Transport Layer details

Transport Layer details
After completing this chapter, you will be able: ① understand TCP encapsulation and working principles ② understand UDP encapsulation and working principles ③ understand common TCP and UDP port numbers ④ what is the role of the transport layer for analyzing TCP and UDP headers? What is the concept of end-to-end connection at the transport layer? For example, if a user uses QQ to chat with a friend and identifies an IP address at the network layer, the information can be sent to the correct host. What protocol should the host use to receive the information? This function requires the transport layer to complete, and the transport layer to implement the process-to-process connection. Understanding the encapsulation of the transport layer protocol is essential for learning the subsequent operating system, advanced network applications, and security courses. The Transport Layer mainly includes TCP and UDP protocols. In this chapter, the working principles and usage of these two protocols are discussed in depth, and Data encapsulation can be analyzed using packet capture tools. 13.1 transport layer Overview This section mainly includes the following two contents: ◇ transport layer functions ◇ Transport Layer Protocol 1. transport Layer function (1) Network Layer Protocol only provides point-to-point connections, while transport layer protocol provides an end-to-end service, that is, communication between application processes. (2) the network layer protocol provides unreliable, connectionless, and best-effort delivery services. Therefore, if an upper-layer protocol with high reliability requirements needs to be ensured at the transport layer. ------------------------------------------------------------------------------- Prompt: ◇ process is an execution of the program. For example, each IE browser window is a process instance, and they are all executed once by the IE browser program. ◇ Many processes are working at the same time on each computer. To enable the data sent by one computer to be received by the correct program on the other end, port numbers are introduced. Different port numbers correspond to different processes. Protocol 2. the transport layer Protocol mainly includes two ◇ TCP (Transmission Control: Protocol) ◇ UDP (User datasync Protocol) TCP, namely, the Transmission Control Protocol, which is a reliable and connection-oriented Protocol. It allows the transmission of error-free information between two hosts on the network. The TCP protocol also implements traffic control to avoid congestion caused by too fast transmission. However, this is transparent to users. UDP is the User Datagram Protocol. It transmits data in a connectionless manner. That is to say, the sender does not care whether the sent data arrives at the target host or whether the data is faulty. The host that receives the data does not tell the sender whether the data has been received. Its reliability is guaranteed by the upper-layer protocol. The two protocols have their own advantages and disadvantages for data transmission in different network environments. Connection-oriented TCP protocol is less efficient, but has high reliability. It is suitable for environments with poor network links or high reliability requirements. UDP is non-connection-oriented and unreliable, however, because it does not need to transmit much information that is irrelevant to the data itself, it is highly efficient and often used for real-time services and error-insensitive applications. In this way, different protocols can be selected on different occasions and requirements to achieve the expected communication goal. The following describes TCP and UDP in detail. 13.2 TCP is a transmission protocol for High-reliability data exchange between hosts. TCP is a connection-oriented end-to-end reliable protocol. It supports multiple network applications. TCP does not have many requirements for lower-layer services. It assumes that the lower layer can only provide unreliable data packet services and can run on networks composed of multiple hardware types. In this section, we will discuss in detail the TCP protocol, TCP is a reliable transport layer protocol, so what does TCP rely on to provide reliable services? The following describes how TCP works in the following aspects: ◇ TCP Encapsulation Format ◇ connection and disconnection ◇ traffic control ◇ congestion control ◇ Error Control ◇ timer 13.2.1 TCP Encapsulation Format TCP is a connection-oriented reliable protocol, TCP provides a series of methods and means for reliable data transmission. First, TCP data segments are numbered to ensure the correct sequence of data. The TCP data segment is encapsulated in the IP data packet to complete transmission, and the path of the IP data packet may be different, so the original order of the IP data packet may be lost when it arrives, therefore, the TCP data segment may be out of order. To solve this problem, TCP numbers the data segments. Reorder the received