Basic Note (c): Analysis of network protocols

Directory one, network Protocol II, TCP (transmission Control Protocol, transmission protocol)

1. TCP Header Format
2. Three handshakes and four waves in the TCP protocol
3. TCP Message Capture tool

Third, HTTP (hypertext Transfer Protocol, Hypertext Transfer Protocol)

1. Request message Structure
2. Sample Request Message
3. Request message Parameters Detailed
4. Response message Structure
5. Sample Response message
6. Detailed Response message Parameters
7. HTTP Message Grabber
8. Session and Cookie

Iv. Related Information

First, the network protocol

The International Organization for Standardization (International Standard ORGANIZATION,ISO) publishes the Open Systems Interconnect Reference Model (OSI/RM). OSI/RM is a layered architecture, with a 7-tier reference model.
TCP/IP (transmission Control protocol/internet Protocol) acts as the core protocol for the Internet. It is a protocol family that contains multiple protocols.
The basic idea of layering is that each tier provides more advanced value-added services based on the services provided by its lower tiers, while the top level provides services that run distributed applications.

The process of sending a request is from the topmost layer (the application layer), each layer is responsible for encapsulating its own information into the request, and finally sending an entire request to the other party.
The process of receiving requests begins at the lowest level (the network interface layer), and each layer of the Protocol is responsible for parsing its own things, such as the Internet Layer (IP) processing IP information, the Transport layer (TCP) processing the point-to-point port, the application layer (HTTP) processing request or the response line\ Header\body.

Second, TCP (transmission Control Protocol, transmission protocol)

TCP is a reliable, byte-stream-based communication protocol for connection (connection-oriented). TCP packages the user data into a message segment, which starts a timer after it is sent, confirms the data received at the other end, re-sorts the unordered data, and discards duplicate data.
The characteristics of TCP are:

• TCP is a connection-oriented Transport layer protocol
• Each TCP connection can have only two endpoints, and each TCP connection can only be a point-to-point
• TCP provides reliable delivery of services
• TCP provides full-duplex communication. Data is transmitted independently in two directions. Therefore, each end of the connection must maintain the serial number of the transmitted data in each direction.
• byte stream oriented. Meaning for byte stream: Although application and TCP interaction is a block of data at a time, TCP's data is simply a series of unstructured byte streams.

1. TCP Header Format

(1) Source port (source port number): The port number of the data initiator, 16bit.
(2) Destination port (destination port number): The port number of the data receiver, 16bit.
(3) Sequence number (sequential numbers, SEQ): Used to solve the problem of network packet disorder (reordering) in data communication to ensure that the data received by the application layer will not be disorderly because of transmission problems on the network (TCP will use this sequential number to splice data), 32bit.
(4) Acknowledgment number (confirmation numbers, ACK): is the data receiver expects to receive the sender in the next segment of the sequence number (SEQ), so the confirmation number should be the last successfully received sequential number (seq) plus 1,32bit.
(5) Offset (TCP header Length): Used to store the header of the number of 32bit (a row), the storage length of 4bit, the maximum can represent (2^3+2^2+2^1+1) *32bit=60bytes header. The minimum value is 5,5*32bit=20bytes.
(6) Reserved (reserved): 6bit, all 0
(7) TCP Flags (TCP flag bit) each length is 1bit
CWR: Compression, TCP Flags value 0x80.
ECE: Congestion, 0x40.
URG: Emergency, 0x20. When Urg=1, it indicates that there is urgent data in the message section and should be transmitted as soon as possible.
ACK: Confirm, 0x10. When ack = 1 o'clock, this is a confirmed TCP packet, and a value of 0 is not a confirmation packet.
PSH: Push, 0x08. When sending end psh=1, the receiving end is delivered to the application process as soon as possible.
RST: Reset, 0x04. When rst=1 indicates a serious error in the TCP connection, the connection must be released and then re-established.
SYN: Synchronous, 0x02. The connection is established to synchronize the sequence number. Syn=1, ack=0 represents a connection request message segment. Syn=1,ack=1 agreed to establish a connection.
FIN: Terminating, 0x01. When Fin=1, it indicates that the data of the sending end of this segment has been sent, and the transmission connection is required to be released.
(8) window: Used to control the amount of data sent by the other side, notify the issuance of the fixed limit of the sending window.
(9) Inspection and: The scope of the field test includes the head and the data of the two parts. is computed and stored by the originator and validated by the receiving end.
(10) Emergency pointer: The emergency pointer is valid at Urg=1, which indicates the number of bytes of emergency data in this section.
(one) TCP option: variable length up to 40 bytes

Note: ISN (inital Sequence number): Initializes Sequence number, which occurs when a connection is established.

