Analysis of TCP/IP layer-4 protocol system and tcpip layer-4 Protocol

Analysis of TCP/IP layer-4 protocol system and tcpip layer-4 Protocol

TCP/IP layer-4 protocol system

1) The link layer, also known as the data link layer or network interface layer, usually includes the device driver in the operating system and the network interface card corresponding to the computer. They work together with the physical interface details of the cable (or any other transmission medium.

2) the network layer, also known as the Internet layer, Processes Group Activities in the network, such as group routing. In the TCP/IP protocol family, the network layer protocol includes the IP protocol (Internet Protocol), ICMP protocol (Internet Control Packet protocol), and IGMP protocol (Internet Group Management Protocol ).

3) the transport layer provides end-to-end communication for applications on two hosts. In the TCP/IP protocol family, there are two different transmission protocols: TCP (Transmission Control Protocol) and UDP (User Datagram Protocol ).

TCP provides high-Reliability Data Communication for two hosts. The work it does includes dividing the data that an application has handed over to it into small pieces and handing it over to the network layer below, confirming the received group, and setting the timeout clock for sending the final confirmation group. Because the transport layer provides high-reliability end-to-end communication, the application layer can ignore all these details. UDP provides a very simple service for the application layer. It only sends a group called a datagram from one host to another, but it does not guarantee that the datagram can reach the other end. Any required reliability must be provided by the Application Layer

4) the application layer is responsible for handling specific application details. Almost all different TCP/IP implementations provide the following common applications:

Telnet Remote logon. FTP file transfer protocol. SMTP Simple Mail Transfer Protocol. SNMP Simple Network Management Protocol

Link Layer

The underlying protocol and link layer protocol in the Internet protocol family

In the TCP/IP protocol family, the link layer has three main objectives:

Send and receive IP datagram for the IP module. send ARP requests to the ARP module and receive ARP responses. Send RARP requests to RARP and receive RARP responses.

TCP/IP supports a variety of link layer protocols, depending on the hardware used by the network, such as Ethernet, ring-based network, FDDI (Fiber Distributed Data Interface) and RS-232 serial lines, etc.

Ethernet link layer protocol, two serial interface link layer protocols (s l p and P), and the loopback (l o p B a c k) drivers that are included in most implementations

SLIP: Serial Line IP Address

It is a simple form of encapsulation of IP datagram on a serial line. The following rules describe the frame format defined by the SLIP protocol:

IP data reports END with a special character called END (0xc0). To prevent line noise before the arrival of the datagram, colleagues are treated as the datagram content, most implementations also transmit an END character at the beginning of the datagram (if there is line noise, the END character will be the technology of this incorrect message, so that the current message can be correctly transmitted, after the previous error message is handed over to the upper layer, the content is discarded without significance.) If an IP message contains an END character, we need to transmit two bytes 0xdb and oxdc consecutively to replace it. The oxdb special character is called the slip esc character. If a character in the IP packet is the slip esc character, it is necessary to transmit two bytes 0xdb and oxdd consecutively to replace it.

SLIP is a simple frame encapsulation method with some defects:

Each end must know the IP address of the object. There is no type field in the data frame of the other end. If a serial line is used for SLIP, therefore, it cannot use the SLIP protocol at the same time without adding a verification in the data frame. If the message transmitted by SLIP is affected by line noise, an error occurs, only upper-layer protocols can be used for detection. (another method is that the new modem can detect and correct error messages)

Despite these shortcomings, SLIP is still a widely used protocol.

PPP: Point-to-Point Protocol

The PPP Point-to-Point Protocol modifies all defects in the SLIP protocol. PPP consists of the following three parts:

1) method of encapsulating IP datagram on the serial link. PPP supports both eight-bit data and non-parity-free Xtep mode (for example, serial interfaces that are common on most computers) and bit-oriented synchronization link 2) establish, configure, and test the Link Control Protocol (LCP: LinkControlProtocol) of the data link ). It allows communication parties to negotiate to determine different options 3) Network Control Protocol (NCP: NetworkControlProtocol) system for different network layer protocols. The network layers defined by RFC include IP, OSI, DECnet, and AppleTalk.

