www.google.com in your browser and press ENTER?

13 min readSep 5, 2022

Dear reader, it does not matters what profession or occupation you come from it is likely that you once have used your browser to search something, either a concept, how to fix something or simply check your favorite social network.
But, what is happening under the hood?, what is really our computer doing when we type the URL of the site we want to get?

In this article, we will go into details from the moment you press the Enter button on your keyboard after typing https://www.google.com on the address bar of your browser till the Google search page we all know is displayed. The diagram below shows the concepts that are going to be discussed in this article.

What happens when I write https://www.google.com

We can start to review some concepts:

Server: A server is a computer software, with underlying hardware, that’s dedicated to providing a service to other computers. In the context of this article, the usage of the term “server(s)” will refer to the computer system(s) hosting a website.
Client: A client is computer software, with underlying hardware, that access services hosted on a server. in the context of this article, the usage of the term “client” will refer to the web browser.
Webserver: A webserver is a type of server that uses HTTP, or it’s variant, and other protocols to respond to web client requests made over the internet. It is its responsibility to display website content through storing, processing, and delivering web pages to the web browser.
Protocol: A protocol is an established set of rules or procedures that dictate how data is transmitted between different devices on a network.

Step 0: The browser parses the URL

When you type in a URL, https://www.google.com , for example, the browser breaks it down into parts:

The “google.com” part is known as the domain name. It is the unique identifier of the site. It has two parts:

Domain name — google — the domain name that maps to the IP address of the webserver.Some common top-level domains are .com indicating commercial entities, .edu for educational institutions and .gov for governmental organizations.
TLD — .com — the top level domain that classify a feature of the website.
Protocol — https — the data transfer method to be used between the client and server.
Subdomain — www — additional information added to the beginning of a domain name.

What is a browser?

Let’s say you want to order food, and you choose to use Rappi (A famous company of food delivery in Peru). While your food is getting ready, the Rappi driver goes to the restaurant — then grabs your food and delivers it to you. Voila! In minutes, you have your food.

But who is actually serving you — the restaurant or Rappi? In this case, Rappi is the middleman, letting the restaurant serve you.

Similarly, the browser is the medium that allows you to make a request and lets a server serve you. It’s software installed and running on your computer that lets you search the Internet. It takes your input, creates and sends a request, gets the response and serves you.

But wait — How does a Rappi driver know which restaurant to go to and how to find it? (Of course, Google Maps.) Now, how does your browser know which server to send the request to? Yes, you guessed it right, it needs to find its address. So, it queries the DNS (Domain Name Server) to find the IP.You can read more about how DNS works here.

Step 1: DNS lookup

The DNS is the Internet’s version of Google Maps. It routes you to your destination. Your computer or your router knows the address of the DNS server. When you type the URL in a browser for the first time, it sends a request to the DNS server, which responds back with the IP address of the web server hosting, for example, google.com. This value is usually then cached or gets added into the list of known hosts, so your browser doesn’t have to do this lookup every time.

DNS(Domain Name System) is a database that maintains the name of the website (URL) and the particular IP address it links to. Every single URL on the internet has a unique IP address assigned to it. The IP address belongs to the computer which hosts the server of the website we are requesting to access. For example, www.google.com has an IP address of 64.233.186.105. So if you’d like, you can reach www.google.com by typing 64.233.186.105 on your browser. DNS is a list of URLs, and their IP addresses, like how a phone book is a list of names and their corresponding phone numbers.

The primary purpose of DNS is human-friendly navigation. You can easily access a website by typing the correct IP address for it on your browser, but imagine having to remember different sets of numbers for all the sites we regularly access? Therefore, it is easier to remember the name of the website using a URL and let DNS do the work for us by mapping it to the correct IP.

To find the DNS record, the browser checks four caches.

● First, it checks the browser cache. The browser maintains a repository of DNS records for a fixed duration for websites you have previously visited. So, it is the first place to run a DNS query.

● Second, the browser checks the OS cache. If it is not in the browser cache, the browser will make a system call to your underlying computer OS to fetch the record since the OS also maintains a cache of DNS records.

● Third, it checks the router cache. If it’s not on your computer, the browser will communicate with the router that maintains its’ own cache of DNS records.

● Fourth, it checks the ISP cache. If all steps fail, the browser will move on to the ISP. Your ISP maintains its’ own DNS server, which includes a cache of DNS records, which the browser would check with the last hope of finding your requested URL.