2. Three handshake and four wave in TCP protocol

Special attention

Seq: is the sequential number of the sender's current message.
ACK: is the SEQ that the sender expects the other party to return in the next returned message.

Three handshake required to establish connection

First handshake: The client sends a connection request packet to the server, the flag bit SYN (Synchronous sequence number) is set to 1, and the sequential number is x=0.

Second handshake: The server receives a message from the client, and by Syn=1 knows that the client is required to be online, allocate resources for this connection. and send to the client a SYN and ACK is set to 1 TCP packets, sets the initial sequence number y=0, sets the confirmation number (ACK) to the last client sent over the sequence number (SEQ) plus 1, that is x+1 = 0+1=1.

Third handshake: The client receives a packet from the server to check the confirmation number (ACK) is correct, that is, the first sent SEQ plus 1 (x+1=1). And whether the flag bit ACK is 1. If correct, the service side sends the confirmation packet again, the ACK flag bit is the 1,SYN flag bit is 0. Confirmation Number (ACK) =y+1=0+1=1, send sequence number (SEQ) is x+1=1. After the server receives the confirmation number value with Ack=1, the connection is established successfully and the data can be transferred.

Four waves are required to disconnect the connection

Reminder: The interrupt connection can be either client side or server side. Just swap the two characters below.
First wave: The client sends a FIN message to the server to shut down the client-to-server data transfer. The flag bit fin and ACK are set to 1, the sequential number is x=1 and the confirmation number is z=1. It means "My client has no data to send to you, but if you still have data not sent to complete, you do not have to close the socket, you can continue to send data." So you first send an ACK over. ”

Second wave: After receiving fin from the service side, send back an ACK (flag bit ack=1), confirm the number to receive the order number plus 1, that is, x=x+1=2. The sequential number is the confirmation number =z received. It means "Your fin request I received, but I am not ready, please continue to wait for my message" This time the client enters the fin_wait state and continues to wait for the fin message on the service side.

Third wave: When the server determines that the data has been sent, a fin message is sent to the client, and the connection to the client is closed. The flag bit fin and ACK is set to 1, the sequential number is Y=1, the confirmation number is x=2. Tell the client "OK, my side of the data is finished, ready to close the connection." ”

Fourth wave: After the client receives the fin sent by the server, it sends back an ACK acknowledgement (flag bit ack=1), confirming that the number is received in order number plus 1, i.e. y+1=2. The sequential number is the confirmation number x=2 received. It means "I know the client can close the connection, but I still do not believe the network, afraid the server does not know to shut down, so send an ACK to enter the TIME_WAIT state, if the server does not receive an ACK can be re-transmitted." Client side waiting for 2MSL still not received a reply, the server side has been properly shut down, well, I can also close the client terminal connection. (In the TIME_WAIT state, if the last ACK sent by the TCP client is lost, it is sent again.) The time required in the TIME_WAIT state is dependent on the implementation method. Typical values are 30 seconds, 1 minutes, and 2 minutes. The connection is formally closed after waiting, and all resources (including the port number) are released. ）

Why is it four times when you close the hand?
The syn+ack message can be sent directly after the server receives the SYN connection request message from the client side. Where the ACK message is used to answer, the SYN message is used for synchronization. However, when the connection is closed, when the server side receives the fin message, it is likely that the socket will not be closed immediately, so you can only reply to an ACK message, tell the client side, "You send fin message I received." I can't send fin messages until all the messages on my server end are sent, so I can't send them together. Therefore, four-step handshake is required.

3. TCP Message crawler: Wireshark

Fill-in Expression in capture filter: Host www.cnblogs.com and Port 80 (80 equivalent to HTTP)
Fill in the expression in the display filter when there are multiple TCP streams: Tcp.stream eq 0 Filters out the first TCP stream (contains a full TCP connection: three handshakes and four waves)

Each record has the following protocol layer
(1) Frame: Data Frame overview of the physical layer
(2) Ethernet II: Data Link Layer Ethernet frame header information
(3) Internet Protocol Version 4: Internet Layer IP packet header information
(4) Transmission Control Protocol: Data segment header information for the transport layer, here is the TCP
(5) Hypertext Transfer Protocol: Application layer information, here is the HTTP protocol

Third, HTTP (hypertext Transfer Protocol, Hypertext Transfer Protocol)

HTTP is an application-layer protocol, although the HTTP/2 version was introduced in 2015 and is supported by major web browsers and Web servers. But the most widely used is the http/1.1 version. Please check here for history.
Its main features can be summarized as follows:

• Supports client/server mode.
• Simple and fast: When a customer requests a service from the server, it simply transmits the request method and path. Because the HTTP protocol is simple, the HTTP server's program size is small, so the communication speed is fast.
• Flexible: HTTP allows the transfer of any type of data object. The type being transmitted is marked by Content-type.
• No connection: The meaning of no connection is to limit the processing of only one request per connection. When the server finishes processing the customer's request and receives the customer's answer, the connection is disconnected. In this way, the transmission time can be saved.
• Stateless: The HTTP protocol is a stateless protocol. Stateless means that the protocol has no memory capacity for transactional processing. A lack of state means that if the previous information is required for subsequent processing, it must be re-routed, which may cause the amount of data to be transferred per connection to increase. On the other hand, it responds faster when the server does not need the previous information. To solve this problem, the Web program introduces a cookie mechanism to maintain state.

