TCP/IP protocol Basics

Source: Internet
Author: User
Tags domain name server file transfer protocol
TCP/IP protocol Basics

--------------------------------------------------------------------------------

1. TCP/IP protocol stack

Layer-4 Model
The TCP/IP protocol follows a four-layer model concept: application layer, transport layer, Interconnection layer, and network interface layer.

Network Interface Layer
The basic layer of the model is the network interface layer. Sends and receives data frames. frames are independent network information transmission units. The Network Interface Layer places frames on the Internet or retrieves frames from the Internet.

Interconnection layer
The Interconnection protocol encapsulates data packets into Internet data packets and runs necessary routes.Algorithm.
There are four interconnection protocols:
Internet Protocol IP Address: responsible for addressing and routing data packets between the host and the network.
Address Resolution Protocol ARP: Obtain the address of the hardware host in the same physical network.
Internet Control Message Protocol ICMP: sends messages and reports transmission errors of packets.
Internet Group Management Protocol (IGMP): IP host used to report group members to a local multicast router.

Transport Layer
The Transport Protocol provides communication sessions between computers. The selection of transmission protocols depends on the data transmission mode.
Two transmission protocols:
Transport Control Protocol TCP: For applicationsProgramProvides reliable communication connections. It is suitable for transmitting a large amount of data at a time. It is applicable to applications that require responses.
User Datagram Protocol (UDP): provides connectionless communication and does not guarantee reliable transfer packets. It is suitable for transmitting a small amount of data at a time, and the reliability is the responsibility of the application layer.

Application Layer
Applications access the network through this layer.

Network Interface Technology
The IP uses the network device interface specification (NDIS) to submit frames to the network interface layer. IP addresses Support WAN and domestic network interface technologies.

Serial Line Protocol
TCP/IPG generally transmits data over the serial line protocol slip or Point-to-Point Protocol PPP over the Internet. (Do we usually call it asynchronous communication? If you want to use Linux to establish remote connections, you should study this knowledge )?

2. ARP

To communicate over the network, the host must know the hardware address of the host to which the host belongs (we are not familiar with the physical address of the NIC ). Address Resolution is the process of ing Host IP addresses into hardware addresses. Address Resolution Protocol ARP is used to obtain the hardware address of a host on the same physical network.

Explain the local IP address (a friend who wants to know about the address resolution process is ready)
Host IP address resolved to hardware address:
(1) initiate an ARP request when a host needs to communicate with another host. When the IP address determines that the IP address is local, the source host searches for the hardware address of the target host in the ARP cache.
(2) If no ing is found, ARP creates a request, and the source host IP address and hardware address are included in the request. The request is broadcast, allows all local hosts to receive and process data.
(3) Each host on the local network receives a broadcast and finds a consistent IP address.
(4) When the target host determines that the IP address in the request is consistent with its own, it directly sends an ARP reply and transmits its hardware address to the source host. Update the ARP cache with the IP address and hardware address of the source host. After receiving the answer, the source host establishes communication.

Resolve remote IP addresses
Hosts in different networks communicate with each other. ARP broadcasts the default gateway of the source host.
If the target IP address is a remote network host, ARP broadcasts the IP address of a vro.
(1) When initiating a Communication Request, the target IP address is known as a remote address. The source host is located in the local routing table. If no, the source host considers it as the IP address of the default gateway. Find the IP address (hardware address) that matches the gateway record in the ARP cache ).
(2) If no record is found for the gateway, ARP broadcasts the request to the gateway address instead of the address of the target host. The router uses its own hardware address to respond to the source host's ARP request. The source host sends data packets to the vro to transmit the packets to the network of the target host, and finally reaches the target host.
(3) On the vro, the IP address determines whether the destination IP address is local or remote. If it is local, the router uses ARP (cache or broadcast) to obtain the hardware address. If it is remote, the router searches for the gateway in its route table, and then uses ARP to obtain the hardware address of the gateway. Data packets are directly sent to the next target host.
(4) The target host generates an ICMP response after receiving the request. Because the source host is on the remote network, the gateway of the source host network will be searched in the local routing table. After finding the gateway, ARP gets its hardware address.
(5) If the hardware address of the gateway is not in the ARP cache, it is obtained through ARP broadcast. Once it obtains the hardware address, the ICMP response is sent to the vro and then to the source host.

ARP cache
To reduce the broadcast volume, ARP saves the address ing in the cache for backup. The ARP cache stores Dynamic and Static items. Dynamic items are automatically added and deleted, and static items are retained in the cache until Calculation
Server restart.

