Basic network knowledge (I)

Basic network knowledge (I)

1. VPS: (Virtual Private Server) Virtual Private Server that virtualizes one Server into multiple servers. Container technology and virtualization technology. Each VPS can be assigned an independent public IP address and an independent operating system to isolate disk space, memory, CPU resources, processes, and system configurations between different VPS, simulate an exclusive computing resource experience for users and applications. You can reinstall the system, install programs, and enable servers separately.

2. Three handshakes in TCP connection: the client sends the SYN packet to the server, and the server waits for confirmation. After receiving the SYN packet, it sends the SYN Packet (SYN + ACK) to the client, after the client receives the SYN + ACK packet, it sends the ACK packet. After the server receives the packet, the connection is established.

3. TCP session stream: sets up the tcp's three-way grip, clientrequests A 1.jpg image, serverresponds to 1.jpg data, and then ends the connection process.

4. Session: session control. The Session object stores the information required by a specific user session.

5. ICMP is an Internet Control Packet protocol. It is a sub-Protocol of the TCP/IP protocol family. It is used to transmit control messages between IP hosts and routers. A message control refers to a message of the network itself, such as network connectivity, host accessibility, and routing availability.

6. OSI Layer-7 model: physical layer, data link layer, network layer, transmission layer, Session Layer, presentation layer, and application layer.

7. Data transmission mode: (1) data transmission in the order of data transmission: parallel transmission, data transmission in binary code at the same time; Serial Transmission, transmission in the order of time. (2) time and order of data transmission: A ticket can only be sent in one direction; a half duplex can be transmitted in two directions, but not at the same time; duplex, it can be transmitted in both directions at the same time. (3) determine the synchronous transmission or asynchronous transmission based on the synchronous mode.

8. Determine the MTU of the Ethernet (maximum transmission unit): command line input command: netsh interface ipv4 show subinterfaces (check ipv4 Nic), netshinterface ipv6 show subinterfaces (check ipv6 Nic)

9. Port 21 in FTP is used to transmit control messages, and Port 20 is used to transmit data after the connection is established.

10. HTTP: Hypertext Transfer Protocol. The client sends a request through port 80 (the syn message sent in the TCP connection starts now), and the server responds with syn + ack, after receiving the response, the client confirms with ack that http is based on tcp. After three handshakes, the client sends a get request and the server transmits data to the client.

11. Reflector attack: Reflection attack; triggerpacket: trigger packet, Certificate: Certificate, diploma

12. Telnet is based on TCP. The Telnet protocol is located at the application layer in the TCP/IP protocol listener and the working port is 23. To complete the Telnet connection, three conditions must be met: the client is equipped with a Telnet program, know the IP address or domain name of the remote host and the password. A TCP connection is used to establish a connection between the local host and the remote host.

13. Telnet: 23 (TCP). HTTP: 80 (TCP), ftp: 21 (tcp), pop: 110 (tcp), smtp: 25 (tcp) dns: 53 (udp)

14. Pop (post office protocol): post office protocol; SMTP (Simplemail transfer protocol): Simple Mail transfer protocol

15. Win7 is divided into 32-bit and 64-bit, difference: (1) Data processing capabilities: 32-bit CPU data processing capabilities, 8-bit one byte, can process 4 bytes, 64-bit can process 8 bytes; (2) supports memory: 32-bit supports 4 GB, actually 3.25 GB, 64-bit supports more memory.

16. Linux supports multi-user, multi-thread, and multi-CPU operating systems, using Unix tool software, applications, and network protocols. The Linux kernel is used even if different versions are used. It is applied to various computer hardware devices, such as mobile phones, computers, servers, routers, and supercomputers.

17. CC attack (challenge black hole): a type of DDoS attack. Attackers control some hosts to continuously send a large number of packets, causing the other server to run out of resources until the dang machine crashes.

18. Frag attack: the MTU of The Link Layer limits the maximum length of data frames. Different network types have an upper limit. If there are packets to be transmitted at the IP layer, and the packet length exceeds the MTU, the IP layer will split the packets so that the length of each piece is smaller than or equal to the MTU (maximum transmission unit ). If the total length of IP fragments sent exceeds 65535 bytes, some old system kernels may encounter problems during processing, resulting in crashes or dos. If the offset between shards is carefully constructed, some systems cannot process it.

19. SSH: Secure Shell protocol is a protocol that provides secure remote logon and other security network services on insecure networks. SSH consists of three parts: Transport Layer Protocol, user authentication protocol, and connection protocol. Two Methods of SSH authentication: Password-based authentication and key-based authentication (this is the most secure ).

20. The same Mac standard addressing generally only involves the data link layer, while different Mac standard addressing is at the network layer, and IP Routers work at the network layer.

21. TCP segment of a reassembled PDU: refers to the upper layer of the TCP layer after receiving a large packet is divided into segments, segment: segmentation, segmentation; reassembled: Re-assembly; PDU: group data unit, protocol Data Unit.

22. MSS: Maximum Segment Size. The maximum value of each data segment is MMS 1460, MTU minus 20 Bytes of the IP header, and 20 Bytes of the TCP Data Segment header.