data and hand it to the application layer in the correct order. Second, because the incoming IP data packets may be duplicated, the TCP receiving end must have the function of discarding duplicate data. Again, TCP provides traffic control. Each side of the TCP connection has a fixed buffer space, which requires that the TCP sending end only accept the data that can be received by the receiver buffer. This will prevent slow host buffer overflow caused by faster hosts. Each of the above functions is designed for every problem. How does TCP implement these functions? The implementation of various TCP functions depends on its header data structure. The TCP header contains a lot of important information about the TCP data segment. Figure 13.1 shows the data format of the TCP header. If no field is selected, it is usually 20 bytes. The following describes the first data structure of TCP. Figure 13.1 TCP header data format ◇ 0 ~ The 16-bit is called the source port number. It is the port number corresponding to the sender process in the TCP Data Segment. This port number is a random number generated by the sender process and uniquely identifies a sender process. ◇ 16 ~ 31 these 16 bits are the target port number, which corresponds to the process at the receiving end. After receiving the data segment, the receiving end determines the process of the application to which the data is sent based on the port number. In this way, the data can be accurate. Otherwise, the data sent to program A may be sent to program B, and the entire data transmission order will become messy. ◇ Row 2nd is a 32-bit serial number, which provides 0 ~ A number in the range of 2 ^ 32-1. After TCP acquires data from an application, it divides the data into different data segments based on the actual transmission capability. TCP uses this number to mark the data segment. When the data arrives at the destination, the receiving end rearranges the data according to the serial number to ensure the correctness of the data. ◇ Row 3rd is a 32-bit validation serial number, which provides 0 ~ A number in the range of 2 ^ 32-1. Although the data divided into many data segments is marked, it cannot be ensured that all the segments will arrive at the destination. However, for the receiver, data correctness cannot be guaranteed as long as a segment is not received. Using the confirmation number can solve this problem well. The confirmation number is the confirmation information of the sender, used to tell the sender that the data segment before the serial number has been received, for example, the confirmation number is X, that is, the previous X-1 data segment has been received. If a data segment has not been confirmed, it will be requested to be resold. In this way, data integrity is guaranteed. ◇ Row 4th is divided into four parts. · Part 2 is the length of the 4-bit header, which can be used to determine the length of the byte of the header data structure. Generally, the TCP header is 20 bytes, but this field can be used when the length of the header needs to be extended, for example, if you set all four digits to 1, the maximum length of the TCP header is 60. The maximum value of 4 bits is 1111, which is converted to l5 in decimal format, indicating that the header length is l5. Each row of data has 32 bits, that is, four bytes long. Therefore, the header length is 15 × 4 = 60. · Part 1 contains 6 reserved bits. This Reserved Bit is not used yet for future extension. · Part 1 contains six control bits. These six locations play an important role. TCP connections, transmission, and disconnection are all controlled by these six locations. URG: The URG pointer's valid bit. It is used with the 16-bit URG pointer of row 5th. When URG = 1, TCP determines the location of the last byte of the emergency data based on the 16-bit emergency pointer. In this way, the receiving end can obtain emergency data accurately and quickly to ensure immediate arrival of emergency data. ACK: The serial number field is valid only when ACK = 1. When ACK = 0, the confirmation number is invalid. PSH: when the flag is 1, the receiver is required to deliver the data segment to the application layer as soon as possible. This flag is used to accelerate the processing of special data. When RST is set to 1, a TCP connection is re-established. SYN: Synchronous sequence number. When TCP needs to establish a connection, set this position to 1. FIN: the sender completes the sending task bit. When TCP completes data transmission, it is suggested that the disconnected party set this position to 1. · Part 2 is the size of a 6-bit window. It indicates the number of data segments that can be received locally. The value is variable, when the network is smooth, the window value increases to speed up transmission. When the network is unstable, the value is reduced to ensure reliable transmission of network data, the traffic control mechanism in TCP is implemented by the size of the change window. ◇ The 16-bit checksum in row 5th is used for Error