The ARP cache always retains the hardware broadcast address (0 xffffffffffffh) as a permanent item for the local subnet.
This enables the host to accept ARP broadcasts. This item is not displayed when you view the cache.
The lifecycle of each ARP cache record is 10 minutes, and is deleted if it is not used within 2 minutes. When the cache capacity is full, delete the oldest records.

Add static (permanent) records
You can add static ARP entries to reduce the number of ARP requests to access the host.

ARP packet structure
The ARP structure fields are as follows:
Hardware type-the hardware used (network access layer) type.
Protocol type-the protocol used in the parsing process uses an ethereum value.
Hardware address length: the length of the hardware address in bytes. For Ethernet and card ring, the length is 6 bytes.
Protocol address length: the length of the Protocol address byte. The IP address length is 4 bytes.
Operation number -- specify the field for the current operation.
The sender's hardware address: the sender's hardware address.
The Protocol address of the sender-the Protocol address of the sender.
Destination hardware address: the destination hardware address.
Destination Protocol address: the Protocol address of the target.

3. ICMP and IGMP

Internet Control Message Protocol ICMP is used to report errors and control messages on behalf of IP addresses.
The IP address uses the IGMP protocol to tell the router that there are available hosts in the Guidance Group on a network.

ICMP
ICMP Source suppression message: When the TCP/IP host sends data to another host, if the speed reaches the saturation of the router or link, the router sends an ICMP Source suppression message.

ICMP packet structure
Type: an 8-bit field indicating the ICMP data packet type.
Code: An 8-bit code field, indicating a function of the specified type. If one type has only one function, the code field is set to 0.
Check: A 16-bit check on the ICMP part of the data packet.
The additional data of the specified type changes with each ICMP type.

IGMP
IGMP information is sent to other routers so that each vro supporting multi-channel broadcasting knows which host group and which network.

IGMP Package Structure
Version: IGMP version. The value is generally 0x1 h.
Type: IGMP message type. The 0x1 H type is a host Member request. It is used on a multicast router to specify that any member in a multi-level group polls a network. The 0x2 H type is called host Member report. It is used to publish members in a specified group on the host or to answer requests from host members of a vro.
Unused: unused domain names are set to zero by the sender and ignored by the recipient.
Test: A 16-bit test of the IGMP header.
Group address: the host uses this group address to store IP multicast addresses in a host Member request. In host Member requests, the Group address is set to zero, and the hardware-level multi-channel broadcast address is used to mark the Host group.

4. IP

IP is a connectionless protocol. It is mainly responsible for addressing between hosts and setting routes for data packets. It does not establish a session before data is exchanged. Because it does not guarantee correct transmission, on the other hand, when the data is received, the IP address does not need to be confirmed, so it is unreliable.
Some fields will be appended to the data packet when the data is transferred from the transport layer. Let's look at these fields:
Source IP Address: Use the IP address to determine the datagram sender.
Destination IP Address: Use the IP address to determine the destination of the datagram.
Protocol: indicates whether the IP address of the target machine sends packets to TCP or UDP.
Check and: a simple mathematical computation used to verify the integrity of the received package.
TTL survival effective time: specifies the time (in seconds) on the network before a datagram is discarded ). It avoids endless loops of packets in the network. The router will decrease the TTL based on the time when the data stays in the router. When a data packet passes through a vro, TTL is reduced by at least one second.
According to the ARP knowledge we mentioned earlier, if the IP address destination is a local address, the IP address directly transmits the packet to that host. If the destination address is a remote address, the IP address searches for the route of the remote host in the local route table (it seems that we usually dial 114 ). If a route is found, the IP uses it to send packets. If it is not found, the data packet will be sent to the default gateway of the source host, also known as the router. (I have been defining gateways and routers for many times. In fact, I don't think the concept of failover is always the case. Now there are more and more products integrated with hardware and software. At the moment, it is very clear, as long as we use it to solve practical problems .)
In this way, when the router receives a packet, the packet is forwarded to the IP Address:
(1) if the traffic is congested (which sounds terrible), the packet stops in the router, and the TTL is at least reduced by 1 or more. If it drops to 0, the package will be discarded.
(2) If the package for the next network is too large, the IP address will split it into several packets.
(3) If the package is decomposed, the IP creates a new header for each new package, which includes a flag to show other packets behind it; a packet ID, used to determine that all packets are together. A packet offset is used to tell the receiving host how to re-combine them.
(4) A new test for IP computing.
(5) the IP address is used to obtain the target hardware address of a route.
(6) IP Forwarding packet.
In the next host, packets are sent to TCP or UDP. Each vro must repeat the process. Until the package reaches the final destination. When the package arrives at the final destination, the IP address is assembled into the original package.

