1, the network of O Internet model
650) this.width=650; "title=" image "style=" border-left-0px; border-right-width:0px; Background-image:none; border-bottom-width:0px; padding-top:0px; padding-left:0px; padding-right:0px; border-top-width:0px "border=" 0 "alt=" image "src=" http://s3.51cto.com/wyfs02/M01/73/6C/wKiom1X9MT-xfkE_ Aaderuzjjyy990.jpg "width=" 385 "height=" 209 "/>
Physical layer: Electrical signals, network cards, bit streams, data-end devices provide data transfer
Data Link layer: Transfers data from the network layer to the neighboring destination network layer. IP messages,
Network layer: Responsible for providing communication services to different hosts on the packet switch, TCP/IP layer (implemented in Linux kernel)
Transport Layer: Two hosts inter-process Communication service, through the form of port (random port) is the source of communication
Application tiers: Services directly to users ' applications (implemented in customer applications) such as: HTTP, Tomcat
| Osi | Data transfer format | Agreement |
| Session, presentation, application layer | Message | HTTP FTP SMTP |
| Transport Layer | tcp/Data Segment udp/packet | TCP UDP |
| Network layer | Grouping (package), grouping size varies by protocol | ICMP IGMP RARP ARP |
| Data Link Layer | Frames, one frame, multiple bit streams | Various network interfaces |
| Physical Layer | Bit stream |
2. The principle of peer session for network architecture
Network communication must be established at the peer level of the communication between the two sides, can not be staggered
650) this.width=650; "title=" image "style=" border-left-0px; border-right-width:0px; Background-image:none; border-bottom-width:0px; padding-top:0px; padding-left:0px; padding-right:0px; border-top-width:0px "border=" 0 "alt=" image "src=" http://s3.51cto.com/wyfs02/M00/73/6A/ Wkiol1x9m3vd670vaacanczaxfi777.jpg "width=" 359 "height=" 172 "/>
Transport layer communication using a random port greater than 1024
3, the TCP model in the transport layer of the two transport Protocol differences
TCP (Transport Management Protocol) UDP (User Datagram Protocol)
| Project | Tcp | Udp |
| Whether to connect | Connection-oriented (three-time handshake) | For non-connected |
| Transmission Reliability | Reliable | Unreliable |
| Application situations | Transmission of large quantities | Small amount of data |
| Speed | Slow | Fast |
4. Three handshake and disconnection of TCP protocol
First communication three-time handshake TCP has a connection process, customer request SYN,
The server returns a request (Ack received), and the server is returned to the client,
The client sends an ACK message to determine the relevant content for communication.
650) this.width=650; "title=" image "style=" border-left-0px; border-right-width:0px; Background-image:none; border-bottom-width:0px; padding-top:0px; padding-left:0px; padding-right:0px; border-top-width:0px "border=" 0 "alt=" image "src=" http://s3.51cto.com/wyfs02/M01/73/6A/ Wkiol1x9m3ybdbagaabmfmgbvhe706.jpg "width=" 321 "height=" 185 "/>
Four-time disconnection:
The client sends a disconnect request,
650) this.width=650; "title=" image "style=" border-left-0px; border-right-width:0px; Background-image:none; border-bottom-width:0px; padding-top:0px; padding-left:0px; padding-right:0px; border-top-width:0px "border=" 0 "alt=" image "src=" http://s3.51cto.com/wyfs02/M02/73/6A/wKioL1X9M36i8UZ_ Aabnwzirdai902.jpg "width=" 317 "height=" 213 "/>
The difference between a three-time handshake and a four-break is to ensure no data transfer
The process is as follows:
650) this.width=650; "title=" image "style=" border-left-0px; border-right-width:0px; Background-image:none; border-bottom-width:0px; padding-top:0px; padding-left:0px; padding-right:0px; border-top-width:0px "border=" 0 "alt=" image "src=" http://s3.51cto.com/wyfs02/M00/73/6C/ Wkiom1x9muexnevwaacdsdugetc646.jpg "width=" 324 "height=" 177 "/>
5, Flow cleaning
The service is generally provided by the operator, and at the exit there is a splitter that imports all the traffic mirror images into
Intrusion detection on professional equipment, access control rules (Intelligent learning function). When the study is complete
After opening, this time all the traffic is not imported into the spectrometer, directly into the device. And the back end of that device
Once cleaned and then back to the server. The previous configuration information is retained. Not proofread will give up! Incoming traffic
is normal flow (will release, abnormal will give up)
Intelligent Learning Library running in memory
6. Linux Network Configuration
A:ifconfig Definition Description
Linux network address on the kernel
Ifconfig
650) this.width=650; "title=" image "style=" border-left-0px; border-right-width:0px; Background-image:none; border-bottom-width:0px; padding-top:0px; padding-left:0px; padding-right:0px; border-top-width:0px "border=" 0 "alt=" image "src=" http://s3.51cto.com/wyfs02/M01/73/6C/ Wkiom1x9mujsvlidaafxgrculhq832.jpg "width=" 444 "height="/>
ENS33 for local network card, Lo local loopback: test use
ScopeID function range, valid for current NIC
MTU Network Maximum Transmission Unit
Rx/tx Receiving and contracting the package
Dropped occurs when IO is high
Overruns refers to overload (exceeding NIC Buffer)
B: Command format
NAME
Ifconfig-configure a network interface
Synopsis
Ifconfig [-v] [-a] [-s] [interface]
Ifconfig [-v] interface [Aftype] options | Address ...