Control. When sending a TCP data segment, the sender calculates the checksum of all the bytes of the TCP Data Segment. The Checksum calculation is performed again when the destination is reached. If the two checksum values are consistent, the data is basically correct. Otherwise, the data is damaged and the receiver discards the data. ◇ Use the 16-bit emergency pointer in row 5th with URG, which is valid when URG is 1. Used to indicate the position of the end byte of the emergency data. ◇ Row 6th is optional. It is valid only when the length of the 4-bit header is greater than 20. At that time, more information will be attached to the TCP Header. Generally, no option is available. ◇ Row 7th is data, which is a part of data obtained by data segments at the application layer and is the object of the TCP protocol service. Before transmission, the TCP protocol adds an serial number to the data to indicate the position of the data in the data. A TCP connection requires both a port and an IP address to determine the host for communication. Therefore, the sender IP address in the IP header and the sender's slogan form a connection sender. The target IP address and the receiver's port number determine the connection receiver. In this way, a TCP connection is uniquely identified. In TCP/IP, the TCP protocol is based on the IP protocol. The IP protocol corresponds to the network layer protocol. It is an unreliable protocol. The Reliability guarantee of the TCP protocol provides a reliable environment for the IP protocol, so that the IP protocol does not have to consider the reliability of transmission and focuses on the functions of the network layer. This is also the original intention of protocol layering. TCP is considered as a stream transport layer service. It indicates that the TCP sending end receives the RST stream from the application, extracts the appropriate length from the stream, creates a data segment, and sends it to the network. The TCP receiving end receives the data segment and extracts the data from it. If the data is not reached by the serial number, it is also sorted and delivered to the receiving end application as a slave stream. This completes data transmission. In order to stream delivery, both TCP sending and TCP receiving must use buffering. Sending TCP uses the sending buffer to store the data intercepted from the sending application. The rate at which an application delivers data is the rate at which it generates data. For example, when you use a network to log on to and control remote hosts, the data you input on the keyboard is delivered to the TCP sending end one by one. 13.2.2 TCP connection and disconnection TCP is a connection-oriented service. That is to say, before data communication, the sender and the receiver must establish a connection. After the data is sent, both parties disconnect. 1. TCP establishes a connection. TCP uses the port number when establishing a connection to match the application. IP addresses and port numbers are used when a computer is connected to or communicating with other computers. Each side of the connection is composed of an IP address and a port number. For example, when you access the Internet through the IE browser, you can obtain the IP address by parsing the entered URL address. In this case, there is also an implicit port number 80. In this way, the Connected Server is formed. The connected client also has its own IP address and port number. On a computer, you can run the netstat-n command to view existing connection processes. A TCP connection is called a three-way handshake. The connection process is shown in Figure 13.2. Figure 13.2 TCP three handshakes ◇ 1st handshakes means host A initiates A request connection by sending A data segment containing the "synchronous serial number" (SYN) flag to host B. Through this data segment, host A informs host B of two points: host A wants to establish A connection request and host B responds; host A tells host B which serial number is used as the start Number of the Data Segment during data transmission. ◇ Host B uses A data segment with the "Confirm response" (ACK) and "synchronous serial number" (SYN) flag to respond to host. It also has two purposes: to send an ACK notification to host A to receive the data segment; to notify A to mark the data segment from which the serial number starts. ◇ The 3rd handshake is A data segment sent by host A again. confirm that the data segment of host B is received and the actual data can be transmitted. ◇ In this way, all three handshakes are completed and data transmission starts. Three handshakes have the following features: ◇ no application layer data. ◇ SYN is set to 1 only when a TCP connection is established. ◇ After handshaking, the SYN flag is set to 0. 