The complete picture
Linux Network Management
End to End Connection
• Being able to describe the end to end
connection sequence is a useful thing
• Very popular question on technical
interviews
• Usually necessary in troubleshooting
– If you don't know how it should work, you
won't recognize problems when you see
them
HTTP Connection
How do we google??
What do we need?
• We need IP addresses for both ends
• We need MAC addresses for anything
on the local subnet
– End station if it's on local subnet
– Gateway MAC if address is not local
• We need port numbers for TCP/UDP
What do we have???
•
•
•
•
•
•
•
A name for the destination - google.com
Our own source IP address
Our own MAC address
Our own gateway IP address
Our own DNS server IP address
Well-known port addresses (/etc/services)
Our own subnet mask
ARP EXCHANGE
what's your MAC?
00:C3:04:22:17:0A
Step 1 - Get the router MAC
We need to get the IP address of the name google.com
We will get that from the DNS server (IP in resolv.conf)
Since the IP address of the DNS server is probably not
local we need to send the DNS request to the router
For that we need the MAC address of the router
Packet 1 Broadcast ARP request to
router port IP
Step 2 - ARP response
Assuming the router port is up we will get an ARP
response with the MAC of the router port
IF THERE IS A PROBLEM WE WILL SEE A TRACE
WITH REPEATED ARP REQUESTS FOR THE
ROUTER PORT AND NOTHING ELSE
Packet 2 Unicast ARP response from
router port
DNS LOOKUP
who is google.com?
216.239.51.100
DNS SERVER
Step 3 - DNS Request for
Google.com
Our Source IP and Source MAC
Randomly generated Source Port
Destination MAC is router port
Destination IP is the DNS server
Well known UDP DNS Port 53
Packet 3 DNS Query to DNS Server (in
resolv.conf) for google.com
Step 4 - DNS Response
Destination IP and Destination MAC to us
UDP Destination Port same as Source in request
Source MAC is router port
Source IP is the DNS server
Source UDP DNS Port 53
Packet 4 DNS Response from DNS
Server with IP of google.com
TCP SYN-SYN/ACK-ACK
SYN
SYN/ACK
ACK
WEB SERVER
Step 5 - TCP SYN
Source MAC and IP from us
Random TCP port
Destination MAC is router port
Destination IP is the HTTP Server
Destination HTTP Port 80
Packet 5 TCP SYN to HTTP Server
Step 6 - TCP SYN/ACK
Destination MAC and IP is to us
Same TCP port we used in SYN
Source MAC is router port
Source IP is the HTTP Server
Source HTTP Port 80
Packet 6 TCP SYN/ACK from HTTP
Server
Step 7 - TCP ACK
Source MAC and IP from us
Same TCP port
Destination MAC is router port
Destination IP is the HTTP Server
Destination HTTP Port 80
Packet 7 TCP ACK to HTTP Server
HTTP GET - TCP ACK
HTTP GET
TCP ACK
WEB SERVER
Step 8 - HTTP GET
Source MAC and IP from us
Same TCP port
Destination MAC is router port
Destination IP is the HTTP Server
Destination HTTP Port 80
Packet 8 HTTP GET to HTTP Server
It's possible to have the GET with the ACK flag set
(Piggy-back ACK)
Step 9 - TCP ACK
Destination MAC and IP is to us
Same TCP port we used in SYN
Source MAC is router port
Source IP is the HTTP Server
Source HTTP Port 80
Packet 9 TCP ACK from HTTP Server
HTTP RESPONSE - TCP ACK
HTTP RESPONSE
TCP ACK
WEB SERVER
Step 10 - HTTP RESPONSE
Destination MAC and IP from us
Same TCP port (remember - socket pair defines TCP
connection)
Source MAC is router port
Source IP is the HTTP Server
Destination HTTP Port 80
Packet 10 HTTP RESPONSE from HTTP
Server
Step 11 - TCP ACK
Source MAC and IP is from us
Same TCP ports
Destination MAC is router port
Destination IP is the HTTP Server
Source HTTP Port 80
Packet 11 TCP ACK to HTTP Server