How a message travels through the internet
Imagine sending a letter. You don't throw it in the air hoping it arrives. You put it in an envelope with an address, take it to the post office, it goes through distribution centers, and finally arrives.
The internet works the same, but in milliseconds.
The simplified OSI model
7 layers is too much. Think of 4:
โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ
โ APPLICATION (HTTP, DNS, SMTP) โ โ Your code lives here
โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโค
โ TRANSPORT (TCP, UDP) โ โ Reliable or fast delivery
โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโค
โ NETWORK (IP, ICMP) โ โ Addresses and routes
โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโค
โ LINK (Ethernet, WiFi) โ โ Cables and waves
โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ
TCP vs UDP
TCP: The reliable postman
Client Server
โ โ
โโโโโ SYN โโโโโโโโโโโโโโโโโโโโโโโ
โโโโโ SYN-ACK โโโโโโโโโโโโโโโโโโโ
โโโโโ ACK โโโโโโโโโโโโโโโโโโโโโโโ
โ โ
โ (Connection established) โ
โ โ
โโโโโ Data โโโโโโโโโโโโโโโโโโโโโโ
โโโโโ ACK โโโโโโโโโโโโโโโโโโโโโโโ
- Guarantees delivery: Retries if lost
- Ordered: Arrives in correct order
- Slower: Due to handshake and confirmations
Use TCP for: HTTP, Email, files, anything that can't lose data.
UDP: The fast messenger
Client Server
โ โ
โโโโโ Data โโโโโโโโโโโโโโโโโโโโโโ
โโโโโ Data โโโโโโโโโโโโโโโโโโโโโโ
โโโโโ Data โโโโโโโโโโโโโโโโโโโโโโ
โ โ
โ (No confirmation) โ
- No guarantees: Can lose packets
- Unordered: Arrive as they can
- Fast: No connection overhead
Use UDP for: Video streaming, games, DNS, VoIP.
HTTP deep dive
Methods and their semantics
| Method | Use | Idempotent | Body |
|---|---|---|---|
| GET | Get data | Yes | No |
| POST | Create resource | No | Yes |
| PUT | Replace complete | Yes | Yes |
| PATCH | Modify partial | No | Yes |
| DELETE | Delete | Yes | No |
Status codes you should know
2xx Success
โโโ 200 OK - All good
โโโ 201 Created - Resource created
โโโ 204 No Content - Success without body
3xx Redirection
โโโ 301 Moved Permanently - URL changed forever
โโโ 302 Found - Temporary redirect
โโโ 304 Not Modified - Use your cache
4xx Client Error
โโโ 400 Bad Request - Malformed request
โโโ 401 Unauthorized - Needs authentication
โโโ 403 Forbidden - Authenticated but no permission
โโโ 404 Not Found - Resource doesn't exist
โโโ 429 Too Many Requests - Rate limited
5xx Server Error
โโโ 500 Internal Server Error - Bug in server
โโโ 502 Bad Gateway - Proxy couldn't connect
โโโ 503 Service Unavailable - Server overloaded
โโโ 504 Gateway Timeout - Proxy timeout
HTTPS and TLS
The TLS handshake
Client Server
โ โ
โโโโโ ClientHello โโโโโโโโโโโโโโโ (TLS versions, ciphers)
โโโโโ ServerHello โโโโโโโโโโโโโโโ (certificate, chosen cipher)
โ โ
โ (Verify certificate) โ
โ โ
โโโโโ Key Exchange โโโโโโโโโโโโโโ (generate session key)
โโโโโ Finished โโโโโโโโโโโโโโโโโโ
โ โ
โ === Encrypted connection === โ
Verify a certificate
# See site certificate
openssl s_client -connect google.com:443 -servername google.com 2>/dev/null | openssl x509 -text -noout
# See expiration dates
echo | openssl s_client -connect luxia.us:443 2>/dev/null | openssl x509 -dates -noout
DNS: The phone book
Your browser asks for: luxia.us
1. Local cache (your machine)
2. Router cache
3. ISP DNS resolver
4. Root DNS (.us)
5. TLD DNS (luxia.us)
6. Authoritative DNS โ IP: 123.45.67.89
Useful commands
# Resolve domain
nslookup luxia.us
# More detail
dig luxia.us
# See all records
dig luxia.us ANY
# Trace resolution
dig +trace luxia.us
WebSockets: Bidirectional communication
HTTP is request-response. WebSocket is an open channel.
Traditional HTTP:
Client โโrequestโโโ Server
Client โโresponseโ Server
Client โโrequestโโโ Server
Client โโresponseโ Server
WebSocket:
Client โโโโโโโโโโโโ Server
Open channel, both
can send whenever they want
When to use WebSocket
- Real-time chat
- Push notifications
- Multiplayer games
- Live collaboration (Google Docs)
- Price updates (trading)
CORS: Why it exists
Browsers block requests from one origin to another for security.
https://my-app.com https://api.other.com
โ โ
โโโโโ fetch() โโโโโโโโโโโโ
โ โ
โ BLOCKED by CORS โ
โ (unless api.other โ
โ allows it) โ
CORS Headers
// In your Express server
app.use((req, res, next) => {
res.header('Access-Control-Allow-Origin', 'https://my-app.com');
res.header('Access-Control-Allow-Methods', 'GET, POST, PUT, DELETE');
res.header('Access-Control-Allow-Headers', 'Content-Type, Authorization');
next();
});
Debugging tools
curl: HTTP Swiss army knife
# Basic GET
curl https://api.example.com/users
# With headers
curl -H "Authorization: Bearer TOKEN" https://api.example.com/me
# POST with JSON
curl -X POST -H "Content-Type: application/json" \
-d '{"name":"John"}' https://api.example.com/users
# See response headers
curl -I https://example.com
# See full exchange
curl -v https://example.com
# Measure times
curl -w "@curl-format.txt" -o /dev/null -s https://example.com
ping and traceroute
# Check connectivity
ping google.com
# See packet route
traceroute google.com # Linux/Mac
tracert google.com # Windows
netstat/ss: Active connections
# See listening ports
ss -tlnp # Linux
netstat -an | grep LISTEN # Mac
# See established connections
ss -tn
Common ports
| Port | Service | Notes |
|---|---|---|
| 22 | SSH | Secure remote access |
| 80 | HTTP | Unencrypted web |
| 443 | HTTPS | Encrypted web |
| 3000 | Dev servers | Node, Rails, etc. |
| 5432 | PostgreSQL | Database |
| 6379 | Redis | Cache |
| 27017 | MongoDB | Database |
CDN: Content close to the user
Without CDN:
User (Mexico) โโโโโโโโโโโโโโโโโ Server (USA)
200ms
With CDN:
User (Mexico) โโโ Edge (Mexico)
20ms
Static content is replicated to edges
around the world.
Resources
Practice
-> Network Debugging - Diagnose real network problems