PPP has the following advantages over SLIP:

PPP supports running multiple protocols on a single serial line, not only when each frame of the IP protocol has a cyclic redundancy test. Both parties can perform dynamic IP geological negotiation (using the IP network control protocol) similar to CSLIP, you can set multiple data link options by compressing the TCP and IP packet headers.

The price paid for these advantages is that three characters are added to the first part of a frame. When a link is established, several frames of negotiation data are sent, and more complex implementations are required.

Loop Interface

Most products support Loopback interfaces to allow communication between client programs and server programs running on the same host through TCP/IP.

Class A network number 127 is reserved for the loopback interface. According to the Convention, most systems allocate the IP address 127.0.0.1 to this interface and name it localhost.

An IP datagram sent to the loopback interface cannot appear on any network: Once the transport layer detects that the destination address is a loopback address, some logical operations on the transport layer and all network layers should be omitted. However, most products still complete all the processes at the transport layer and network layer. They only return the I P datagram to themselves when it leaves the network layer.

Process of handling IP datagram for the loop interface

The key points to be pointed out in the figure are:

1) Any data transmitted to the loop back address (generally 127.0.0.1) is input as an IP address. 2) copy the data transmitted to the broadcast address or multicast address and send it to the loop back interface, then it is sent to the Ethernet. 3) any data sent to the IP address of the host is sent to the loopback interface.

Maximum Transmission Unit MTU

Ethernet and 802.3 have a limit on the length of data frames. The maximum values are 1500 and 1492 bytes, respectively. This feature of the link layer is called MTU, the maximum transmission unit. Most different types of networks have an upper limit.

If there is a datagram to be transmitted on the IP layer and the data length is greater than the MTU on the link layer, the IP layer needs to split the datagram into several slices so that each piece is smaller than the MTU.

Point-to-point link layer (such as SLIP and PPP) MTU does not refer to the physical characteristics of network media. On the contrary, it is a logical restriction designed to provide fast response time for interactive use.

IP: Internet Protocol

In the network, each computer has a unique address, which is called an IP address.

IP is the most core protocol in the TCP/IP protocol family. All TCP, UDP, ICMP, and IGMP data are transmitted in the IP datagram format.

The IP address provides an unreliable, connectionless datagram transmission service:

Unreliable (u n r e l I a B l e) means that it cannot guarantee that the I P datagram can successfully reach the destination. If an error occurs when the IP address provides the best transmission service, for example, if a vro has used up the buffer temporarily, the IP address has a simple false blowing algorithm: discard the datagram, then, an ICMP message is sent to the source. Any required reliability must be provided by the upper layer (for example, TCP). No connection means that the IP does not maintain any status information about subsequent datagram. The processing of each datagram is an independent IP datagram that can be not received in order. If A Source sends two consecutive datagram data packets to the same sink (First A and then B ), each datagram is selected independently. Different routes may be selected. Therefore, B may arrive before A arrives.

IP Header

The header length of a common IP address is 20 bytes, unless it contains an option field.

IP datagram format and fields in the header ,:

The highest bit is on the left, and the lowest Bit is on the right. It is recorded as the 31bit version. The current Protocol version number is 4, because the IP address is also known as the IPV4 First Minister: the number of 32-bit characters in the header, includes any options. Because it is a 4-bit field, the header is up to 60 bytes of service type: including a 3bit priority subfield (ignored now ), the minimum latency, maximum throughput, maximum reliability, and minimum cost of the 4bit sub-field and 1bit unused bit must be set to 0. The 4bit sub-field can only be set to the total length of 1 bit: this field is used to indicate the length of the entire IP data packet, up to 65535 bytes, including the header and data identifier: uniquely identifies each datagram flag sent by the Host: divided into three fields, the reserved bits, non-Fragment Bits, and more bits are sequential.

