I’ve made a series of videos exploring the Internet Protocol Suite, and how it is used to make a connection to a website. It’s a deep dive into the stack, explaining all the way down to the ethernet frames that a computer sends on the local link.
And here are the videos. As a YouTube playlist: https://www.youtube.com/playlist?list=PL3FFnKSs0x8hW-QX06ofCy6y9Qlw0yaAW – or embedded here:
That’s it! Send me any feedback either as comments here or to my email, jay <at> tuckey dot email. ?
Here are the notes, for reference:
Links: https://en.wikipedia.org/wiki/Internet_protocol_suite https:// jaytuckey.name /about/ => <scheme>://<hostname>/<path> => Scheme describes the protocol, and therefore the transport type and port => the scheme is https, which we can find info for here: => https://en.wikipedia.org/wiki/List_of_URI_schemes => We can see we are looking at TLS-protected TCP transmission on port 443 => So who are we connecting to? Well, we have a hostname: jaytuckey.name => Computers can't talk to hostnames, they need a number to send a message to => DNS resolves hostnames to ip address, the number to talk to => we can see this directly with the command: ~> dig jaytuckey.name => So now we know who to talk to, how do we reach that ip? => Here we need to look at the routing: ~> ip route => We see that to reach the ip we need to use our router, and we know the ip for the router. => But we are physically plugged into an ethernet port - how do the packets actually travel on our local link? => Here we have a protocol called ARP - Address Resolution Protocol => https://en.wikipedia.org/wiki/Address_Resolution_Protocol => This protocol is not routed, it only operates on the local link => Send out a broadcast on the link asking for the HW address of the target ip (Now we are at layer 1 - the link layer => Our link in this case is ethernet, so this will be encapsulated in an ethernet packet. => So how can we see it in action? We can use a tool called wireshark: => (arp) && (arp.src.hw_mac == 00:d8:61:9f:2b:63 or arp.dst.hw_mac == 00:d8:61:9f:2b:63) => sudo arp --delete 10.1.1.1 && sudo arp 10.1.1.1 => ethernet frame is sent with a dest HW address of ff:ff:ff:ff:ff:ff - aka broadcast => broadcast tells all devices on the local link to send the packet to ALL ports => We send it off with our sender mac address and sender ip address, an empty target mac (this is what we want), and the target ip address that we are looking for - this is how our target knows they should respond. => We get back an arp response from our target, we now know where to send our packets on the link (Now we are at layer 2 - the Internet layer) => Now we can try connecting to our destination: => We can use a tool called netcat: ~> nc 188.8.131.52 443 => We see TCP packets => We can see the destination mac address is the router => We can see in the IP layer, the dest ip is the remote ip, the Protocol is TCP, and our source IP address is set (Now we are at layer 3 - the transport layer) https://en.wikipedia.org/wiki/Transmission_Control_Protocol => We can see in the TCP packets => we have a source and dest port => We have can see we have a sequence number, as well as an ack number => We can see our flag [SYN] - we are opening a connection => We get back a [SYN, ACK] - the server is acknowldging our connection => We send back an [ACK] - acknowldging the server SYN,ACK => We can also send some garbage data - lets say hello ~> echo 'hello' | nc 184.108.40.206 443 (Now we are at layer 4 - the Application layer) => Ok, so we can open a connection and start sending data - lets actually complete a proper connection => curl --verbose https://jaytuckey.name => curl --verbose https://jaytuckey.name/about/