One of the TCP/IP protocols

1. TCP/IP protocol stack

Layer-4 Model
The TCP/IP protocol follows a four-layer model concept: application layer, transport layer, Interconnection layer, and network interface layer.

Network Interface Layer
The basic layer of the model is the network interface layer. Sends and receives data frames. frames are independent network information transmission units. The Network Interface Layer places frames on the Internet or retrieves frames from the Internet.

Interconnection layer
The Interconnection protocol encapsulates data packets into internet data packets and runs necessary routing algorithms.
There are four interconnection protocols:
Internet Protocol IP Address: responsible for addressing and routing data packets between the host and the network.
Address Resolution Protocol ARP: Obtain the address of the hardware host in the same physical network.
Internet Control Message Protocol ICMP: sends messages and reports transmission errors of packets.
Internet Group Management Protocol (IGMP): IP host used to report group members to a local multicast router.

Transport Layer
The Transport Protocol provides communication sessions between computers. The selection of transmission protocols depends on the data transmission mode.
Two transmission protocols:
Transmission Control Protocol TCP: provides reliable communication connections for applications. It is suitable for transmitting a large amount of data at a time. It is applicable to applications that require responses.
User Datagram Protocol (UDP): provides connectionless communication and does not guarantee reliable transfer packets. It is suitable for transmitting a small amount of data at a time, and the reliability is the responsibility of the application layer.

Application Layer
Applications access the network through this layer.

Network Interface Technology
The IP uses the network device interface specification (NDIS) to submit frames to the network interface layer. IP addresses Support WAN and domestic network interface technologies.

Serial Line Protocol
TCP/IPG generally transmits data over the serial line protocol SLIP or Point-to-Point Protocol PPP over the internet. (Do we usually call it asynchronous communication? If you want to use LINUX to establish remote connections, you should study this knowledge )?


2. ARP

To communicate over the network, the host must know the hardware address of the host to which the host belongs (we are not familiar with the physical address of the NIC ). Address Resolution is the process of ing Host IP addresses into hardware addresses. Address Resolution Protocol ARP is used to obtain the hardware address of a host on the same physical network.

Explain the local IP address (a friend who wants to know about the address resolution process is ready)
Host IP address resolved to hardware address:
(1) initiate an ARP request when a host needs to communicate with another host. When the IP address determines that the IP address is local, the source host searches for the hardware address of the target host in the ARP cache.
(2) If no ing is found, ARP creates a request, and the source host IP address and hardware address are included in the request. The request is broadcast, allows all local hosts to receive and process data.
(3) Each host on the local network receives a broadcast and finds a consistent IP address.
(4) When the target host determines that the IP address in the request is consistent with its own, it directly sends an ARP reply and transmits its hardware address to the source host. Update the ARP cache with the IP address and hardware address of the source host. After receiving the answer, the source host establishes communication.

Resolve remote IP addresses
Hosts in different networks communicate with each other. ARP broadcasts the default gateway of the source host.
If the target IP address is a remote network host, ARP broadcasts the IP address of a vro.
(1) When initiating a Communication Request, the target IP address is known as a remote address. The source host is located in the local routing table. If no, the source host considers it as the IP address of the default gateway. Find the IP address (hardware address) that matches the gateway record in the ARP cache ).
(2) If no record is found for the gateway, ARP broadcasts the request to the gateway address instead of the address of the target host. The router uses its own hardware address to respond to the source host's ARP request. The source host sends data packets to the vro to transmit the packets to the network of the target host, and finally reaches the target host.
(3) On the vro, the IP address determines whether the destination IP address is local or remote. If it is local, the router uses ARP (cache or broadcast) to obtain the hardware address. If it is remote, the router searches for the gateway in its route table, and then uses ARP to obtain the hardware address of the gateway. Data packets are directly sent to the next target host.
(4) The target host generates an ICMP response after receiving the request. Because the source host is on the remote network, the gateway of the source host network will be searched in the local routing table. After finding the gateway, ARP gets its hardware address.
(5) If the hardware address of the gateway is not in the ARP cache, it is obtained through ARP broadcast. Once it obtains the hardware address, the ICMP response is sent to the vro and then to the source host.

ARP cache
To reduce the broadcast volume, ARP saves the address ing in the cache for backup. The ARP cache stores Dynamic and Static items. Dynamic items are automatically added and deleted, and static items are retained in the CACHE until Calculation
Server restart.

The ARP cache always retains the hardware broadcast address (0 xffffffffffffh) as a permanent item for the local subnet.
This enables the host to accept ARP broadcasts. This item is not displayed when you view the cache.
The lifecycle of each ARP cache record is 10 minutes, and is deleted if it is not used within 2 minutes. When the cache capacity is full, delete the oldest records.

Add static (permanent) records
You can add static ARP entries to reduce the number of ARP requests to access the host.

ARP packet structure
The ARP structure fields are as follows:
Hardware type-the hardware used (network access layer) type.
Protocol type-the protocol used in the parsing process uses an ethereum value.
Hardware address length: the length of the hardware address in bytes. For Ethernet and card ring, the length is 6 bytes.
Protocol address length: the length of the Protocol address byte. The IP address length is 4 bytes.
Operation number -- specify the field for the current operation.
The sender's hardware address: the sender's hardware address.
The Protocol address of the sender-the Protocol address of the sender.
Destination hardware address: the destination hardware address.
Destination Protocol address: the Protocol address of the target.


