1. Hardware knowledge
1.1 nic
? Role
Modulation or reception of different signals via network card, modulation and demodulation of the number of corresponding signals in unit time
? Type
10M, 100M, 1000M
100Mbps equal to 100M bit per second
1.2 Network cable
? Cable requires at least 4 copper wire, of which the 1th, 2 feet play the role of receiving signals, 3, 6 plays the role of signaling
? Production
568A: Commonly known as crossover line Green Orange Blue Brown 46 swap
568B: Commonly known as straight line Orange green Blue Brown 46 Exchange
? Note
A straight line is used to connect a device with unequal status, such as a switch connecting a computer
A crossover line is used to connect devices of equal status, such as computers and computers.
As long as 12,364 lines are in the way, the rest of the pass is irrelevant.
1.3 HUB
? function
Multi-Port Transponder
? Characteristics
Multi-port signal amplification device, shared media LAN
? Disadvantages
Data can only be transmitted in one direction at a time
Network size in 10 sets
Conflict and broadcast domains cannot be isolated
1.4 Switches
? Custom
Devices that enable communication between multiple devices
? Characteristics
Works on the two layer of the OSI (Data link layer)
The Ethernet data frames are forwarded between ports based on the MAC address of the link layer
Provides more interfaces to isolate conflict domains
Learn and maintain MAC addresses on your own
? Disadvantages
Cannot isolate broadcast domain
1.5 Routers
? function
Enables communication between different network segments
? Characteristics
Isolate broadcast
Provides a wide range of interface types
Support for rich link layer protocols
2. Basic principles of Network
2.1 OSI seven-layer model and a simple summary of the TCP/IP four-layer model
2.2 Linux common port and control services
Port number |
Service Name |
function |
20 |
Ftp |
Data Transfer for FTP |
21st |
Ftp |
Used to control file transfer information. |
22 |
Ssh |
For remote encrypted connections |
23 |
Telnet |
Remote connection for Telnet is not encrypted |
25 |
Smtp |
Simple Mail Transfer Protocol |
53 |
Dns |
Domain Name Resolution Service |
69 |
Tftp |
File Transfer Protocol |
H |
Ttp |
Hypertext Transfer Protocol |
109 |
POP2 |
Post Office Protocol 2 for receiving mail |
110 |
POP3 |
Post Office Protocol 3 for receiving mail |
115 |
Sftp |
Secure File Transfer Protocol |
123 |
Ntp |
Network Time Synchronization Protocol |
143 |
Imap |
Used to receive messages. |
161 |
Snmp |
Simple Network Management Protocol |
443 |
Https |
Secure Hypertext Transfer Protocol |
873 |
Rsync |
rsync File Transfer Service |
2049 |
Nfs |
Network File system |
320W |
Mysql |
MySQL Data service |
2.3 Package and solution encapsulation process diagram of the packet
2.3.1 Package Process
2.3.2 Solution Encapsulation Process
Summary of 2.4 tcp/udp
2.4.1 TCP
? SOURCE port: The port on which the connection originated (which is randomly assigned is greater than 1023)
? Destination port: The port to access the service (for example, 22/23)
? Serial number: Because the data in the upper layer is segmented at the transport level, the segmented data needs to be numbered to facilitate the reorganization of the data
? Checksum: Used to validate data
2.4.2 UDP
? Source port and Destination port ibid.
2.4.3 TCP vs. UDP
Transmission Control Protocol TCP |
User Datagram Protocol UDP |
Connection oriented |
No connection |
Reliable transmission |
Unreliable transmission |
Transferring large amounts of data |
Transfer small amounts of data |
Slow data transfer |
Fast data transfer speed |
2.5 TCP Three handshake with four disconnects
2.5.1 Three-time handshake for TCP
? "Text description"
1. At the very beginning, the client and server are in the close state
2. When the server is opened, the server will create scoket[source port, destination port, source IP, Destination IP, tcp/udp identifier] to start listening, when the server is in Listen state
3. The client sends a SYN, SEQ, request to establish a connection like the server, at which time the state is in syn_sent
4. The server receives a SYN from the client, replies to ACK and SYN messages, and is at SYN_RECV or SYN_RCVD
5. The client recovers the ACK message immediately after receiving the SYN and ACK from the server at estab_lished
6. When the server receives an ACK from the client, it goes directly to estab_lished
? "The detailed process of grasping the package"
Handshake for the first time:
Client ip:192.168.124.1 server ip:192.168.124.129 Flags [s] seq 2957146164
Second handshake:
Server ip:192. 168.124.129 client ip:192.168.124.1 Flags [s.] Seq 46316550 ack 2957146165
Third handshake
Client ip:192.168.124.1 server ip:192.168.124.129 Flags [.] Ack 46316551
? Note
Syn flooding may occur during three handshake, due to the fact that the other end is not responding at one end, causing the target to wait long time to timeout and consume a large amount of target resources, resulting in a SYN flooding problem
2.5.2 Four disconnects for TCP connections
The explanation of 2.5.3 TCP's Baotou and characters commonly used segments
? ACK: Indicates the validation field
? SYN: Bit number 1, which indicates a TCP connection is established
? FIN: 1 digits, indicating disconnection of the TCP connection
summary of State transfer of 2.5.4 TCP11
2.6 Basic process of accessing the website
2.6.1 Diagram
Basic description of 2.6.2 text
? After the client enters the www.baidu.com Web site URL in the browser and presses ENTER, the system will first query the local HOSTS file and DNS cache records, and if there is an IP address resolution record, return IP directly and then visit the website.
? If the local HOSTS file and the DNS cache record do not have a corresponding IP address resolution record, the system will hand over the request to Ldns (that is, the locally provisioned DNS such as 8.8.8.8, etc.) to parse, if there is a corresponding parsing record in Ldns, then return IP, if not, Ldns will request other DNS server.
? Ldns after a series of requests, will find the site's authorization server, and then will return the corresponding IP to Ldns, and the IP address of the domain name to the client browser, and Ldns will be the domain name corresponding IP cache, so that the next time to return the same resolution faster.
? After receiving the IP address of the Web site, the client requests the Web server corresponding to the IP addresses, and the IP of the site is locally DNS-cached, the Web server receives the request and responds to processing, and returns the contents of the client request to the client browser
2.2.7 DNS Parsing principle
3. Summary of RELATED commands
3.1 Windows-related commands
C:\users\administrator>ipconfig/all View IP
Windows IP Configuration
Host name ............. : MS-20171106GPCB
Primary DNS suffix ........... :
...
Default gateway ............. :
DHCPV6 IAID ........... : 486559830
DHCPV6 Client DUID .......:00-01-00-01-21-92-06-7e-54-ee-75-6e-04-5
C:\users\administrator>ipconfig/displaydns Viewing the DNS cache
Windows IP Configuration
Get.sogou.com
记录名称. . . . . . . : get.sogou.com记录类型. . . . . . . : 1生存时间. . . . . . . : 137数据长度. . . . . . . : 4部分. . . . . . . . . : 答案
A (host) record .... : 123.125.125.86
C:\users\administrator>ipconfig/flushdns emptying the DNS cache
Windows IP Configuration
The DNS resolution cache has been flushed successfully.
3.2 Linux-related commands
? "View Address Resolution"
================================ping==================================
[[email protected] ~]# Ping www.baidu.com
PING www.a.shifen.com (61.135.169.125) bytes of data.
Bytes from 61.135.169.125:icmp_seq=1 ttl=128 time=19.0 ms
===================================dig================================
[Email protected] ~]# dig @8.8.8.8 www.baidu.com +trace
; <<>> DiG 9.8.2rc1-redhat-9.8.2-0.62.rc1.el6 <<>> @8.8.8.8 www.baidu.com +trace
; (1 server found)
;; Global options: +cmd
. 17717 in NS a.root-servers.net.
...
. 17717 in NS l.root-servers.net.
. 17717 in NS m.root-servers.net.
...
a.shifen.com. ns2.a.shifen.com in NS.
;; Received 228 bytes from 61.135.165.235#53 (61.135.165.235) in SI ms
Note: You can also do nothing with dig, direct dig domain name
=================================host==================================
[Email protected] ~]# host www.baidu.com
Www.baidu.com is a alias for www.a.shifen.com.
Www.a.shifen.com has address 61.135.169.125
Www.a.shifen.com has address 61.135.169.121
===============================nslookup================================
[email protected] ~]# nslookup
Baidu.com
server:192.168.124.2
address:192.168.124.2#53
Non-authoritative Answer:
Name:baidu.com
address:111.13.101.208
Name:baidu.com
address:123.125.114.144
Name:baidu.com
address:220.181.57.217
"View Route"
[Email protected] ~]# route-n
Kernel IP Routing Table
Destination Gateway genmask Flags Metric Ref use Iface
192.168.124.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0
169.254.0.0 0.0.0.0 255.255.0.0 U 1002 0 0 eth0
0.0.0.0 192.168.124.2 0.0.0.0 UG 0 0 0 eth0
[Email protected] ~]# Netstat-rn
Kernel IP Routing Table
Destination Gateway genmask Flags MSS Window Irtt Iface
192.168.124.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0
169.254.0.0 0.0.0.0 255.255.0.0 U 0 0 0 eth0
0.0.0.0 192.168.124.2 0.0.0.0 UG 0 0 0 eth0
[[Email protected] ~]# IP route Show
192.168.124.0/24 Dev eth0 proto kernel scope link src 192.168.124.129
169.254.0.0/16 Dev eth0 scope link metric 1002
Default via 192.168.124.2 Dev eth0
[[Email protected] ~]# IP R S
192.168.124.0/24 Dev eth0 proto kernel scope link src 192.168.124.129
169.254.0.0/16 Dev eth0 scope link metric 1002
Default via 192.168.124.2 Dev eth0
"Add Delete gateway" temporary modification
[Email protected] ~]# route del default GW 192.168.124.2
[Email protected] ~]# route-n
Kernel IP Routing Table
Destination Gateway genmask Flags Metric Ref use Iface
192.168.124.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0
