TCP/IP protocol details

[2008/03/10]-C02, C03
1. in Windows XP, you cannot view the MTU of the network interface with netstat. However, you can find a method on the Internet by using the ping command "Ping-l 1472-F www.sohu.com ". When I ping in the LAN, 1472 is the maximum available value. If 1473 is used as the package size, an error message "packet needs to be fragmented but DF set." is returned .". 1472 + 28 (IP, ICMP header) = 1500, that is, its MTU is 1500.
Explanation of this error message: each network in the link layer has its MTU value. My local network is Ethernet and MTU is 1500. When the data in the upper IP layer exceeds this value, the link layer will perform fragmentation on the data. The ping command uses the-F parameter, that is, the do not fragment flag, which leads to an error.
2. My IP address is 192.168.80.173, The subnet mask is 255.255.255.0, that is, my network number is 192.168, The subnet number is 80, and the host number is 173. According to rfc1918, 192.168.80.173 is a private address space. To connect to a public network, you must use a certain device to perform address translation.

[2008/03/11]-C04, c05
1. ARP and RARP are designed to map IP addresses and physical interface addresses one by one. All their requests send request frames to the LAN in a broadcast manner. The difference is that their responses: ARP responses are sent by a host, and RARP requests are sent by RARP servers on the LAN.

[2008/03/12]-C03
1. Figure 3.4 incorrect translation, resulting in an incorrect understanding: When bsdi transfers frames to Sun, the header of the link layer should be "Destination Ethernet = 140.252.13.33 MAC address ", this address can be obtained through arp. When a frame is transmitted from sun to netb through the slip protocol, the frame format does not need to be set to the destination MAC address, but only needs an IP address (is it because it is a serial line, and its destination has only one ?).

[2008/03/13]-C04
1. ARP requests are only broadcast in the same broadcast domain. That is to say, for cross-network access, the target mac on both sides of the machine will always be the gateway. Data packets are forwarded in the vro by determining the subnet. Only when the destination subnet is reached will ARP requests be sent to the destination subnet.

[2008/03/21]-c08
1. tracert in Windows uses icmp echo packets to determine the route address. Likewise, different TTL values are sent, and the positions of each route are determined by receiving timeout ICMP packets.

[2008/03/24]-c09
1. On Windows, you can use netstat-R or route print to view the route table. The following is the print information of my host:
Network destination netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.80.201 192.168.80.173 20
127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
192.168.80.0 255.255.255.0 192.168.80.173 192.168.80.173 20
192.168.80.173 255.255.255.255 127.0.0.1 127.0.0.1 20
192.168.80.255 255.255.255.255 192.168.80.173 192.168.80.173 20
224.0.0.0 240.0.0.0 192.168.80.173 192.168.80.173 20
255.255.255.255 255.255.255.255 192.168.80.173 192.168.80.173 1
Default Gateway: 192.168.80.201

0.0.0.0 is the default route
127.0.0.0 is the loopback address.
192.168.80.0 is the local subnet address.
192.168.80.173 is the NIC address.
192.168.80.255 is the subnet broadcast address.
224, 0.0.0 is the multicast address
255.255.255.255 is a finite broadcast address.
For more information, see http://support.microsoft.com/kb/140859.

[2008/06/25]-C11
1. Run the netstat-s-p UDP command in Windows to view the UDP datagram transmission status. The following is the print information of my host:
UDP statistics for IPv4

Required rams received = 1348653
No ports = 1055
Receive errorrs = 249
Required rams sent = 1729625
2. the maximum data length of an Ethernet frame is 1500, minus the IP address and UDP header, and 1472 bytes for user data. The maximum data length of an IEEE802 frame is 1492, therefore, the minimum user data length of a shard is 1465 bytes.
3. When user data needs to be sharded, except for the last segment, the data of other slices must be an integer multiple of 8 bytes. This is because there is a 13-bit slice offset in the IP header to identify the offset of the user data where the slice is located. However, because the user data can be up to 16 to 2, that is, 65535 bytes, therefore, the offset value is 8 bytes. For details, see the fragmentation section of rfc791.

[2008/06/26]-C12
1. My host address is 192.168.80.73 and the subnet mask is 255.255.0. Therefore, when I ping 192.168.80.255, an IP address broadcast is actually sent. When we use ARP-a to view the ARP table, we can see the Host IP address in the network segment, and corresponding to the ICMP captured by ethereal, we can see that these hosts send a response to the local machine.

[2008/06/30]-C14
1. In Windows, you can use NSLookup for DNS query. The following is the query result of NSLookup www.sina.com.cn:
Server: dns2.cs.hn.cn
Address: 202.103.96.112

Non-Authoritative Answer:
Name: ara.sina.com.cn
Addresses: 58.63.236.31, 58.63.236.32, 58.63.236.33, 58.63.236.34
58.63.236.35, 58.63.236.36, 58.63.236.37, 58.63.236.47, 58.63.236.48
58.63.236.49, 58.63.236.50, 58.63.236.26, 58.63.236.27, 58.63.236.28
58.63.236.29, 58.63.236.30
Aliases: www.sina.com.cn, jupiter.sina.com.cn

Using Ethereal to analyze DNS responses, we can find that the response types of www.sina.com.cn and jupiter.sina.com.cn are cname (canonical name for an alias). For details about the types, see http://www.domainavenue.com/cname.ht.
2. Reference a post on the Internet: why some portal sites directly enter the IP address but cannot access the http://bbs.chinaunix.net/viewthread.php? Tid = 428204 & extra = & page = 1;
The post mentioned the concept of reverse proxy, reference another post: Use squid to implement reverse proxy http://bbs.chinaunix.net/viewthread.php? Tid = 1124099
3. When I use NSLookup-q = PTR 58.63.236.30, the query results are as follows:
Server: dns2.cs.hn.cn
Address: 202.103.96.112

* ** Dns2.cs.hn.cn can't find 30.236.63.58.in-ADDR. ARPA.: non-existent domain
The reason is that the reverse query area is not set for it. When querying the IP address of www.google.com, you can find the domain name information. For more information about how to set the reverse region, see http://book.51cto.com/art/200709/55423.htm.

[2008/08/05]-C19
1. pseudocode of the Nagle algorithm:
If there is new data to send
If the window size> = MSS and available data is> = MSS
Send complete MSS segment now
Else
If there is unconfirmed data still in the pipe
Enqueue data in the buffer until an acknowledge is already ed
Else
Send data immediately
End if
End if
End if

[2008/08/16]-C20
1. Several examples in this chapter explain the timing of the push flag:
When the sender and the receiver perform a handshake, the sender and the receiver return ack containing their respective cache window sizes of 4096;
In the 20-3 example, the command is sock-I-n8 bsdi 7777, which indicates that eight 1024 bytes of data are sent consecutively. Therefore, the push flag is carried after each 1024 bytes are sent;
In the 20-3 example, the buffer is full due to slow receipt by the receiver, and the receiver needs to wait for ACK to notify the receiver to continue sending data, the remaining four 1024 bytes of data are stored in the receiver's buffer. The first three datagram messages do not carry the push mark, but only the push mark on the last datagram;
In the 20-7 example, the command is sock-I-N1-w8192 bsdi 5555. When sending 4 1024-byte data reports, the push flag is required because the buffer size of the sender is 4096;
Therefore, we can know that the push flag is related to the buffer window size of the sender's receiver.