Sie sind auf Seite 1von 21

The complete picture

Linux Network Management

End to End Connection


Being able to describe the end to end
connection sequence is a useful thing
Very popular question on technical
interviews
Usually necessary in troubleshooting
If you don't know how it should work, you
won't recognize problems when you see
them

HTTP Connection

How do we google??

What do we need?
We need IP addresses for both ends
We need MAC addresses for anything
on the local subnet
End station if it's on local subnet
Gateway MAC if address is not local

We need port numbers for TCP/UDP

What do we have???

A name for the destination - google.com


Our own source IP address
Our own MAC address
Our own gateway IP address
Our own DNS server IP address
Well-known port addresses (/etc/services)
Our own subnet mask

ARP EXCHANGE
what's your MAC?

00:C3:04:22:17:0A

Step 1 - Get the router MAC


We need to get the IP address of the name google.com
We will get that from the DNS server (IP in resolv.conf)
Since the IP address of the DNS server is probably not
local we need to send the DNS request to the router
For that we need the MAC address of the router

Packet 1 Broadcast ARP request to


router port IP

Step 2 - ARP response


Assuming the router port is up we will get an ARP
response with the MAC of the router port
IF THERE IS A PROBLEM WE WILL SEE A TRACE
WITH REPEATED ARP REQUESTS FOR THE
ROUTER PORT AND NOTHING ELSE

Packet 2 Unicast ARP response from


router port

DNS LOOKUP
who is google.com?

216.239.51.100

DNS SERVER

Step 3 - DNS Request for


Google.com
Our Source IP and Source MAC
Randomly generated Source Port
Destination MAC is router port
Destination IP is the DNS server
Well known UDP DNS Port 53

Packet 3 DNS Query to DNS Server (in


resolv.conf) for google.com

Step 4 - DNS Response


Destination IP and Destination MAC to us
UDP Destination Port same as Source in request
Source MAC is router port
Source IP is the DNS server
Source UDP DNS Port 53

Packet 4 DNS Response from DNS


Server with IP of google.com

TCP SYN-SYN/ACK-ACK
SYN

SYN/ACK
ACK

WEB SERVER

Step 5 - TCP SYN


Source MAC and IP from us
Random TCP port
Destination MAC is router port
Destination IP is the HTTP Server
Destination HTTP Port 80

Packet 5 TCP SYN to HTTP Server

Step 6 - TCP SYN/ACK


Destination MAC and IP is to us
Same TCP port we used in SYN
Source MAC is router port
Source IP is the HTTP Server
Source HTTP Port 80

Packet 6 TCP SYN/ACK from HTTP


Server

Step 7 - TCP ACK


Source MAC and IP from us
Same TCP port
Destination MAC is router port
Destination IP is the HTTP Server
Destination HTTP Port 80

Packet 7 TCP ACK to HTTP Server

HTTP GET - TCP ACK

HTTP GET
TCP ACK
WEB SERVER

Step 8 - HTTP GET


Source MAC and IP from us
Same TCP port
Destination MAC is router port
Destination IP is the HTTP Server
Destination HTTP Port 80

Packet 8 HTTP GET to HTTP Server


It's possible to have the GET with the ACK flag set
(Piggy-back ACK)

Step 9 - TCP ACK


Destination MAC and IP is to us
Same TCP port we used in SYN
Source MAC is router port
Source IP is the HTTP Server
Source HTTP Port 80

Packet 9 TCP ACK from HTTP Server

HTTP RESPONSE - TCP ACK

HTTP RESPONSE

TCP ACK

WEB SERVER

Step 10 - HTTP RESPONSE


Destination MAC and IP from us
Same TCP port (remember - socket pair defines TCP
connection)
Source MAC is router port
Source IP is the HTTP Server
Destination HTTP Port 80

Packet 10 HTTP RESPONSE from HTTP


Server

Step 11 - TCP ACK


Source MAC and IP is from us
Same TCP ports
Destination MAC is router port
Destination IP is the HTTP Server
Source HTTP Port 80

Packet 11 TCP ACK to HTTP Server