Upload
graeme-mathieson
View
176
Download
0
Embed Size (px)
Citation preview
Type “google.com” into the browser and hit enter
What happens next?1 — © 2015 Graeme Mathieson. CC BY-SA 4.0.
How the Internet worksGraeme Mathieson
Email me: [email protected] me: @mathie
2 — © 2015 Graeme Mathieson. CC BY-SA 4.0.
google.com ⏎3 — © 2015 Graeme Mathieson. CC BY-SA 4.0.
Is it a URL?· Yep. OK, cool, my work here is done.
· Kinda. Well, let’s turn it into a well formed URL.· Nope. OK, I’m gonna assume you meant to search for something. Let’s turn it into a well
formed URL for a web search.
4 — © 2015 Graeme Mathieson. CC BY-SA 4.0.
HTTP Strict Transport Security
Does this site prefer HTTPS?· Strict-Transport-Security header from
a previous request?· In the browser’s list of HSTS preloads?
5 — © 2015 Graeme Mathieson. CC BY-SA 4.0.
HTTP Strict Transport Security
Does this site prefer HTTPS?· Yep OK, set the URL scheme to https.
· Nope Fine then. If you don’t care for security…
6 — © 2015 Graeme Mathieson. CC BY-SA 4.0.
https://google.com/7 — © 2015 Graeme Mathieson. CC BY-SA 4.0.
Browser cacheIs the URL in the browser cache?
· Yep Let’s check it’s still valid.· Nope Well, we’re going to have to fetch it.
8 — © 2015 Graeme Mathieson. CC BY-SA 4.0.
Browser cacheIs the cached content still valid?
ExpiresCache-Control: max-age
· Yep Awesome. We might skip a network request!· Nope OK, let’s check in with the server.
9 — © 2015 Graeme Mathieson. CC BY-SA 4.0.
Browser cacheShould the cached content be revalidated?Cache-Control: must-revalidate
· Yep OK, let’s check in with the server.· Nope Awesome. Skip to rendering!
10 — © 2015 Graeme Mathieson. CC BY-SA 4.0.
Parse the URL· Scheme: “https”
· Authority: “google.com”· Path: “/“
11 — © 2015 Graeme Mathieson. CC BY-SA 4.0.
DNS Lookup: Browser cacheIs the hostname in the browser’s cache?· Yep Awesome, let’s use that IP address.
· Nope OK, we’re going to have to do this the hard way.
12 — © 2015 Graeme Mathieson. CC BY-SA 4.0.
DNS Lookup: OS resolver
Is the hostname in the operating system’s cache?· Yep Job done. We’ll use that IP address.
· Nope OK, we’re really going to have to look it up.
13 — © 2015 Graeme Mathieson. CC BY-SA 4.0.
Name Service Switch· Check /etc/hosts
· Try multicast DNS· Perform a DNS lookup
14 — © 2015 Graeme Mathieson. CC BY-SA 4.0.
DNS LookupGet the IP address of a name server
· From DHCP· Statically configured
15 — © 2015 Graeme Mathieson. CC BY-SA 4.0.
DNS Record Types· A and AAAA are address records: mappings from
name to IP address.· PTR is a reverse mapping from IP address to
name· NS is a pointer to a name server.
· Other record types: SOA, CNAME, MX, TXT.
16 — © 2015 Graeme Mathieson. CC BY-SA 4.0.
Send the DNS requestNew is Apple iOS 9 & El Capitan
· Send out an AAAA request; and· Send out an A request, in parallel.
17 — © 2015 Graeme Mathieson. CC BY-SA 4.0.
Recursive DNS requestIs the record in the name server’s cache?
· Yep Is it still valid? (TTL) If so, return the record. Job done.
· Nope OK, we’ll need to look it up.
18 — © 2015 Graeme Mathieson. CC BY-SA 4.0.
Upstream DNS serverIs our local DNS server configured to have one or
more upstream servers?· Yep OK, let’s pass the request off to an upstream
and let it figure out the answer.· Nope Damn. We’re going to have to do the hard
work ourselves.
19 — © 2015 Graeme Mathieson. CC BY-SA 4.0.
Root DNS Servers· 13 well-known IP addresses of root servers.
· Really, they’re hundreds of machines distributed globally.
· Authoritative for the root zone.
20 — © 2015 Graeme Mathieson. CC BY-SA 4.0.
DNS AuthorityRoot servers are authoritative for the root zone.Know the canonical answer for who serves each
TLD: “.com”, “.net”, “.uk”, etc.
21 — © 2015 Graeme Mathieson. CC BY-SA 4.0.
What’s the A record for “google.com”?
22 — © 2015 Graeme Mathieson. CC BY-SA 4.0.
Root serversWhat’s the A record for “google.com”?
· No idea, but here’s the list of name servers for “.com”.
· Oh, and have the IP addresses of those name servers, too.
23 — © 2015 Graeme Mathieson. CC BY-SA 4.0.
Authoritative servers for “.com”What’s the A record for “google.com”?
· No idea, but here’s a list of name servers for “google.com”.
· Oh, and have the IP addresses of those name servers, too.
24 — © 2015 Graeme Mathieson. CC BY-SA 4.0.
Authoritative servers for “google.com”What’s the A record for “google.com”?
· Hey, I know this! Here’s a list of IP addresses!
25 — © 2015 Graeme Mathieson. CC BY-SA 4.0.
Figuring out the TCP portWhat TCP port should we connect to?
· Figure out from the URL scheme· Ask the operating system: getservbyname()
· Name Service Switch· grep '^https.*tcp' /etc/services
26 — © 2015 Graeme Mathieson. CC BY-SA 4.0.
Making a TCP connectionWe know the IP address and port. Now we can
connect!
27 — © 2015 Graeme Mathieson. CC BY-SA 4.0.
TCP: Three way handshakeOpen connection, and agree initial sequence
numbers.· -> SYN
· <- SYN+ACK· -> ACK
28 — © 2015 Graeme Mathieson. CC BY-SA 4.0.
Transmission Control Protocol (TCP)· Ordered data transfer· Reliable data transfer
· Flow control· Congestion control
29 — © 2015 Graeme Mathieson. CC BY-SA 4.0.
Transport Layer SecurityCreate a secure connection between the client
and server.· Authentication of the server (and, optionally,
the client).· Negotiate a session key.
· Encrypt data between client and server.30 — © 2015 Graeme Mathieson. CC BY-SA 4.0.
HTTP: GET
GET / HTTP/1.1Host: google.com
31 — © 2015 Graeme Mathieson. CC BY-SA 4.0.
FINFIN -> ACK -> FIN -> ACK
TCP/IP Illustrated by W. Richard Stevens<https://woss.name/>
32 — © 2015 Graeme Mathieson. CC BY-SA 4.0.