TCP/IP (2)

I. ARP: Address Resolution Protocol
First look:

    C:\Documents and Settings\xiaoj>arp -a    Interface: 192.1.8.84 on Interface 0x1000003    Internet Address Physical Address Type    192.1.8.12 00-0b-cd-03-c4-27 dynamic    192.1.8.15 00-0d-9d-93-09-f5 dynamic    192.1.8.18 00-e0-18-c1-86-3d dynamic    192.1.8.26 00-80-2d-78-4f-81 dynamic    192.1.8.33 00-0b-cd-0f-a4-c5 dynamic    192.1.8.38 00-30-6e-36-5f-99 dynamic    192.1.8.86 00-0b-cd-b8-0c-ae dynamic    192.1.8.247 00-50-ba-e5-20-af dynamic    192.1.8.248 00-0d-56-19-ba-56 dynamic

The first column displays the IP address of the host, and the second column displays the MAC address of the NIC of the host.
ARP provides dynamic ing between IP addresses and corresponding hardware addresses. This process is generally completed automatically by the system. ARP sends an ARP request to the host on the Ethernet. The request contains the IP address of the destination host, which means "if you are the owner of this IP address, please answer your hardware address ". When the ARP layer of the target host receives the broadcast packet, it identifies that the sender is asking for its IP address, and then sends an ARP response, this ARP response includes the IP address and the corresponding hardware address.

Ii. ARP grouping format

　

Ethernet destination address 6

Ethernet source address 6

Frame Type 2

Hardware type 2

Protocol type 2

Hardware address Length 1

Protocol address length 1

Request Response 1

Sender hardware address 6

Sender IP Address 4

Destination hardware address 6

Destination IP address 4

First look at the definition:
// ARP Header

Struct arphdr (u_short ar_hrd; // hardware u_short ar_pro; // protocol u_char ar_hln; // hardware address length u_char ar_pln; // Protocol address length u_short ar_op; // request or response u_char arp_sha [6]; // the sender's hardware address u_char arp_spa [4]; // the sender's IP address u_char arp_tha [6]; // destination hardware address u_char arp_tpa [4]; // destination IP address u_char arp_zero [18]; // fill field };

Note: ◆ Special IP addresses with all Ethernet destination addresses 1 are broadcast addresses.
◆ The corresponding value of ARP for Ethernet frames is 0x0806.
◆ The hardware type indicates the hardware address type, and the Ethernet is 1.
◆ The protocol type field indicates the Protocol address type to be mapped. The IP address value is 0x0800.
◆ Hardware address length: Ethernet is 6.
◆ Protocol address length: Ethernet is 4, that is, the IP address length.
◆ Operation field: ARP request = 1, ARP response = 2, RARP request = 3, RARP response = 4.
◆ When the system receives an ARP request message from the target machine, it fills in the hardware address and replaces the two Sending addresses with the two destination addresses respectively, set the operation field to 2 and send it out.
Iii. ARP Proxy:
If an ARP request is sent from one network host to another, the router connecting the two networks can answer the request. This process is called an ARP proxy, in this way, the sender of the ARP request can be spoofed to think that the router is the target host.
4. Free ARP
When the host starts, ARP is sent to find its own IP address. The main function is:
1. Check whether the IP address is the same on the network.
2. Update the ARP cache.
V. RARP: The Reverse Address Resolution Protocol, which is not detailed here.
RARP is generally used for diskless workstation. IP addresses are queried Based on the hardware address.
The format of the RARP group is the same as that of the ARP group.
6. ICMP protocol: Internet Control Packet protocol:
ICMP is often considered an integral part of the IP layer. It transmits error messages and other precautions. ICMP packets are usually used by the IP layer or higher layer protocol (TCP or UDP. ICMP packets are transmitted inside the IP datagram. ICMP packet error message and query message. The message format is as follows:

　

8-bit type	8-bit code	16-bit Inspection
Different Types and codes have different contents.

Type fields can have 15 different values (0, 3-5, 8-18 ). Some packets also use code fields to further describe different conditions. The test and field overwrite the entire ICMP packet, which is the same as the IP header test and algorithm.

ICMP error messages are not generated in the following cases:
◆ ICMP error message
◆ The target address is a broadcast address or multicast address.
◆ As a link layer Datagram
◆ It is not the first IP segment.
◆ The source address is not a datagram of a single host, that is, the source address cannot be a 0 address, loop address, broadcast address, or multicast address

VII. ICMP address mask requests and responses:
The ICMP address mask request is used for the diskless system to obtain its own subnet mask during the boot process, and the system broadcasts its ICMP request packets. The formats of ICMP address mask requests and response packets are as follows:

　

Type (17 or 18)	Code (0)	Inspection
Identifier		Serial number
32-bit Subnet Mask

The identifier and serial number in the ICMP message are set by the sender. These values will be returned in the response.

Struct icmp_mask {unsigned char icmp_type; // type unsigned char icmp_code; // code unsigned short icmp_checksum; // check and unsigned short icmp_id; // identifier unsigned short icmp_sequence; // serial number unsigned long icmp_mask; // 32-bit subnet mask };

Note: RFC stipulates that an address mask response cannot be sent unless it is an authorized proxy of the address mask.
The results of sending an Address Mask Request to the local IP address and the loopback address are the same.

8. ICMP timestamp request and response:
The ICMP timestamp request allows the system to query the current time from another system, and returns the number of milliseconds counted from midnight. The caller must use other methods to obtain the current time.
The formats of ICMP timestamp requests and response packets are as follows:

　

Type (13 or 14)	Code (0)	Inspection
Identifier		Serial number
Launch Timestamp
Receive Timestamp
Transfer Timestamp

The requester fills in the initiation Timestamp and sends the message. The receiving timestamp is entered when the system receives the message, and the sending timestamp is entered when the system sends the response. In fact, most implementations generally set the last two fields to the same.

Struct icmp_time {unsigned char icmp_type; // type unsigned char icmp_code; // code unsigned short icmp_checksum; // check and unsigned short icmp_id; // identifier unsigned short icmp_sequence; // serial number unsigned long icmp_request_time; // initiate a timestamp unsigned long icmp_receive_time; // receive timestamp unsigned long icmp_send_time; // transfer timestamp };

9. ICMP port inaccessibility Error
If the host receives a UDP datagram and the destination port is in use with a process, UDP returns an ICMP inaccessibility packet. The message format is as follows:

　

Type 3	Code (0-15)	Inspection
Reserved (must be 0)
The first 8 bytes of data in the IP header + original IP Datagram

When the code is 4, the path MTU discovery mechanism allows the router to enter the MTU of the outbound interface in this 32bit low 16 bit.

Struct icmp_unreach {unsigned char icmp_type; // type unsigned char icmp_code; // code unsigned short icmp_checksum; // check and unsigned long icmp_zero; // retain unsigned char icmp_ip [28]; // IP header + the first eight bytes of the original IP datagram, that is, address information}