NOTE
This program is obsolete! For replacement check IP addr and IP link. For statistics use Ip-s link.
Ifup command to enable a network card
Ifconfig network card device supports long format and short format
For example 255.255.255.0 for long format IP address/24 24 for short format
The general order is temporary and effective, long-term effective need to modify the file
Configure aliases
Ifconfig ens33:1 172.16.16.106/24
650) this.width=650; "title=" image "style=" border-left-0px; border-right-width:0px; Background-image:none; border-bottom-width:0px; padding-top:0px; padding-left:0px; padding-right:0px; border-top-width:0px "border=" 0 "alt=" image "src=" http://s3.51cto.com/wyfs02/M02/73/6A/wKioL1X9M4Tx8hN4AAFB_ Suct6q060.jpg "width=" 445 "height=" 182 "/>
Ens33:1 as Alias
Linux network address is kernel level
C: Routing Configuration
Default gateway required for configuring routing by default (gateway)
650) this.width=650; "title=" image "style=" border-left-0px; border-right-width:0px; Background-image:none; border-bottom-width:0px; padding-top:0px; padding-left:0px; padding-right:0px; border-top-width:0px "border=" 0 "alt=" image "src=" http://s3.51cto.com/wyfs02/M00/73/6A/ Wkiol1x9m4wdddanaadogbrtity729.jpg "width=" 419 "height=" 137 "/>
Route display routes Route-n in digital display
650) this.width=650; "title=" clip_image002 "style=" border-top:0px; border-right:0px; Background-image:none; border-bottom:0px; padding-top:0px; padding-left:0px; border-left:0px; padding-right:0px "border=" 0 "alt=" clip_image002 "src=" http://s3.51cto.com/wyfs02/M02/73/6C/ Wkiom1x9muvchaslaaboc21ocig382.jpg "" 403 "height="/>
Route add 172.16.16.105 GW plus gateway specifies the NIC to upload to a network card
Type
or route add-host 172.16.16.105 GW 172.16.16.1
650) this.width=650; "title=" image "style=" border-top:0px; border-right:0px; Background-image:none; border-bottom:0px; padding-top:0px; padding-left:0px; border-left:0px; padding-right:0px "border=" 0 "alt=" image "src=" http://s3.51cto.com/wyfs02/M01/73/6C/ Wkiom1x9muuzv4c4aacpwnvtaiq980.jpg "409" height= "/>"
Route del Delete route
650) this.width=650; "title=" image "style=" border-top:0px; border-right:0px; Background-image:none; border-bottom:0px; padding-top:0px; padding-left:0px; border-left:0px; padding-right:0px "border=" 0 "alt=" image "src=" http://s3.51cto.com/wyfs02/M02/73/6C/ Wkiom1x9muytcwslaacfzwxcl6k068.jpg "" 413 "height="/>
D:dns configuration file
/etc/resolv.conf DNS File Service nameserver 82.163.143.169
Note: Only primary DNS problems are then used from DNS
650) this.width=650; "title=" image "style=" border-top:0px; border-right:0px; Background-image:none; border-bottom:0px; padding-top:0px; padding-left:0px; margin:0px; border-left:0px; padding-right:0px "border=" 0 "alt=" image "src=" http://s3.51cto.com/wyfs02/M00/73/6A/ Wkiol1x9m4fgkzonaablmodeei4415.jpg "" 239 "height="/>
650) this.width=650; "title=" clip_image006 "style=" border-left-0px; border-right-width:0px; Background-image:none; border-bottom-width:0px; padding-top:0px; padding-left:0px; margin:0px; padding-right:0px; border-top-width:0px "border=" 0 "alt=" clip_image006 "src=" http://s3.51cto.com/wyfs02/M00/73/6C/ Wkiom1x9mu2yopd4aabgvb8p93u105.jpg "width=" 244 "height=" "/>
E: Network card configuration file
Two files:
First: Modify/etc/sysconfig/network