Reserved Bit: usually set to 0 without sharding bit: indicates whether the datagram is sharded. If it is set to 1, it cannot be sharded. If it is to be sharded, it should be set to 0 more bit: Except for the last part, each part of the other data packet must be set to 1. segment offset: the offset TTL (Time to Live) of the shard relative to the start position of the original datagram. This field is used to indicate the lifecycle of the IP data packet, this prevents an infinite loop of data packets from being sent in the network. TTL indicates the maximum turnaround time of a packet in the network before it is discarded. Each router that passes through the data packet will check the value in this field. When the TTL value is 0, the data packet will be discarded. TTL corresponds to the number of data packets passing through a vro. Each time a data packet passes through a vro, TTL will subtract the 1 Protocol number to indicate which protocol header checksum is encapsulated in the IP data packet: the check result is a 16-bit error detection field. Each gateway in the target host and network needs to re-calculate the header checksum. If the header does not encounter any errors during transmission, the result calculated by the receiver should be 1, if the result is not all 1 (that is, check error), the IP will discard the received datagram for a long time, but will not generate an error message. The upper layer will discover the data and re-transmit the Source IP Address: this field is used to indicate the source address of the data packet. It refers to the network address of the device that sends the data packet. The target IP address is used to represent the destination address of the data packet, it refers to the network address of the receiving node. It is an optional variable length in the datagram. The option field always uses 32 bits as the wiring, and the value is inserted as 0 to fill the byte when necessary, this ensures that the IP header is always an integer multiple of 32 bits.

IP Route Selection

The IP routing mechanism used by most hosts:

If the target host is directly connected to the source host (such as a point-to-point link) or both are on a shared network (Ethernet or a licensing Ring Network), IP datagram is directly sent to the target host, otherwise, the host sends the datagram to a default vro and the vro forwards it.

Each item in the route table contains the following information:

Destination IP Address: It can be either a complete host address or a network address, which is specified by the flag field in this table: one flag indicates whether the destination IP address is the network address or host address, and the other indicates whether the next stop router is the real next stop router or whether a directly connected interface specifies a network interface for datagram transmission.

The IP route is selected on a hop-by-hop basis, and the IP address does not know the complete path to any destination (except for the direct connection of those fish hosts ), all IP routes only provide the IP address of the next router for datagram transmission. It is assumed that the next router is closer to the destination than the host that sends the datagram, And the next router is directly connected to the host.

IP Route Selection mainly includes the following functions:

1) search the route table to find a table that exactly matches the destination IP address (both the network number and host number must match). If yes, then, the packet is sent to the next router or directly connected network interface (depending on the value of the flag field) specified in this table. 2) search the route table, find a table that matches the destination network number. If yes, the packet is sent to the next-Stop router or directly connected network interface specified in the table (depending on the value of the flag field ). All hosts on the target network can use this table. 3) search the route table and find the table marked as "default. If the packet is found, the packet is sent to the next-Stop router specified in this table.

If none of the preceding steps are successful, the datagram cannot be transmitted. If the data that cannot be transmitted comes from the local machine, an "inaccessible host" or "inaccessible network" error is generally returned to the application that generates the data.

Specifying a vro for a network without having to specify a vro for each host is another basic feature of the IP routing mechanism. This can greatly reduce the number of Route tables. For example, there are only several thousand vrouters on the Internet, but not more than 1 million

IP address category

The Network part of the IP address is uniformly allocated by the Internet address allocation organization, which ensures the uniqueness of the IP address.

The ip address with a full value of 1 is the 255.255.255.255, which is called the restricted broadcast address, if it is used as the destination address of the data packet, it can be understood as 0.0.0.0, which indicates the ip address at startup, it indicates the IP address that has not been assigned

127 is used for local testing. Except 127.20.255, other addresses starting with 127 indicate local machines.

, Red indicates the network part, and Green indicates the host part.

Subnet addressing

All Hosts must support subnet addressing.

-If the IP address is regarded as A pure network number and A host number, A and B types of addresses allocate too much space for the master host number, the number of hosts that can be accommodated is 2 ^ 24-2 and 2 ^ 16-2 (except for all 0 and 1). However, there are not so many hosts in a network.

-The host number is now divided into a sub-network number and a host number. For example, for a Class B address, the first 16 digits are the network number, split the last 16-bit host numbers into eight-seat network numbers and eight-seat master host numbers. A subnet hides the details of an internal network organization (on campus or within the company) from an external router. In this way, the external router only needs to know the subnet number of the next hop route, and does not need to know the specific host number, which can greatly reduce the size of the route table.