5. TCP

TCP is a reliable connection-oriented transmission service. It performs data transmission in segments, and the host must establish a session to exchange data. It uses bitstream communication, that is, data is used as a non-structured byte stream.
Specify the sequence number for each TCP transmission field to obtain the reliability. If a segment is divided into several segments, the receiving host will know whether all segments have been received. Send a response to confirm that other hosts have received the data. For each small segment sent, the receiving host must return a confirmation at a specified time. If the sender does not receive the confirmation, the data will be re-sent; if the received data packet is damaged, the receiving host will discard it because the confirmation is not sent, and the sender will resend the segment.

Port
The sockets utility uses a protocol port number to indicate the uniqueness of its own application. Port can use any number between 0 and 65536. When a service request is sent, the operating system dynamically assigns a port number to the client application.

Socket
A socket is similar to a file handle because it serves as the end point of network communication. An application generates a socket by defining three parts: the Host IP address, service type (connection-oriented service is TCP, and connection-free service is UDP), and the port used by the application.

TCP port
The TCP port provides a specific location for information transmission, and the port number smaller than 256 is defined as a common port.

TCP three-way handshake
TCP dialogs are initialized through three handshakes. The three-way handshake aims to synchronize the sending and receiving of data segments, tell other hosts the data volume they can receive at a time, and establish a virtual connection.
Let's take a look at the simple process of the three handshakes:
(1) initialize the host to send a session request through a data segment of the synchronization flag.
(2) the receiving host sends a response by sending back data segments with the following items: the sequence number of the Start byte of the data segment to be sent, and the response carries the sequence number of the next data segment to be received.
(3) request the host to send another data segment with the sequence number and serial number.

TCP Sliding Window
The TCP sliding window is used to store data to be transferred between two hosts, which is a bit similar to cache.
Each TCP/IP host has two sliding windows: one for receiving data and the other for sending data.

6. UDP

User Datagram Protocol UDP provides the connectionless datagram service. It is applicable to applications that do not require a response and generally send only a small amount of data at a time.

UDP port
The port is used as a multiplexing message queue.
15 netstat network status
53 Domain Name Server
69 TFTP normal File Transfer Protocol
137 NETBIOS-NS NetBIOS Command Service
138 NETBIOS-DGM NetBIOS datagram Service
161 SNMP Network Monitor
--------------------------------------------------------------------------------

Implement IP routing

1. Introduction to IP routing

A route is the process of selecting a data packet transmission path. When the TCP/IP host sends an IP packet, the route appears and appears again when it reaches the IP router. A router is a device that sends data packets from one physical network to another. A router is usually called a gateway. For the sent host and router, you must decide where to forward data packets. When determining the route, the IP layer queries the route table in the memory.
(1) When a host tries to communicate with another host, the IP address first determines whether the target host is a local network or a remote network.
(2) If the target host is a remote network, the IP address queries the route table to select a route for the remote host or remote network.
(3) If no clear route is found, the IP address uses the default gateway address to transmit data to another router.
(4) In the vro, the route table is the remote host or network query route again. If no route is found, the packet is sent to the default gateway address of the vro.
Each time a route is found, the data packet is transferred to the next-level router, which is called a "Hop" and finally sent to the target host.
If no route is found, the source host receives an error message.

--------------------------------------------------------------------------------

TCP/IP Protocol Introduction

TCP/IP communication protocol

This section briefly introduces the internal structure of TCP/IP and lays the foundation for discussing Internet-related security issues. TCP/IP protocol groups are popular in part because they can be used on a variety of channels and underlying protocols (such as T1 and X.25, Ethernet, and RS-232 serial interfaces. Specifically, TCP/IP is a set of protocols, including TCP and IP, UDP (User datainprotocol), and ICMP (Internet Control Message Protocol) protocol and other protocol groups.

Overview of TCP/IP architecture

The TCP/IP protocol does not fully comply with the OSI Layer-7 Reference Model. The traditional Open System Interconnection Reference Model is a layer-7 abstract reference model of communication protocols, where each layer executes a specific task. This model aims to make various hardware communicate with each other at the same level. These seven layers are: physical layer, data link layer, network layer, transmission layer, voice layer, presentation layer and application layer. The TCP/IP communication protocol uses a layer-4 hierarchy. Each layer calls the network provided by its next layer to meet its own needs. The four layers are:

Application Layer: layer for communications between applications, such as simple Email transmission (SMTP), file transfer protocol (FTP), and network remote access protocol (Telnet.

