Brief summary of TCP IP protocol

OSI 7-Layer model

Application Layer

Presentation Layer

Session Layer

Transport Layer

Network layer

Data Link Layer

Physical Layer

Network hardware

Hub: Working in the physical layer, can only work in half-duplex mode (cannot read and write at the same time), sent to port a data, the hub on the other ports can be received, the hub port can receive all other ports received data.

Switch: Working at the data Link layer, the switch can uniquely identify the device through the MAC address, the switch will not broadcast data, he will only send the data to the specified MAC address of the device, there is a cam (content addressing register)

Router: Working at the network layer, the router's port corresponds to the IP address, it contains the routing table and has the routing addressing function.

ARP protocol

The process of converting an IP address to a MAC address becomes the ARP protocol, and the general process is as follows

Request:

Hi everybody good My IP address is Xx,mac address is XX, I want to send something to the guy whose IP address is xx, but I don't know his hardware address, you who have this IP address,

Can I reply to your MAC address?

The request is broadcast to all devices in the network segment, and the device that is not the IP is discarded and the IP is

Response:

Hello, transmission equipment, I am the IP address you are looking for XX, my MAC address is XX

Gratuitous ARP: When a device's IP changes, the device broadcasts a notification that his IP has changed

ARP Packet structure:

Hardware type: Type data used by the data link layer, in most cases, this type is Ethernet (Type 1)

Protocol type: High-level protocol in use by ARP requests, typically IP protocol

Hardware address Length:

Protocol Address Length:

opcode: ARP packet function: 1 for request, 2 for answer

Sender Hardware Address:

Sender Agreement Address:

Destination hardware Address: The hardware address of the target receiver (0 in ARP request)

Destination protocol Address:

IP protocol

The IP header length is typically 20 bytes unless the option field is included

IP Packet Structure:

Version number:

Header Length:

Service type: Priority flag bit and service type flag, used by routers to prioritize traffic

Total Length: IP header and packet data length

Identifier: A uniquely identified number used to identify the order of a packet or a fragmented packet

Flags: Used to mark whether a packet is a shard, and the values in that domain are used to reorganize the packets in the correct order

Survival time: Defines the generation period of the packet, minus 1 per router

Protocol: A type used to identify upper-middle-order protocol packets in a packet sequence, such as ICMP,TCP,UDP

First checksum: An error detection mechanism to determine if the IP header is undamaged or tampered with

Source IP Address:

Destination IP Address:

Options: reserved for additional IP options

Data: Actual data passed with IP

TCP protocol:

TCP Packet Structure:

SOURCE Port:

Destination Port:

Serial number (sequence num): Used to represent a TCP fragment that is used to ensure that parts of the data flow are not missing

Confirmation number (Ack num): This number is the number of the next packet that you want to get from another device in the communication

Flags: URG, ACK, PSH, RST, SYN, FIN, all are used to indicate the type of TCP packet being transmitted

Window Size: The size of bytes buffered by the TCP receiver

Checksum: Used to ensure the integrity of the contents of the TCP header and data at the destination of arrival

Emergency pointer: If the URG bit is set, this domain will be checked as an additional instruction to tell the CPU where to start reading data from the packet

Options: Various optional domains that can be specified in a TCP packet

TCP connection three-time handshake

The client sends the SYN

Service-Side Send Ack,syn

The client sends an ACK

TCP off connection, four-time handshake

Client sends Fin

The server sends an ACK

Service Side Send fin

The client sends an ACK, the status is Time_wait, and waits 2MSL before it shuts down

Time_wait for 2 purposes

Receive packets that have not arrived before this time, preventing the connection from shutting down after the new connection is received

Wait for ACK to be sent successfully

Because the 2MSL time will ensure that all packets will be discarded (the maximum lifetime of the packet is MSL)

TCP has send buffer and receive buffer

TCP Checksum error is discarded

TCP has a connection queue to receive three handshake successful connections, the application obtains the connection from the TCP queue

When the connection queue is full, TCP ignores the received SYN and does not send any segments (that is, does not send RST) so that the client's active open will eventually time out

When the TCP sliding window is 0 o'clock, the client sends the KEEPALIVE packet

Each TCP packet will have a confirmation packet, if not received will be repeated, until the number of re-send

TCP does not acknowledge ACK segments, TCP confirms only those ACK segments that contain data

Each TCP packet is set with an ACK flag bit after the connection is established

TCP does not confirm the ACK message segment

TCP Timers

1. Timeout retransmission timer

The sender sends a message, starts the timer, and, if it is confiscated to confirm, sends the message at a certain time every

2. Stick to the timer

The transmission of the ACK is unreliable, that is, TCP does not confirm the ACK segment, and TCP only confirms the ACK segments that contain the data. In order to prevent the two sides from waiting because of the missing ACK segment, the sender periodically queries the receiver with a persistent timer. These are sent from the sender to the message segment called the window probe.

