An explanation of the application request Web server process

When we do penetration testing, we need to know how the Internet is handling requests between the client and the server side. This article reproduces an article in detail to introduce the processing of a Web request process.

We need to understand the Internet in a computer to access the entire Web server process, from which you can see how the Internet is working, this is mainly to let you know how the network is to deliver data, addressing, and so on, that is, the basic work of the Internet.

I. Description of the network environment

This network communication test uses PACKETTRACER 5.0 Cisco network simulation software. This simulation environment uses 5 routers to connect two Ethernet, wherein the 192.168.2.0/24 network segment is a server, 192.168.2.1 is a DNS server, 192.168.2.2 is a Web server, The domain name is www.senya.org.cn,192.168.2.3 as the TFTP server, the 192.168.1.0/24 network segment is the client PC, and its gateway is 192.168.1.254. Each router discovers a route using the RIP routing protocol.

　　

Second, PC0 (IP address is 192.168.1.1) to access the process of www.senya.org.cn detailed.

PC0 to achieve access, the following two general directions must be addressed.

first, the domain name www.senya.org.cn resolves to an IP address, which is to use the DNS protocol, to the DNS server to query the domain of www.senya.org.cn IP address.

The implementation process is as follows:

• Step 1:pc0 is assembled into a DNS packet, The packet contains a query domain name of www.senya.org.cn IP is the problem, and then the DNS packet with a UDP header, the destination port for the UDP header is 53, the source port randomly selected, the UDP datagram to the IP layer, plus the destination address is the DNS server IP address: 192.1 68.2.1, the source address is the native IP address, the IP packet to the network interface layer (also can be understood as the data link layer) ready to send to this network segment gateway, forwarded by the network. In the network interface layer is closed to the data frame, the source MAC address of the frame header is the native Nic MAC address, the destination address should be the MAC address of the gateway, But at this time PC0 do not know the gateway 192.168.1.254 MAC address, so first in this network segment to send ARP protocol broadcast packet, request the gateway 192.168.1.254 MAC address;
• Step 2: Encapsulate the ARP broadcast packet and request the MAC address of the Gateway 192.168.1.254. The broadcast address is FF:FF:FF:FF:FF:FF. The packet is forwarded by the switch to the network segment in addition to all of its own computers (network interface), meaning: My IP address is 192.168.1.1,mac address is 0050.0fb8.e023, I want to know the IP address of 192.168.1.254 MAC address is how much?
• Step 3: The switch receives an ARP broadcast packet from PC0.
• Step 4: The switch forwards the ARP packets received by the PC0 to all network interfaces (or computers) except PC0 in the network segment, and only the computer with the IP address 192.168.1.254 will answer the packet, and the other computers will be ignored.
• Step 5: Turn off 192.168.1.254 forward the ARP reply packet to the switch.
• Step 6:pc0 received the ARP reply packet from the gateway 192.168.1.254, so that you know the MAC address of the Gateway 192.168.1.254 and prepare to send the DNS data packets to the gateway.
• Step 7:dns The query packet is sent first to the switch.
• Step 8: The switch then forwards the received DNS query packet to the gateway on the local network segment, which is the fastethernet0/0 interface of the router Router0 in the figure.
• Step 9: Next router Router0 where is the DNS data sent to? It needs to check its own routing table. Let's take a look at the ROUTER0 router, which is the router for the CISOC 2000 series, using the SH IP route to view the routing table (which does not tell the routing process). Router0 's routing table shows that there are two paths to the 192.168.2.0/24 network segment (the Web server that you want to access 192.168.2.2 in that segment) (I'm already labeled red): One is through the 192.168.3.0/24 network segment, The serial0/0 interface (IP address 192.168.3.2) of the Router1 is forwarded by the serial0/0 interface of Router0, and the other is 192.168.4.0/24 interface via Router2 network segment and serial0/0 router. The past is forwarded by ROUTER0 's SERIAL0/1 interface. Which road is used, which is determined by the communication status of the network, such as traffic.
• Step 10: Take the first route. Where does router Router1 receive DNS query packets for PC0? Also look at your own routing table.
• The Step 11DNS query packet forwards the serial0/0 interface to the ROUTER5, and simultaneously generates a new ARP request broadcast packet, Request DNS server 192.168.2.1MAC address because the MAC address to be requested is 192.168.2.1, 192.168.2.1 the fastethernet0/0 interface with the router Router5 (IP address 192.168.2.254) is in the same network segment, so it is only sent to the 192.168.2.0/24 network segment.
• Step 12: Forward the ARP packet to the switch.
• Step 13:DNS The server answers the ARP packet to the Router5 fastethernet0/0 interface, which means: My IP address is 192.168.2.1, my MAC address is 0090.2142.0c79.
• Step 14:dns the server receives a DNS query packet sent by PC0.
• Step 15:dns The server will run a lot of processes, according to the purpose of UDP port is the 53,DNS server to the DNS server process, the DNS server process to answer the query content, and then according to the domain name records that they know to answer PC0, is also the step by step forward to the PC0 network card. The answer Pc0dns query packet means that the IP address of the domain name www.senya.org.cn you are querying is 192.168.2.2.