Subnet Mask

The subnet mask (subnet mask) is also a sub-network mask. It is used to indicate which bits of an IP address identify the subnet where the host is located, and which bits identify the mask of the host bits. The subnet mask cannot exist independently. It must be used together with the IP address. The subnet mask has only one function, that is, dividing an IP address into a network address and a host address.

The subnet mask is also the network part of the IP corresponding to 32 binary bits. The Network part uses 1 to represent the host part of the corresponding IP address. The host part uses 0 to represent the IP address and the subnet mask for logic and operation to obtain the network address.

0 and any number phase is 0 1 and any number phase is equal to any number itself

An example of two different class B address subnet masks ,:

All Class a B C addresses have their own default subnet masks.

Class A 255.0.0.0 Class B 255.255.0.0 Class C 255.255.255.0

Given the IP address and subnet mask, the host can determine the purpose of IP datagram:

Hosts on the subnetwork hosts in other subnets in the current network hosts on other networks

TCP: Transmission Control Protocol

TCP provides a connection-oriented and reliable byte stream service

TCP provides full-duplex services, that is, data can be transmitted in two directions at the same time.

Connection-oriented means that two applications that use TCP (usually the client and the server) must establish a TCP connection before exchanging data with each other to ensure that both-way receiving and sending are normal.

TCP provides reliability through the following methods:

Application Data is divided into data blocks that TCP considers to be the most suitable for sending. The unit of information transmitted to the IP address is the Segment or Segment (Segment). When TCP sends a Segment, it starts a timer and waits for the target end to confirm receipt of the packet segment. If a confirmation cannot be received in time, it resends the packet segment when TCP receives data from the other end of the TCP connection, it will send a confirmation, this confirmation is not sent immediately, usually will be postponed for a few minutes TCP will keep its header and data validation. This is an end-to-end test to detect any changes in data during transmission. If the packet is verified and has errors, TCP discards the packet segment and does not confirm to receive the packet segment (expect the initiator to time out and re-issue). Since the TCP packet segment is transmitted as an IP datagram, the arrival of IP datagram may be out of order, so the arrival of TCP packet segments may also be out of order. If necessary, TCP will re-sort the received data, send the received data to the application layer in the correct order. Since the IP datagram will repeat, the TCP receiver must discard the duplicated data and TCP can provide traffic control. Each side of a TCP connection has a fixed buffer space. The TCP receiving end only allows the other end to send data that can be accepted by the receiving end buffer. This causes the buffer overflow of the slow host in a fast way.

TCP packet encapsulation

The source port number and target port number. The computer identifies the service to access through the port number, such as the http service or ftp service. The sender port number is a random port, and the target port number determines which program the receiver receives.

Source Port Number: port number corresponding to the TCP sending process. Target Port Number: Port Number of the target receiving process.

32-bit serial number: 0 ~ 2 ^ within the range of 32-1, the 32-bit serial number TCP uses the serial number to mark the packet so that it can be re-loaded after arriving at the destination. Assume that the current serial number is s and the length of the sent data is l, the serial number of the next data transmission is s + l. When a connection is established, a computer usually generates a random number as the initial value of the serial number.

32-bit confirmation number: 0 ~ 2 ^ within the range of 32-1, the sender confirms that all data segments before the sender's serial number have been received. Confirm the response number, which is the serial number of the data to be received next time. Assume that the serial number of the sender is s and the length of the sent data is l, then the confirmation response number returned by the receiver is also s + l. After receiving the confirmation response, the sender can think that all the data before this location has been normally received.

Header Length: the length of the TCP Header, in 4 bytes. If no field is available, the value here is 5. Indicates that the length of the TCP header is 20 bytes.

Control bit: TCP connections, transmission, and disconnection are all controlled by these six control bit

The cache of the PSH (push urgent bit) will be full, and the RST (reset bit) connection will be disconnected from the URG (urgent emergency bit) emergency signal. Valid only when the URG (urgent emergency) control bit is 1. The position of the end of the emergency data in the TCP data section. Generally, when communication is temporarily interrupted (for example, Ctrl + C) ACK (acknowledgement confirmation) is used as 1 to indicate the confirmation number. Confirm the valid bits of the serial number, indicating that the packet contains the confirmation information SYN (synchronous established online). When the TCP sets this value to 1, request to establish a connection to the FIN sending end completion bit, and propose that the disconnected party sets FIN to 1, indicating that the connection is closed. If the value is 1, the data is submitted and the request is disconnected.