You may wonder why there are so many caches maintained at so many levels. Although our information being cached somewhere doesn’t make us feel very comfortable when it comes to privacy, caches are essential for regulating network traffic and improving data transfer times.

Below I have shown the result from querying google.com using the dig shell command which displays the response from a DNS server. You can read more on the dig command here.

Step 2: The Browser Sends A Request To The Website’s Server To Communicate

OSI model

Now that your browser knows the IP address of the server, it needs to find a way to pass this request all the way to the server. When you place the order, it’s not just you interacting with Rappi. There’s another end being managed — with the need to check that the restaurant is ready to accept the order, handle billing and payments, find the most reliable driver, and so on. Similarly, there’s a lot of stuff that needs to be managed for smooth communication between browser and server.

There’s something called an OSI (Open System Interconnection) model that standardizes communication between different computing machines. It describes the flow of information from one computer to another. It defines seven layers, and the interplay of these layers magically brings, for example, google.com from server to your machine. At both ends (client and server), these layers are followed, but there is a difference in the flow of which layer kicks in first. When your browser sends the request, communication starts at the application layer and goes down to the physical layer — whereas in the server, while receiving the request, it would start at the physical layer, going up. On the other hand, when a server is responding to your browser’s request, it would go from application layer to physical layer — and when your computer receives the response, it would first go to the physical layer all the way back to the application layer.

TCP/IP (Transmission Control Protocol/Internet Protocol)

The browser begins communication with the website’s server by sending a request to it. But no communication is successful without both ends sharing a common language, or message format, so a method for connection known as TCP/IP is used.

TCP/IP is a set of rules, conceptualized in layers, that dictate the way computer systems on the internet communicate. The layers are as follows:

The Application layer, which is the first layer, is where programs like your browser directly interact with. This layer has protocols like HTTP (if you’re visiting websites), or SMTP (if you’re checking your email). The Application layer gets data from the browser and tells it to the second layer through something called a port.
The Transport Layer, which is the second layer, is where TCP is found, along with a second schema called UDP. Each protocol in the Application layer uses a different port to communicate with this layer so that TCP knows where the data is coming from. Once TCP gets the data, it chunks it up into small chunks called segments, also known as packets, where they could individually take the quickest route to get to their destination. To reunite the segments properly upon arrival at their destination, TCP adds a header unto each segment which contains the instructions on what order to reassemble the segments into as well as error checking information so that the computer knows whether the segments arrived without any mishaps. After this is done, the segments are pushed on to the third layer.
The Internet Layer, which is the third layer, receives the segments and attaches the origin and destination IP addresses on each segment so that irrespective of the route the segments may take, they know where they are going and where they came from. The segments are then sent to the final layer.
The Network Access Layer. It is responsible for the transmission of data between two devices on the same network. It defines how the data should be sent physically through the network.

Once the browser receives the correct IP address, it will build a connection with the server that matches the IP address to transfer information. Browsers use internet protocols to build such connections. There are several different internet protocols that can be used, but TCP is the most common protocol used for many types of HTTP requests.

To transfer data packets between your computer(client) and the server, it is important to have a TCP connection established. This connection is established using a process called the TCP/IP three-way handshake. This is a three-step process where the client and the server exchange SYN(synchronize) and ACK(acknowledge) messages to establish a connection.

1. The client machine sends a SYN packet to the server over the internet, asking if it is open for new connections.

2. If the server has open ports that can accept and initiate new connections, it’ll respond with an ACKnowledgment of the SYN packet using a SYN/ACK packet.

3. The client will receive the SYN/ACK packet from the server and will acknowledge it by sending an ACK packet.

Then a TCP connection is established for data transmission!

Once the browser has established a connection with the server, a Secure Socket Layer (SSL) certificate is generated to denote the domain as secured.

SSL

SSL stands for Secure Sockets Layer and, in short, it’s the standard technology for keeping an internet connection secure and safeguarding any sensitive data that is being sent between two systems, preventing criminals from reading and modifying any information transferred, including potential personal details. The two systems can be a server and a client (for example, a shopping website and browser) or server to server (for example, an application with personal identifiable information or with payroll information).

It does this by making sure that any data transferred between users and sites, or between two systems remain impossible to read. It uses encryption algorithms to scramble data in transit, preventing hackers from reading it as it is sent over the connection. This information could be anything sensitive or personal which can include credit card numbers and other financial information, names and addresses.