169.254.0.0 0.0.0.0 255.255.0.0 U 1002 0 0 eth0
[[email protected] ~]# route add default GW 192.168.124.2
[Email protected] ~]# route-n
Kernel IP Routing Table
Destination Gateway genmask Flags Metric Ref use Iface
192.168.124.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0
169.254.0.0 0.0.0.0 255.255.0.0 U 1002 0 0 eth0
0.0.0.0 192.168.124.2 0.0.0.0 UG 0 0 0 eth0
"Increase Delete route" temporary modification
================================ Add Route ===============================
[Email protected] ~]# Route add-net 10.0.0.0/16 GW 192.168.124.2
[Email protected] ~]# route add-host 10.0.0.1 Dev eth0
================================ Deleting Routes ===============================
[Email protected] ~]# Route del-net 10.0.0.0/16
[Email protected] ~]# Route del 10.0.0.1
============================ Add default route ===============================
[Email protected] ~]# route del default GW 192.168.124.2
3.3 Configuring and viewing network-related information
? "Ifconfig"
ifconfig [device name] View online information
Ifconfig eth0:x ip/mask up Configure alias IP and enable
Ifconfig eth0:x IP netmask mask up configure alias IP and enable
Ifconfig eth0:x down Deactivate
How to configure aliases for permanent entry: Edit/etc/sysconfig/network-scripts/ifcfg-eth1:x
? "IP"
IP addr Viewing network NIC information
IP addr Add ip/mask dev eth0:x a network card to configure multiple IP methods
3.4 tcpdump
? "Features" a powerful grab bag tool
? "Common parameters"
options |
parameter description |
-i |
Yes interface means that we have an obligation to tell tcpdump which network card to listen to. This is necessary when there are multiple NICs on a single server. |
-nn |
means that when Tcpdump encounters a protocol number or port number, do not convert these numbers to the corresponding protocol name or the name. For example, it is well known that Port 21 is an FTP port, and we want to display 21 instead of tcpdump to display it as FTP. |
-X |
tells the tcpdump command that the protocol header and package contents should be displayed exactly (the tcpdump will be shown in 16 and ASCII), which is an absolute weapon for protocol analysis. If you do not make the original display output, when you put the received information into other professional analysis package software analysis will have a problem |
-C |
is the meaning of count, which sets we want tcpdump to help us catch a few bags. It's 1, so tcpdump won't help me catch even one more bag. |
-W |
save traffic to a file, tcpdump-w is stored directly in the file with the raw packets (original network packet) , that is, stored in the form of a struct, not the information after the parsed text format, and therefore cannot be viewed directly through the less command. |
-R |
read RAW packets file |
-N |
Specify protocol |
? "Application Instance"
[[[email protected] ~]# tcpdump TCP port 22-c4-i eth0-nn
Tcpdump:verbose output suppressed, use -V OR-VV for full protocol decode
listening on eth0, Link-type EN10MB (Ethernet), capture size 65535 bytes
18:23:31 .592883 IP 192.168.124.129.22 > 192.168.124.1.58274:flags [P.], seq 3537615929:3537616125, Ack 3597215233, win 304, le Ngth 196
18:23:31.593276 IP 192.168.124.1.58274 > 192.168.124.129.22:flags [.], ACK 196, win, length 0
18:23 : 31.595035 IP 192.168.124.129.22 > 192.168.124.1.58274:flags [P.], seq 196:472, ack 1, win 304, length 276
18:23:31 .597068 IP 192.168.124.129.22 > 192.168.124.1.58274:flags [P.], seq 472:636, ack 1, win 304, length 164
4 Packets C Aptured
4 Packets received by filter
0 packets dropped by kernel
[Email protected] ~]# tcpdump TCP port and host 192.168.124.129-C2
Tcpdump:verbose output suppressed, use-v OR-VV for full protocol decode
Listening on eth0, Link-type EN10MB (Ethernet), capture size 65535 bytes
18:24:49.155438 IP 192.168.124.129.ssh > 192.168.124.1.58274:flags [P.], seq 3537619685:3537619881, Ack 3597218077, W In 304, length 196
18:24:49.155970 IP 192.168.124.1.58274 > 192.168.124.129.ssh:flags [.], ACK 196, win 253, length 0
2 packets captured
2 Packets received by filter
0 packets dropped by Kerne
3.5 Turn on the route forwarding function
[[email protected] ~]# vim /etc/sysctl.conf 修改配置文件
# Controls IP packet forwarding
net.ipv4.ip_forward = 0 此项参默认是0 将其改为1即可[[email protected] ~]# sysctl -p 进行查看
Linux Network Fundamentals