The IP protocol is the most important protocol in the family of TCP/IP protocols, which provides unreliable, non-connected datagram transport services. So understanding IP protocols is critical to our learning network.
Important Field Introduction
4bit First ministerial degree
: in 4 bytes, determines the IP head of the largest minister of 15*4=60, the general IP datagram header length of 20, at this time the field is 5.
service type of 8bit
: Includes a 3bit priority subfield (which can be ignored), a 4bit tos subfield and 1bit unused bits but must be set to 0.4bit for the TOS, respectively: Minimum delay, maximum throughput, maximum reliability, and minimum cost. For example, in the Telnet interactive application requires a small transmission delay, in the FTP requires maximum throughput. These can be set by setting the Socke option to the field.
total length of 16bit
: Maximum is 65535 bytes, including header and data length.
identification of the 16bit
: uniquely identifies each datagram sent by the host. It is important to note that each group of datagrams after the Shard has the same identity.
: Only two bits are meaningful, the lowest bit is mf,mf=1, and there is a shard in the back, and the middle one is df,df=1, and no shards are allowed.
: The offset of the data segment after the datagram is fragmented, in 8-byte units.
ttl time to Live
: Sets the maximum number of routers that a datagram can pass, commonly known as hop count. It specifies the time-to-live of the datagram. Usually 32 or 64. If the initial value of the TTL is set to 1, it means that the datagram can only be transmitted on the local area network.
: Tag upper layer protocol for datagrams.
: The following pages introduce
IP routing IP address lookup host IP addresses can be used ifconfig-a (Windows ipconfig) command, such as my native IP address can be viewed as:
Here we can see a network interface Etho and lo, you can see the Etho interface IP address is 192.168.152.130 intranet address, the mask is 255.255.255.0 physical Address 00:0c:29:e3:72:92, the maximum mtu= 1500, the interface supports broadcast and multicast. The following lo is the loopback interface whose mtu=16436
Some special IP addresses
routing table entry 1. Destination IP address. It can be either a full host address or a network address, which is established by the Flag field in the table. 2. The IP address of the next-station router, or a network IP address with a direct connection. 3. Logo. One of the flags indicates whether the destination address is a network address or a host address. Another flag indicates whether the next station router is a true next-station router or a directly connected interface. 4. A network interface specified by the data transmission.
This is my native routing table entry, for a given router, you can print out five different flags: U The route can use the GThe route is to a gateway, and if there is no flag, the destination address is directly connected. H The route is to a host, which means that the destination address is a full host address. If no flag is set, the route is to a network, and the destination address is a network address. D The route was created by a redirect message. M The route was modified by the redirected message.
IP routing Process 1. Search the routing table for a table that exactly matches the IP address of the destination address. If found, the message is sent to the next station router specified in the table or to a directly connected network interface. 2. Search for the router to find the table that matches the destination network number. If found, the message is sent to the next station router specified in the table or to a directly connected network interface. 3. Search for the router and look for the table labeled Default. If found, sends the message to the next station router specified in the table. 4. If none of the above is successful, the datagram cannot be sent.
ARP Protocol protocol format
How it works when a host sends an Ethernet data frame to another host on the same LAN, the destination interface is determined based on the Ethernet physical address of the 48bit. The device driver never checks the destination IP address in the IP datagram, and the IP address is the virtual one used for routing in the Protocol hierarchy design, and the address that is really used for communication is the address of the physical network card, which is the MAC address. When the host sends the data to determine the destination IP address, it needs to know the physical address of the destination address, because according to the Ethernet frame format of the link layer, we find that it encapsulates the destination MAC address. The ARP protocol is precisely for the IP address to provide a dynamic mapping between the corresponding hardware address, which works on Ethernet. When it wants to know the network of an IP address (can be a router or host) corresponding to the physical address, send a broadcast message, the message content is roughly: "Hello, I am 192.168.152.xxx, physical address is xxxxx, I want to know the physical address of 192.168.152.yyy ”。 The host in Ethernet receives the message and compares the IP address in the message to itself, and if it is itself, sends a response to the sending host's own MAC address. This enables the sending host to send IP data to it.
The ARP cache does not actually send ARP broadcast messages every time before the data is sent, mainly because each host has an ARP cache. This cache holds the mapped address between the nearest IP address and the hardware address. The physical address of the peer can therefore be read through the cache. However, each entry in the cache has a certain time-to-live, typically 20 minutes.
You can view the most recent ARP table by using the ARP-A command.
let's look at an example
: First run the TCPDUMP-E command on native (192.168.152.130 mac addr:00:0c:29:e3:72:92) to capture ARP messages on another host (Ip:192.168.152.128 mac addr:00:0c : 29:7C:CF:FC) to run the Telnet command. The resulting ARP message is as follows:
In the first message, 0x0806 represents the message as an ARP request or a reply. Length 60 refers to the size of the Ethernet data frame, because the ARP request or the response data frame length is 42 bytes (28 bytes of ARP data, 14 bytes of Ethernet frame head) so must be added to the padding character to achieve the minimum Ethernet length requirements: 60 bytes (Some books say 64, It contains the frame end of the Ethernet). The following 46 represents the size of the ARP request data. In the request, you can see that Ubuntu-2.local sent the ARP request.
In the response message, the native responds to it and tells it its own hardware address. The response data length is 28.
Then print out the local ARP cache entries, found that the addition of the second table, this shows that when the other host requests the hardware address of this host, but also add the hardware address of the end to the mapping table, so that later and its communication will not need to make ARP requests, such as:
Contrary to the purpose of the RARP protocol and the ARP protocol, it is only known that the host with its own hardware address can find its IP address through the RARP protocol. The packet format of RARP is basically consistent with the ARP sublet. The main is its frame type code is 0x8035. This protocol is important in the past to obtain the host's IP address for the diskless boot system. The current DHCP protocol already includes the functionality of the RARP. There is not much to be introduced here.
2.TCP/IP Protocol Analysis-IP Protocol, ARP protocol, and RARP protocol