Continuation of Part 1 – https://mickx009.org/2020/03/22/what-happens-when-someone-types-google-com-into-a-web-browser-pt-1-dns-arp/
Per part 1, the computer in question now has received an answer to what public IP address Google.com maps to. With this information the computer can now begin a request to the server. The computer web browser will start by sending a request down from Layer 7 (application) to its layer 4 TCP stack requesting a socket stream with the destination port of TCP 443 (HTTPS). The TCP stack begins creating a segment with the destination port of HTTPS and source port from the OS random pool.
The TCP segment is then sent down to Network/Layer 3 where an additional IP header is added to the TCP segment. The IP header will contain both a source and destination IP address. The destination IP is the public IP the DNS query received mapping to Google.com. The source IP will in theory be the IP address assigned to the computer trying to reach Google.com. After the IP header is added to the segment, the networking stack then sends the now IP packet down to Layer 2 where a Frame header is added on. The Frame header includes the source MAC address, which is the hardware address associated with the computer NIC, and the destination MAC address that is assigned to the default gateway. Part 1 showed that the computer now knows the MAC address of the default gateway due to the ARP broadcast process. If the local computer for some reason does not know the MAC address of the router/gateway, then the ARP process would need to be run again. From here the now Frame is sent to the local router/gateway where the Frame header is taken off the IP Packet. The router then processes how to reach the destination IP of the packet via the device’s routing table. Most likely a Default Route entry is found in the routing table which tells the router where to send the incoming traffic. Before the computer Packet is sent off, the router first will add another Frame on top of the Packet. The Frame will once again have a source and destination MAC address. The source being the WAN side of the router MAC address, and the destination being the MAC address of the next hop router interface. The hopping between Layer 3 and Layer 2 will continue until the destination is reached. And ultimately continue in both directions until the computer sends and receives all necessary payload.
It’s worth mentioning that in a typical Enterprise/Residential network, internally the hosts are using IPv4 RFC 1918 address space. This address space is not usable on the public internet, so most internet users require their router to perform NAT to reach the IPv4 internet. At the edge of the network before reaching the internet, a router will typically perform a 1 to many Network Address Translation. This means all internal RFC 1918 hosts will get translated to one public IP address assigned to the WAN/public side of the router. All traffic internet bound will appear to be coming from that one public IP. Sessions are managed via internal and external source/destination layer 4 ports.
When the computer in question reaches the server hosting Google.com, the server receives the Frame, removes layer 2 and layer 3 headers, then processes the segment on the server’s listening TCP port, in this case 443. The received segment has the SYN flag set which starts the beginning of a TCP connection. The server responds back to the computer with the SYN ACK flags set, then receives a response back from the computer with a final ACK. The final ACK is the end of the initial three way handshake and data can start getting transmitted between the server and computer.
mickx009.org 