This section briefly introduces the internal structure of TCP/IP and lays the foundation for discussion of Internet-related security issues. The TCP/IP protocol group is popular in part because it can be used on a variety of channel and underlying protocols such as T1 and X.25, Ethernet, and RS-232 serial interfaces. Specifically, the TCP/IP protocol is a group of protocols that includes the TCP protocol and the IP Protocol, the UDP (User Datagram Protocol) protocol, the ICMP (Internet Control message Protocol) protocol, and some other protocols.
Overview of the overall architecture of TCP/IP
The TCP/IP protocol does not fully conform to the seven-layer reference model of OSI. The traditional open System interconnection Reference Model is a 7-layer abstract Reference Model of communication protocol, in which each layer performs a specific task. The purpose of the model is to enable various hardware to communicate with each other at the same level. These 7 layers are: Physical layer, Data link layer, network layer, transport layer, channel layer, presentation layer and application layer. The TCP/IP protocol uses a 4-tier hierarchy, and each layer calls its next layer of network to fulfill its needs. These 4 layers are:
Application layer: A layer of communication between applications, such as simple e-mail transfer (SMTP), File Transfer Protocol (FTP), Network Remote Access Protocol (Telnet), and so on.
Transport layer: In this layer, it provides data transfer services between nodes, such as Transmission Control Protocol (TCP), User Datagram Protocol (UDP), and so on, TCP and UDP add data to the packet and transfer it to the next level, which is responsible for transferring data and determining that the data has been delivered and received.
Interconnection Network layer: responsible for providing the basic data packet delivery function, so that each packet can reach the destination host (but not check whether it is properly received), such as Internet Protocol (IP).
Network interface layer: The actual network media management, define how to use the actual network (such as Ethernet, serial line, etc.) to transmit data.
Protocols in TCP/IP
Here's a brief description of what the protocols in TCP/IP are capable of, and how they work:
1. Ip
Internet Protocol IP is the heart of TCP/IP and the most important protocol in the network layer.
The IP layer receives packets from a lower level (network interface layer such as an Ethernet device driver) and sends the packet to a higher---tcp or UDP layer; instead, the IP layer transmits packets received from TCP or UDP layers to lower levels. IP packets are unreliable because IP does nothing to confirm that packets are sent sequentially or are not corrupted. The IP packet contains the address (source address) of the host that sent it and the address (destination) of the host that received it.
High-level TCP and UDP services generally assume that the source address in the package is valid when receiving packets. It can also be said that IP addresses form the basis for the authentication of a number of services that believe that packets are sent from a valid host. IP confirmation contains an option called IP Source routing, which can be used to specify a direct path between a source address and a destination address. For some TCP and UDP services, the IP packet that uses the option is passed over from the last system on the path, not from its real location. This option exists for testing purposes, indicating that it can be used to spoof the system for normally blocked connections. Then, many services that rely on the IP source address for confirmation will cause problems and will be hacked illegally.
2. TCP
If there are already sealed TCP packets in the IP packet, then IP will send them ' up ' to the TCP layer. TCP sorts packets and makes error checking, while implementing connections between virtual circuits. TCP packets include ordinal and acknowledgment, so packets that are not received sequentially can be sorted, and corrupted packages can be sent back.
TCP sends its information to higher-level applications, such as Telnet's service program and client programs. Applications take turns sending information back to the TCP layer, and the TCP layer sends them down to the IP layer, device drivers and physical media, and finally to the receiver.
Connection-oriented services, such as Telnet, FTP, rlogin, X windows, and SMTP, require a high degree of reliability, so they use TCP. DNS uses TCP (sending and receiving domain name databases) in some cases, but uses UDP to route information about a single host.
3.UDP
UDP is on the same level as TCP, but the packet is in the wrong order or is being sent back. Therefore, UDP is not applied to connection-oriented services that use virtual circuits, and UDP is used primarily for services that query-oriented---answering, such as NFS. Compared to FTP or telnet, these services need to exchange less information. Services that use UDP include NTP (Network Time Protocol) and DNS (DNS also uses TCP).
Spoofing a UDP packet is easier than spoofing a TCP packet because UDP does not establish an initialization connection (also known as a handshake) (because there is no virtual circuit between the two systems), that is, the UDP-related services are at greater risk.
4.ICMP
ICMP is at the same level as IP, and it is used to transfer control information for IP. It is used primarily to provide path information about the destination address. ICMP ' Redirect ' information informs the host of more accurate paths to other systems, while ' unreachable ' information indicates a problem with the path. In addition, if the path is not available, ICMP can cause the TCP connection to terminate ' gracefully '. Ping is the most commonly used ICMP based service.
5. TCP and UDP port structure
TCP and UDP services typically have a client/server relationship, for example, a Telnet service process begins to be idle on the system and waits for a connection. The user uses the Telnet client to establish a connection with the service process. The client program writes information to the service process, the service process reads out the information and responds, and the client reads the response and reports to the user. Thus, the connection is duplex and can be used for reading and writing.
How the multiple Telnet connections between the two systems are mutually acknowledged and coordinated. A TCP or UDP connection uniquely uses the following four items in each message to confirm:
The IP address of the packet to which the source IP address is sent.
The destination IP address receives the packet's IP address.
The port of the connection on the source port source system.
Destination port the port to which the connection is on the system.
A port is a software structure that is used by client programs or service processes to send and receive information. A port corresponds to a 16-bit number. Service processes typically use a fixed port, for example, SMTP uses 25, Xwindows uses 6000. These port numbers are ' well known ' because they require these addresses and destination addresses to communicate when establishing a connection to a particular host or service
The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion;
products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the
content of the page makes you feel confusing, please write us an email, we will handle the problem
within 5 days after receiving your email.
If you find any instances of plagiarism from the community, please send an email to:
info-contact@alibabacloud.com
and provide relevant evidence. A staff member will contact you within 5 working days.
