Getting Started with Internet protocols

Introduction to Internet Protocol (i) http://www.ruanyifeng.com/blog/2012/05/internet_protocol_suite_part_i.html

Introduction to Internet Protocol (ii) http://www.ruanyifeng.com/blog/2012/06/internet_protocol_suite_part_ii.html

1.5-Layer Model

"Physical Layer", which is the physics of connecting computers. It mainly specifies the electrical characteristics of the network, the role is responsible for the transmission of 0 and 1 of electrical signals.

　　

The function of the link layer, which, above the entity layer, determines how 0 and 1 are grouped.

Ethernet Frame Structure http://www.cnblogs.com/mylinux/p/5553242.html

IP Packet Structure http://www.cnblogs.com/mylinux/p/3988928.html

TCP Packet Structure http://www.cnblogs.com/mylinux/p/5552738.html

2. ARP protocol: Get MAC address from IP address.

Because the IP packet is sent in the Ethernet packet, we must also know two addresses, one is the other's MAC address, the other is the other's IP address. Normally, the IP address of the other party is known (explained later), but we do not know its MAC address.

In the first case, if the two hosts are not in the same sub-network, then in fact there is no way to get the other's MAC address, only the packet to the two sub-network connection "gateway", let the gateway to handle.

In the second case, if the two hosts are on the same subnet, then we can use the ARP protocol to get the MAC address of each other. The ARP protocol also emits a packet (contained in an Ethernet packet) that contains the IP address of the host to which it is queried, in the other's MAC address column, filled with FF:FF:FF:FF:FF:FF, indicating that this is a "broadcast" address. Each host of its subnet receives the packet, which takes the IP address and compares it to its own IP address. If the two are the same, make a reply, report their MAC address to each other, or discard the package.

In short, with the ARP protocol, we can get the host MAC address of the same sub-network, can send packets to any host.

3. DHCP protocol

First, it is an application-layer protocol that is built on top of the UDP protocol, so the entire packet is this:

(1) The first "Ethernet header", set the MAC address of the sender (native) and the MAC address of the receiver (DHCP server). The former is the MAC address of the local network card, the latter do not know, fill in a broadcast address: FF-FF-FF-FF-FF-FF.

(2) Next "IP Header", set the IP address of the sender and the IP address of the receiver. At this time, for both, this machine is not known. The IP address of the issuing party is then set to 0.0.0.0, the IP address of the receiver is set to 255.255.255.255.

(3) The last "UDP header", set the port of the issuing party and the port of the receiver. This section is provided by the DHCP protocol, which is port 68 and the receiver is port 67.

Once this packet is constructed, it can be sent out. Ethernet is broadcast sent, and each computer on the same sub-network receives this packet. Because the receiver's MAC address is ff-ff-ff-ff-ff-ff, do not see who is sent to, so each received this package of the computer, you must also analyze the IP address of the package to determine whether it is sent to their own. When the sender IP address is 0.0.0.0 and the receiver is 255.255.255.255, the DHCP server knows "This package is sent to me" and the other computer can discard the package.

Next, the DHCP server reads out the contents of the packet, assigns the IP address, and sends back a "DHCP response" packet. The structure of this response package is similar, the Ethernet header's MAC address is the network card address of the two sides, the IP address is the IP address of the DHCP server (the sender) and the 255.255.255.255 (receiver), the UDP header port is 67 (sender) and 68 (receiver), The IP address assigned to the requester side and the specific parameters of the network are included in the data section.

The newly added computer receives the response packet, so it knows its own IP address, subnet mask, gateway address, DNS server, and so on.

4. Internet Settings: summary

In this section, one thing to keep in mind: whether it's a "static IP address" or a "dynamic IP address", the first step in computer surfing is to determine four parameters. These four values are important and worth repeating:

* The IP address of the machine
* Subnet Mask
* IP address of the gateway
* IP address of DNS

With these values, the computer can "surf" the Internet.

