What happens when you typed google.com in your browser (feat. DHCP, UDP, IP, Ethernet, DNS, ARP, BGP, TCP, HTTP)

By Kaden Sungbin Cho
Picture of the author
Published on
what happen when you typed google.com on browser

| This article borrows many parts from [1]

Networks are often divided into several layers, such as 5 layers and OSI 7 layers. However, even after requesting a simple web page and receiving a response, various elements learned across multiple layers are involved.

In this article, we will look at the process from web page request to response sequentially and in detail, and review the various layers and protocols in a more structured way:

  • Start 1: DHCP, UDP, IP, Ethernet
  • Start 2: DNS, ARP
  • Start 3: Intra-Domain Routing to the DNS Server
  • Web client-server interaction: TCP, HTTP
Image from Author inspired by [1]
Image from Author inspired by [1]

Start1: DHCP, UDP, IP, Ethernet

Let's say Bob turns on his laptop and connects it to the Ethernet cable connected to the school's Ethernet switch, as shown in the image above. Additionally, the Ethernet switch is connected to the school's router, and the school's router is connected to the ISP, comcast.net.

In this example, comcast.net also provides DNS services to the school. Therefore, the DNS servers are on Comcast's network, not the school's network. Also, let's assume that the DHCP server is running inside the router (similar to the normal situation).

When Bob first connects his laptop to the network, he cannot do anything (such as download a web page) without an IP address. Therefore, the first network-related action Bob's laptop takes is to run the DHCP protocol to obtain an IP address and other information from the local DHCP server.


The operating system on Bob's laptop generates a DHCP message and places it inside a UDP segment with destination port 67 (DHCP server) and source port 68 (DHCP client). That UDP segment is then placed into an IP datagram with a broadcast IP destination address ( and (since Bob's laptop has not yet received an IP address) a source address (


1's IP datagram containing the DHCP request is then placed inside an Ethernet frame. Ethernet frames have the destination MAC address FF:FF:FF:FF:FF:FF, which causes the frame to be broadcast to all devices connected to the switch. The frame's source Mac address is 00:16:D3:23:68:8A, which is the Mac address of Bob's laptop.


The broadcast Ethernet frame containing the DHCP request is the first frame sent by Bob's laptop to the Ethernet switch. The switch broadcasts incoming frames to all outgoing ports, including those connected to the router.


When a router receives a broadcast Ethernet request, including a DHCP request, on an interface with MAC address 00:22:6B:45:1F:1B, it pulls out an IP datagram in an Ethernet frame. The broadcast IP address of the ejected datagram indicates that the IP datagram must be processed via higher layer protocols at this node. Then, the payload of the datagram (one UDP segment) is demultiplexed into UDP and a DHCP request can be made from the UDP segment. The DHCP server then receives a DHCP request message.


Let's assume that the DHCP server running inside that router can assign an IP address that falls in CIDR block In this example, all IP addresses used by the school are therefore included in Comcast's address block. Let's say the DHCP server assigned an IP address of to Bob's laptop.

The DHCP server generates one DHCP ACK message, which contains the assigned IP address, the IP address of the DNS server (, the IP address of the default gateway router (, and the IP address of the subnet block (68.85.226). 2.0/24) is included. The DHCP message is then put into a UDP segment, which is then put back into an IP datagram, and the IP datagram is again put into an Ethernet frame. The Ethernet frame has a source Mac address, which is the Mac address of the interface facing the router's home network, and a destination Mac address, which is Bob's laptop Mac address (00:16:D3:23:68:8A).


An Ethernet frame with a DHCP ACK is sent by the router (unicast) to the switch. Because the switch has previously received Ethernet frames (with DHCP requests) from Bob's laptop and is self-learning, the switch only sends them to the external port connected to Bob's laptop. 00:16:D3:23:68:8A I know that I just need to forward that frame.


Bob's laptop receives an Ethernet frame with a DHCP ACK, an IP datagram is taken out of the Ethernet frame, a UDP segment is taken out of the IP datagram, and a DHCP ACK message is taken out of that UDP segment. Bob's DHCP client then records the assigned IP address and the IP address of the DNS server.

The DHCP client then installs the default gateway's address into the IP forwarding table. Bob's laptop will now send all datagrams with destination addresses outside subnet to the default gateway. Bob's laptop is now ready to start the networking component and begin processing web page fetches.

Start2: DNS, ARP

When Bob types the URL www.google.com into his web browser, he sets off a long chain of events that will ultimately result in Google's home page being displayed in the browser. Bob's web browser starts the process by creating a TCP socket, which will be used to send HTTP requests to www.google.com. To create the socket, Bob's laptop must know the IP address of www.google.com. The DNS protocol is used to provide this name-to-IP-address translation service.


The operating system on Bob's laptop generates a DNS query message and places the string "www.google.com" in the query section of the DNS message. This DNS message then enters a UDP segment with destination port 53 (DNS server). That UDP segment then goes into an IP datagram with a destination address of (the address of the DNS server received via the DHCP ACK in step 5) and a source IP address of


Bob's laptop then places a datagram containing the DNS query message into an Ethernet frame. This frame is transmitted (passed to the link layer) to the gateway router in Bob's school's network. However, even though the school's gateway router IP address ( is known through the DHCP ACK message in number 5 above, the MAC address of the gateway router is not known. To obtain the gateway's MAC address, Bob's laptop uses the ARP protocol.


