TCP/IP protocol details volume 1 Study Notes Series 2

TCP/IP protocol details volume 1 Study Notes Series 2

Chapter 7 and Chapter 8

Chapter 7 is the basic principle of the Ping program, and chapter 8 is the principle of traceroute (tracert in Win2000. This article mainly introduces some principles and explains the actual tcpdump packet capture content.
The ping program uses icmp reply requests to detect remote host accessibility. You cannot determine whether the port is accessible. To view the port, use the scanner .) The network library in win2000 already provides the network function library (icmp. dll) to use icmp to detect remote hosts. This is the easiest way to read the ping result from an MPS queue or embed the ping source code ). Ping actually has an R option, which is used to record the route that has passed. It has never been known before. (Ping www.google.com-r 7) records the 7 routers that have passed. According to the analysis, you can record a maximum of 8 ~ 9 projects.

In addition to echo requests, you can also use icmp to implement time requests. The icmp data packet can contain the sending time. After receiving the packet, the target host attaches its own time to send the packet back. In this way, you can perform a time verification and determine the communication speed between the source and the target. Because the specific content is annoying and there are too many types, you can't remember the meaning of each type at once.

Generally, ping only uses its simplest function: Check whether the host can be connected. In fact, you can use other options provided by it to control many details, such as the length of data packets, TTL, route records, and routing of wide/strict routes.

Tracetroute, that is, trace route, trace routing. This program was first implemented by Van Jacob. The source code can be found online, but I haven't found it yet. The main principle is to process the TTL (Time to Live) of data packets during IP routing. When the router receives an IP packet, it modifies the TTL of the IP packet and the resulting Head check and checksum changes ). Each time a packet is received, check whether the TTL is 0 or 1. If yes, it indicates that the package has not reached the destination, and there is not much time left, it must be unable to reach the destination. In this way, the router simply discards the packet and sends an ICMP notification to the source host, saying that the packet has timed out. The ICMP notification information contains the IP address used by the current router for sending.

In this way, you can construct a data packet to indirectly check the routes that are routed to a host. Send a packet whose TTL is 1 at the beginning, so that the packet has timed out when it reaches the first vro. The first vro sends a notification that the packet has timed out, in this way, you can record the IP address of the first router. Then, TTL is added to 1, which is safe to pass through the first vro, while the second vro performs the same processing as the first vro. packet loss occurs. A notification is sent indicating that the package times out. In this way, the second vroip IP is recorded, this can be continued until the packet arrives at the target host, and all the routers that pass through the packet are printed.

In communication, the IP layer is only responsible for data routing and transmission, and does not process data packets. For example, ICMP, TCP, and UDP protocols rely on the transmission function of the IP layer to transmit data. In the host of both parties, after receiving the data packets of these protocols, there will be programs to process the data on the corresponding host of the communication. Direct IP datagram is useless. The win2000 driver layer can directly use IP reporting without additional protocols, but it is generally not used in this way ). Therefore, the traceroute program sends a UDP packet for testing. For a vro, UDP datagram is only a type of IP datagram. It does not care about the specific content of UDP datagram. Until this package arrives at the target host, the kernel of the target host will parse the UDP datagram and check whether the port is already in use in the datagram. If yes, the system notifies the process of data arrival. If the data cannot be found, an ICMP error message "the destination port is inaccessible" is sent back to the source host.

In this way, you can completely determine. Trcertroute creates a UDP packet, constantly modifies the TTL value and sends it out. If a "timeout error" is received, it indicates that the router has just arrived, and if it receives a "port inaccessible" error, indicates that the target host has just arrived. In this way, the route tracing is complete and the program ends.

There are several details:

1. the LAN routing is relatively stable, so the response time printed by traceroute is not much different. However, because the routing information of the WAN varies dynamically, it cannot be determined whether the sending path is time-consuming or the return path is time-consuming, therefore, the time and route information can only be used as a reference.

2. Select TTL. If you set the TTL to a large value, are you sure you can print all the routes? For example, a data packet passes through 300 routers to reach the destination end. Of course, in the current network environment, it is unlikely that there will be so many routes. The TTL information only has one byte in the IP datagram, that is, it can be set to 255256 at most and then start from 0 again ). The purpose of setting this information is to prevent some rigid and unaltered data packets from wandering aimlessly over the network. Each time a data packet passes through a vro, the TTL is reduced by 1 or the number of seconds it passes before being processed). At one time, the data packet is reduced to 1 and then discarded by the vro.

3. traceroute ends with the receipt of the "port inaccessible" sign. The premise is that no process is in use on the target host for the port required by the UDP datagram. If a process on the target host is using this port, it will receive the packet and handle it in the normal way, so that traceroute will not receive the "port inaccessible" error. In order to avoid this situation, the implementation of UDP datagram port is the initial value of 33435 in the book, plus 1 for each sending, the maximum port number can reach 65535 ). Normal programs generally do not use these high ports. The problem is, if this is the case, what will traceroute do? What if the Solaris system may use a high port.

4. during the sending process, many routes are required. before arriving at the target host, the gateway, firewall, and other IDS filters are required. It is still a problem if the packet can arrive at the target host. Even if it arrives, it is also a problem whether the sent ICMP message can be returned. Because there are too many checkpoints along the way, if you encounter a black hole router and do not forward this information, there will be no way at all.

The book also mentions that there is an option in the original traceroute to specify the router through which the data packet passes. If it is a wide route, you only need to go through the specified route. If a route entry is a strict route entry, the route entry must go through the specified router in the specified order. This option may cause a fixed route to process too much information, which has been canceled in the published source code. However, the patch can still be used. From the comparison results, it seems that it is better to specify a vro to make it faster to use the default route. For strict routing, it is more difficult to succeed, because the router you specify does not necessarily have entries to the next router.

The exercises in this chapter are complex. You cannot find the network environment to experiment with, but you cannot see the actual results based on the principle analysis. The source code does not exist. If there is a real source code, it cannot be seen at the current level. Let's skip this step. You may know it again.

Related Articles]

• TCP/IP Study Notes (4)-ICMP protocol, ping and Traceroute
  

• Standard Internet communication protocol-TCP/IP protocol
  

• Description and three parameters of TCP/IP protocol