{"id":1399,"date":"2025-01-03T16:38:28","date_gmt":"2025-01-03T16:38:28","guid":{"rendered":"https:\/\/cybersecurityinfocus.com\/?p=1399"},"modified":"2025-01-03T16:38:28","modified_gmt":"2025-01-03T16:38:28","slug":"how-the-internet-works-a-detailed-guide","status":"publish","type":"post","link":"https:\/\/cybersecurityinfocus.com\/?p=1399","title":{"rendered":"How the Internet Works | A Detailed Guide"},"content":{"rendered":"

Before we start troubleshooting, let\u2019s take some time to understand how the network works. Finding web vulnerabilities is all about exploiting the weaknesses of the technology, so all good hackers should have a clear understanding of them. If you are already familiar with these processes, you can move on to monitoring Internet security. The following question is a good starting point: what happens when you type\u00a0www.google.com<\/strong>\u00a0into your browser? In other words, how does your browser know how to navigate from a domain name like\u00a0google.com<\/strong>\u00a0to the web page you\u2019re looking for? Let\u2019s find out.<\/p>\n

Part 1: Client-server model <\/h2>\n

The Internet consists of two types of devices: clients and servers. Clients request resources or services, and servers provide those resources and services. When you visit a website using a browser, it acts as a client and requests a web page from the web server. The web server will then send your browser a web page (picture below):<\/p>\n

A web page is nothing but a collection of resources or files sent by a web server. For example, at a minimum, the server will send your browser a text file written in a hypertext markup language (\u00a0HTML<\/strong>\u00a0), a language that tells your browser what to display. Most web pages also include Cascading Style Sheets (\u00a0CSS<\/strong>\u00a0) files to make them look beautiful. Sometimes web pages also contain\u00a0JavaScript (JS)<\/strong>\u00a0files , which allow sites to animate the web page and respond to user input without using a server.<\/p>\n

For example,\u00a0JavaScript<\/strong>\u00a0can resize images as users scroll and validate user input on the client side before sending it to the server. Finally, your browser can receive embedded resources such as images and videos. Your browser will combine these resources to display the web page you see.<\/p>\n

Servers don\u2019t just return web pages to the user. Web\u00a0APIs<\/strong>\u00a0allow applications to request data from other systems. This allows applications to communicate with each other and control the exchange of data and resources. For example,\u00a0Twitter\u00a0APIs<\/strong>\u00a0allow other websites to send requests to\u00a0Twitter<\/strong>\u00a0servers to obtain data such as lists of public tweets and their authors.\u00a0APIs<\/strong>\u00a0provide many functions of the Internet beyond this, and we will return to them, as well as their security, in future sections. <\/p>\n

Discover: So You Want to Be a Hacker: 2024 Edition<\/a><\/em><\/strong><\/p>\n

Part 2: Domain name system | Internet ports<\/h2>\n\n

Well, every device connected to the Internet has a unique Internet Protocol (\u00a0IP<\/strong>\u00a0) address that other devices can use to find it. However,\u00a0IP<\/strong>\u00a0addresses consist of numbers and letters that are difficult for humans to remember. For example, the old\u00a0IPv4\u00a0IP<\/strong>\u00a0address format\u00a0looks like this:\u00a0123.45.67.89<\/strong>\u00a0. The new version\u00a0of IPv6<\/strong>\u00a0looks even more complex:\u00a02001:db8::ff00:42:8329<\/strong>\u00a0.This is where the Domain Name System (\u00a0DNS<\/strong>\u00a0) comes to the rescue.\u00a0A DNS<\/strong>\u00a0server functions like a phone book on the Internet, converting domain names into\u00a0IP<\/strong>\u00a0addresses (picture below). When you enter a domain name in a browser,\u00a0the DNS<\/strong>\u00a0server must first resolve the domain name to\u00a0an IP<\/strong>\u00a0address. Our browser asks\u00a0the DNS<\/strong>\u00a0server: \u201cWhat\u00a0IP<\/strong>\u00a0address is this domain on?\u201d<\/p>\n

