What happens when you type google.com in your browser and press Enter?
What happens in the few milliseconds between your browser and internet
" What happens when you type google.com in your browser and press Enter? "
This is a famous question I have heard throughout my network class, Lab Viva, Exams, you tube tutorials, Interviews , forum chats , even in AI chats. 99 percentage of CS majors might have gone through this question once in their life. And its a top notch question possessed by interviewers. But the real question is :
"Do you know"
or
" can you explain it?"
Not in bits and pieces or random terms. Can you explain it exactly as it is ? Then you will be by the end of this article. The question tests a person's entire understanding on network basics. So no more blabbering of random words . lets dive straight to what really happens. Before beginning let me remind you, learn and understand this for yourself ,not for interviewers, not for vivas, not for exams. We live in the age of internet ,where vulnerabilities and threats are revolving around us. It's basic skill to learn how the world around you works and properly defend yourself. No one wants to get their accounts breached, exploited by viruses or anything. Whether you are elderly person or a little kid its your duty to protect your privacy. so with that in mind lets go forward.
SCENARIO
You are sitting in front of your system, whether its phone or laptop . Your fingers are rushing through the keyboard. You opened your default browser.
checkpoint ๐:
A browser is a software application used to access and view websites on the internet.
Eg : Google chrome, Mozilla Firefox, Brave
You type www.google.com into your search column. Or any site address you want to check.
What an end user would see is the result page loaded within seconds.
But there are 7 main steps occurs before you see this results.
STEP 1: USER TYPES INPUTโ BROWSER PROCESSING
When a user enters input into the search bar, the browser first parses it to determine whether it is a URL or a search query. Humans understand website names, but computers communicate using IP addresses, which are numerical identifiers used to locate servers on the internet. Since users usually type domain names instead of IP addresses, the browser needs to find the corresponding IP address for that domain. This process is called DNS resolution, don't worry, we'll cover this in the next step . Before contacting external DNS servers, the browser checks multiple cache layers in order:
Browser cache
Operating system cache
Router cache
Only if none of these have the answer does it query an external DNS server. If not found, it may also check the operating system cache and router cache before finally querying a DNS server.
CHECKPOINT ๐:
Cache is temporary storage where your browser saves information it's used recently, so it doesn't have to fetch it again. Faster and more efficient.
STEP 2 : DNS RESOLVING
This is an important part in the whole NETWORKS . DNS resolution means the process of converting a domain name (like google.com) into its corresponding IP address so the browser can connect to the correct server. It takes the domain name and checks its records to find ,if there exists any IP address for the the given domain. DNS stands for Domain Name System.
" DNS serves as the phone book for the Internet by translating human-friendly computer hostnames into IP addresses "
This is the definition given by Wikipedia. In much more simple term, DNS (Domain Name System) is like the internetโs โphonebook.โ which converts domain name to IP address. For example , the hostname www.google.com translates to 142.250.191.46 (IPv4) and 2404:6800:4007:81b::200e (IPv6).
DNS resolving ,may seem simple in terms but it has been a target for attackers for years because it sits between users and the entire internet. If DNS is manipulated, users can be silently redirected without changing anything on their device. The threat includes DNS spoofing - where attackers insert fake IP addresses into DNS responses, redirecting users to malicious websites. Another threat is DNS hijacking, where malware or attackers change DNS settings on a device or router to control where traffic is sent.
CHECKPOINT ๐:
A hostname is the human-readable name assigned to a device or website on a network. For example, www.google.com is a hostname.
CHECKPOINT ๐:
IPv4 is the older address format using four numbers separated by dots (142.250.191.46). IPv6 is the newer format using longer hexadecimal addresses (2404:6800:4007:81b::200e) , created because the world ran out of IPv4 addresses.
STEP 3 : TCP CONNECTION
TCP stands for transmission Control Protocol. This protocol is how computers use to talk to each other on the internet ,where data is sent safely, in order, and without missing anything. A TCP connection is a reliable communication link established between a client and a server to ensure both sides are ready to exchange data in order and without loss.
"The "three-way handshake" is the procedure used to establish a connection" - RFC 9293 โ Transmission Control Protocol (TCP), IETF, 2022
THREE WAY HANDSHAKE :
Three-way handshake is the process TCP uses to establish a reliable connection between a client and a server before data is exchanged.
It happens in 3 steps:
SYN (Client โ Server)
SYN-ACK (Server โ Client)
ACK (Client โ Server)
After this, a stable TCP connection is formed and data transfer can begin.
CHECKPOINT ๐:
A client is the device requesting information โ your browser. A server is the machine that stores and sends the requested data โ Google's computers in this case.
"CHECKPOINT ๐:
SYN stands for Synchronise : it's the signal saying 'I want to start a connection.'