If a confirmation is lost, it is possible for both parties to terminate the connection because the receiver waits for the data to be received (because a window that is not 0 has been advertised to the sender), and the sender waits for a window update to allow it to continue sending the data. To prevent this deadlock situation, the sender uses a persistent timer to periodically query the other party to see if the window has increased. These message segments emitted from the sender are called window sniffing.

3. Life-Preserving Timer

1. If the host is available, the other party responds with an ACK response, which is considered to be alive.    2. If available, but the application exits, the other party sends an RST answer, sending a TCP undo connection.    3. If reachable, but the application crashes, the other side will send fin messages. 4. If the other host does not respond to an ACK, RST, continue sending until the timeout expires and the connection is revoked. This time is the default of two hours.

4.2MSL Timer

Actively shut down the connection when one party is in the TIME_WAIT state and stays connected within 2MSL

UDP protocol

UDP Packet Structure:

SOURCE Port:

Destination Port:

Packet Length:

Checksum:

UDP ports are associated with 1 finite-size input queues, and almost simultaneous requests from different customers are automatically queued by UDP and received datagrams

To the application in its order of receipt, UDP discards the datagram when the queue overflows. The application does not know when the input queue overflows

ICMP protocol

ICMP packet structure:

Type: Request or reply

Codes (Code)

Checksum (checksum)

Variable fields (variable): Parts that depend on types and code domains

DHCP protocol

The DHCP protocol is an application-layer protocol that allows the device to obtain an IP address automatically

DHCP Packet structure:

OpCode (OpCode): Used to indicate whether the packet is a DHCP request or a reply

Hardware type: Hardware address type (10MB Ethernet, IEEE802,ATM, and others)

Hardware length: Hardware address length

Hop count (Hops): The relay Agent is used to help find the DHCP server

Transaction ID: A random number used to match requests and responses

Time consumed: The first time a client sends an address request to a DHCP server

Client IP Address: Client IP address (derived from "your" IP address domain)

"Your" IP address: The IP address provided by the DHCP server (eventually the value of the IP address domain of the client)

Server IP Address: DHCP server IP address

Gateway Address: Network Default gateway Address

Client hardware Address: Client MAC Address

Server Host Name: server hostname (optional)

Startup file: The startup file used by DHCP (optional)

Options: Used to extend DHCP packets, more features are available

The main task of DHCP is to assign IP addresses to clients during the lease renewal process, which is the continuation process, which contains 4 different packets

DHCP client = = (discovery) DHCP server,

DHCP client <= (provides DHCP server

DHCP client = = (Request) DHCP server

DHCP client <= (confirm) DHCP server

Discovery Packets:

At this stage, the client IP uses 0.0.0.0 because it does not have an IP address and the packet is sent to 255.255.255.255 because it is a network-independent broadcast address, so

Ensures that the packet is sent to every device on the network

Provide the data package:

At this stage, the server attempts to communicate with the client hardware address provided by ARP, and if it fails, the direct broadcast

Request packet:

The client still uses 0.0.0.0 as the IP address at this stage because the process of acquiring an IP address is not yet complete

Confirm the packet:

After this process, the client will have IP

Lease renewals within DHCP leases:

DHCP assigned IP can only be used for a period of time, if the expiration of the renewal of rent, lease renewal only need to request and confirm the 2 steps.

DNS protocol

DNS Packet Structure

DNS ID number: Used to correspond to DNS queries and responses

Query/Response (QR): Used to indicate whether the packet is a query or a response

OpCode (OpCode): The type of request used to define a message

Authoritative response (authoritative ANSWER,AA): If this value is set, the response is issued by an authoritative domain name server within the

Truncation: Used to indicate that the response is too long to be truncated for loading packets

Expected recursion (recursion desired, RD): When the value is set in the request, the DNS client requires a recursive query if the target domain name server does not contain the requested information

Available recursion (recursion Avaiable,ra): When the value is set in the response, the domain name server supports recursive queries

Retention (Z):

Response code: Used in DNS responses to indicate errors

Problem count: Number of entries in the problem segment

Answer count: The number of entries in the answer section

Domain Name server count: The number of domain name resource records in the authoritative sector

Additional records: Number of additional resource records in the additional Information section

Problem segment: A variable size that contains the part of a query that is sent to a DNS server for one or more pieces of information

Answer section: Variable size, containing one or more resource records used to answer the query

Authoritative sector: Variable size, containing resource records pointing to authoritative domain name servers to continue the parsing process

Additional Information section: A section of variable size that contains resource records used to store additional information related to queries that are not necessarily answered at all

Brief summary of TCP IP protocol