education-2022/selected/http_to_phy.md

# So You Want to Make Internet Lasagna?

## The Recipe

| Communication | Discovery |
| ------------- | --------- |
| HTTP          | DNS       |
| TCP           |           |
| IP            | DHCP      |
| Ethernet      | ARP       |

<br>

## Starting from HTTP

HTTP (Hypertext Transfer Protocol), is what browsers use talk to web servers to send and receive web pages,
do basic transactions, like sending a form from your browser to the server, requesting some database 
information for display, or updating your account settings.

Good learning resources for HTTP:
- https://developer.mozilla.org/en-US/docs/Web/HTTP/Overview
- https://developer.mozilla.org/en-US/docs/Web/HTTP/Messages#http_requests

<-- Link to expanded, less curated library of topical info -->  
<-- Branch into REST/GraphQL here -->

## Diving into the meat and potatoes with TCP and IP

HTTP responses and requests are a sequence of bytes, chunked up and sent in packets, 
often through a protocol called TCP (Transmission Control Protocol). TCP provides a few
nice guarantees which make writing reliable network code a little easier. 
When a message gets sent via TCP, it ensures that chunks get passed to the application
in order. If packets get dropped along the way, or arrive out of order, TCP handles resending
 missed packets and buffering before the application gets the packet, until order can be restored.

Good learning resources for TCP:
- https://www.youtube.com/watch?v=4IMc3CaMhyY
- https://www.youtube.com/watch?v=F27PLin3TV0
- https://www.youtube.com/watch?v=IP-rGJKSZ3s

<-- Link to expanded, less curated library of topical info -->  
<-- Branch into UDP, QUIC, TLS, etc. via link here -->

IP (Internet Protocol) sits directly below TCP, but often gets bundled together. IP is a
small header attached right above the protocol header, and contains important information,
like where the packet is coming from, and where the packet needs to go, so network hardware
along the way can route it from A->B to reach it's destination

Good learning resources for IP:
- https://www.youtube.com/watch?v=rPoalUa4m8E
- https://www.youtube.com/watch?v=VWJ8GmYnjTs

<-- Link to expanded, less curated library of topical info -->  
<-- Branch into TUN via link here -->

<br>

## Making it Tractable

So, how do you take all that theory and make it stick? How do you send a real packet yourself?
Some good outlets for exercises:
- https://beej.us/guide/bgnet/html/
- https://github.com/shuveb/zerohttpd

## Taking the Real Plunge

Ok, so you've got some of the basics down, and you're ready for some serious spelunking?
Let's talk Ethernet and PHY.
- https://www.youtube.com/watch?v=XaGXPObx2Gs&list=PLowKtXNTBypH19whXTVoG3oKSuOcw_XeW

<br>

## Buttoning up with Discovery Protocols

So, how does the computer get an IP address? How do we know what the router's IP is?
How do find the IP address of "https://handmade.network/" so we can send it a request?
Discovery protocols to the rescue!

## Using the DNS Phonebook

DNS sits at the top acting as a final, important, icing on the cake. The job of DNS is primarily to
provide lookup services for domain names. To resolve "https://handmade.network/" into an IP address
so we can send it an HTTP request, we send a lookup request to the DNS server, and it will do the requisite
forwarding until it either has an IP address to send back, or fails.

Good learning resources for DNS:
- https://www.cloudflare.com/learning/dns/what-is-dns/

<-- Link to expanded, less curated library of topical info -->  
<-- Branch into DNS over HTTPS / DNS Lookup Security via link here -->


## Finding the Mailman with DHCP

DHCP sits near the middle, but is incredibly important. When you want to send a packet to a network
beyond your own, somebody has to deliver that packet. To find the packet post office, your computer
broadcasts a DHCP discover packet, and collects IP offers from all DHCP servers on the network.
At that point, typically it will fire off a request for the first IP it recieves, and get a
confirmation or denial for that request. DHCP acks typically also contain the IP address of the router,
the local DNS server, and more

Good learning resources for DHCP:
- https://docs.microsoft.com/en-us/windows-server/networking/technologies/dhcp/dhcp-top

<-- Link to expanded, less curated library of topical info -->  
<-- Branch into PXE Booting via link here -->

## Putting on the ARP Goggles

At the bottom of the protocol stack, ARP (Address Resolution Protocol) is how your computer
reaches out and understands the local network it lives on. When an ethernet cable gets plugged into
your computer, it broadcasts an ARP packet, gathering responses to know how to address
messages directly to specific local machines. The initial ARP packet contains the MAC
address of the computer sending, and responses from all machines that want to be discovered
get fired back with their MAC addresses in tow.