2. TCP disconnect TCP three handshakes are performed when a connection is established, and it takes four times to terminate a connection. This is caused by the semi-close of TCP. What is TCP semi-closed? Because a TCP connection is full-duplex (that is, data can be transferred in both directions), each direction must be closed separately. This single-direction close is called semi-close. After one party completes its data sending task, it sends a FIN to notify the other party that the connection will be terminated in this direction. When one end receives a FIN, it must notify the application layer that the TCP connection has terminated the data transfer in that direction. Sending FIN is usually the result of disabling the application layer. TCP disconnection takes four steps, but the last two steps are similar to the previous two steps, except that the two sides of the connection are switched roles. (1) A of the TCP connection sets the control bit FIN to 1 and requests to stop the TCP connection. (2) The peer B responds to the FIN after receiving it, and confirms that the upstream TCP connection of the Peer B will be closed. (3) the B end puts forward the reverse direction of the closure request, set FIN to 1. (4) end A responds to the closure proposed by end B, and the closure ends in both directions. In this way, after a total of four steps, the TCP full-duplex bidirectional connection is properly closed. The closing process is shown in Figure 13.3. Figure 13.3 TCP disconnection ◇ in the data transmission phase, host A sends A data segment with A serial number of 100 to host B. After host B receives the data segment, the validation data segment with the serial number 300 and the validation number 10l is sent. At this time, data transmission has been completed between host A and host B. ◇ Host A proactively disconnects and sends A data segment with A serial number of 101 to host B, where the FIN flag is located at 1. At the same time, confirm the data segment sent by the previous B and the confirmation number is 301, set ACK to 1. ◇ Host B receives the disconnected request, sends the validation data segment with the serial number 301 and the validation Number 102, and closes the request passively. Then, the semi-close of A to B is completed. ◇ Host B then sends A disconnection request with the serial number 301 and FIN setting 1 to host A, requesting that the connection be disconnected from host B to host. ◇ Host A receives the FIN and responds to A confirmation sequence with the confirmation number 302 and performs passive shutdown. At this time, the TCP disconnection is completed. ---------------------------------------------------------------------------- Prompt: in step 1 marked in Figure 13.3, the serial number, confirmation number, and the previous data segment are the same in the disconnected request sent by host B. -------------------------------------------------------------------------- TCP uses connection-oriented communication methods, which greatly improves the reliability of data transmission and enables the sender and receiver to interact before the formal data transmission, it laid a reliable foundation for the formal data transmission. However, the connection alone cannot solve data transmission problems, such as inconsistent transmission speeds, data loss, and data validation loss. For these problems, TCP uses measures such as flow control, error control, congestion control, and timer to ensure data reliability. The following problems may occur during the transmission of data through the TCP protocol. 13.2.3 the traffic control mechanism of TCP introduces the traffic control mechanism to solve the data loss problem caused by the difference in data communication capabilities between the sending and receiving sides. TcP uses a sliding window to control traffic. Figure 13.4 shows the working principle of the sliding window. Figure 13.4 working principle of the sliding window ◇ when a tcp connection is established, the window size is negotiated between host A and host B. When host A sends A connection establishment request, the size of the Self-sent window is advertised to host B in bytes (in this example, a simple number is used as an example to illustrate the window ). ◇ Host B's buffer size is 3. Therefore, when B sends A confirmation message to A, it declares that the window size is 3. ◇ Host A confirms the connection again and starts sending data. ◇ Host A sends three data segments. After host B receives the data, the buffer zone changes from empty to full. At this time, the application reads one data segment, cleared the buffer space of l. ◇ Host B confirms the received data to A and declares the window as l based on the size of the buffer space. If the buffer size of B is O, B will notify A that the window size is 0. If A receives A confirmation that the size of B is 0, A will stop sending the message, send data again when B declares a non-O window. ◇ Host A sends data based on the window size announced by B. 13.2.4 TCP congestion control previously we discussed the TCP window mechanism. The receiver can specify the window size based on the buffer size. The sender complies with the window size limit and the receiver will not be slowed down; congestion may occur due to the small