5. Introduction to DNS principles http://www.ruanyifeng.com/blog/

The IP address of the DNS server, which may be dynamic, is assigned by the gateway each time it is online, which is called the DHCP mechanism, or it may be a fixed address specified beforehand. Inside the Linux system, the IP address of the DNS server is saved in the/etc/resolv.conf file.

5.1 Tool software dig can display the entire DNS query process.

$ dig math.stackexchange.com
The +trace parameter of the dig command can display the entire hierarchical query process for DNS.
$ dig +trace math.stackexchange.com
The dig command allows you to view the NS records for each level of domain separately.
$ dig NS com
$ dig NS stackexchange.com
The +short parameter can display simplified results.
$ dig +short ns com
$ dig +short NS stackexchange.com

5.2 Hierarchy of domain names

How can a DNS server know the IP address of each domain name? The answer is a hierarchical query.
Please carefully dig the result, each domain name the tail has a point.

For example, the domain name math.stackexchange.com is displayed as math.stackexchange.com. This is not negligence, but the tail of all domain names, in fact, there is a root domain name.

For example, the real domain name of www.example.com is Www.example.com.root, abbreviated to www.example.com. Because, root domain name. Root is the same for all domain names, so it is usually omitted.

The next level of the root domain name is called "Top-level domain" (top-level domain, abbreviated as TLD), such as. com,. NET, and next level called "Secondary domain name" (second-level domain, abbreviated as SLD), such as www.example.com inside the. example, this level of domain name is the user can register, and then the next level is the hostname (host), such as the www.example.com inside the WWW, also known as "three-level domain name", This is the name that the user assigns to the server in his or her domain, which the user can assign arbitrarily.

To summarize, the hierarchical structure of the domain name is as follows.

主机名.次级域名.顶级域名.根域名# 即host.sld.tld.root

The DNS server makes hierarchical queries based on the hierarchy of domain names.

The so-called "hierarchical query", that is, starting from the root domain name, and then query the NS records of each level domain name, until the final IP address is found, the process is generally as follows.

1. 1. NS Records and A records (IP addresses) for top-level nameservers from "Root name server"

   2. NS Records and A records (IP addresses) for sub-domain name servers from top-level nameservers

   3. Isolate the IP address of the hostname from the secondary domain name server

Looking closely at the process above, you may find that there is no mention of how the DNS server knows the IP address of the "Root name server". The answer is that the NS records and IP addresses of the "root nameservers" are generally unchanged, so they are built into the DNS server.

5.3 Other DNS Tools

In addition to dig, there are some other gadgets that you can use.
(1) Host command
The host command can be thought of as a simplified version of the dig command, returning various records of the current requested domain name.
$ host Github.com
Github.com has address 192.30.252.121
Github.com Mail is handled by 5 ALT2. Aspmx. L.google.com.
Github.com Mail is handled by ten ALT4. Aspmx. L.google.com.
Github.com Mail is handled by ten ALT3. Aspmx. L.google.com.
Github.com Mail is handled by 5 ALT1. Aspmx. L.google.com.
Github.com Mail is handled by 1 aspmx. L.google.com.

$ host Facebook.github.com

Facebook.github.com is a alias for github.map.fastly.net.
Github.map.fastly.net has address 103.245.222.133

The host command can also be used for reverse queries, that is, querying a domain name from an IP address, equivalent to Dig-x <ip>.
$ host 192.30.252.153
153.252.30.192.IN-ADDR.ARPA domain name pointer pages.github.com.

(2) nslookup command
The nslookup command is used to interactively query a domain name record.
$ nslookup
> Facebook.github.io
server:192.168.1.253
address:192.168.1.253#53

Non-authoritative Answer:
Facebook.github.io canonical name = Github.map.fastly.net.
Name:github.map.fastly.net
address:103.245.222.133
>

(3) Whois command
The WHOIS command is used to view the domain name registration status.
$ whois github.com

Getting Started with Internet protocols