Ii. Detailed procedures for PC0 access to Web server 192.168.2.2

• Step 1:pc0 already know that the IP address of www.senya.org.cn is 192.168.2.2 and start requesting the page from the Web server. The Access Web server is using the HTTP protocol, the TCP protocol is used at the transport layer, and the TCP protocol connects to the server through three handshakes. TCP randomly generates a sequence number (in this case, 0, which is actually a binary 32bit data), when TCP is used, each byte in the packet has an ordinal number, and the value of the ordinal field is the ordinal of the first byte in this section. The SYN field 1,TCP randomly generates a source port number (in this case, 1025) with a TCP destination of 80 indicating the Web server process to which the server is to be connected. As with forwarding DNS query packets, a segment of the router is forwarded to the Web server 192.168.2.2, which is received by its Web server process.
• Step 2:web The server process answers the PC0 connection request, the sequence number in the TCP header is randomly generated, the ACK answer number is 1, and the answer number (or confirmation number) indicates the sequence number of the first byte of the data that expects to receive the next message segment of the other. The value of the SYN and ACK fields is 1,tcp with a source port number of 80, which indicates that the Web process was sent with a destination port number of 1025, indicating that the PC0 browser process was received. Similarly, a network segment is forwarded to the PC0 computer by a network segment.
• Step 3: The computer PC0 answer the Web server to answer its own packet and issue the packet requesting the webpage. At this time PC0 to send two consecutive packets, one is a TCP message response message, this first sent. One is a data message that requests a webpage.
• Step 4:web After the server receives the TCP packet, PC0 has established a connection with the Web server. Web server and in response to the PC0 Web page request, the PC0 request page sent to the PC0 browser process, then we see the content of the Web page.

The above is a computer to access the Web server A page of the detailed whole process. In the above narrative, many computer network concepts, such as: TCP protocol, UDP protocol, DNS protocol, port number and so on. When we enter a URL in the URL address field of the browser, we quickly look at the content of the Web page, in fact, the computer, network equipment did a lot of work to complete our task. Communication between computers is complex, and these rules are referred to as protocols when communicating with individual computers. Our current Internet is using the TCP/IP protocol suite. Because the computer communication is very complex, solve the complex problem to use decomposition method, the complex problem, according to a certain principle classification, sub-level to solve, so the computer network protocol is hierarchical. This will form a set of protocols in which each association has its own position, and the computer communicates with each other in a coordinated way. This will make it easier to complete any.

Third, the communication between computers the key technology of Internet is TCP/IP protocol. The communication between the two computers is carried out over the Internet via the TCP/IP protocol. In fact, this is a two protocol: Tcp:transmission control Protocol, IP protocol: Internetprotocol Internetwork Protocol. The IP protocol, which is responsible for communication between computers, is a mechanism for communication that computers use to identify each other, and each computer has an IP that is used to identify the computer on the Internet. IP is responsible for sending and receiving packets on the Internet. Through the IP protocol, messages (or other data) are split into small, separate packages that are transmitted between computers via the Internet. The IP is responsible for routing each packet to its destination. The IP protocol only allows computers to send messages to each other, but it does not check whether messages arrive in the order they were sent and are not corrupted (only critical header data is checked).   In order to provide the message inspection function, TCP Transmission Control protocol is designed directly on the IP protocol.       communication between TCP protocol applications, TCP ensures that packets arrive in the correct order, and attempts to confirm that the contents of the packet have not changed. TCP is a port on top of an IP address that allows a computer to provide a variety of services over the network. Some port numbers are reserved for different services, and these port numbers are well known.

Service or daemon: on the machine that provides the service, a program listens for traffic on a particular port. For example, most e-mail traffic flows out on port 25, and HTTP traffic for WWWW is now on port 80.

The actual running flow: When an application wants to communicate with another application over TCP, it sends a communication request. This request must be sent to an exact address. After the two parties "handshake", TCP will establish a full-duplex (Full-duplex) communication between the two applications, taking up the entire communication line between the two computers. TCP is used for data transfer control from the application to the network. TCP is responsible for splitting them into IP packets before the data is delivered, and then reorganizing them when they arrive.

TCP /IP is a two protocol that works together and has the upper and lower level relationships. TCP is responsible for the communication between the application software (such as your browser) and the network software. IP is responsible for communication between computers. TCP is responsible for splitting the data and loading the IP packets, the IP is responsible for sending the packet to the recipient, the transfer process through the IP router is responsible for the traffic, network errors or other parameters to properly address, and then when they arrive to regroup them.

An explanation of the application request Web server process