The process works like this:

A browser or server attempts to connect to a website (i.e., a web server) secured with SSL.
The browser or server requests that the web server identifies itself.
The web server sends the browser or server a copy of its SSL certificate in response.
The browser or server checks to see whether it trusts the SSL certificate. If it does, it signals this to the webserver.
The web server then returns a digitally signed acknowledgment to start an SSL encrypted session.
Encrypted data is shared between the browser or server and the webserver.

To view an SSL certificate’s details, you can click on the padlock symbol located within the browser bar. Details typically included within SSL certificates include domain name, sub domain, the certificate authority etc as shown in the figure below

HTTPS

The next step is to send the HTTP request to get the resource or the page. How is the request made?

Now that the browser has a connection to the server, it follows the rules of communication for the HTTP(s) protocol. It starts with the browser sending an HTTP request to the server to request the contents of the page. The HTTP request contains a request line, headers (or metadata about the request), and a body. The request line contains information that the server can use to determine what the client (in this case, your browser) wants to do.

HTTP requests are not only used to fetch web pages. The request line contains a request method and by using different methods (GET, HEAD, PUT, POST, DELETE, …) we can do a variety of things like post data on the server, ask the server to store data, ask the server to delete data and so on…To fetch a web page usually a GET or HEAD method is used.The server will process this request and send an HTTP response. This response will also include a response (status) line, headers and an optional body.

For a broader explanation, see here. So what happens after the server has received the client’s request?

Step 3: Server process request and sends a response to client

The server takes the request and based on the info in the request line, headers, and body then decides how to process the request. It fetches the requested content from the available database.

The response contains the following:

a status line, telling the client the status of the request
response headers, telling the browser how to handle the response
the requested resource at that path, either content like HTML, CSS, Javascript, or image files, or data

Resources can be static files, either text (HTML files) or non-text data (images). Browsers aren’t always requesting static files, though. Often, these are dynamic resources generated at the time of the request and there is no file associated with the resource. The browser renders the content afterwards.

Once the browser has received the response from the server, it inspects the response headers for information on how to render the resource. The Content-Type header above tells the browser it received an HTML resource in the response body.

Sometimes, there is a lot of traffic of clients requests to servers (you are typing google.com, other people are typing so much more). To improve the efficiency of servers and reduce loading time, a load balancer is used.

Load balancer

It’s always satisfying when a website responds fast to users demands

It’s estimated that Google processes around 63,000 request every second. In order to achieve this, they have thousand of powerful servers working non-stop. But that wouldn’t be enough. They also need to find a way to distribute requests to their servers efficiently. We don’t want one server to process 10 requests while another is sitting idly, right? This is where load balancers come into picture.

Load balancers distribute work load of a system to increase reliability, efficiency and availability. These can be hardware or software.

Once the request has been forwarded to the server by the load balancer. The server starts processing the request. The main server contains 3 other specialized servers:

Web server
Application server
Database server

A web server is a piece of software that is designed to accept HTTP requests and serve static web pages, which are written in HTML, CSS or JavaScript. Nginx, Apache and Microsoft IIS are some of the most common web servers available.

But websites do a lot more than serving static pages. They interact with the user using their graphical user interface and also generate dynamic content based on behavior, user preferences and manipulate huge amounts of data stored in databases. Databases are organized collections of structured information designed to insert, delete, query, access and modify data efficiently.

Dynamic content is served using an application server. Application servers communicate with databases to manipulate data then generate static content from the dynamic content and send the data to web servers to send web pages to the clients.

On a final note, these servers need to filter out incoming and outgoing network traffic through the use of firewalls.

Firewall

A firewall is a network security device, either hardware or software-based, which monitors all incoming and outgoing traffic and based on a defined set of security rules it accepts, rejects or drops that specific traffic.A firewall establishes a barrier between secured internal networks and outside un- trusted network, such as the Internet.

Before Firewalls, network security was performed by Access Control Lists (ACLs) residing on routers. ACLs are rules that determine whether network access should be granted or denied to specific IP address. But ACLs cannot determine the nature of the packet it is blocking. Also, ACL alone does not have the capacity to keep threats out of the network. Hence, the Firewall was introduced.

Conclusion

I hope that with this overview you have more clarity about what happen when you type something in your browser, his sounds like a very long process, but it happens within miliseconds. Too quick for us to notice.

If you found this helpful, free feel to claps, share or comment.Cheers!