Good learning resources for ARP:
- https://www.youtube.com/watch?v=aamG4-tH_m8&list=PLowKtXNTBypH19whXTVoG3oKSuOcw_XeW&index=9
- https://www.saminiir.com/lets-code-tcp-ip-stack-1-ethernet-arp/

<-- Link to expanded, less curated library of topical info -->  
<-- Branch into TAP via link here -->


## Fun Tangents

- Network Bridging
- DHCP Robin Hood
- PXE Booting
- SMTP
- Routing and Switching
- BGP
- TLS/SSL
- Inspection and Testing Tools: tcpdump, wireshark, netcat and more
- HTTP/2, HTTP/3


## NET RAMBLE

physical cables -- bits on wire / optics
BGP -- Major Routing Hub to Major Routing Hub
https://blog.benjojo.co.uk/post/bgp-battleships

IP Distribution via IANA / ICANN
-- blocks of IPv4 addresses auctioned to autonomous systems / organizations, who communication routing tables for blocks via BGP

TTL / congestion control / TCP_NODELAY vs TCP_QUICKACK / TCP_CORK
https://news.ycombinator.com/item?id=9048947

DNS -- Domain Name Registrars who own TLDs (ex: .com, .org, .io)
https://www.iana.org/domains/root/db
https://messwithdns.net/
https://wizardzines.com/zines/dns/
https://jvns.ca/blog/2022/05/10/pages-that-didn-t-make-it-into--how-dns-works-/

Switching -- on the Ethernet / MAC level, layer 2, VLANs can happen here
<ETHERNET><><ETHERNET>
Spanning Tree Protocol -- solves ARPSTORMs

Link speed negotiation

(intel) NUC with two (usb) NICs -- VMs that would tag traffic with VLAN.
Ethernet packet tagged with VLAN 1, 
```
| 1 1 1 1 1 1 1 2 | | 2i 2o |
|               2 | |  NUC  |
|               2 | |       |
```

layer 2 ethernet -- hamachi / layer 3 ip -- openvpn

Router in bridge mode -- Router A <=====> Router B

- Hubs are layer 1
- Switches are layer 2
- Routers are layer 3

Home "router" is a router / switch combo

Network Topology -- this is mostly outside my wheelhouse; infiniband/optics?
```
"crossover cable"
A            B
TX ---\/--- TX
RX ---/\--- RX

"standard cable"
A            B
TX -------- TX
RX -------- RX
```

Switch maintains an ethernet routing table, uses mac addresses to determine which ports need to be routed to other ports

TTL -- preventing packets from hopping forever on layer 3 connections, ICMP is a totally separate thing
ICMP -- https://en.wikipedia.org/wiki/Internet_Control_Message_Protocol

```
SEND CHEESEBURGER TO GOOGLE
A -> HR -> ISP -> | | | | -> GOOGLE
subnet 192.168.1.X
HR -> ISP | DESTINATION UNREACHABLE {ICMP 3} | TIME EXCEEDED {ICMP 11} TTL Expires
```
Blocking ICMP is messy, be careful!

https://en.wikipedia.org/wiki/Black_hole_(networking)
PING sends ICMP | TTL
traceroute {ICMP 30} tells each router on the chain to send back a response, they don't have to, they can just send through.
`traceroute bad.horse`

Network Tomography -- Mapping networks by gathering a bunch of timing data sending packets between nodes
https://en.wikipedia.org/wiki/Network_tomography

DHCP is automatic IP handouts
But also, it tells you where your mail server is, how to get fortune cookies, and is a source of fun vulnerabilities

TLS 1.2/1.3
https://tls12.ulfheim.net/
bearSSL