<\/p>\n

Internet ports<\/strong>Once your browser receives the correct\u00a0IP<\/strong>\u00a0address, it will try to connect to that\u00a0IP<\/strong>\u00a0address through the port<\/a>. A port is a logical separation of devices that identifies a specific network service. We identify ports by their numbers, which can range from\u00a00<\/strong>\u00a0to\u00a065535<\/strong>\u00a0.Ports allow a server to provide multiple services to the Internet at the same time. Because there are conventions for traffic received on specific ports, port numbers also allow the server to quickly forward incoming Internet messages to the appropriate service for processing. For example, if an internet client connects to port\u00a080<\/strong>\u00a0, the web server understands that the client wants to access its web services (picture below).<\/p>\n

<\/p>\n

By default, we use port\u00a080<\/strong>\u00a0for\u00a0HTTP<\/strong>\u00a0messages and port 443 for\u00a0HTTPS<\/strong>\u00a0, the encrypted version\u00a0of HTTP<\/strong>\u00a0.<\/p>\n

Part 3: HTTP requests and responses <\/h2>\n

Once a connection is established, the browser and server communicate via the Hypertext Transfer Protocol (\u00a0HTTP<\/strong>\u00a0).\u00a0HTTP<\/strong>\u00a0is a set of rules that define how Internet messages are structured and interpreted, and how web clients and web servers should exchange information.<\/p>\n

When your browser wants to communicate with the server, it sends an\u00a0HTTP<\/strong>\u00a0request to the server. There are different types\u00a0of HTTP<\/strong>\u00a0requests, the most common being\u00a0GET<\/strong>\u00a0and\u00a0POST<\/strong>\u00a0. By convention,\u00a0GET<\/strong>\u00a0requests retrieve data from the server, and\u00a0POST<\/strong>\u00a0requests transfer data to it. Other common\u00a0HTTP<\/strong>\u00a0methods include\u00a0OPTIONS<\/strong>\u00a0, used to request allowed\u00a0HTTP<\/strong>\u00a0methods for a given\u00a0URL<\/strong>\u00a0;\u00a0PUT<\/strong>\u00a0\u2013 used to update a resource; and\u00a0DELETE<\/strong>\u00a0, used to delete a resource.
Here is an example of a\u00a0GET<\/strong>\u00a0request that requests the home page\u00a0www.google.com<\/strong>\u00a0from the server :<\/p>\n

\n
\n

GET \/ HTTP\/1.1
Host: www.google.com
User-Agent: Mozilla\/5.0
Accept: text\/html,application\/xhtml+xml,application\/xml
Accept-Language: en-US
Accept-Encoding: gzip, deflate
Connection: close<\/strong><\/p>\n

Let\u2019s go through the structure of this request since you will come across many such requests in this series of articles. All\u00a0HTTP<\/strong>\u00a0requests consist of a query line, request headers, and an optional request body. The previous example contains only the query string and headers.
The query line is the first line of an\u00a0HTTP<\/strong>\u00a0request. It specifies the request method, the URL requested, and the\u00a0HTTP<\/strong>\u00a0version used. Here you can see that the client is sending an\u00a0HTTP GET<\/strong>\u00a0request to the home page of\u00a0www.google.com<\/strong>\u00a0using\u00a0HTTP<\/strong>\u00a0version\u00a01.1<\/strong>.
The remaining lines are the\u00a0HTTP<\/strong>\u00a0request headers. They are used to pass additional information about the request to the server. This allows the server to customize the results sent to the client. In the previous example, the\u00a0Host<\/strong>\u00a0header specifies the hostname of the request.\u00a0The User-Agent\u00a0header\u00a0contains information about the operating system and version of the requesting software, such as the user\u2019s web browser. The\u00a0Accept, Accept-Language, and\u00a0Accept-Encoding\u00a0headers\u00a0tell the server what format the responses should be in. The\u00a0Connection<\/strong>\u00a0header tells the server whether the network connection<\/a> should remain open after the server responds.<\/p>\n<\/div>\n<\/div>\n