bandwidth of the intermediate transmission network. As shown in Figure 13.5, the window size of the receiver and the sender is 1 O, the bandwidth of the intermediate link is relatively large and there is no congestion. The sender can send data according to the window of 10. However, if the bandwidth of the intermediate link is relatively small, data cannot be transmitted according to the size of the window negotiated by both parties during actual data transmission. To prevent congestion caused by the intermediate link, TCP introduces the concept of a congestion window (cwnd). The actual data sending window uses the minimum value in the window negotiated by the sender and receiver and in the congestion window. Figure 13.5 TCP congestion window. For example, if a rubber pipe is used to fill a bucket with a large amount of water, the TAP may produce a large amount of water, but if the pipe is small, the speed of irrigation does not depend on the tap and water tank, but on the traffic of the water pipe. Therefore, in TCP, the sender must maintain two windows to solve the congestion problem. One is the window allowed by the receiver, and the other is the congestion window (cwnd ), the minimum values of these two windows will be the size of the window that the sender can send. 13.6 shows TCP congestion control. Figure 13.6 TCP congestion control ◇ host A and host B negotiate A window size of 3 when establishing A connection. ◇ Host A sends three data segments to B. ◇ Host B receives only one data segment and sends a confirmation code of 102. ◇ Before the retransmission timer times out (the timeout timer content will be explained in detail later), host A does not receive confirmation from B, and A considers that data segments 102 and 103 are lost. ◇ Host A reduces the congestion window cwnd according to the received confirmation. ----------------------------------------------------------------------------- Note: the actual data transmission process is measured in bytes rather than data segments. Here, the data segment is used for discussion convenience. Protocol 13.2.5 TCP error control as mentioned earlier, TCP is an end-to-end connection. Data passes through many network paths during transmission, and various errors may occur, therefore, TCP provides error control to ensure reliability. TCP error control includes the following aspects: Detection of damaged data segments, lost data segments, out-of-order data segments, and repeated data segments. Error Control also includes the error correction mechanism after detecting a travel error. TCP errors are checked in three simple ways: Checksum, validation, and timeout. ◇ Checksum: each data segment contains a checksum field to detect damaged data segments. If the data segment is damaged, the destination TCP will discard it. ◇ Confirmation: TCP uses the confirmation method to confirm that some data segments have been received, and they have arrived at the destination TCP without any damage. ◇ Timeout: If a message is not confirmed before the timeout, it is considered damaged or lost. 1. Damaged data segment when a damaged data segment reaches the target site, it will be discarded, and the target site does not think it has received the damaged data segment, so it will request to resend. In Figure 13.7, Data Segment 3 is damaged and therefore resends. In addition, we can see that the size of the sender's window has changed from 3 to 2. Figure 13.7 damaged Data Segment 2. The lost data segment is exactly the same for TCP. However, the damaged data segment is discarded by the target site, and the lost data segment is discarded by the intermediate node. TCP does not think it has received these data segments. 3. Duplicate data segments repeated data segments may be generated by the sending end TCP. When the timeout deadline is reached and the message has not been received, the sender resends the message. The data segment after the re-transmission and the previous data segment may both reach, so the re-transmission occurs. For the target TCP, processing repeated data segments is a simple process. Destination TCP expects to receive continuous byte streams. When a group with the same serial number arrives as another received data segment, the destination TCP only needs to discard the data segment. 4. The out-of-order data segment uses the IP service, while the IP is an unreliable network layer protocol. The TCP data segment is encapsulated in the IP data packet. Each IP packet is an independent entity. The router can freely forward each packet by finding a suitable path. One data packet can follow a path with a short latency, And the other data packet may follow a path with a long latency. If the data packet does not arrive in order, the TCP Data Segment encapsulated in the data packet does not arrive in order. The method for dealing with out-of-order data segments is simple: do not confirm the out-of-order data segment until you receive all its previous data segments. Of course, if it is confirmed late, the timer of the out-of-order data segment of source TCP will expire and re-send the data segment. The target TCP will discard repeated data segments. 