INVITATION TO CYBERSECURITY 38 Figure 2.13 An example URL with sections labeled. The first part of the URL after the protocol and up to and including the TLD is called the domain name. Domain names are tied to IP addresses. This is similar to how smartphones map our contacts’ names to phone numbers. We do not need to remember our friends’ phone numbers, we just click on their names and our phone makes the connection to the correct phone number. Like contact names, domain names act as memorable names for IP addresses. The Domain Name System (DNS) is a public distributed database that maps domain names to IP addresses. When we click on a URL our web browser uses DNS to find the IP address of the domain name in the URL. Once the IP address has been identified, the web browser makes a network connection to the web server at that IP address. The protocol field in the URL determines the port number to use. HTTP uses port 80 and HTTPS uses port 443. Once connected, the web server examines the resource path of the URL to connect the browser to the requested resource. There are many websites that provide DNS services and there are also command-line utilities such as dig for Linux and nslookup for Windows (see Figure 2.14). Figure 2.14 The dig and nslookup utilities showing that the IP address for the domain www.cedarville.edu is 163.11.75.44. When a computer is online, its NIC is constantly sending and receiving data. Applications called packet sniffers log these packets and allow users to inspect them. Wireshark is a free and open-source packet sniffer. It provides visibility into all of the packets that a computer is sending and receiving. It helpfully formats the packets so that they can be
RkJQdWJsaXNoZXIy MTM4ODY=