Whether to start the network configuration
650) this.width=650; "title=" clip_image007 "style=" border-left-0px; border-right-width:0px; Background-image:none; border-bottom-width:0px; padding-top:0px; padding-left:0px; margin:0px; padding-right:0px; border-top-width:0px "border=" 0 "alt=" clip_image007 "src=" http://s3.51cto.com/wyfs02/M01/73/6A/ Wkiol1x9m4jabdhiaabdthfuesm304.jpg "width=" 222 "height=" 244 "/>
Second: each physical NIC corresponding file
/etc/sysconfig/network-scripts/ifcfg-ens33
File with the NIC name behind it
650) this.width=650; "title=" image "style=" border-top:0px; border-right:0px; Background-image:none; border-bottom:0px; padding-top:0px; padding-left:0px; border-left:0px; padding-right:0px "border=" 0 "alt=" image "src=" http://s3.51cto.com/wyfs02/M02/73/6A/ Wkiol1x9m4nyeimsaadauntekho721.jpg "" 352 "height=" 124 "/>
650) this.width=650; "title=" image "style=" border-top:0px; border-right:0px; Background-image:none; border-bottom:0px; padding-top:0px; padding-left:0px; border-left:0px; padding-right:0px "border=" 0 "alt=" image "src=" http://s3.51cto.com/wyfs02/M02/73/6A/ Wkiol1x9m4qyd4xlaacykd1gceg584.jpg "" 337 "height=" 188 "/>
can be edited manually
Network card restart
650) this.width=650; "title=" image "style=" border-top:0px; border-right:0px; Background-image:none; border-bottom:0px; padding-top:0px; padding-left:0px; border-left:0px; padding-right:0px "border=" 0 "alt=" image "src=" http://s3.51cto.com/wyfs02/M02/73/6C/wKiom1X9MU_ D-gigaaaxrblpg-i860.jpg "" 423 "height="/>
Disable and start the network card with Ifdown ens33 && ifup ens33
F: New Network Command IP
The command consolidates the name of the Ifconfig route, and the IP command runs in the kernel
Run, ifconfig command in the form of a device file
Ip Addr Show
650) this.width=650; "title=" image "style=" border-top:0px; border-right:0px; Background-image:none; border-bottom:0px; padding-top:0px; padding-left:0px; border-left:0px; padding-right:0px "border=" 0 "alt=" image "src=" http://s3.51cto.com/wyfs02/M00/73/6C/ Wkiom1x9mvcwljihaac3ndqyhhm666.jpg "" 367 "height=" 133 "/>
Port IP addr Show corresponding device
650) this.width=650; "title=" clip_image012 "style=" border-top:0px; border-right:0px; Background-image:none; border-bottom:0px; padding-top:0px; padding-left:0px; border-left:0px; padding-right:0px "border=" 0 "alt=" clip_image012 "src=" http://s3.51cto.com/wyfs02/M01/73/6C/ Wkiom1x9mvcgtwvvaaaxxsx50ou565.jpg "" 363 "height="/>
IP addr Configuration Address IP addr Add 172.16.16.106 dev Ens33
650) this.width=650; "title=" image "style=" border-top:0px; border-right:0px; Background-image:none; border-bottom:0px; padding-top:0px; padding-left:0px; border-left:0px; padding-right:0px "border=" 0 "alt=" image "src=" http://s3.51cto.com/wyfs02/M02/73/6C/ Wkiom1x9mvgbnnxkaad6e5u9qty149.jpg "" 358 "height=" 178 "/>
G: Graphical Network Configuration Tool
1. Running System-config-network-tui on GUI interface (CentOS 6)
Permanently valid after saving
650) this.width=650; "title=" image "style=" border-top:0px; border-right:0px; Background-image:none; border-bottom:0px; padding-top:0px; padding-left:0px; margin:0px; border-left:0px; padding-right:0px "border=" 0 "alt=" image "src=" http://s3.51cto.com/wyfs02/M00/73/6C/ Wkiom1x9mvlwdwu7aabqacmh3-w443.jpg "" 244 "height=" 169 "/>
2. Setup (Centos 7)