Bob's laptop generates an ARP query message with the target IP address of (the default gateway address) and places the ARP message in an Ethernet frame with the broadcast address (FF:FF:FF:FF:FF:FF). Yes. The Ethernet frame is then sent to the switch, which forwards the frame to all connected devices, including the gateway router.


The gateway router that receives the frame containing the ARP query message on the interface facing the school network finds the target IP address in the ARP message that matches the IP address of the interface. The gateway router then prepares an ARP reply indicating the MAC address 00:22:6B:45:1F:1B corresponding to the IP address The ARP reply message is then sent to the switch in an Ethernet frame with the destination address 00:16:D3:23:68:8A, and the switch then forwards the frame to Bob's laptop.


Bob's laptop receives the frame containing the ARP reply message and retrieves the MAC address of the gateway router (00:22:6B:45:1F:1B).


Bob's laptop can now send Ethernet frames containing DNS queries directed to the gateway router's Mac address. The IP datagram within this frame has an IP destination address of (DNS server), while the destination address of the frame is 00:22:6B:45:1F:1B (gateway router). Bob's laptop sends this frame to the switch, which in turn sends this frame to the router.

Start3: Intra-Domain Routing to the DNS Server


The gateway router receives the above frame and pulls out an IP datagram with a DNS query. That router looks at this datagram's destination address ( and consults its forwarding table to determine that this datagram should be sent to the Comcast network's leftmost router in the image above. That IP datagram is placed in a link layer frame that corresponds to the link connecting Comcast's leftmost router to the school's router. And that frame is transmitted over this link.


The leftmost router on the Comcast network receives the frame, retrieves the IP datagram, checks the datagram's destination address (, and consults the forwarding table to determine the outbound interface to the DNS server. Those forwarding tables are populated by Comcast's intra-domain protocols (such as RIP, OSPF, or IS-IS) and the Internet's inter-domain protocol, BGP.


Eventually, the IP datagram containing the DNS query arrives at the DNS server. That DNS server pulls out a DNS query message and looks for www.google.com in its DNS database. Next, it finds a DNS resource record with the IP address ( corresponding to www.google.com (assuming it is cached on the DNS server). This cached data originates from the authoritative DNS servers for google.com.

The DNS server generates a DNS reply message containing the hostname-to-IP-address mapping and inserts it into a UDP segment, which in turn enters an IP datagram with Bob's laptop address ( as the destination address. This datagram is forwarded over the Comcast network back to the school's router, and from there through the Ethernet switch to Bob's laptop.


Bob's laptop retrieves the IP address of the server www.google.com from the DNS message. Finally, Bob's laptop is ready to access the www.google.com server.

Web client-server interaction: TCP, HTTP


Now that Bob's laptop has the IP address of www.google.com, he can create a TCP socket that can be used to send an HTTP GET message to www.google.com. When Bob creates the TCP socket, the TCP on Bob's laptop must do a three-way handshake with the TCP on www.google.com. So Bob's laptop first creates a TCP SYN segment with a destination port of 80 (HTTP), and then puts that TCP segment into an IP datagram with an IP address of (www.google.com). It then puts that datagram into a frame with Mac address 00:22:6B:45:1F:1B (gateway router) and sends the frame to the switch.


Routers on the school network, Comcast's network, and Google's network forward datagrams containing TCP SYN toward www.google.com using a forwarding table within each router (similar to numbers 14 through 16 above). . Here, the router forwarding table governs packet forwarding on the inter-domain network between Comcast and Google networks through the BGP protocol.


Eventually, the datagram containing the TCP SYN arrives at www.google.com. The TCP SYN message is taken from the datagram and demultiplexed into the welcome socket associated with port 80. One connection socket is created for the TCP connection between the Google HTTP server and Bob's laptop. A TCP SYNACK segment is created, put into a datagram destined for Bob's laptop, and placed in a link layer frame corresponding to the link between www.google.com and the first hop router.


The datagram containing the TCP SYNACK is forwarded through Google, Comcast, and school networks and arrives at Bob's laptop's Ethernet card. The datagram is demultiplexed into the TCP socket created in step 18 above within the operating system, and the TCP socket transitions to the connected state.


The socket on Bob's laptop is now ready to send bytes to www.google.com, so Bob's browser generates an HTTP GET message containing the URL to fetch. The HTTP GET message is written to the socket as a GET message, which is the payload of the TCP segment. The TCP segment is put into a datagram and delivered to www.google.com as in steps 18 to 20 above.


The HTTP server at www.google.com reads the HTTP GET message from the TCP socket, creates an HTTP response message, puts the requested web page content into the HTTP response message body, and sends the message to the TCP socket.


The datagram containing the HTTP reply message is forwarded through Google, Comcast, and the school network and arrives at Bob's laptop. Bob's web browser program reads the HTTP response from the socket, extracts the HTML corresponding to the web page from the HTTP response body, and finally displays the web page!

This example excludes many possible alternative protocols and details (NAT on the school gateway router, wireless access to the school network, security protocols for school network access, web caching, DNS hierarchy, etc.).


[1] Computer Networking: A Top-Down Approach

Join our newsletter

Stay tuned with 100+ Software engineers
Latest backend & growth trends in your mail box on every Wednesday