Window value: indicates the number of data segments that can be received locally. The value size is variable. When the network is smooth, the window value increases to speed up transmission. When the network is unstable, this value can be reduced to ensure reliable transmission of network data. It is used to control traffic during TCP transmission.

Window Size: indicates how many 8-bit bytes can be accepted from the response number. If the window size is 0, you can send a window Test

16-bit checksum: Mainly used for error control. The calculation of TCP checksum includes the TCP Header, data, and other padding bytes. When sending TCP data segments, the sender calculates the checksum and performs another verification and calculation when the destination is reached. If the two verifications and the consistency indicate that the data is correct, otherwise the data will be damaged and the receiving end will discard the data.

TCP three-way handshake

To establish a TCP connection, follow these steps:

For the first handshake, host A sends A request to host B for connection through A data segment marked as SYN. The data segment tells host B that it wants to establish A connection and needs B to respond, it also tells host B the starting serial number for transmission. The second handshake is that host B uses A data segment that confirms the response ACK and synchronizes the serial number SYNC flag to respond to host, one is to send ACK to tell host A to receive the data segment, and the other is to notify host A to mark the serial number from. The third handshake is when host A confirms that it has received the data segment of host B and can start to transmit the actual data.

The connection is established between the three message segments. This process is also called a three-way handshake.

TCP's Four Waves

Three handshakes are required to establish a connection, and four handshakes are required to terminate a connection. This is caused by the semi-close of TCP.

A TCP connection is full-duplex (that is, data can be transmitted simultaneously in both directions), so each direction must be closed separately. This principle is that when one party completes its data sending task, it can send a FIN to terminate the link in this direction. When one end receives a FIN, it must notify the other end of the application layer that the data transfer in that direction has been terminated. Sending a FIN usually means that the application layer closes the result and receiving a FIN only means that there is no data flow on this side. A TCP connection can still send data after receiving a FIN

First, the party that closes (that is, sending the first FIN) will execute active close, while the other party (receiving this FIN) will execute passive close. Usually one party completes active close while the other party completes passive close

The client sends a FIN control bit to send a disconnect request to disable data transmission from the client to the server.

When the server receives the FIN, it sends back an ACK and confirms that the serial number is added to 1. Like SYN, a FIN occupies a serial number. The TCP server also sends a file terminator to the application (that is, the discard server, then the server program closes its connection client to confirm receipt of the server's closed connection request, send back a confirmation, and set the confirmation sequence number to receive the serial number plus 1

In this way, the typical handshake order of a connection is terminated. In the figure, sending FIN will cause the application to close their links. These FIN and ACK are automatically generated by the TCP software.

The connection is usually initiated by the client, so that the first SYN is sent from the client to the server, each end can actively close the connection (that is, send FIN first), usually the client determines when to terminate the connection, because customer processes are usually controlled by user interaction

UDP: User Datagram Protocol

UDP is a connectionless transport layer protocol that does not guarantee reliability. That is to say, the sender does not care whether the sent data arrives at the target host or whether the data is faulty, the host that receives the data does not tell the sender whether the data has been received. The reliability of the host is guaranteed by the upper-layer protocol.

The header is simple in structure and can realize minimum overhead during data transmission. If the process wants to send short messages but has low reliability requirements, you can use

UDP Header

The port number indicates the sending and receiving processes.

UDP length: refers to the length of UDP header and UDP data in bytes. The minimum value of this field is 8 bytes, including the length of the data, and the end position of the data can be calculated.

UDP checksum: overwrite the UDP header and UDP data, and control UDP errors (optional)

If the test result is 0, all values saved are 1 (65535), which is equivalent to binary anticode calculation. If the transfer test is 0, it indicates that the sending end has no calculation test and if the sending end has no calculation test and the receiving end detects the test and has errors, the UDP datagram will be quietly discarded, no error messages are generated (when the IP layer detects the IP header check and errors). The UDP test is an end-to-end test. It is calculated by the sender and then verified by the receiver. The aim is to find any changes to the UDP header and data between the sender and receiver.