Summary of TCP/IP protocol details (angry squirt of old blood)

TCP/IP protocolTCP/IP is not a protocol, but a generic term for a protocol family. It includes IP protocol, IMCP protocol, TCP protocol. TCP/IP tiering:

Here are a few points to note: Internet address: That is, IP address, usually network number + subnet number + host number domain Name System: Popular, is a database, you can convert the hostname to the IP Address RFC:TCP/IP Protocol standard document port number: A logical number, Tag with IP packet Socket: Application programming Interface Data Link layer working characteristics: send and receive IP datagram for IP module send ARP request to ARP module and receive ARP Reply (ARP: Address Resolution Protocol, convert IP address to MAC address) Send Rarp request and receive RARP response for Rarp Next we look at the workflow of TCP/IP: Data link layer from ARP to get data transfer information, and then from IP to get specific data information IP Protocol

In the IP protocol header, the most important is the TTL (the maximum number of network segments allowed by IP) field (eight-bit), which specifies that the packet can pass through several routes before it is discarded. IP route Selection
how the ARP protocol works
ICMP Protocol (Network Control Protocol)Send error messages that cannot be transmitted by IP packets to the host Query message ping query: whether the host is accessible by calculating the interval time and the number of packets that are transmitted by the subnet mask timestamp: Get the current time error message does not produce the situation: ICMP error message does not produce error message source address 0 address, ring address, Broadcast address, multicast address IP Router Selection protocol Static route selectionFirst look at the routing workflow:
Static route selectionConfigure the interface to generate route table entries by default, or use the route add to manually add table entries ICMP packets (ICMP Redirect messages) Update table entries dynamic routing selection (only used between routes) RIP (Routing Information Protocol)Distributed routing protocol based on distance vectors (distance records of routers to each destination network) router undertakes to send RIP request packets to each known router, requiring the complete routing table to submit its own routing table to the requestor if it accepts the request; Accept the response on the IP Request table entry (own part + hop count/Not part +16), update the routing table periodically update the routing table (usually 30s, only too often ~) OSPF (Open Shortest Path precedence protocol)Distributed link State (network with both routers) protocol when the link state changes, a reliable flooding method is used to send information to all routers (the link state of all neighboring routers) and eventually a full network topology diagram is established. TCP/IP three-time handshake, four breakupFirst, let's start by understanding the TCP segment
Important signs I also have markers in the diagram, focusing on the flag bit ACK: Confirm serial Number valid RST: RESET connection SYN: initiated a new connection FIN: Release a connection three-time handshake process (client we use a to indicate that the server side is represented by B)Prerequisite: A active open, B passive open
Before establishing a connection, B creates the TCB (transport control block), prepares to accept connection requests from the client process, is in listen (listening) state A first creates the TCB, then sends a connection request to B, SYN 1, and selects the initial sequence number seq=x, into the Syn-send (synchronous sent) state b After receiving the connection request to a send confirmation, SYN set 1,ack 1, while generating a confirmation sequence number ack=x+1. At the same time randomly select the initial sequence number seq=y, enter the SYN-RCVD (synchronously received) status a received confirmation connection request, ACK 1, confirmation number ack=y+1,seq=x+1, into the established (established connection) status. A confirmation connection is made to B, and finally B enters the established (connected) state. Simply put, when a connection is established, the client sends a SYN packet (syn=i) to the server and goes into the syn-send state, waits for the server to confirm that the server received the SYN packet, must confirm the customer's SYN (ACK=I+1), and also sends a SYN packet (syn=k), That is, the Syn+ack packet, when the server enters the SYN-RECV state client receives the server's Syn+ack package, sends the acknowledgment ACK (ACK=K+1) to the server, the packet is sent, the client and the server enter the established state, complete three times handshake This is interspersed with a knowledge point is a SYN attack, then what is a SYN attack. What happens is the condition. How to avoid. In the three-time handshake process, after the server sends Syn-ack, the TCP connection before the client's ACK is called a half-connection (Half-open Connect), and the server is in SYN_RCVD state when the ACK is received. The server is transferred to the established state. SYN attack is the client in a short period of time to forge a large number of non-existent IP address, and to the server to continuously send SYN packets, the server replies to confirm the package, and wait for client confirmation, because the source address is not present, so the server needs to continue to resend until time-out, These bogus SYN packets take the time to occupy the disconnected queue, causing the normal SYN request to be discarded because the queue is full, causing network congestion and even system paralysis. SYN attack is a typical DDoS attack, the way to detect a SYN attack is very simple, that is, when the server has a large number of semi-connected state and the source IP address is random, you can conclude that the SYN attack, using the following command can be used to present:
#netstat-nap | grep syn_recv
Four breakup process (client we use a to indicate, server side with B)Because TCP connections are full-duplex, each direction must be closed separately. This principle is when a party completes the data sending task, sends a fin to terminate the link in this direction. Receiving a fin just means that there is no data flow in this direction, neither is receiving data, but still sending data on this TCP connection, knowing that this direction also sends Fin, the one who first shuts down will perform the active shutdown and the other side performs a passive shutdown.
Prerequisite: A active off, b passive off

One might ask why a handshake is three times when connected, and four waves when disconnected. This is because the server is in the listen state, after receiving the SYN message to establish the connection request, the ACK and SYN are placed in a message sent to the client. And when the connection is closed, when the other side of the fin message, only to indicate that the other party no longer send the data but also can receive data, you may not all the data are sent to each other, so you can immediately close, you can send some data to each other, then send fin message to the other side to express the consent to now close the connection, Therefore, your own ACK and fin are generally divided into the development of send.

A sends a fin to turn off the data transfer from A to B, and a enters the fin_wait_1 state. b After receiving FIN, send an ACK to a, confirm that the serial number is received sequence number +1 (same as SYN, one fin occupies a serial number), B enters the close_wait state. B sends a fin to turn off the data transfer from B to a and b into the Last_ack state. A after receiving fin, a enters the time_wait state, then sends an ACK to B, confirming that the serial number is received by the serial number +1,b into the closed state, four times to complete the wave. In a nutshell, client A sends a fin to turn off customer A to Server B data Transfer (message segment 4). Server B receives this fin, which sends back an ACK confirming that the sequence number is received plus 1 (message Segment 5). As with Syn, a fin will occupy a sequence number. Server B Closes the connection to client A and sends a fin to client a (message segment 6). Client A sends back an ACK message acknowledgment and sets the confirmation sequence to receive the serial number plus 1 (message segment 7). A after entering the time-wait state, the TCP will not be released immediately, the time required to wait for the timer set time of 2MSL (the longest message segment life), a before entering into the closed state. Why. To ensure that the last ACK segment sent by a can reach B to prevent the "Failed connection request message segment" From appearing in this connection
Ok~ is not very difficult to understand the feeling. Well, let's just say, "humane point." Three handshake process the client sends a request "open the door now, I'll come in." Give the server server A "come in, I'll open the door" to the client client has a very polite "thank you, I want to come in" to the server four wave process
The client sent a "time is not early, I want to go" to the server, and so the server got up to send him the server heard, send a "I know, then I send you out" to the client, and so the client walk the server shut the door, send a "I closed" to the client, and then wait for the client to go (like a , I go ", then I left the OK, first to this bar, and follow Yo ~ ~ ~