# Network Fundamentals Visualized Lab

This lab accompanies the bilingual Network Fundamentals Visualized series on haotianblog. It turns protocol ideas into deterministic CSV results and figures without needing administrator access, packet capture, credentials, or an external target.

## Environment

- Python 3.10 or later
- A C11 compiler such as Apple Clang or GCC for the three low-level examples
- Optional observation commands: `dig` and `openssl`

```bash
python3 -m venv .venv
source .venv/bin/activate
pip install -r requirements.txt
python src/run_all.py
```

The Python command regenerates ten CSV files in `results/` and figures in `figures/`. The values cited in the articles come from those deterministic scenarios.

## Python Experiments

```bash
python src/dns_resolution_cache.py
python src/cidr_route_mtu.py
python src/tcp_reliability_cwnd.py
python src/tls13_handshake_timing.py
python src/http_cdn_waterfall.py
python src/proxy_path_latency.py
python src/http_connect_tunnel.py
python src/socks5_dns_boundary.py
python src/reverse_proxy_balancing.py
python src/proxy_cache_revalidation.py
```

- `dns_resolution_cache.py`: TTL cache hit/miss latency for four fixed requests.
- `cidr_route_mtu.py`: longest-prefix route selection and MTU segment arithmetic.
- `tcp_reliability_cwnd.py`: ACK progression, deliberate loss, retransmission, and congestion window evolution.
- `tls13_handshake_timing.py`: TLS 1.3 message flights and an explicitly insecure teaching-only Diffie-Hellman calculation.
- `http_cdn_waterfall.py`: modeled HTTP/2 versus HTTP/3 cold/warm CDN request waterfall.
- `proxy_path_latency.py`: direct, forward-proxy, reverse-proxy MISS, and reverse-proxy HIT latency segments.
- `http_connect_tunnel.py`: a deterministic CONNECT establishment and TLS-in-tunnel message timeline.
- `socks5_dns_boundary.py`: safe SOCKS5 request-byte encoding and local versus proxy DNS boundary comparison.
- `reverse_proxy_balancing.py`: request queue effects of round-robin and least-queue selection in a fixed backend model.
- `proxy_cache_revalidation.py`: shared-cache freshness and validator behavior across MISS, HIT, and `304` revalidation.

## C Examples

```bash
cc -std=c11 -Wall -Wextra -O2 src/dns_packet_parser.c -o /tmp/dns_packet_parser
cc -std=c11 -Wall -Wextra -O2 src/cidr_lpm.c -o /tmp/cidr_lpm
cc -std=c11 -Wall -Wextra -O2 src/tcp_loopback_echo.c -o /tmp/tcp_loopback_echo
/tmp/dns_packet_parser
/tmp/cidr_lpm
/tmp/tcp_loopback_echo
```

The DNS parser reads a bundled header byte array. The CIDR example evaluates an in-memory route table. The TCP program opens only a `127.0.0.1` ephemeral listener and sends one local message.

## Optional Live Observation

These commands are observation aids only. Their output depends on the reader's current network and is not used as a fixed article result.

```bash
dig example.com A +noall +answer +stats
openssl s_client -connect example.com:443 -tls1_3 -brief </dev/null
```

## Safety And Limits

- No root privileges, packet capture, scanner, remote load, secret, or Cloudflare account access is required.
- TLS numbers are a state-and-latency model. The tiny finite-field calculation demonstrates the shape of key agreement and must never be used for real encryption.
- HTTP/3 figures are an explanatory network model, not a benchmark of a real QUIC stack.
- Proxy experiments model local protocol boundaries and routing decisions only. They do not configure an anonymizing proxy, bypass access controls, or transmit traffic through an external service.