23. TCP packet flag:

    (1) URG: An emergency sign to ensure that TCP connections are not interrupted, and urge the middle layer device to process the data as soon as possible.

    (2) ACK: confirm the flag. The serial number is valid.

    (3) PSH: The push flag, which is sent to the application immediately after the data packet arrives at the receiving end, rather than queuing in the buffer zone.

    (4) RST: indicates the reset flag, which is used to reset connections that generate errors. It is also used to reject errors and illegal packets.

    (5) SYN: Synchronous flag used to establish a connection request

    (6) FIN: indicates that the data transfer between the two parties is complete. It is used to end a TCP session, but the corresponding port is open.

24. Packet Loss: Packet Loss during communication and transmission. Packet Loss Rate: the percentage of dropped data packets to all data packets during the test. Ping is used for testing.

25. DNS query process:

    1. The client initiates a domain name resolution request, and standard query is sent to the Local Domain Name Server.

    2. when the local domain name server receives the request, it first queries the local cache. If this record item exists, the Local Domain Name Server will directly return the query result, which is standardquery response.

    3. if this record is not found in the local cache, the local server directly sends the request to the root domain name server, and then the root domain name server returns it to the Local Domain Name Server with a domain name (root subdomain name) queried) the address of the Primary Domain Name Server.

    4. the local server then sends a request to the domain name server returned in the previous step, and then the server that accepts the request queries its own cache. If this record is not found, the address of the domain name server at the relevant level is returned.

    5. Repeat Step 4 until the correct record is found.

    6. The Local Domain Name Server saves the returned results to the cache for the next use and returns the results to the client.

26. DNS resolution cannot be queried: nslookup www.baidu.com has been experiencing DNS requesttimed out and timeout was2 seconds, but it cannot be parsed.

27. Ipconfig parameters:

    Ipconfig/all view detailed Network Configuration

    Ipconfig/release the IPV4 address of the specified Adapter

    Ipconfig/release6 release the IPV6 address of the specified Adapter

    Ipconfig/renew update the IPV4 address of the specified Adapter

    Ipconfig/renew6 update the IPV6 address of the specified Adapter

    Ipconfig/flushdns clear dns Cache

    Ipconfig/registerdns refresh all DHCP Lease re-register DNS name

    Ipconfig/displaydns displays the content cached by the DNS resolution program

28. Reflection attack: Normally, the client sends a request packet to the server in UDP protocol, and the server returns a response packet to the client. However, the UDP protocol is connectionless, therefore, the source IP address of the Request Packet sent by the client is easily forged. When the source IP address is changed to the victim's IP address, the response packet returned by the server will be returned to the victim's IP address. This forms a reflection attack.

29. NTP is short for Network Time Protocol. It synchronizes the previous Time of a computer through the Network Protocol. NTP is based on UDP port 123.

30. SSDP: SSDP (SimpleService Discovery Protocol) is an application layer Protocol and one of the core protocols that constitute the Universal plug-and-play (UPnP) technology. The number of home routers, network cameras, printers, Smart appliances, and other devices on the Internet has soared. These smart devices generally use the UPnP (plug-and-play) protocol as the network communication protocol, the UPnP Device detects each other through SSDP (Simple Service Discovery Protocol) with the source port of 1900.

31. UDP-SSDP reflection: attackers forge an SSDP request into an attacker's IP address to a large number of smart devices on the Internet, and the smart device receiving the request returns the response packet to the victim according to the source IP address. It is determined to be SSDP Based on the remote port 1900.

32. Uplink and downlink interfaces of the network: the uplink interface accepts data and the downlink interface sends data. The uplink port of a router is generally an interface connecting to the optical fiber transceiver of a communications company. The downlink interface is connected to a vswitch or terminal at the user end. The uplink port of a vswitch refers to an interface connected to a vro or optical fiber. The downlink port connects to a user terminal or HUB.

33. Objective of using the OSI Layer-7 model: to implement reliable communication between different networks of different systems

34. OSI Layer-7 model protocols at various layers: Physical Layer: RJ-45, RS-32, EIA-TIA; data link layer: PPP, STP, frame relay, SDLC, HDLC; Network Layer: IP, IPX, RIP, OSPF; transport Layer: TCP, UDP, SPX; Application Layer: telnet, http, ftp, SNMP.

35. Tracert is a routing tracking utility used to determine the path used to access IP data packets. The Tracert command uses the ip ttl field and ICMP error message to determine the route from one host to other hosts on the network. determine the problem of data packets arriving at the network node to determine which node the problem is.

36. Tracert usage

    (1) tracert: used to track the path of the target. tracert-d URL or IP address (you do not need to convert the IP address to the host name to accelerate route tracing)

    (2) The leftmost represents the arrival of 11 route nodes to Baidu. The three columns in the middle represent the speed, return speed, and average value of multiple link feedback for each route node; the IP address is the gateway corresponding to each router node. The request times out because the route node is in the LAN.

37. Network nodes: devices with unique network addresses, such as servers, switches, and intersections, can act as network nodes.