How the Internet Actually Works: From URL to Response

When you type a URL into your browser and press Enter, something remarkable happens in the next few seconds—but almost none of it is visible to you. Your request travels through dozens of computers, crosses multiple networks, and passes through infrastructure owned by different organizations, each one capable of seeing or blocking your traffic. Understanding this journey is essential if you want to grasp how the internet can be censored, monitored, or secured. Let's walk through what actually happens, step by step. Where does your request go first? You type "example.com" into your browser. Your computer doesn't know what IP address corresponds to that domain name. (An IP address is a unique numeric identifier for a computer on the internet, like a mailing address for your house. The modern standard uses addresses like 192.0.2.1.) So your computer asks a DNS server—think of it as a giant phone book for the internet—"What IP address should I use for example.com?" This query travels to a DNS resolver, usually operated by your Internet Service Provider (ISP) or a third party like Cloudflare or Google. The resolver checks its records and replies with the IP address. Your computer now knows where to send its request. This first step is already important: your ISP or DNS provider learns what websites you're trying to visit, because they see the domain names you're looking up. Even if the connection is later encrypted, this step is often not. Building the connection: TCP handshake Once your computer has the IP address, it needs to establish a connection to the server. It does this using a protocol called TCP (Transmission Control Protocol). Think of TCP as a formal greeting between two postal offices: they verify they can hear each other, agree on how to exchange letters, and confirm the connection is working before any actual mail is sent. This process is called the TCP handshake, and it takes a few milliseconds. Your ISP and backbone providers (the large companies that operate the main cables of the internet) see these connection attempts. Sending the request: packets and routers Now your browser composes an HTTP request—essentially a letter that says "Please send me the main page of example.com." This letter is too large to send in one piece, so the network breaks it into smaller chunks called packets. Each packet is like a postcard: it has a destination address (the server's IP), a return address (your computer's IP), and a portion of your message. These packets don't all take the same route. They're handed off from router to router—think of routers as post offices—and each one reads the destination address and forwards the packet toward its target. The internet's design ensures that if one route is congested or damaged, packets can take alternate paths. Your ISP operates many of these routers, and they see all the packets passing through their network, including the destination IP and the general type of traffic (though not the content if it's encrypted). Getting a response The server at example.com receives your packets, assembles them back into your full request, and sends a response—typically the HTML code that makes up the web page. That response comes back to you in packets, using the same system. Your browser receives these packets, reassembles them, and renders the page you see. Where surveillance and blocking actually happen Now that you understand the journey, the vulnerable points become clear. An ISP can see the domain names you request (via DNS) and the IP addresses you connect to (via the packets themselves). They can block traffic to specific IP addresses or domain names entirely. A government can mandate that ISPs perform this blocking. DNS servers can be hijacked or forced to return false results. If the connection is not encrypted, anyone between you and the server—including your ISP, network administrators at your workplace, or a malicious person on your Wi-Fi network—can read the content of your requests and responses. Encryption (like HTTPS, which most websites now use) encrypts the content of your message, but does not hide the domain name you're visiting or the IP address you're connecting to—that information must remain visible for routers to deliver your packets. This is called metadata, and it can reveal a great deal about your behavior. This is also why a VPN (Virtual Private Network) works the way it does: by routing your traffic through an encrypted tunnel to a different server, you hide your true IP address from the websites you visit, and you hide your destination from your ISP (though not from your VPN provider, who now sees your traffic instead). It's a tradeoff, not a magic fix. The big picture The internet is fundamentally a system for routing packets from one computer to another, and at each hop, information is visible. The question of who sees what depends on whether traffic is encrypted, which organizations control the infrastructure, and what legal obligations they operate under. Understanding this helps you recognize both what protection technologies can and cannot do, and where real vulnerabilities lie. Next, you might explore how DNS works in detail, how encryption actually protects you, or how governments and ISPs perform censorship at scale.