Original: http://ayufox.iteye.com/blog/642266
Note: This article is based on the Ethernet
0. Preparatory work
1) Tools
Ethereal 0.99.0: Grab Bag
Wget: Avoid interference from multiple HTTP, use wget to access Web pages
2) Prepare/Run
- Close other programs (such as QQ) that may generate network requests
- Clear ARP cache: arp–d
- Clear local DNS cache: Ipconfig/flushdns
- Open ethereal, remove the Mixed mode option (remove the following tick), start to grab the bag
- Visit: wget http://www.sina.com.cn
- Stop Ethereal Grab Bag
1.TCP/IP Protocol Family
- Network interface layer (data link layer): Includes Ethernet protocol and two auxiliary protocols: ARP (Address Resolution Protocol) and RARP (anti-Address Resolution Protocol)
- Network layer: Includes IP protocol and two auxiliary protocols: ICMP (Internet Control Message Protocol), IGMP (Internet Group Management Protocol)
- Transport Layer: TCP/UDP protocol
- Application layer: Ftp/snmp/smtp ...
2. Network interface layer (data link layer) and ARP
Presumably, when we visit the Web page, the first step of course is through the DNS server to resolve the domain name to an IP address, the DNS service IP at the time of network startup has been obtained (Ipconfig/all can see), then through the routing table (see part 3rd) can be found, To reach the DNS server needs to pass through the Gateway (192.168.0.1), then, send out the package, how does the 192.168.0.1 gateway know this package is sent to it?
We know that Ethernet logically belongs to the bus structure, send a packet on the Ethernet, then all the hosts in the LAN will receive the packet, if each packet is so layer by layer to pass on, of course, will waste those who are not interested in the package of the host computing Resources (CPU), Therefore, the network card (interface layer) only filter the destination address is the local address (network card address) or the destination address is the broadcast address of the data frame (of course, we can also set the operating mode of the network card is mixed mode, when all the packets can receive), therefore, The gateway handles the packet (route forwarding) as long as we send the destination card address to the 192.168.0.1 Gateway's network card address. However, this raises another question, how does this machine get the network card address of the gateway?
The network interface layer has already prepared a protocol for this: ARP Address Resolution Protocol. For example, we find that the first to send an ARP broadcast request (the network card address is FF:FF:FF:FF:FF:FF), all hosts within the LAN receive the request, it will be determined that if the IP address specified by ARP is the same as the local, send a response, otherwise it is ignored. For example, 2 in the Gateway 192.168.0.1 reply 192.168.0.150 itself IP
3. Routing
How does a host/router determine how a package is sent or forwarded?
Routes can be divided into two topics: routing lookups and routing updates.
1) Routing Lookup
The routing lookup determines how the package is routed, and the following command can be used to obtain the current routing table information:
Netstat–rn
As on the topic, When our packets to the DNS server 202.96.128.86, through the route table, we can see that there is no route record matching the IP, so eventually this request packet will be sent to the default gateway 192.168.0.1, and 192.168.0.1 will maintain its own routing table, and through the layer forwarding, and eventually Passing package data to 202.96.128.86
2) Routing Updates
In order to ensure that the data uses a more reasonable route, or because some routing nodes are disconnected, the data can be delivered to the destination using other routes, or the router can intelligently initialize a reasonable routing table after startup, there must be some means between routers to exchange routing information to maintain routing updates. Generally there are the following agreements:
- Rip:routing Information Protocol, autonomous systems (such as a corporate network or a school network system) routing update protocol between routers
- Ospf:open shortest Path First, used to replace RIP protocol
- Bgp:border Gateway Protocol, protocol for exchanging routing information between backbone routers
By two means, the host/router will be able to ensure that the data is eventually sent to the destination in a more reasonable manner.
4.DNS
1) DNS parsing process
When we access the Web through the domain name, how to deal with it eventually?
As above, the host queries the DNS server for the IP of the corresponding domain name by sending a DNS request. DNS is a hierarchical structure to organize all the domain names, as follows is a possible organizational structure
Root DNS
|
|
Local DNS (202.96.128.86)--sina DNS
|
|
Local (192.168.0.150)
When our local NIC is initialized, we can get to the local network provider's DNS Server (202.96.128.86, which can be seen through Ipconfig/all), first local DNS The server requests www.sina.com.cn domain name resolution. DNS requests can be recursive or non-recursive, for recursive DNS requests, the DNS server must return IP queries for the final domain name to the requester, and for non-recursive DNS requests, DNS server can return only the IP of the next DNS resolution server. For example, local DNS sends a recursive DNS request to local DNS, which first gets the resolution of the domain name from the cache, and if not, local DNS can send a non-recursive request to root DNS (for root DNS, Only allow non-recursive DNS requests), Root DNS does not know the resolution of the domain name, but it knows that Sina DNS can resolve the domain name, then the local DNS receives Root DNS return results, then to the Sina DNS request, the final Sina DNS returns the resolved IP of www.sina.com.cn.