5. Confirmation of loss is sent by the target site. In the TCP validation mechanism, the missing validation won't even be discovered by the source TCP. TCP uses the cumulative validation system. Each validation confirms that all bytes prior to the bytes specified by the validation number have been received. For example, the target site sends two ACK Data Segment validation numbers, which are 1601 and 1801,1801, respectively, to confirm that all bytes before byte 1801 are received. The 1601 confirmation number indicates that all bytes before 1601 have been received. If the confirmation number 1601 is lost, and the confirmation number 1801 is received. Then the system will understand that all the byte streams before 1801 have been received, and the confirmation number of 1601 has become meaningless. 13.2.6 TCP timers in order to ensure reliable transmission and reasonably process data that has not arrived or has not been confirmed, TCP has designed four Timers: ◇ retransmission timer ◇ stick to the timer ◇ active timer ◇ time Wait timer 1. to control lost or discarded data segments, TCP uses a retransmission timer that processes retransmission times. When TCP sends a data segment, it creates a retransmission timer for the specific data segment. Two possible cases may occur: ◇ if you have received a confirmation for this data segment before the timer deadline, cancel this timer. ◇ If the timer deadline is reached before receiving confirmation for this specific data segment, re-upload the data segment and reset the timer. If the round-trip time of a data transmission is set to RTT, the retransmission time is 2 × RTT. ----------------------------------------------------------------------------- Note: the round-trip time of data transmission is calculated based on the time stamp generated by the sending end when data is sent and the current time. The timestamp is stored in the option of the TCP Data header. Listen 2. Stick to the timer. Assume that the receiving end's TCP has declared that the window size is zero. The sending end's TCP will stop transmitting data segments until the receiving end's TCP sends confirmation and announces a non-zero window size. Note that validation is not required in TCP. If the loss is confirmed, the TCP at the receiving end considers it to have completed the task and waits for the TCP at the sending end to send more data segments. Because the sending end does not receive the confirmation, wait for the recipient to send the confirmation to notify the window size. The two sides entered the deadlock wait situation. To unlock this deadlock, TCP uses a persistence timer for each connection. When the sender receives a confirmation that the window size is zero, the persistence timer is started. When the timer period is reached, the sending end sends a special data segment, called the detection data segment, which has only one byte of data. It has a serial number, but its serial number never needs to be confirmed. It only reminds the receiving end of TCP: It is confirmed to have been lost and must be re-transmitted. Insist that the timer time value is set to the retransmission time value. However, if you do not receive a response from the receiving end, you need to send another detection data segment and add and reset the timer value until the value increases to the limit value (usually 60 seconds) so far. After that, if no response is received, the sender sends a detection data segment every 60 seconds until the window opens again. 3. The timer is used to prevent the connection between two TCP instances from idle for a long time. Assume that the customer opens the connection to the server, transmits some data, and then keeps silence. Maybe this customer has encountered a fault. In this case, the connection will always be open, wasting valuable resources on the server. To solve this problem, the TCP protocol uses a life-saving timer. Each time the server receives a message from the customer, it resets the retention timer. Timeout is usually set to 2 hours. If the server has not received the customer's information after two hours, it sends the detection data segment. If no response is received for sending 10 data segments (75 seconds each time), the connection is terminated if the customer fails. 4. wait for the time as shown in the timer 13.8. When the TCP protocol is disconnected, if A finishes sending the last one, it will immediately close the connection after ACK. At this time, if the ACK data segment is lost, B cannot determine whether FIN or ACK is lost, so B will re-transmit the FIN data segment. At this time, A has closed the connection, and B will never receive the ACK field of. Therefore, TCP sets A time Wait timer. After A sends the last ACK packet, A does not immediately close the connection, but closes the timer after A time wait. This time ensures that A can receive duplicate FIN data segments.
