packet acknowledged. If a packet is dropped, the window reduces exponentially until another packet is acknowledged

    • HTTP protocol

Backlinks