In addition, both the HTTP request message and the response message are from the start line (for Request messages, the start line is the request line, for the response message, the start line is the status line), the message header (optional), the empty line (only the CRLF line), the message body (optional) composition. will be explained in detail below.

1. Request message Structure

The data in the message is ASCII encoded, the length of each field is indeterminate (except for the end of the CRLF, a separate CR or LF character is not allowed).

2. Sample Request message

Post/search http/1.1  Accept:image/gif, Image/x-xbitmap, Image/jpeg, Image/pjpeg, Application/vnd.ms-excel, Application/vnd.ms-powerpoint , Application/msword, Application/x-silverlight, Application/x-shockwave-flash, */*  referer:http:// www.google.cn/  ACCEPT-LANGUAGE:ZH-CN  accept-encoding:gzip, deflate  user-agent:mozilla/4.0 ( Compatible MSIE 6.0; Windows NT 5.1; SV1;. NET CLR 2.0.50727; TheWorld)  Host:www.google.cn connection:keep-alive  cookie:pref=id=80a06da87be9ae3c:u=f7167333e2c3b714: nw=1:tm=1261551909:lm=1261551917:s=ybycq2wpfefs4v9g; Nid=31=ojj8d-iygaetsxlgajmqsjvhcspkvijrb6omjamnrsm8lzhky_ Ymfo2m4qmrkch1g0iqv9u-2hfbw7bufwvh7pgarub0rnhcju37y-fxlrugatx63jlv7cwmd6ub_o_r  Hl=zh-CN& SOURCE=hp&q=domety  

3, request message parameter detailed request method

All request method names are capitalized and currently have 9 types:

Note
Security: Https://en.wikipedia.org/wiki/Hypertext_Transfer_Protocol
Idempotent: Represents an operation that is processed at most once, and each call returns the result of the first invocation.
About the difference between get and post for HTTP requests
(1). form of submission:
Get submitted data is placed after the URL, to split the URL and transfer data, the parameters are connected with &, such as editposts.aspx?name=test1&id=123456. The Post method is to put the submitted data in the body of the HTTP packet.
(2). The size of the transmitted data:
The HTTP protocol itself does not limit the size of the transmitted data, nor does the HTTP protocol specification limit the URL length. The main limitations in the actual development are:
GET: Specific browsers and servers have restrictions on URL length, such as IE's limit on URL length is 2083 bytes (2k+35). For other browsers, such as Netscape, Firefox, etc., there is theoretically no length limit, and its limitations depend on the support of the operating system.
Therefore, for a get commit, the transmitted data is limited by the URL length.
POST: The theoretical data is not limited because it is not transmitted via a URL. However, the actual Web server will be required to limit the size of the post submission data, Apache, IIS6 have their own configuration.
(3). Security:
The security of post is higher than get security, with the meaning of real security. And through get submit data, user name and password will appear in plaintext on the URL, because the login page may be cached by the browser, other users browsing history can get the account number and password.

Request Header Field

The key in the thumb of the header field, and is not case-sensitive.

4. Response message Structure

As seen, the only real difference between the response message structure and the request message structure is that the first line uses state information instead of the request information. Status line describes the requested resource situation by providing a status code.

5. Sample Response message

http/1.1 Okdate:mon, May 2005 22:38:34 gmtcontent-type:text/html; charset=utf-8content-encoding:utf-8conten T-length:138last-modified:wed, Jan 2003 23:11:55 gmtserver:apache/1.3.3.7 (Unix) (red-hat/linux) ETag: "3f80f-1b6-3e 1cb03b "Accept-ranges:bytesconnection:close<HTML><Head>  <title>An Example Page</title></Head><Body>Hello World, the very simple HTML document.</Body></HTML>

6, Response message parameter detailed response status code

The status code consists of three digits, the first number defines the category of the response, and there are five possible values.
1XX: Indicates that the request has been received and continues processing.
2XX: Success-Indicates that the request has been successfully received, understood, accepted.
3XX: Redirect--further action is required to complete the request.
4XX: Client Error--the request has a syntax error or the request is not implemented.
5XX: Server-side error-the server failed to implement a legitimate request.
Common status Code:

OK: Successful return status, corresponding, Get,put,patch,delete.
201 created-created successfully.
302 Found: Redirect, the new URL will be returned in the location in response, and the browser will send a new request using the new URL.