Figure 13.8 time Wait timer ----------------------------------------------------------------------------------- Note: As the data connection has completed the establishment and disconnection lifecycle, the life cycle of the data segment is known. The value of the time Wait timer is usually set to twice the lifetime of a data segment. ----------------------------------------------------------------------------- 13.2.7 TCP applications have a wide range of applications in the network and are mainly used in environments with high data transmission reliability requirements, such as remote logon. At this time, every command sent by the client must be executed on the remote host, so data transmission is expected to be reliable. If unreliable data arrives, it is expected that the sender can send the data again to improve the reliability. As well as web browsing, the HTTP protocol used depends on TCP to provide reliability. When using the TCP protocol, the communication party has a high requirement on data reliability, so it is acceptable even if the data transmission rate is reduced. There are many such examples. Some common port numbers and their functions are listed below. To further detect and Manage TCP. Table 13-1 lists common TCP ports and applications. Table 13-1 TCP port and Application
13.3 data transmission over TCP over UDP is relatively reliable, but the cost is not suitable for some time. For example, if host A wants to send A "hello" message to host B, the data transmission is only 4 bytes. However, TCP is used to encapsulate and transmit it. At least a header of 20 bytes must be added, and a three-way handshake connection must be established. After the data transmission is completed, it will be disconnected four times. It seems that a simple transmission protocol can be designed for some brief data transmission. Ignore some reliability considerations to improve the data transmission rate. In this context, another UDP protocol on the transport layer is generated. Both UDP and TCP are transport-layer protocols. What mechanisms does UDP work as a connectionless and unreliable protocol? What are the advantages and disadvantages? The following describes the UDP protocol with these problems. 13.3.1 UDP encapsulation UDP is a simple data packet-oriented transport layer protocol. Each output operation of the process generates a UDP data segment and assembles it into an IP data packet to be sent. UDP does not provide reliability: it sends data from applications to the IP layer, but it does not guarantee that the data can reach the destination. Due to lack of reliability, it seems that we should avoid using UDP to use a reliable protocol such as TCP. However, UDP plays an important role in the transmission of small data files. For example, when sending a 1 O byte Short Message, both TCP and UDP can be used. However, TCP will add at least 20 bytes of header data, and validation is required, so the data transmission efficiency is low. If UDP is used, the header to be added is reduced to 8 bytes without confirmation. This greatly improves the data transmission rate. Of course, the cost of improving the efficiency is that the reliability of data transmission is not guaranteed. It can be seen that the specific transmission protocol needs to be analyzed. UDP header fields 13.9. Figure 13.9 UDP header data frame format figure 13.9 first line 0 ~ The 15-bit is the source port number, which is used to identify the process at which the data is sent. This is similar to the Source Port Number of the TCP protocol. 16 ~ The 31-bit port number is the target port number used to identify the process at the data receiving end. For more information, see TCP. The second row in Figure 13.9 is 0 ~ The 15-bit UDP Length indicates the size of the data contained in the UDP data segment. This value can be used to accurately calculate the end position of the data. 16 ~ The 31-bit UDP checksum is a 16-bit UDP checksum used to test UDP data errors. This is the only reliable mechanism provided by the UDP protocol. It calculates the checksum to determine the data correctness, this ensures that the practicality of UDP is greatly increased. The UDP checksum is optional. The third row in Figure 13.9 is the data, which comes from the application. Its size can be calculated from the length of the 16-bit UDP header minus the length of the UDP header. 13.3.2 due to its particularity, UDP can transmit data at high speed, so it is widely used in practical work and has incomparable advantages in some aspects. At the same time, due to the characteristics of the UDP protocol, the transmission layer also has more options when processing data transmission. You can select the TCP mode for data transmission with high reliability requirements based on the requirements in the data transmission process and the characteristics of the data, and use UDP for data transmission with high transmission rate requirements. The two complement each other to improve the functions of the transport layer. Today, as the Internet gradually enters thousands of households, you may be familiar with QQ chat tools. Many people start chatting online. The Application of QQ uses UDP to process and send short messages. It is hard to imagine that the transmission rate will be greatly reduced if a short message sent with dozens of or dozens of words is verified using the TCP protocol. Who is willing to use a "unresponsive" software for online chat? In fact, when using QQ, you will not feel unreliable data transmission. With the rapid development of the network, network technology is changing with each passing day. For common simple