ACK stands for Acknowledge : it's the reply saying 'I received your message.'
SYN-ACK means both at once :'I got your request and I'm ready too.
STEP 4 : TLS HANDSHAKE
We have connected the server and client. Data travels through this connection. But what about its security? Imagine you donโt have a secure TCP connection. Without encryption, the data is sent in plain form over the network.
You may have heard of SSL stripping or an HTTPS downgrade attack. How does this happen?
For example, a user tries to access a site. An attacker creeps in the middle between the user and the server (this is called a Man-in-the-Middle attack). The attacker can intercept the communication and, in some cases, force the connection to switch from HTTPS to HTTP by blocking or redirecting secure requests.
CHECKPOINT ๐: HTTP is the older protocol where data is sent in plain text (not encrypted), so it can be read or modified if intercepted.
HTTPS is HTTP running over TLS encryption, making the connection secure, encrypted, and verified. You now understand the seriousness of getting a connection downgraded from https to http.
As a result, the traffic becomes readable, and login credentials or sensitive data can be stolen.
This is where TLS enters. The TLS handshake secures the communication between browser and server by encrypting the data, verifying the serverโs identity using certificates, and generating shared secret keys. After this, even if someone intercepts the traffic, they cannot read or modify it easily because it is encrypted. This is what the padlock in your browser address bar means ,TLS has successfully secured the connection
CHECKPOINT ๐: Though you don't see a lock symbol anymore ,modern browsers like Brave and Chrome removed it because HTTPS became the standard. To verify a secure connection, click the icon to the left of your URL bar and look for 'Connection is secure.'
STEP 5 : HTTPS REQUEST (ENCRYPTED)
HTTPS stands for Hypertext Transfer Protocol Secure. It is a secure communication protocol that encrypts data exchanged between a browser and a web server using TLS. In simple words, HTTPS is secured version of HTTP. We have already mentioned difference between HTTPS and HTTP. So why is this relevant in just searching ,right?
After the TLS handshake is completed, the browser sends an HTTPS request. The request, including information such as URLs, headers, and form data, travels through the encrypted connection, preventing attackers from reading or modifying the data during transmission. Basically, TLS connection creates a secretive tunneling to pass the HTTP request. Without TLS ,its just plain data for the attackers to steal. With TLS the HTTP is highly secured thus called HTTPS.
CHECKPOINT ๐:
Headers are additional information sent along with a web request โ things like what browser you're using, what language you prefer, and what type of content you're requesting. Think of it as the envelope label on your letter, not the letter itself.
STEP 6 : SERVER PROCESSING USER REQUEST
This is quite simple to understand than any of the other steps. I used to write this step exaggerated in exams to get marks, cause back then I didn't really know about these structure. But here we are not exaggerating anything. Simply, server process the HTTPS request from user and replies to it.
For example , client sends request like :
GET/ me this
OK, Now server understand ,oh, this user wants "this". Server checks and returns what client requested. But there lies a major threat. Off course , every steps in cybersecurity ,right from the moment it connects to internet, vulnerabilities are everywhere. In here, imagine if the server is controlled by an attacker what could happen? You go knock at the criminal's door and says "hey give me this ". Do you really think he would give legitimate stacks of data ? no. off course he would send back malicious codes and malwares to compromise your system.
When we look into the actual facts, the 2020 SolarWinds Attack was such one.
This is for you to read and understand : 2020 SolarWinds Attack
But worry not, we have firewalls and Antivirus software to protect us. Security professionals use tools like EDR (Endpoint Detection and Response) ,watching what the server sends back and flagging anything suspicious before it runs on your machine.
CHECKPOINT ๐: Malware is malicious software designed to damage, disrupt, or gain unauthorised access to a system. Viruses, ransomware, spyware ,these are all types of malware.
STEP 7 : BROWSER RENDERING
Coming to last step, browser gets a chunk of HTML,CSS,JS codes. HTML gives the structure, CSS gives the style, and JavaScript makes it interactive. Your browser processes all three and paints the final page on your screen in milliseconds.
like this
See , did I keep my promise?
the next time someone asks you "What happens when you type google.com and press Enter?" you understand the question rather than by heart.
There is also another reason why you should be well aware of how this works. These seven steps are potential attack points. DNS poisoning, man in the middle, TLS downgrade, SQL injection, compromised servers, browser exploits. These aren't hypothetical. They're happening right now, on networks around the world. At first you may not understand anything. Sometimes you understand all this but suddenly forgets what a domain even is. Well its natural. So keep learning. And you should never underestimate your most powerful human weapon: curiosity
So that's it for today. Concluding as the rain pitter pats against the window.
Sources & References:
My own rough reference:
