Small understanding of TCP/IP data packets (I)

After reading my blog post on Internet Protocol from leishi xuejie, I have a little question. We will not talk about this for the time being. Let's first explain the basic knowledge and end with my question at that time.

Send data packets:

The process of sending a data packet from the computer at the sending end is from the upper layer to the underlying hardware layer by layer, and goes through the following layers in sequence, while the receiving is exactly the opposite. Let's talk about sending it first.

The Application Layer constructs the data to be sent. The transport layer adds a TCP packet header before this packet, and the network layer adds an IP packet header before it, the connection layer is preceded by a MAC header (also called an Ethernet header ).

Someone asked, What is Baotou? Since we want to write it in front of the data, it is certainly used to identify the data. In fact, more than that, the Baotou has different roles in different layers. In short, it is an identifier that determines whether the package is required by my local machine. It can be forwarded several times. We will immediately explain the headers of different layers.

Transport Layer: TCP Header

TCP headers normally occupy 20 bytes (except for optional fields). The content can be expressed as follows:

Let me briefly explain it.

Source Port and Destination Port:

Each TCP segment contains the source and target port numbers, which are used to find the initiator and acceptor application processes. These two values, the source IP address and the destination IP address in the IP header, uniquely determine a TCP connection. Sometimes, an IP address and a port number are also called a socket ). We can see why IP addresses and ports need to be specified in socket programming...(Note: IP Address Header. We will talk about it later)

Serial number:

The serial number is used to identify the Data byte stream sent from the t c p initiator to the t c p receiver. It indicates the First Data byte in the packet segment. If the byte stream is seen as one-way flow between two applications, t c p uses the serial number to count each byte. The serial number is a 32-bit unsigned number.

Packet segment: Because of host, router, and link layer switch, each layer contains different features. The information group at the application layer is called a packet, and the transport layer group is called a packet segment.

-- Baidu encyclopedia

Header Length:

(Because confirming the serial number involves many terms in the header length, let's start with this)

The length of the header indicates the number of 32-bit characters in the header. This value is required because the length of any field is variable. This field occupies 4 bits, so TCP has a maximum of 60 bytes of header. However, there are no optional fields, and the normal length is 20 bytes.
URG: Urgent Pointer.
Ack: confirm that the serial number is valid.
Psh: the receiver should send the packet segment to the application layer as soon as possible.
RST: rebuild the connection.
SYN: the synchronization sequence number is used to initiate a connection.
Fin: the sender completes the sending task.

Window Size: TCP traffic control is provided by the declared window size at each end of the connection. The window size is the number of bytes, starting from the value specified in the validation serial number field. This value is the byte that is expected to be received. The window size is a 16-bit field, so the window size is up to 65535 bytes.

Checksum: checks and overwrites the entire TCP packet segment: TCP header and TCP data. This is a mandatory field, which must be calculated and stored by the initiator and verified by the receiver. The calculation of the TCP test is similar to that of the UDP test. A pseudo header is used.

Emergency pointer: The emergency pointer is valid only when the URG flag is set to 1. The emergency pointer is a positive offset, and the sum of values in the serial number field indicates the sequence number of the last byte of the emergency data. The TCP emergency mode is a method in which the sender sends emergency data to the other end.

Optional:
The most common optional field is the maximum Message Size, also known as MSS (maximum segment size ). Each connector usually specifies this option in the first packet segment of the communication (the segment with the s y n flag set for the connection. It specifies the maximum length of packets that can be received by the local end. T c p packs user data into a packet segment; it sends data and starts a timer; the other end confirms the received data, sorts the out-of-order data again, and discards repeated data; TCP provides end-to-end traffic control, and calculates and verifies a mandatory end-to-end test.

Confirm serial number:

When a new connection is established, the SYN flag changes to 1. The serial number field contains the initial isN (initial sequence number) of the connection selected by the host ). The first byte Number of the data to be sent by the host is the ISN plus 1, because the SYN mark consumes a sequence number (the fin mark also occupies a sequence number ). Since each transmitted byte is counted, the validation sequence number includes the next sequence number expected to be received by one end of the sending confirmation. Therefore, the sequence number must be the number of bytes that have been successfully received last time plus 1. Only
When the c k flag is 1, confirm that the serial number field is valid.
There is no cost for sending ack because the 32-bit validation serial number field is the same as the ACK flag and is always part of the TCP header. Therefore, once a connection is established, this field is always set, and the ACK mark is always set to 1.

Note: details about the serial number and confirm the serial number example, will let you three TCP handshake four waves have a deep understanding, online blog said very good, I will not reveal, on the web site http://www.cnblogs.com/chenboo/archive/2011/12/19/2293327.html

The above is just an abstract concept. How can we deal with it in a computer? It is like this to use Wireshark to capture packets and extract data headers.

All are in hexadecimal format...

Network Layer: IP Header

Version: version of the IP protocol. The field IPv4 is 4 and IPv6 is 6.

Total Length: IP header and total Data Length

Lifetime: the time of survival on the network. Each time a router passes through, it is reduced by 1 and discarded when it is 0.

Protocol: 0x06 indicates TCP, and 0x11 indicates UDP

Header checksum: used to check the integrity of the IP header without verifying data.

IP Option: optional field for network debugging

(Note: linuxc programming practices p285 ...)

Data link layer: MAC header

14 Bytes: stores the source MAC address and destination MAC address

Store the MAC address of the sender. the MAC address is the identifier of the manufacturer burned on the nic and is globally unique. This is different from the IP address. A good example is that the IP address is like a job, the MAC address is the person who applies for the job. The job allows both A and B. In the same way, an IP address is not required for the NIC, basically, all manufacturers can use it. That is to say, there is no binding relationship between the IP address and the MAC address.

But have you ever wondered whether my computer sent a packet for the first time, and my computer only knew the destination IP address that the user gave me, but I have not connected to the destination computer yet, how can we know its unique MAC address in the world? If we don't know, how can we add a packet header to the data link layer? In fact, here we ignore an important thing: ARP.

ARP

ARP (Address Resolution Protocol) is used to solve this problem.

When I do not know the target MAC address, the computer will send an ARP request (including the destination IP address) to the network through the switch or router ), when the IP address of a computer in the network is the same as the IP address in the request, the computer will reply to its MAC address to the router, while other computers will ignore the request. In this case, the router stores the IP address and MAC address in its ARP cache and sends it back to our computer.

However, what should I do when this IP address is not an IP address in the network, for example, I am in Xi'an, but I want to send data to a computer in Beijing, then, the router will replace the requested MAC address with its own MAC address, replace the IP address in the request with its own gateway IP address, send it to the superior router, and forward it to the target computer.

Note 1: in fact, the router has a set of algorithms, which will automatically find the relatively shortest router forwarding path, and strive to find the target computer through the least vro

Note 2: The ARP addressing mentioned here is limited to IPv4. Due to its limitations and so-called ARP spoofing, it has been replaced by ICMPv6 protocol in IPv6 (from Wikipedia)

 

The next blog post describes the process of receiving data packets...

In case of any error, I would like to say thank you very much.