The complete picture Linux Network Management End to End Connection • Being able to describe the end to end connection sequence is a useful thing • Very popular question on technical interviews • Usually necessary in troubleshooting – If you don't know how it should work, you won't recognize problems when you see them HTTP Connection How do we google?? What do we need? • We need IP addresses for both ends • We need MAC addresses for anything on the local subnet – End station if it's on local subnet – Gateway MAC if address is not local • We need port numbers for TCP/UDP What do we have??? • • • • • • • A name for the destination - google.com Our own source IP address Our own MAC address Our own gateway IP address Our own DNS server IP address Well-known port addresses (/etc/services) Our own subnet mask ARP EXCHANGE what's your MAC? 00:C3:04:22:17:0A Step 1 - Get the router MAC We need to get the IP address of the name google.com We will get that from the DNS server (IP in resolv.conf) Since the IP address of the DNS server is probably not local we need to send the DNS request to the router For that we need the MAC address of the router Packet 1 Broadcast ARP request to router port IP Step 2 - ARP response Assuming the router port is up we will get an ARP response with the MAC of the router port IF THERE IS A PROBLEM WE WILL SEE A TRACE WITH REPEATED ARP REQUESTS FOR THE ROUTER PORT AND NOTHING ELSE Packet 2 Unicast ARP response from router port DNS LOOKUP who is google.com? 216.239.51.100 DNS SERVER Step 3 - DNS Request for Google.com Our Source IP and Source MAC Randomly generated Source Port Destination MAC is router port Destination IP is the DNS server Well known UDP DNS Port 53 Packet 3 DNS Query to DNS Server (in resolv.conf) for google.com Step 4 - DNS Response Destination IP and Destination MAC to us UDP Destination Port same as Source in request Source MAC is router port Source IP is the DNS server Source UDP DNS Port 53 Packet 4 DNS Response from DNS Server with IP of google.com TCP SYN-SYN/ACK-ACK SYN SYN/ACK ACK WEB SERVER Step 5 - TCP SYN Source MAC and IP from us Random TCP port Destination MAC is router port Destination IP is the HTTP Server Destination HTTP Port 80 Packet 5 TCP SYN to HTTP Server Step 6 - TCP SYN/ACK Destination MAC and IP is to us Same TCP port we used in SYN Source MAC is router port Source IP is the HTTP Server Source HTTP Port 80 Packet 6 TCP SYN/ACK from HTTP Server Step 7 - TCP ACK Source MAC and IP from us Same TCP port Destination MAC is router port Destination IP is the HTTP Server Destination HTTP Port 80 Packet 7 TCP ACK to HTTP Server HTTP GET - TCP ACK HTTP GET TCP ACK WEB SERVER Step 8 - HTTP GET Source MAC and IP from us Same TCP port Destination MAC is router port Destination IP is the HTTP Server Destination HTTP Port 80 Packet 8 HTTP GET to HTTP Server It's possible to have the GET with the ACK flag set (Piggy-back ACK) Step 9 - TCP ACK Destination MAC and IP is to us Same TCP port we used in SYN Source MAC is router port Source IP is the HTTP Server Source HTTP Port 80 Packet 9 TCP ACK from HTTP Server HTTP RESPONSE - TCP ACK HTTP RESPONSE TCP ACK WEB SERVER Step 10 - HTTP RESPONSE Destination MAC and IP from us Same TCP port (remember - socket pair defines TCP connection) Source MAC is router port Source IP is the HTTP Server Destination HTTP Port 80 Packet 10 HTTP RESPONSE from HTTP Server Step 11 - TCP ACK Source MAC and IP is from us Same TCP ports Destination MAC is router port Destination IP is the HTTP Server Source HTTP Port 80 Packet 11 TCP ACK to HTTP Server