data transmission, UDP is a good choice. UDP is also useful in network services, such as DNS services. Table 12.2 lists some common ports used by UDP. the DNS server supports both TCP and UDP protocols, and the ports are both 53. Most of the queries are UDP queries. Generally, TCP queries are required in two cases. ◇ When the data to be queried is so large that data segments are generated, you need to use the TCP sharding capability for data transmission. ◇ Data is synchronized between the master server and the slave server. As a small and unreliable transport layer protocol, UDP does not have a traffic control mechanism. When there are too many incoming packets, the receiving end may overflow. In addition to the checksum, UDP also has no error control mechanism, which means that the sender does not know whether the data is lost or repeated delivery. When the acceptor uses a checksum to detect errors on a business trip, the user data is quietly lost. A lack of traffic control and error control means that UDP processes must provide these mechanisms. For example, the TFTP protocol provides block transmission and block validation mechanisms to ensure the reliability of data transmission. The TFTP protocol will be discussed in detail later. 13.4 Sniffer (or Ethereal) is a common network protocol analysis tool that captures network traffic for analysis, uses an expert analyzer to diagnose network faults, and monitors network activities in real time. In the network environment shown in 13.10, the host 192.168.2.86 accesses the Internet through the IE browser. 192.168.1.3 is a proxy server. When the host 192.168.2.86 accesses the network, it uses Sniffer to capture packets. After the packet capture is complete, view the analysis TCP Header in Sniffer to view the TCP connection establishment and disconnection process. Figure 13.10 packet capture experiment topology 1. use of Sniffer protocol analysis software if the host is connected to a broadcast network segment, the packets captured by Sniffer will contain a large number of data packets unrelated to host operations, this causes the expected data packets to be drowned in a large amount of irrelevant data, which makes it difficult to analyze the Protocol. Therefore, you must first set filtering on Sniffer, as shown in 13.11. Figure 13.11 Sniffer menu click the "Define Filter" command to go to the Filter settings menu, as shown in Figure 13.12: add the ip addresses of the two PCs to be observed when configuring the Sniffer Filter configuration, in this way, Sniffer obtains only the data sent between the hosts 192.168.2.86 and 192.168.1.3. On the "Advanced" tab, you can select the protocol. Click "Profiles" to set the Filter Name, as shown in Figure 13.13. Figure 13.13 create a Filter Name For Sniffer configuration or overwrite the original one. Default is the Default one. Click "Done. 2. Click the upper-left corner on the page shown in Figure 13.14.
Icon to capture data. Then, use a browser to connect to the Internet on 192.168.2.86, and 192.168.1.3 is the proxy server used to log on to the Internet. Close your browser after you view a webpage.
Figure 13.14-1 start capturing figure 13.14-2 initiate access to www.baidu.com by PC click
Click the icon or the "Capture"> "Stop and Display" command in the menu to end the Capture, as shown in Figure 13.15.
Figure 13.15 stop capture 3. view the TCP connection establishment process click the "DECODE" label below in Sniffer. The captured data list and packet header information are displayed, as shown in Figure 13.16. As shown in figure 13.16, the first captured data segment is the request for TCP connection establishment from 192.168.2.86 to 192.168.1.3. The serial number is 3042697805, And the SYN flag is 1. 13.16 view the TCP connection establishment process (1) the shadow part shown in Figure 13.17 is the data segment of 192.168.1.3 responding to 192.168.2.86, where the serial number is 1093837408, and the serial number is 3042697806, it is the value of the serial number plus 1 when 192.168.2.86 initiates a connection. Set the flag positions ACK and SYN to 1. 13.17 View TCP connection creation process (2) the shadow part shown in Figure 13.18 is the confirmation data segment of 192.168.2.86 responding to 192.168.1.3. The serial number is 3042697806, which is the same as the confirmation serial number sent by the peer, the confirmation number is 1093837409, adding 1 to the serial number sent by the peer last time, and the window size is 17520. At this point, the three handshakes are over, and both parties establish a TCP connection. 13.18 View TCP connection creation process (3) 4. view the TCP disconnection process. Figure 13.19 shows that the shadow part is 192.168.2.86 [division 192.168.1.3's disconnection request. The data segment contains two contents. One is to confirm the previous data segment, second, the request is disconnected. Therefore, set ACK and FIN to 1. Figure 13.19 View TCP connection disconnection Process (1) Figure 13.20 shadow part is the data segment for 192.168.1.3 responding to the 192.168.2.86 disconnection request, and ACK is set to 1. Figure 13.20 View TCP connection disconnection Process (2) Figure 13.21 shadow section is 192.168.1.3 active direction. The data segment of the disconnect request sent from 192.168.2.86, and the above data segment is confirmed, so FIN and ACK are set to 1. Figure 13.21 View TCP connection disconnection process (3) Figure 13.22 shadow section is the confirmation sent by 192.168.2.86 to the disconnection request of 192.168.1.3. At this time, the two sides are disconnected. Figure 13.22 TCP disconnection process (4)