For example, enter http://www.google.com in IE. The HTTP server returns 304, IE takes the new URL to the location header in response and sends a Request again.
304 Not Modified: Indicates that the last document has been cached and can continue to be used.
The bad request-requested format error.
401 Unauthorized-not authorized.
403 Forbidden-authentication succeeds, but the user does not have permissions.
404 Not Found-The requested resource does not exist.
405 Method Not allowed-the HTTP methods are not allowed.
410 gone-the resource corresponding to this URL is now unavailable.
415 Unsupported media Type-wrong request type.
422 unprocessable Entity-used when verifying errors.
429 too many request-too many requests.
Internal Server error: Unexpected errors occurred on the server.
503 Server Unavailable: The server is currently unable to process client requests and may return to normal after some time.

Other status Codes please refer to: Https://en.wikipedia.org/wiki/List_of_HTTP_status_codes Response Header Field

The key in the thumb of the header field, and is not case-sensitive.

7. HTTP Message Grabber

Wireshark, Fiddler, HttpWatch (need to combine IE), Telnet
Wireshark:
Fill in the expression in the Display filter: http and ip.addr = = 42.121.252.58 and Tcp.port = = 80 filter out HTTP response and request flow

8. Session and Cookie

When it comes to HTTP, you have to mention the session and cookies. But strictly speaking, session and Cookie are not part of the HTTP protocol. Because the HTTP protocol design principle is stateless, in recent years there have been a variety of needs, in which the role of cookies is to resolve the HTTP protocol stateless flaws in the effort. The subsequent session mechanism is another solution for maintaining state between the client and the server. In particular, the cookie mechanism uses a scheme that maintains state on the client, while the session mechanism uses a scenario that maintains state on the server side. We also see that the session mechanism may need to use a cookie mechanism to save the identity, but in fact it has other options because the server-side hold-state scheme also needs to preserve an identity on the client side.

Session

Session is the ability to store a specific user information storage mechanism for a user's browser and any windows opened through its current window.
It is often thought that as long as the browser is closed, the session disappears, in fact this is the wrong understanding. The same is true for the session, unless the program notifies the server to delete a session, otherwise the server remains intact. Because closing the browser does not cause the session to be deleted, forcing the server to set an expiration time for seesion, the server can assume that the client has stopped the activity when the time of the client's last use of the session exceeds the expiration time. The session is deleted to save storage space.

(1) When a Web site resource is accessed for the first time, the client submits no request with SessionID (the request header does not have cookie header domain information).
The Web server checks for SessionID, does not create a sessionid, and, depending on the Web program itself, adds information (or null) that is part of the current session when requesting which resource, and the list is identified as SessionID. The SessionID is then returned to the client (via the Set-cookie header domain of the response header).
(2) When the client accesses the same Web site again, it submits a request with SessionID (stored SessionID through the cookie header domain). The server determines whether the session is invalid or not, and can query the list of information belonging to the current session if it is not invalidated. If it fails, a new session is created (creating a new SessionID), and the original session (the list of information containing the session band) is lost and inaccessible.

Cookies

A cookie can be used to save SessionID so that the browser can automatically send the SessionID back to the server during the interactive process. Cookies are named in a manner similar to SessionID. Sometimes the cookie is artificially banned, so there are other mechanisms that can still pass SessionID back to the server when the cookie is banned. This technique is called URL rewriting, that is, the SessionID directly appended to the URL path, there are two additional ways, one is as the URL path of additional information, the representation of http://www.wantsoft.com/index.asp; Jsessionid= byok3vjfd75apnrf7c2hmdnv6qzcebzwowibyenlerjq99zwpbng!-145788764.
The other is appended to the URL as a query string, in the form of http://www.wantsoft.com/index?js ... 99zwpbng!-145788764.

Iv. Related Information

• "System Architect Tutorial"
• "C # Network application Programming" (2nd edition)
• OSI model
• TCP/IP Reference
• Wireshark Clutch Illustration TCP Three-time handshake/four-time wave explanation
• The things about TCP (UP)
• Three handshakes and four waves in the TCP Protocol (illustration)
• Hypertext Transfer Protocol
• HTTP protocol Detailed
• HTTP request messages and HTTP response messages
• HTTP protocol Explanation (classic)
• Session and Cookie of the HTTP protocol

Basic Note (c): Analysis of network protocols