In-depth understanding of IP protocol in practice
The TCP/IP protocol stack actually does not only have two Protocols: TCP and IP. However, using these two protocols as the collective name of the protocol stack is sufficient to reflect its importance in the TCP/IP protocol stack, it is precisely because of the IP protocol that enables communication between different networks. Of course, to mention the IP protocol, we also need to analyze its related protocols, such as ICMP, IGMP, and ARP. The relationship between these protocols and the IP protocol can be as follows:
However, we only focus on the fields in the IP protocol. For more information about other protocols, see this topic.
Next we will combine the established network environment and use some means to thoroughly understand the specific meanings of fields in the IP protocol. I believe this will be much easier to understand than simply reading theoretical books.
The environment used this time is as follows:
Operating System: Ubuntu 15.10
Network Device simulator: GNS3
Packet capture software: Wireshark
The operating system used here is Ubuntu rather than Windows. It is just out of personal preferences. In fact, there is no problem in using Windows.
1. Establish a network environment
The analysis of the IP protocol does not require a complex network environment. We only need to establish the following network environment with two nodes:
In Linux, configure the IP address 192.168.1.1/24 correctly, and then configure the following on Cisco router 3600:
Router>enRouter#conftRouter(config)#intf0/0Router(config-if)#noshuRouter(config-if)#ipadd192.168.1.2255.255.255.0
Then the environment is set up. We can run ping on the Linux operating system to test the network accessibility:
xpleaf@leaf:~$ping192.168.1.2PING192.168.1.2(192.168.1.2)56(84)bytesofdata.64bytesfrom192.168.1.2:icmp_seq=1ttl=64time=2.39ms64bytesfrom192.168.1.2:icmp_seq=2ttl=64time=2.11ms64bytesfrom192.168.1.2:icmp_seq=3ttl=64time=1.65ms64bytesfrom192.168.1.2:icmp_seq=4ttl=64time=2.04ms^C---192.168.1.2pingstatistics---4packetstransmitted,4received,0%packetloss,time3004msrttmin/avg/max/mdev=1.658/2.052/2.398/0.267ms
OK. No problem. The network is normal!
Note that in this network environment, the Linux operating system is a real operating system, and the Cisco router is similar to the real one. This benefits the powerful functions of GNS3! If you have never used GNS3, please try again.
2. IP protocol message format
As follows:
In the message format, "Header" is the content we will discuss. In the practical analysis below, we will mainly discuss the following fields:
Version, header length, service differentiation, and total length
Identifier, flag, and slice offset
Survival time, protocol, header check, source address, Destination Address
For the convenience of the experiment, we will divide the above three groups to describe the detailed meaning of each field and the actual data packet content. However, we can see that, the variable part is not mentioned here. The discussion below is based on the Fixed Header Length (20 bytes.
3. Analyze the meaning of each field in the IP protocol in practice
(1) version, header length, service differentiation, and total length
We will capture a packet to analyze the content of these four fields and start Wireshark (in GNS3 software, Wireshark can be directly started on the link between the Linux operating system and the Cisco router, this is one of the functions of GNS3 software) to monitor the network interfaces of Linux operating systems:
Then, run the following command on Linux:
xpleaf@leaf:~$ping192.168.1.2PING192.168.1.2(192.168.1.2)56(84)bytesofdata.64bytesfrom192.168.1.2:icmp_seq=1ttl=64time=1.75ms^C---192.168.1.2pingstatistics---1packetstransmitted,1received,0%packetloss,time0msrttmin/avg/max/mdev=1.755/1.755/1.755/0.000ms
We only sent an ICMP packet to the router. We can see the packet capture situation on Wireshark software:
We can see that Wireshark caught two packages. Why? Data communication goes back. When we send an ICMP request packet, we also receive an ICMP response packet. As we can see above, one is request and the other is reply, for more information about ICMP, see other articles on this topic.
Taking the package we sent as an example, we will analyze the meanings of the four fields in the IP protocol: version, header length, service differentiation, and total length, as follows:
Version
4-digit IP protocol version. Currently, there are two types of IP protocol versions, IPv4 and IPv6, which are widely used. IPv6 is currently being deployed, however, it may take some time to popularize IPv6. Obviously, IPv4 is used in our network environment. You can view the captured packet content:
As you can see, the Version number field is Version 4, which indicates that the IPv4 protocol is in use.
Header Length
It can represent the maximum decimal value of 15, but it must be noted that the Unit is 4 bytes, that is, if the four digits are 0101 (decimal indicates 5 ), this means that the header length is 5*4 bytes = 20 bytes. Because the unit is 4 bytes, the header length should be an integer multiple of 4 bytes. Obviously, because the four digits indicate a maximum of 15 decimal characters, the header length can be 15*4 bytes = 60 bytes. Here we only discuss the Fixed Length of the header length (variable part is not used much), so the size must be 20 bytes. You can view the captured data packet content: