How the Internet Works

"What happens when you type google.com into the browser" is a classic interview question. Behind that short line, the OSI seven layers, IP, DNS, TCP, TLS, and HTTP appear in turn. This article gives beginners a one-time grasp of the big picture, layer by layer and protocol by protocol.

1. About the Internet

It started in 1969 with four nodes connected on the U.S. ARPANET. In 1974, Vint Cerf and Bob Kahn proposed TCP / IP, and the day in 1983 when ARPANET switched to TCP / IP is often cited as the internet's official birthday. In 1989, Tim Berners-Lee's World Wide Web proposal added the web. After the U.S. allowed commercialization of the backbone in 1995, it spread explosively.

2. OSI 7 Layers vs TCP / IP 4 Layers

The OSI model is an abstract model defined by ISO in 1984. TCP / IP is the model actually implemented, and is simpler:

OSI	TCP / IP	Examples
7. Application	Application	HTTP · DNS · SMTP · SSH
6. Presentation	(Included)	TLS · encoding
5. Session	(Included)	Session management
4. Transport	Transport	TCP · UDP · QUIC
3. Network	Internet	IP · ICMP · routing
2. Data Link	Link	Ethernet · Wi-Fi
1. Physical	(Inside Link)	Cable · fiber · radio

Each layer provides services to the layer above and hides details of the layer below.

3. IP Addresses

Kind	Format	Address space
IPv4	`192.168.1.1` (32 bits)	About 4.3 billion
IPv6	`2001:0db8:85a3::8a2e:0370:7334` (128 bits)	Effectively infinite

IPv4 was defined in the 1980s and the address shortage was foreseen from the 1990s, so NAT (routers) was used as a workaround. IPv6 was standardized as RFC 2460 in 1998 and is being adopted gradually.

Subnets look like 192.168.1.0/24. /24 means the first 24 bits identify the network and the last 8 bits identify the host. That subnet contains 256 addresses.

Special addresses:

127.0.0.1 (IPv4) · ::1 (IPv6) — loopback. Self.
192.168.x.x · 10.x.x.x · 172.16.x.x ~ 172.31.x.x — private IPs (home / office internal).
0.0.0.0 — all interfaces. Binding a server to this address listens on every NIC.

4. DNS

Short for Domain Name System. Paul Mockapetris first defined it in 1983 as RFC 882 / 883, and the current SSOT's foundation is RFC 1034 / 1035 from 1987. Maps human-memorable domains to IPs:

www.example.com 을 조회한다고 할 때:
1. 브라우저 캐시 확인
2. OS 의 hosts 파일 · 캐시
3. ISP 또는 공용 (8.8.8.8 · 1.1.1.1) DNS 리졸버
4. 루트 서버 → .com TLD 서버 → example.com 권한 서버 의 순서로 재귀 질의
5. 응답 IP 를 받아 캐시

Common record types:

Record	Meaning
`A`	Domain → IPv4
`AAAA`	Domain → IPv6
`CNAME`	Domain → another domain (alias)
`MX`	Mail server designation
`TXT`	Arbitrary text (SPF, DKIM, domain verification)
`NS`	Authoritative name server
`SOA`	Zone administrative info
`PTR`	IP → domain (reverse)

TTL (Time To Live) is the cache retention time. Shrinking TTL just before a domain change is a common habit.

5. TCP and UDP

Item	TCP	UDP
Connection	3-way handshake (SYN → SYN-ACK → ACK)	None
Reliability	Order and retransmission guaranteed	None
Flow control	Yes (window)	None
Overhead	Large	Small
Use	HTTP/1·2 · SSH · mail · FTP	DNS · games · real-time voice / video · QUIC

TCP's 3-way handshake:

client → server : SYN
client ← server : SYN-ACK
client → server : ACK
(이후 데이터 송수신)

QUIC (UDP-based, the transport for HTTP/3) merges the TCP and TLS handshakes into one round trip.

6. TLS

Short for Transport Layer Security. Started in 1995 with Netscape's SSL 2.0, and IETF standardized it in 1999 as TLS 1.0 (RFC 2246). The current recommendation is TLS 1.3 (RFC 8446) from 2018.

The rough flow:

The client sends supported cipher suites and extensions (ClientHello).
The server sends its certificate and chosen cipher (ServerHello, Certificate).
The client verifies the certificate chain (issued by a CA, not expired, domain matches).
Key exchange establishes the session key, and subsequent traffic is encrypted with it.

TLS 1.3 reduces this to 1-RTT (or 0-RTT on resumption).

7. Full-Stack Flow of a One-Line Request

When entering https://example.com into the browser:

The browser parses the URL.
DNS resolves example.com to an IP.
TCP or QUIC connection.
TLS handshake.
HTTP request sent.
Server responds.
The browser parses HTML → requests additional CSS / JS resources → paints the screen.

8. Other Paths

DNS over HTTPS (DoH) · DNS over TLS (DoT) — encrypts the DNS query itself.
HTTP/3 (QUIC) — replaces TCP.
WireGuard · Tailscale — modern VPNs.
IPFS — content-addressed P2P distributed storage.

9. Common Shape

Basic diagnostic tools:

# 연결성
ping example.com
ping -c 4 example.com   # 4 번만 (mac · Linux). Windows: ping -n 4

# 경로 추적
# Mac · Linux
traceroute example.com
# Windows
tracert example.com

# DNS 조회
# Mac · Linux 권장
dig example.com
dig example.com MX +short
# Windows 기본
nslookup example.com
nslookup -type=MX example.com

# 포트 듣기 확인
# Mac · Linux
lsof -i :8080
ss -tlnp | grep 8080
# Windows
netstat -ano | findstr :8080

The Network tab in the browser DevTools intuitively shows the actual request flow.

10. Common Pitfalls

DNS cache — the reason some users still see the old IP for a while after a domain change. Wait for TTL or flush the OS cache.

macOS — sudo dscacheutil -flushcache; sudo killall -HUP mDNSResponder
Windows — ipconfig /flushdns

A private IP behind NAT is not reachable from outside — port forwarding or a proxy (ngrok, Cloudflare Tunnel) is needed.

In an IPv6-enabled environment, a server bound only to IPv4 may be unreachable — bind the host to ::.

Local hostname — localhost and 127.0.0.1 are usually the same, but the hosts file may have remapped them.

HTTPS certificate expiry / domain mismatch — the browser shows a red warning. Forgetting a Let's Encrypt auto-renewal is a common case.

Closing thoughts

The internet is built up of concrete protocols — IP, TCP, DNS, TLS, HTTP — layered on top of the OSI seven-layer abstraction. Behind a single URL entry, seven steps run in sequence. What an operator usually deals with directly are three things: DNS records, TLS certificates, and port binding. The rest sits on standards and works naturally.

browser-devtools
(web-fundamentals end)

RFC 1034 / 1035 DNS · RFC 791 IPv4 · RFC 8200 IPv6 · RFC 8446 TLS 1.3 · Brief History of the Internet (Internet Society) · How DNS Works (howdns.works) · High Performance Browser Networking · Cloudflare Radar · DNSChecker for reference.

How the Internet Works

1. About the Internet

2. OSI 7 Layers vs TCP / IP 4 Layers

The OSI model is an abstract model defined by ISO in 1984. TCP / IP is the model actually implemented, and is simpler:

OSI	TCP / IP	Examples
7. Application	Application	HTTP · DNS · SMTP · SSH
6. Presentation	(Included)	TLS · encoding
5. Session	(Included)	Session management
4. Transport	Transport	TCP · UDP · QUIC
3. Network	Internet	IP · ICMP · routing
2. Data Link	Link	Ethernet · Wi-Fi
1. Physical	(Inside Link)	Cable · fiber · radio

Each layer provides services to the layer above and hides details of the layer below.

3. IP Addresses

Kind	Format	Address space
IPv4	`192.168.1.1` (32 bits)	About 4.3 billion
IPv6	`2001:0db8:85a3::8a2e:0370:7334` (128 bits)	Effectively infinite

Subnets look like 192.168.1.0/24. /24 means the first 24 bits identify the network and the last 8 bits identify the host. That subnet contains 256 addresses.

Special addresses:

127.0.0.1 (IPv4) · ::1 (IPv6) — loopback. Self.
192.168.x.x · 10.x.x.x · 172.16.x.x ~ 172.31.x.x — private IPs (home / office internal).
0.0.0.0 — all interfaces. Binding a server to this address listens on every NIC.

4. DNS

Short for Domain Name System. Paul Mockapetris first defined it in 1983 as RFC 882 / 883, and the current SSOT's foundation is RFC 1034 / 1035 from 1987. Maps human-memorable domains to IPs:

www.example.com 을 조회한다고 할 때:
1. 브라우저 캐시 확인
2. OS 의 hosts 파일 · 캐시
3. ISP 또는 공용 (8.8.8.8 · 1.1.1.1) DNS 리졸버
4. 루트 서버 → .com TLD 서버 → example.com 권한 서버 의 순서로 재귀 질의
5. 응답 IP 를 받아 캐시

Common record types:

Record	Meaning
`A`	Domain → IPv4
`AAAA`	Domain → IPv6
`CNAME`	Domain → another domain (alias)
`MX`	Mail server designation
`TXT`	Arbitrary text (SPF, DKIM, domain verification)
`NS`	Authoritative name server
`SOA`	Zone administrative info
`PTR`	IP → domain (reverse)

TTL (Time To Live) is the cache retention time. Shrinking TTL just before a domain change is a common habit.

5. TCP and UDP

Item	TCP	UDP
Connection	3-way handshake (SYN → SYN-ACK → ACK)	None
Reliability	Order and retransmission guaranteed	None
Flow control	Yes (window)	None
Overhead	Large	Small
Use	HTTP/1·2 · SSH · mail · FTP	DNS · games · real-time voice / video · QUIC

TCP's 3-way handshake:

client → server : SYN
client ← server : SYN-ACK
client → server : ACK
(이후 데이터 송수신)

QUIC (UDP-based, the transport for HTTP/3) merges the TCP and TLS handshakes into one round trip.

6. TLS

Short for Transport Layer Security. Started in 1995 with Netscape's SSL 2.0, and IETF standardized it in 1999 as TLS 1.0 (RFC 2246). The current recommendation is TLS 1.3 (RFC 8446) from 2018.

The rough flow:

The client sends supported cipher suites and extensions (ClientHello).
The server sends its certificate and chosen cipher (ServerHello, Certificate).
The client verifies the certificate chain (issued by a CA, not expired, domain matches).
Key exchange establishes the session key, and subsequent traffic is encrypted with it.

TLS 1.3 reduces this to 1-RTT (or 0-RTT on resumption).

7. Full-Stack Flow of a One-Line Request

When entering https://example.com into the browser:

The browser parses the URL.
DNS resolves example.com to an IP.
TCP or QUIC connection.
TLS handshake.
HTTP request sent.
Server responds.
The browser parses HTML → requests additional CSS / JS resources → paints the screen.

8. Other Paths

DNS over HTTPS (DoH) · DNS over TLS (DoT) — encrypts the DNS query itself.
HTTP/3 (QUIC) — replaces TCP.
WireGuard · Tailscale — modern VPNs.
IPFS — content-addressed P2P distributed storage.

9. Common Shape

Basic diagnostic tools:

# 연결성
ping example.com
ping -c 4 example.com   # 4 번만 (mac · Linux). Windows: ping -n 4

# 경로 추적
# Mac · Linux
traceroute example.com
# Windows
tracert example.com

# DNS 조회
# Mac · Linux 권장
dig example.com
dig example.com MX +short
# Windows 기본
nslookup example.com
nslookup -type=MX example.com

# 포트 듣기 확인
# Mac · Linux
lsof -i :8080
ss -tlnp | grep 8080
# Windows
netstat -ano | findstr :8080

The Network tab in the browser DevTools intuitively shows the actual request flow.

10. Common Pitfalls

DNS cache — the reason some users still see the old IP for a while after a domain change. Wait for TTL or flush the OS cache.

macOS — sudo dscacheutil -flushcache; sudo killall -HUP mDNSResponder
Windows — ipconfig /flushdns

A private IP behind NAT is not reachable from outside — port forwarding or a proxy (ngrok, Cloudflare Tunnel) is needed.

In an IPv6-enabled environment, a server bound only to IPv4 may be unreachable — bind the host to ::.

Local hostname — localhost and 127.0.0.1 are usually the same, but the hosts file may have remapped them.

HTTPS certificate expiry / domain mismatch — the browser shows a red warning. Forgetting a Let's Encrypt auto-renewal is a common case.

Closing thoughts

browser-devtools
(web-fundamentals end)

How the Internet Works

How the Internet Works

1. About the Internet

2. OSI 7 Layers vs TCP / IP 4 Layers

3. IP Addresses

4. DNS

5. TCP and UDP

6. TLS

7. Full-Stack Flow of a One-Line Request

8. Other Paths

9. Common Shape

10. Common Pitfalls

Closing thoughts

Next

More in web-fundamentals

How the Internet Works

How the Internet Works

1. About the Internet

2. OSI 7 Layers vs TCP / IP 4 Layers

3. IP Addresses

4. DNS

5. TCP and UDP

6. TLS

7. Full-Stack Flow of a One-Line Request

8. Other Paths

9. Common Shape

10. Common Pitfalls

Closing thoughts

Next

More in web-fundamentals