2) How to implement CDN with DNS
With the CDN (Content Delivery Network), we can give users access to the server closest to the user for better response times. So how do you use DNS to implement a CDN?
Suppose we are in Shanghai/Beijing/Shenzhen/Chengdu in four directions there are some servers to provide services, then when the Shanghai user initiated the request, we certainly want users to visit the server in Shanghai, then how to do? It can be done with DNS parsing. First Shanghai users through the Shanghai network provider's local DNS query IP, then the local DNS to Sina DNS to ask for the corresponding IP domain name, it is very simple, Sina DNS can get to the local DNS IP know its location, At this point, you can respond to the IP of a Shanghai server to local DNS.
5.TCP interaction
Now that everything is ready, we get the IP address of the www.sina.com.cn and can start sending the request
1) 3-time handshake
First the connection is established through the 3 handshake process, the local host sends a connection request first (such as the 5 SYN request), the server receives the connection request, sends the Acknowledgment + connection request (Syn,ack) to the client, and the local host makes an acknowledgment (ACK) to the server's SYN request. The two sides shook hands 3 times to complete.
2) Data transfer
After the handshake is complete, you can begin to transfer data, such as the two sides begin to interact with the data, note the above several important parameters:
- SEQ=104, which is equivalent to the identity of a connection, the request to send/respond to this connection carries the identity
- ack=2905, which indicates that a 2,904-bit packet has been received so far, expects to get 2905 of the package
- win=65340, the current window size, for flow control, the sender will generally send several packets to the receiver, the receiver tells the sender of the current "window" (can be understood as the buffer area for this connection) and how much, the sender if the Discovery window is 0, will stop sending, waiting for the receiver's confirmation/ The window updates the message. It is important to note that if we open the Nagle algorithm, the sender will always wait for the acknowledgement message before sending the next message.
3) 4-Time Handshake termination connection
We would be surprised to find that the connection is using a 3-time handshake, and the shutdown is actually 4 times, because TCP is a full-duplex mode, that is, we can only turn off one-way data passing through the 2 handshake process, while the other direction of delivery can still continue. Another way to terminate the connection is to send the RST reset request, and we can see the difference between the two ways below.
4) TCP Status change
The following States of TCP are more important: established, time_wait, close_wait, we observe the change of state through the Tathagata
(CLOSED) Client-----SYN-----? Server (LISTEN)
(Establish ED) Client? syn+ack--Server (CLOSED)
(established) Client----ACK-----? Server (established)
- In the process of data transmission, of course, continue to maintain the state of establish
(fin_wait) A----FIN-----> B (close_wait)
(fin_wait) A <---ACK-----B (close_wait)
(time_wait) A <---FIN-----B (Last_ack)
(time_wait) A----ACK----> B (CLOSED)
We can see that the initiative to launch off the end of a very unlucky, although the connection has been closed, but it must also maintain the state of time_wait, why? Because a cannot confirm whether B actually received the ACK request it sent last, it must wait to ensure that B does not resend the fin request because it did not receive a request for a. A will wait for 2MSL (Max Segment Lifetime, which is twice times the maximum lifetime of the packet, that is, the maximum time to go back to the package, generally 1MSL is 30 seconds, 1 minutes or 2 minutes, depending on the operating system or configuration). During the time_wait, the FD of this socket can not be reused, if we find that too many open file appears in the system and we see a lot of TCP connections with time_wait status, this is probably the case. Therefore, for the service-side implementation, in order to avoid the occurrence of time_wait, should try to avoid the active shutdown of the connection should be initiated by the client. Another way to deal with this situation is to use the RST (Reset, the So_linger option of the socket is to use RST to close the connection) instead of fin to close the connection, for the use of the RST way, Whether or not the package has not been sent out or if the other party has received, immediately reset the connection, this time we may see the connection reset by peer error.
Diagram of TCP/IP protocol