Career OS

Week 3 — Networking: How the Internet Actually Works

The textbook for this week

The deep version of this week lives in the Networking track. Day 1 (DNS + TCP) = Networking 02 + 03, Day 2 (HTTP) = Networking 04, Day 3 (TLS) = Networking 05, Days 4–5 (REST design + build) = Spring Boot 03. Work the modules; use this page as the weekly checklist.

Why This Matters

Every API call, every database query, every microservice communication — it’s all networking. When your API is slow, 80% of the time it’s a network issue, not a code issue. If you don’t understand the wire, you can’t debug production.

Learning Goals

By Friday you should be able to whiteboard:

  • The full journey of an HTTP request (DNS → TCP → TLS → HTTP → Response)
  • Why TCP uses a 3-way handshake and what happens if a packet is lost
  • What HTTP headers actually do and which ones matter for APIs
  • How HTTPS/TLS keeps your payment data safe

Daily Breakdown

Day 1: DNS + TCP — The Foundation

The question: What happens when you type api.splitwise.com/expenses in a browser?

The answer (build this mental model):

1. Browser checks DNS cache → OS cache → Router cache → ISP DNS
2. DNS resolves api.splitwise.com → 104.26.5.78
3. TCP 3-way handshake: SYN → SYN-ACK → ACK (connection established)
4. TLS handshake (if HTTPS): negotiate encryption
5. HTTP request sent: GET /expenses HTTP/1.1
6. Server processes, sends HTTP response
7. TCP ensures all packets arrive in order (retransmits if lost)
8. Connection stays alive (keep-alive) or closes (FIN)

Read:

  • howdns.works — visual, interactive, takes 10 minutes
  • Baeldung: “TCP/IP Protocol” overview

Exercise: Use nslookup and tracert (Windows) on real domains. See the hops.

nslookup google.com
tracert google.com

Day 2: HTTP Deep Dive

HTTP is the language your API speaks. Not knowing it = not knowing your tools.

Methods that matter:

MethodMeaningIdempotent?Safe?
GETRetrieve dataYesYes
POSTCreate resourceNoNo
PUTReplace resource entirelyYesNo
PATCHPartial updateNoNo
DELETERemove resourceYesNo

Idempotent = calling it 5 times gives the same result as calling it once. This matters enormously in fintech — if a payment request is retried, an idempotent endpoint won’t charge twice.

Headers that matter for APIs:

Content-Type: application/json          # What format the body is in
Authorization: Bearer eyJhbGciOi...    # Who you are
Accept: application/json                # What format you want back
Cache-Control: no-cache                 # Don't cache this
X-Request-Id: uuid-here                # For tracing (fintech requirement)

Status codes you must know:

CodeMeaningWhen to Use
200OKSuccessful GET/PUT/PATCH
201CreatedSuccessful POST that created a resource
204No ContentSuccessful DELETE
400Bad RequestValidation failed (missing fields, wrong format)
401UnauthorizedNo token or expired token
403ForbiddenValid token but no permission
404Not FoundResource doesn’t exist
409ConflictDuplicate creation, race condition
429Too Many RequestsRate limited
500Internal Server ErrorYour code broke
502Bad GatewayUpstream service broke
503Service UnavailableServer overloaded

Day 3: HTTPS / TLS

Why this matters for fintech: You’re building a system that handles money. Every request MUST be encrypted. You need to understand how, not just that.

TLS handshake (simplified):

1. Client: "Hello, I support these encryption methods"
2. Server: "Let's use this one. Here's my certificate."
3. Client: Verifies certificate with Certificate Authority
4. Both: Generate shared session key using asymmetric crypto
5. All future data: Encrypted with symmetric key (fast)

Key concepts:

  • Asymmetric encryption (RSA/ECDSA): slow, used for key exchange
  • Symmetric encryption (AES): fast, used for actual data
  • Certificate Authority: trusted third party that says “yes, this server is really api.splitwise.com”

Read: Cloudflare’s “What is TLS?” article — clear, visual, 10 minutes.

Day 4: REST API Design — The Right Way

Now apply networking knowledge to your project:

Design your API endpoints. Think about:

# Users
POST   /api/v1/users              → Create user
GET    /api/v1/users/{id}         → Get user by ID

# Groups  
POST   /api/v1/groups             → Create group
GET    /api/v1/groups/{id}        → Get group with members
POST   /api/v1/groups/{id}/members → Add member to group

# Expenses
POST   /api/v1/groups/{groupId}/expenses    → Create expense
GET    /api/v1/groups/{groupId}/expenses    → List expenses (paginated)
GET    /api/v1/expenses/{id}               → Get expense detail

# Balances
GET    /api/v1/groups/{groupId}/balances   → Who owes whom

Design decisions to think about:

  • Why /api/v1/? (versioning — you can’t break existing clients)
  • Why nested routes for expenses? (they belong to a group)
  • Why pagination? (a group might have 10,000 expenses)

Day 5: Build the REST Layer

Wire up your Spring controllers:

@RestController
@RequestMapping("/api/v1/groups/{groupId}/expenses")
public class ExpenseController {
    
    @PostMapping
    public ResponseEntity<ApiResponse<ExpenseDTO>> createExpense(
            @PathVariable Long groupId,
            @Valid @RequestBody CreateExpenseRequest request) {
        ExpenseDTO expense = expenseService.createExpense(groupId, request);
        return ResponseEntity.status(HttpStatus.CREATED)
            .body(ApiResponse.ok(expense));
    }
}

Weekend Checklist

  • Can you explain DNS → TCP → HTTP → Response without notes?
  • 3-4 REST endpoints working in your project
  • Tested with Postman or curl
  • Proper HTTP status codes (201 for creation, 404 for not found)
  • Error responses use your custom exception handler from Week 2
  • DSA kickoff: read the DSA track overview, then do DSA 01 — Big-O: The Cost Of Code — play with the explorer, take the quiz, run the Build This timing experiment. One module per weekend from here on.

Resources

WhatWhereTime
DNS visual guidehowdns.works10 min
HTTP overviewMDN Web Docs “HTTP”30 min
TLS explainedCloudflare “What is TLS?“10 min
REST best practicesBaeldung “REST API Best Practices”20 min