the complete picture
DESCRIPTION
The complete picture. Linux Network Management. End to End Connection. Being able to describe the end to end connection sequence is a useful thing Very popular question on technical interviews Usually necessary in troubleshooting - PowerPoint PPT PresentationTRANSCRIPT
The complete picture
Linux Network Management
End to End Connection
• Being able to describe the end to end connection sequence is a useful thing
• Very popular question on technical interviews
• Usually necessary in troubleshooting – If you don't know how it should work, you
won't recognize problems when you see them
HTTP Connection
How do we google??
What do we need?
• We need IP addresses for both ends
• We need MAC addresses for anything on the local subnet– End station if it's on local subnet– Gateway MAC if address is not local
• We need port numbers for TCP/UDP
What do we have???
• A name for the destination - google.com
• Our own source IP address
• Our own MAC address
• Our own gateway IP address
• Our own DNS server IP address
• Well-known port addresses (/etc/services)
• Our own subnet mask
ARP EXCHANGE
what's your MAC?
00:C3:04:22:17:0A
Step 1 - Get the router MAC
We need to get the IP address of the name google.com
We will get that from the DNS server (IP in resolv.conf)
Since the IP address of the DNS server is probably not local we need to send the DNS request to the router
For that we need the MAC address of the router
Packet 1 Broadcast ARP request to router port IP
Step 2 - ARP response
Assuming the router port is up we will get an ARP response with the MAC of the router port
IF THERE IS A PROBLEM WE WILL SEE A TRACE WITH REPEATED ARP REQUESTS FOR THE ROUTER PORT AND NOTHING ELSE
Packet 2 Unicast ARP response from router port
DNS LOOKUP
who is google.com?
216.239.51.100DNS SERVER
Step 3 - DNS Request for Google.com
Packet 3 DNS Query to DNS Server (in resolv.conf) for google.com
Our Source IP and Source MAC
Randomly generated Source Port
Destination MAC is router port
Destination IP is the DNS server
Well known UDP DNS Port 53
Step 4 - DNS Response
Packet 4 DNS Response from DNS Server with IP of google.com
Destination IP and Destination MAC to us
UDP Destination Port same as Source in request
Source MAC is router port
Source IP is the DNS server
Source UDP DNS Port 53
TCP SYN-SYN/ACK-ACK
SYN
SYN/ACK
ACK WEB SERVER
Step 5 - TCP SYN
Packet 5 TCP SYN to HTTP Server
Source MAC and IP from us
Random TCP port
Destination MAC is router port
Destination IP is the HTTP Server
Destination HTTP Port 80
Step 6 - TCP SYN/ACK
Packet 6 TCP SYN/ACK from HTTP Server
Destination MAC and IP is to us
Same TCP port we used in SYN
Source MAC is router port
Source IP is the HTTP Server
Source HTTP Port 80
Step 7 - TCP ACK
Packet 7 TCP ACK to HTTP Server
Source MAC and IP from us
Same TCP port
Destination MAC is router port
Destination IP is the HTTP Server
Destination HTTP Port 80
HTTP GET - TCP ACK
HTTP GET
TCP ACKWEB SERVER
Step 8 - HTTP GET
Packet 8 HTTP GET to HTTP Server
Source MAC and IP from us
Same TCP port
Destination MAC is router port
Destination IP is the HTTP Server
Destination HTTP Port 80
It's possible to have the GET with the ACK flag set
(Piggy-back ACK)
Step 9 - TCP ACK
Packet 9 TCP ACK from HTTP Server
Destination MAC and IP is to us
Same TCP port we used in SYN
Source MAC is router port
Source IP is the HTTP Server
Source HTTP Port 80
HTTP RESPONSE - TCP ACK
HTTP RESPONSE
TCP ACK WEB SERVER
Step 10 - HTTP RESPONSE
Packet 10 HTTP RESPONSE from HTTP Server
Destination MAC and IP from us
Same TCP port (remember - socket pair defines TCP connection)
Source MAC is router port
Source IP is the HTTP Server
Destination HTTP Port 80
Step 11 - TCP ACK
Packet 11 TCP ACK to HTTP Server
Source MAC and IP is from us
Same TCP ports
Destination MAC is router port
Destination IP is the HTTP Server
Source HTTP Port 80