650) this.width=650; "title=" clip_image016 "style=" border-left-0px; border-right-width:0px; Background-image:none; border-bottom-width:0px; padding-top:0px; padding-left:0px; padding-right:0px; border-top-width:0px "border=" 0 "alt=" clip_image016 "src=" http://s3.51cto.com/wyfs02/M01/73/6A/ Wkiol1x9m43aizt9aaaucykg7js184.jpg "width=" 244 "height="/>
H:netstat Monitoring Network Services
1, Netstat–tnul
T for TCP u stands for UDP n to display L monitor p process in digital
650) this.width=650; "title=" image "style=" border-top:0px; border-right:0px; Background-image:none; border-bottom:0px; padding-top:0px; padding-left:0px; border-left:0px; padding-right:0px "border=" 0 "alt=" image "src=" http://s3.51cto.com/wyfs02/M01/73/6A/ Wkiol1x9m46bivloaadilunpq3g291.jpg "" 417 "height=" 162 "/>
TCP UDP queue Local address, remote address status process number
650) this.width=650; "title=" clip_image019 "style=" border-top:0px; border-right:0px; Background-image:none; border-bottom:0px; padding-top:0px; padding-left:0px; border-left:0px; padding-right:0px "border=" 0 "alt=" clip_image019 "src=" http://s3.51cto.com/wyfs02/M02/73/6A/ Wkiol1x9m4-cvrmfaadwlqvxkzs032.jpg "" 455 "height=" 164 "/>
In the monitoring listen the transmission layer is normal, and then ensure the network normal ifconfig
TCP all corresponding link a represents all
650) this.width=650; "title=" image "style=" border-top:0px; border-right:0px; Background-image:none; border-bottom:0px; padding-top:0px; padding-left:0px; border-left:0px; padding-right:0px "border=" 0 "alt=" image "src=" http://s3.51cto.com/wyfs02/M01/73/6C/ Wkiom1x9mvwbhzz0aadlvvuceh8743.jpg "" 455 "height=" 145 "/>
I: Command SS View Network
Deep content from the system-level proc Directory
Netstat is the aggregated information in the statistics proc Directory
SS is the kernel read session table, High efficiency
L monitor e stands for extra m for memory p process N in digital display i print
650) this.width=650; "title=" clip_image022 "style=" border-top:0px; border-right:0px; Background-image:none; border-bottom:0px; padding-top:0px; padding-left:0px; border-left:0px; padding-right:0px "border=" 0 "alt=" clip_image022 "src=" http://s3.51cto.com/wyfs02/M02/73/6A/ Wkiol1x9m5dsgs41aab2np3g0b0184.jpg "" 435 "height="/>
Job 1:
1, Nmap sniffer use, need to install through the Yum source
command format usage:nmap [Scan Type (s)] [Options] {target specification}
-V Show-sn for ping scan
For example: Nmap
650) this.width=650; "title=" image "style=" border-top:0px; border-right:0px; Background-image:none; border-bottom:0px; padding-top:0px; padding-left:0px; border-left:0px; padding-right:0px "border=" 0 "alt=" image "src=" Http://s3.51cto.com/wyfs02/M00/73/6C/wKiom1X9MVbDfyDcAACy8p_ Tp9e962.jpg "" 371 "height=" 106 "/>
2, Tcpdump
3, Wirshark for packet capture analysis
20150908 Linux operation and Maintenance Network Foundation and TCP finite state machine state transition principle, Linux network attribute configuration and network
Start building with 50+ products and up to 12 months usage for Elastic Compute Service
1 on 1 presale consultation
24/7 Technical Support 6 Free Tickets per Quarter Faster Response
Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.
A comprehensive suite of global cloud computing services to power your business
Payment Methods We Support