3. ICMP and IGMP

Internet Control Message Protocol ICMP is used to report errors and control messages on behalf of IP addresses.
The IP address uses the IGMP protocol to tell the router that there are available hosts in the Guidance Group on a network.

ICMP
ICMP Source suppression message: When the TCP/IP host sends data to another host, if the speed reaches the saturation of the router or link, the router sends an ICMP Source suppression message.

ICMP packet structure
Type: an 8-bit field indicating the ICMP data packet type.
Code: an 8-bit code field, indicating a function of the specified type. If one type has only one function, the code field is set to 0.
Check: A 16-bit check on the ICMP part of the data packet.
The additional data of the specified type changes with each ICMP type.

IGMP
IGMP information is sent to other routers so that each vro supporting multi-channel broadcasting knows which host group and which network.

IGMP Package Structure
Version: IGMP version. The value is generally 0x1 h.
Type: IGMP message type. The 0x1 H type is a host Member request. It is used on a multicast router to specify that any member in a multi-level group polls a network. The 0x2 H type is called host Member report. It is used to publish members in a specified group on the host or to answer requests from host members of a vro.
Unused: unused domain names are set to zero by the sender and ignored by the recipient.
Test: A 16-bit test of the IGMP header.
Group address: the host uses this group address to store IP multicast addresses in a host Member request. In host Member requests, the Group address is set to zero, and the hardware-level multi-channel broadcast address is used to mark the Host group.

4. IP

IP is a connectionless protocol. It is mainly responsible for addressing between hosts and setting routes for data packets. It does not establish a session before data is exchanged. Because it does not guarantee correct transmission, on the other hand, when the data is received, the IP address does not need to be confirmed, so it is unreliable.
Some fields will be appended to the data packet when the data is transferred from the transport layer. Let's look at these fields:
Source IP Address: Use the IP address to determine the datagram sender.
Destination IP Address: Use the IP address to determine the destination of the datagram.
Protocol: indicates whether the IP address of the target machine sends packets to TCP or UDP.
Check and: a simple mathematical computation used to verify the integrity of the received package.
TTL survival effective time: specifies the time (in seconds) on the network before a datagram is discarded ). It avoids endless loops of packets in the network. The router will decrease the TTL based on the time when the data stays in the router. When a data packet passes through a vro, TTL is reduced by at least one second.
According to the ARP knowledge we mentioned earlier, if the IP address destination is a local address, the IP address directly transmits the packet to that host. If the destination address is a remote address, the IP address searches for the route of the remote host in the local route table (it seems that we usually dial 114 ). If a route is found, the IP uses it to send packets. If it is not found, the data packet will be sent to the default gateway of the source host, also known as the router. (I have been defining gateways and routers for many times. In fact, I don't think the concept of failover is always the case. Now there are more and more products integrated with hardware and software. At the moment, it is very clear, as long as we use it to solve practical problems .)
In this way, when the router receives a packet, the packet is forwarded to the IP Address:
(1) if the traffic is congested (which sounds terrible), the packet stops in the router, and the TTL is at least reduced by 1 or more. If it drops to 0, the package will be discarded.
(2) If the package for the next network is too large, the IP address will split it into several packets.
(3) If the package is decomposed, the IP creates a new header for each new package, which includes a flag to show other packets behind it; a packet ID, used to determine that all packets are together. A packet offset is used to tell the receiving host how to re-combine them.
(4) A new test for IP computing.
(5) the IP address is used to obtain the target hardware address of a route.
(6) IP Forwarding packet.
In the next host, packets are sent to TCP or UDP. Each vro must repeat the process. Until the package reaches the final destination. When the package arrives at the final destination, the IP address is assembled into the original package.


5. TCP

TCP is a reliable connection-oriented transmission service. It performs data transmission in segments, and the host must establish a session to exchange data. It uses bitstream communication, that is, data is used as a non-structured byte stream.
Specify the sequence number for each TCP transmission field to obtain the reliability. If a segment is divided into several segments, the receiving host will know whether all segments have been received. Send a response to confirm that other hosts have received the data. For each small segment sent, the receiving host must return a confirmation at a specified time. If the sender does not receive the confirmation, the data will be re-sent; if the received data packet is damaged, the receiving host will discard it because the confirmation is not sent, and the sender will resend the segment.

Port
The SOCKETS utility uses a protocol port number to indicate the uniqueness of its own application. Port can use any number between 0 and 65536. When a service request is sent, the operating system dynamically assigns a port number to the client application.

Socket
A socket is similar to a file handle because it serves as the end point of network communication. An application generates a socket by defining three parts: the Host IP address, service type (connection-oriented service is TCP, and connection-free service is UDP), and the port used by the application.

TCP port
The TCP port provides a specific location for information transmission, and the port number smaller than 256 is defined as a common port.

TCP three-way handshake
TCP dialogs are initialized through three handshakes. The three-way handshake is used to synchronize the sending and receiving of data segments. It notifies other hosts of the amount of data that can be received at a time and establishes virtual