Transport Layer: In this layer, it provides data transmission services between nodes, such as transmission control protocol (TCP) and User Datagram Protocol (UDP, TCP and UDP add transmitted data to the data packet and transmit it to the next layer. This layer is responsible for transmitting data and confirming that the data has been delivered and received.

Interconnect Network Layer: provides basic data packet transmission functions so that each data packet can reach the target host (but does not check whether it is correctly received), such as Internet Protocol (IP ).

Network Interface Layer: manages the actual network media and defines how to transmit data using the actual network (such as Ethernet and serial line.
Protocols in TCP/IP

The following is a brief introduction of what functions are available in TCP/IP protocols and how they work:

1. IP

Internet Protocol IP is the heart of TCP/IP and the most important protocol in the network layer.

The IP layer receives a packet from a lower layer (network interface layer, such as an Ethernet device driver) and sends the packet to a higher layer-TCP or UDP layer, the IP layer also sends packets received from the TCP or UDP layer to the lower layer. IP packets are unreliable because the IP does not do anything to confirm that the packets are sent in order or are not damaged. An IP packet contains the address (source address) of the host that sent the packet and the address (Destination Address) of the host that received the packet ).

When receiving data packets, high-level TCP and UDP services generally assume that the source address in the packet is valid. It can also be said that IP addresses form the authentication basis for many services. These services believe that data packets are sent from a valid host. IP validation contains an option called IP source routing, which can be used to specify a direct path between the source address and the destination address. For some TCP and UDP services, the IP packet with this option is transmitted from the last System in the path, rather than from its actual location. This option exists for testing, indicating that it can be used to fool the system for a normally prohibited connection. Therefore, many services that rely on the IP Source Address for confirmation will have problems and will be illegally infiltrated.

2. TCP

If an IP packet contains a TCP packet that has been blocked, the IP will send them to the upper layer. TCP sorts packets and checks errors to connect virtual circuits. TCP packets include serial numbers and validation, so packets not received in order can be sorted, and damaged packets can be re-transmitted.

TCP sends its information to higher-level applications, such as telnet service programs and customer programs. Applications send information back to the TCP layer in turn, and the TCP layer forwards them down to the IP layer, device drivers and physical media, and finally to the receiver.

Connection-oriented services (such as telnet, FTP, rlogin, X Windows, and SMTP) require high reliability, so they use TCP. In some cases, DNS uses TCP (sending and receiving domain name databases), But UDP is used to transmit information about a single host.

3. UDP

UDP and TCP are on the same layer, but the packet sequence is incorrect or resend. Therefore, UDP is not applied to connection-oriented services that use virtual circuits. UDP is mainly used for query-oriented services, such as NFS. Compared with FTP or telnet, these services require less information to be exchanged. Services that use UDP include NTP (Network-Based Time Protocol) and DNS (DNS also uses TCP ).

Spoofing UDP packets is easier than spoofing TCP packets because UDP does not establish an initial connection (also known as a handshake) (because there is no virtual circuit between the two systems). That is to say, UDP-related services face greater risks.

4. ICMP

ICMP and IP are on the same layer. It is used to transmit control information of IP addresses. It is mainly used to provide information about the path to the destination address. ICMP's 'redirection' information notifies the host of a more accurate path to other systems, while the 'unreachable' information indicates that the path is faulty. In addition, if the path is unavailable, ICMP can terminate the TCP connection in a decent manner. Ping is the most common ICMP-based service.

5. TCP and UDP port structure

TCP and UDP services usually have a relationship between customers and servers. For example, a Telnet service process starts to be idle on the system and waits for a connection. The user uses the Telnet client program to establish a connection with the service process. The customer program writes information to the service process. The service process reads the information and sends a response. The customer program reads the response and reports it to the user. Therefore, this connection is duplex and can be used for reading and writing.

How are the multiple Telnet connections between the two systems confirmed and coordinated? The TCP or UDP connection uniquely uses the following four items in each information for confirmation:
Source IP address --- the IP address of the package to be sent.
Destination IP Address: the IP address of the receiving package.
Source Port: the port connecting to the source system.
Destination Port: the port connecting to the destination system.

A port is a software structure used by a client program or service process to send and receive information. A port corresponds to a 16-bit number. A service process usually uses a fixed port, for example, SMTP uses 25 and xwindows uses 6000. These port numbers are 'widely known 'because they need to communicate with the destination address when establishing a connection with a specific host or service.

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.