IPThe IP layer (the network layer) receives packets sent by the lower layer (network interface layers, such as Ethernet device drivers) and sends the packet to a higher level---TCP or UDP layer (transport layer), whereas the IP layer transmits packets received from the TCP or UDP layer to the lower level. IP packets are unreliable because IP does not do anything to verify that packets are sent sequentially or corrupted, that the IP packet contains the address (source address) of the host that sent it, and the address of the host receiving it (the destination). High-level TCP and UDP services typically assume that the source address in the package is valid when the packet is received. It can also be said that IP addresses form the basis of authentication for many services, which believe that packets are sent from a valid host. IP acknowledgement contains an option called IP Source routing, which can be used to specify a direct path between a source address and a destination address. For some TCP and UDP services, the IP packet using this option seems to be passed from the last system on the path, not from its real location. This option is available for testing purposes, which means it can be used to trick the system into making connections that are normally forbidden. Then, many services that rely on IP source address validation will cause problems and will be hacked.
TCPTCP is a connection-oriented communication protocol, the connection is established through three handshake, the communication is completed to remove the connection, TCP is connection-oriented, so it can only be used for end-to-end communication. TCP provides a reliable data flow service, using "positive confirmation with retransmission" technology to achieve the reliability of transmission. TCP also uses a method called "sliding window" for traffic control, so-called window actually represents the ability to receive, to limit the sending speed. If there are TCP packets already sealed in the IP packets, then IP will transfer them to the TCP layer. TCP sorts the packets and checks for errors, and realizes the connection between the virtual circuits. TCP packets include sequence numbers and acknowledgments, so packages that are not received sequentially can be sorted, and corrupted packets can be re-transmitted. TCP sends its information to higher-level applications, such as Telnet's service programs and client programs. The application turns the information back to the TCP layer, and the TCP layer sends them down to the IP layer, device drivers and physical media, and finally to the receiver. Connection-oriented services (such as Telnet, FTP, rlogin, X windows, and SMTP) require a high degree of reliability, so they use TCP. DNS uses TCP (sending and receiving domain name databases) in some cases, but uses UDP to transmit information about a single host.UDPUDP is a non-connection-oriented communication protocol, UDP data includes the destination port number and the source port number information, because the communication does not need to connect, so it can be implemented broadcast send. UDP communication does not need to be confirmed by the receiver, is unreliable transmission, there may be packet loss phenomenon, practical applications require programmer programming verification. UDP is located at the same level as TCP (transport layer), but it does not matter the order, error, or retransmission of packets. Therefore, UDP is not applied to connection-oriented services that use virtual circuits, and UDP is primarily used for services that are query-----responsive, such as NFS. These services need to exchange less information relative to FTP or telnet. Services that use UDP include NTP (Network Time Protocol) and DNS (DNS also uses TCP). Spoofing UDP packets is easier than spoofing TCP packets because UDP does not establish an initialization connection (also known as a handshake) (because there is no virtual circuit between the two systems), that is, UDP-related services are at greater risk.ICMPICMP is located at the same level as IP (the network layer), which is used to transmit control information for the IP. It is primarily used to provide information about the path to the destination address. ICMP ' Redirect ' information informs the host of a more accurate path to other systems, while the ' unreachable ' message indicates a problem with the path. Additionally, if the path is not available, ICMP can cause the TCP connection to ' gracefully ' terminate. Ping is the most commonly used ICMP-based service.Communication PortTCP and UDP services typically have a client/server relationship, for example, when a Telnet service process begins to be idle on the system and waits for a connection. The user uses the Telnet client to establish a connection to the service process. The client program writes information to the service process, the service process reads out the information and responds, and the client reads the response and reports to the user. Thus, the connection is duplex and can be used for reading and writing. How are multiple Telnet connections between the two systems mutually acknowledged and coordinated? A TCP or UDP connection uniquely confirms by using the following four entries in each message: The IP address of the source IP address that sent the packet. Destination IP Address the IP address of the receiving packet. The port on the source port of the connection on the source system. The port on which the destination port is connected on the destination system. A port is a software structure that is used by client programs or service processes to send and receive information. One port corresponds to a 16-bit number. A service process typically uses a fixed port, for example, SMTP uses 25, Xwindows uses 6000. These port numbers are ' well-known ' because these and destination addresses are required to communicate when establishing a connection to a particular host or service.Data FormatData frame: Frame header +ip packet + frame tail (the frame header includes the source and destination host Mac initial address and type, the frame tail is the check word) IP packet: IP header +tcp Data information (IP headers include source and destination host IP address, type, lifetime, etc.) TCP data information: TCP header + Actual data ( TCP header includes source and destination host port number, shun sequence number, confirmation number, check word, etc.)IP AddressAll computers connected on the Internet, from mainframes to microcomputers, appear as separate identities, which we call hosts. To enable communication between hosts, each host must have a unique network address. It's as if every house has a unique door, so it's not confusing when it comes to transmitting data. The network address of the Internet refers to the address number of the computer that is connected to the Internet network. So, in an Internet network, a network address uniquely identifies a single computer. As we all know, the Internet is made up of tens of millions of computers connected to each other. And we want to make sure that every computer on the network is a network address that uniquely identifies the computer, which is called the IP (abbreviated Internet Protocol) address, which is the address expressed in the Internet Protocol language. In the Internet, the IP address is a 32-bit binary address, in order to facilitate the memory, they are divided into 4 groups, each set of 8 bits, separated by a decimal point, four bytes to represent, moreover, the points separated by the value range of each byte is 0~ 255, such as 202.116.0.1, this method of writing is called Point notation.
2015.09.04 TCP/IP protocol
