How the Internet Actually Works
Every click triggers a chain reaction of protocols, signals, and servers. Here is the end-to-end journey of a data packet across 7 distinct phases.
Everything starts before a single packet even leaves your machine.
URL Parsing
The browser breaks the URL into the protocol (https), domain (example.com), and resource path (/api/v1).
Technical Deep Dive
The browser parses the scheme, host, port, path, and query parameters following RFC 3986.
https://example.com/api/v1 → { proto: "https", host: "example.com", path: "/api/v1" } HSTS Check
The browser checks if the site is on the "HSTS Preload List" to see if it requires HTTPS.
Technical Deep Dive
HTTP Strict Transport Security forces the browser to only use https:// before any request is attempted.
Browser forces Upgrade from http:// to https:// DNS Cache Lookup
The OS checks Browser, OS, Router, and ISP caches for a recent IP record.
Technical Deep Dive
Caching avoids redundant network round-trips for frequently visited domains.
Cache Check: Browser (~1min) → OS (~5min) → Router → ISP If the IP isn't cached, the "Recursive Resolver" hunts for the answer.
Root Server Query
The resolver asks a Root Name Server where to find the .com TLD (Top-Level Domain).
Technical Deep Dive
There are 13 logical root server clusters globally (a.root-servers.net to m.root-servers.net).
Query Root: "Where is .com?" TLD Server Query
The Root points to the .com TLD servers, which manage the records for all .com domains.
Technical Deep Dive
TLD (Top Level Domain) servers are operated by registries like Verisign (for .com).
Query TLD: "Where is example.com?" Authoritative Server
The TLD points to the specific Name Server (Route53, Cloudflare) that holds the A record.
Technical Deep Dive
This server holds the actual IP associated with the domain name.
Query Cloudflare: "What is the IP for example.com?" IP Retrieval
The final IP address is returned to your browser and cached for future use.
Technical Deep Dive
The response includes a TTL (Time To Live), which determines how long the record stays in cache.
Received: 93.184.216.34 (TTL: 3600s) Now that we have the address, we need a reliable "truck" to carry the data.
TCP 3-Way Handshake
Client and Server synchronize sequence numbers and acknowledge connection intent.
Technical Deep Dive
The sequence is: SYN (Client) → SYN-ACK (Server) → ACK (Client).
Seq=0, Ack=0 → Seq=0, Ack=1 → Seq=1, Ack=1 Socket Opening
An ephemeral port is opened on your machine to listen for the server's response.
Technical Deep Dive
A socket is defined by a 4-tuple: (Source IP, Source Port, Dest IP, Dest Port).
Socket: 192.168.1.10:54321 ↔ 93.184.216.34:443 Since this is likely HTTPS, we must encrypt the tunnel.
Client Hello
The browser sends supported Cipher Suites and a random string to initiate security.
Technical Deep Dive
Includes TLS version, supported algorithms (like AES, RSA), and compression methods.
Client: "I support TLS 1.3 and these 5 encryption methods." Server Hello
The server chooses the encryption method and sends its SSL Certificate.
Technical Deep Dive
The certificate contains the server's public key and is signed by a CA.
Server: "Let's use AES-256-GCM. Here is my signed certificate." Certificate Validation
The browser checks the certificate against built-in Certificate Authorities (CAs).
Technical Deep Dive
Verification ensures that the certificate is valid, not expired, and matches the domain.
Trust Verification: DigiCert → Intermediate CA → example.com Key Exchange
The parties agree on a "Session Key" using asymmetric encryption.
Technical Deep Dive
Ephemeral Diffie-Hellman permits key generation without ever sending the key itself.
Result: A shared secret key known only to client and server. Symmetric Encryption
All further data is encrypted with the session key, which is blazing fast.
Technical Deep Dive
Symmetric encryption (AES) is used for bulk data as it is more efficient than RSA.
Tunnel: [Encrypted GET Request] This is where the bits turn into light or electricity.
HTTP Request Gen
The browser constructs the plaintext HTTP headers requesting the resource.
Technical Deep Dive
Headers specify the Host, User-Agent, Accept types, and Caching directives.
GET /index.html HTTP/1.1
Host: example.com Segmenting & MTU
TCP breaks the large HTTP string into small segments (usually ~1500 bytes per MTU).
Technical Deep Dive
MSS (Maximum Segment Size) ensures data fits within physical network frames.
Response Split: Part 1, Part 2, ... Part 100 IP Datagrams
Each segment gets an IP header containing Source and Destination IP addresses.
Technical Deep Dive
The IP layer (Layer 3) handles routing between different subnets.
Header: From 192.168.1.10 → To 93.184.216.34 The Last Mile
Modems convert bits into electrical signals, light pulses, or radio waves.
Technical Deep Dive
Signal conversion varies by medium: DSL (electrical), Fiber (light), 5G (radio).
Modulation: Bits → Laser Pulses (Fiber Optics) BGP Routing
BGP determines the most efficient "hops" across autonomous systems (AS) worldwide.
Technical Deep Dive
Router protocols find paths across the backbone (Tier 1 providers).
Route: Comcast → Level3 → Equinix → AWS The packet arrives at the destination's front door.
Load Balancing
Load balancers intercept the packet and decide which internal server is least busy.
Technical Deep Dive
Decisions are made using algorithms like Round Robin, Least Conn, or IP Hashing.
LB → Server 03 (Currently 20% Load) Firewall / WAF
Firewalls check for SQL injection, cross-site scripting (XSS), or DDoS patterns.
Technical Deep Dive
Web Application Firewalls (WAF) inspect Layer 7 (HTTP) payload for threats.
Filter: Blocking known malicious bot IP TCP Reassembly
The server OS receives out-of-order packets and reassembles the original HTTP string.
Technical Deep Dive
TCP sequence numbers allow the OS to wait for lost packets and re-order fragments.
Fragments 1, 3, 2 → Reassembled index.html Application Logic
Your backend code (Node, Go, Python) runs, queries databases, and generates HTML.
Technical Deep Dive
Application servers execute business logic and fetch data from storage layers.
Go/Gin: Context binding → DB Query → JSON Response Data is sent back and processed for your eyes to see.
HTTP Response
The server sends back the payload (HTML/JSON) with a status code (e.g., 200 OK).
Technical Deep Dive
The response body contains the raw bytes of the requested resource.
200 OK — Content-Type: text/html Tear Down
Once data is received, the connection is closed or kept alive for future requests.
Technical Deep Dive
FIN packets are sent to close the TCP connection gracefully.
FIN → ACK → FIN → ACK (The 4-way close) Critical Render Path
Browser parses HTML (DOM), CSS (CSSOM), and builds the Render Tree.
Technical Deep Dive
JavaScript execution can block the rendering process (Render-blocking JS).
Parsing: index.html → main.css → bundle.js Painting the Pixels
The browser calculates the layout and paints pixels on your screen.
Technical Deep Dive
The GPU handles the compositing of different layers for a smooth display.
First Paint: 250ms Core Journey Complete
You've just witnessed the incredible orchestration behind a single web request. The internet is our most beautiful machine.