You may see several other common headers in requests. The\u00a0Cookie<\/strong>\u00a0header\u00a0is used to send\u00a0cookies<\/strong>\u00a0from the client to the server. The Referer header indicates the address of the previous web page that linked to the current page. The authorization header contains the credentials to authenticate the user to the server. Once the server receives the request, it will try to fulfill it. The server will return all resources used to create your web page using\u00a0HTTP<\/strong>\u00a0responses. The\u00a0HTTP<\/strong>\u00a0response\u00a0contains several elements: an\u00a0HTTP<\/strong>\u00a0status code indicating whether the request was successful;\u00a0HTTP<\/strong>\u00a0headers, which are pieces of information that browsers and servers use to communicate with each other regarding authentication, content format, and security policies; and the\u00a0HTTP<\/strong>\u00a0response body\u00a0or actual web content that you requested. Web content can include\u00a0HTML code,\u00a0CSS<\/strong>\u00a0style sheets,\u00a0JavaScript<\/strong>\u00a0code, images, and more.
Here is an example\u00a0HTTP<\/strong>\u00a0response:<\/p>\n

Notice the 200 OK message on the first line\u00a0(1)<\/strong>\u00a0. This is the status code. An HTTP status code in the range of 200 indicates a successful request. A status code in the 300 range indicates a redirect to another page, while a 400 range indicates an error on the client side, such as a request for a page that does not exist. A range of 500 means that there was an error on the server itself.<\/p>\n

As a bug hunter, you should always keep an eye on these status codes as they can tell you a lot about how the server is performing. For example, status code 403 means that the resource is prohibited for you. This could mean that sensitive data is hidden on a page that you can access if you can bypass access controls. <\/p>\n

\n<\/div>\n

The next few lines in the response, separated by a colon (:), are the HTTP response headers. They allow the server to pass additional information about the response to the client. In this case, you can see that the response time was Tue, 31 Aug 2021 17:38:14 GMT\u00a0(2)<\/strong>. The Content-Type header specifies the file type of the response body. In this case, the Content-Type of this page is text\/html\u00a0(3)<\/strong>\u00a0. The server version is Google Web Server (gws)\u00a0(4)<\/strong>\u00a0and the Content-Length is 190,532 bytes\u00a0(5)<\/strong>\u00a0. Typically, additional response headers indicate the content of the content: format, language, and security policies.<\/p>\n

In addition to these, you may encounter several other common response headers. The\u00a0Set-Cookie<\/strong>\u00a0header\u00a0is sent by the server to the client to set the\u00a0cookie<\/strong>. The\u00a0Location<\/strong>\u00a0header\u00a0specifies\u00a0the URL<\/strong>\u00a0to which the page should be redirected.\u00a0The Access-Control-Allow-Origin<\/strong>\u00a0header\u00a0specifies which origins can access the page\u2019s content.\u00a0Content-Security-Policy<\/strong>\u00a0controls the origin of resources that the browser is allowed to load, and the\u00a0X-Frame-Options<\/strong>\u00a0header specifies whether a page can be loaded inside\u00a0an iframe<\/strong>. The data after the empty line represents the response body. It contains the actual content of the web page, such as\u00a0HTML<\/strong>\u00a0and\u00a0JavaScript<\/strong>\u00a0code. Once your browser has all the information it needs to create a web page, it will render everything for you.<\/p>\n

\u2764\ufe0f If you liked the article,\u00a0like and subscribe<\/strong>\u00a0to my channel\u00a0\u201cCodelivly<\/a>\u201d.<\/strong><\/p>\n

\ud83d\udc4d If you have any questions or if I would like to discuss the described hacking tools in more detail, then\u00a0write in the comments<\/strong>. Your opinion is very important to me!<\/p>\n

The post How the Internet Works | A Detailed Guide<\/a> first appeared on Codelivly<\/a>.<\/p>","protected":false},"excerpt":{"rendered":"

Before we start troubleshooting, let\u2019s take some time to understand how the network works. Finding web vulnerabilities is all about exploiting the weaknesses of the technology, so all good hackers should have a clear understanding of them. If you are already familiar with these processes, you can move on to monitoring Internet security. The following […]<\/p>\n","protected":false},"author":0,"featured_media":1400,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[],"class_list":["post-1399","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-blog"],"_links":{"self":[{"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=\/wp\/v2\/posts\/1399"}],"collection":[{"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"replies":[{"embeddable":true,"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=1399"}],"version-history":[{"count":0,"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=\/wp\/v2\/posts\/1399\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=\/wp\/v2\/media\/1400"}],"wp:attachment":[{"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=1399"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=1399"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=1399"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}