Analysis of Wireshark capture from my PC doing a HTTP request to google

web server

To start from scratch, the internet connection is turned off. The capture is started on the
wireshark without the system being connected to the internet or any network. Once the
computer is connected to the wifi; laptop creates DHCP request and inserts it in a UDP
Segment with destination port as 67 for DHCP server and source port as 68 for
client. The UDP segment is then placed inside the IP Datagram. Broadcast destination IP
address is set as 255.255.255.255 since the IP address is unresolved; this is broadcasted
to all the IP addresses and a source IP address is set as 0.0.0.0, as the system needs an
IP address.

IP Datagram created which incorporates the DHCP request is used to create the Ethernet
frame with destination MAC address as FF:FF:FF:FF:FF:FF to broadcast it to all the
devices connected through the switch and the frames source MAC address is
6c:71:d9:2b:d8:49. This Ethernet frame is broadcasted to all outgoing ports of the switch.
This frame reaches the DHCP server with MAC address 58:23:8c:b6:58:26 and IP
address 10.0.0.1. DHCP server after receiving the frame will extract the DHCP request
message from the Datagrams payload. In response the server allocates the IP address
10.0.0.34 to my computer with Source MAC address as the gateway routers MAC
address 58:23:8c:b6:58:26 and my laptops MAC address as Destination MAC address
6c:71:d9:2b:d8:49. As the switch had received the DHCP request from my PC, it will do a
unicast message to only my system using the MAC address 6c:71:d9:2b:d8:49 available to
it.

Now after receiving the DHCP ACK, the Ethernet frame is extracted to get the IP address
assigned to it 10.0.0.34 and also notes the default gateway 10.0.0.1 and the IP address
of the DNS server 75.75.75.75. The default gateways information is updated in the IP
forwarding table. This default gateway is used to send the data which is not in this local
network.
Now entering www.google.com on the browser initiates a chain of events to display the
googles webpage. Firstly it creates the TCP Socket which is used to send the HTTP request
to the www.google.com. Before a socket is created a DNS query is done to get the IP
address of google. DNS Protocol provides the name to IP-address translation. A DNS Query
message containing string www.google.com is created and put in UDP segment with DNS
server port number 53 and this is placed in the IP datagram with source IP address as
10.0.0.34 and destination IP address 75.75.75.75 which was obtained during DHCP
ACK message.

Once the frame is created it does ARP query to get the default gateways MAC address by
putting gateway routers IP address as destination IP address 10.0.0.1. The gateway router
replies to my pc with its MAC address 58:23:8c:b6:58:26 and it corresponds to the IP
address 10.0.0.1 through an ARP reply.
ARP Request

ARP Reply

After extracting the ARP reply frame to get the MAC address of the gateway router; it
generates the DNS query message and sends it to the gateway router. Gateway router
extracts the info and gets to the IP address to reach is of DNS server and uses its
forwarding table to send it to the DNS server through the appropriate interface. IGMPv2
protocol is used to reach the DNS server.

As the DNS query arrive at DNS server, it looks for the www.google.com in its DNS
database and finds that it matches to IP address 50.23.115.232. Then finally it creates a
DNS reply message, places it in UDP segment and the segment in an IP datagram addressed
to my allotted IP address i,e 10.0.0.34.

After all these tasks now my PC has the IP address of the google.com. Now my PC will be
able to access the google web server page through the IP address obtained by performing all
these tasks.
TCP Socket is created which is used to send the HTTP GET message from my PC to
google.com. A TCP SYN segment is sent with destination port 80 which is used for HTTP
and places the segment in an IP datagram bearing IP address 50.23.115.232 and
encapsulated with MAC address 58:23:8c:b6:58:26 and sends it out.
Border Gateway Protocol- BGP is used to establish the inter-link connection between my
ISP and the google network.
A 3-way TCP handshake occur between the client(PC) and the server(GOOGLE). That is
SYN is sent from my pc to google server and my PC receives a SYNACK and send
back ACK to establish a connection.

At last my PC creates a HTTP GET message which contains the URL to be fetched from the
google server using the socket created. The get message becomes payload for the TCP
Segment, which is placed in the datagram and encapsulated as a packet. Once the packet is
delivered to the google web server, it creates a HTTP Response message and sends it to its
socket. It follows similar approach in forming the packet as it did when sending to google as
a request and traverse through the network to reach my PC where the web page of the
google.com is displayed.
HTTP Get

HTTP response