Summary of the TCP/IP protocol detailed content

TCP/IP protocol TCP/IP is not a protocol, but a generic term for a protocol family. It includes IP protocol, IMCP protocol, TCP protocol. TCP/IP tiering: Here are a few things to be aware of:

• Internet address: That is, IP address, usually network number + sub-network number + host number
• Domain Name System: Popular, is a database, you can convert the hostname to an IP address
• Standard documentation for the RFC:TCP/IP protocol
• Port number: A logical number, the tag with the IP packet
• Socket: Application Programming Interface

Working characteristics of the Data link layer:

• Sending and receiving IP datagrams for IP modules
• Send ARP request and receive ARP reply (ARP: Address Resolution Protocol, convert IP address to MAC address) for ARP module
• Send Rarp request and receive RARP response for Rarp

Next we understand the TCP/IP workflow: The data link layer from the ARP to get the data transfer information, and then from the IP to get the specific data IP Protocol IP protocol header, the most important is the TTL (IP allowed the maximum number of network segments) field (eight-bit), Specifies that the packet can pass through several routes before it is discarded. IP Routing ARP Protocol works the ICMP Protocol (Network Control Protocol) transmits the error message that the IP packet cannot transmit to the host query message

1. Ping query: Whether the host can be reached by calculating the interval time and the number of packets delivered
2. Subnet mask
3. Timestamp: Get current time

Cases where error messages are not generated:

1. ICMP error messages do not generate error messages
2. Source address 0 address, ring address, broadcast address, multicast address

IP Router Selection protocol static route selection first look at routing workflow: static route selection

1. Configure the interface to generate a route table entry by default, or manually add a table entry by using the route add
2. ICMP message (ICMP redirect message) Update table entry
3. Dynamic route selection (only used between routes)

RIP (Routing Information Protocol) a distributed routing protocol based on distance vectors (routers to distance records for each destination network) router The work undertaken:

1. Send a RIP request message to each known router, requiring a complete routing table
2. If the request is accepted, the routing table is given to the requestor, and if not, the IP Request table entry is processed (own part + hop count/Not part +16)
3. Accept the response, update the routing table
4. Regular update of the routing table (usually 30s, can only say too often ~)

OSPF (Open Shortest Path First protocol) Distributed link state (and network with both routers having interfaces) protocol

1. When the link state changes, a reliable flooding method is used to send information to all routers (the link state of all neighboring routers)
2. Will eventually create a full-network topology diagram

TCP/IP three handshake, four breakup first, let's start by understanding the important flags of the TCP segment. I also have markers in the diagram, focusing on the flag bit ACK: Confirming the ordinal of the valid RST: Resetting the connection syn: initiating a new connection fin: Releasing a connection to three handshake (client we use a to denote, Server side with B) Premise: A active open, B passive open

1. Before establishing a connection, B creates the TCB (transport control block), prepares to accept connection requests from the client process, and is in listen (listening) state
2. A first create the TCB, then send a connection request to B, SYN 1, and select the initial sequence number seq=x, into the Syn-send (synchronous sent) state
3. b After receiving the connection request to a send confirmation, SYN set 1,ack 1, while generating a confirmation sequence number ack=x+1. At the same time randomly selects the initial ordinal number seq=y, enters the SYN-RCVD (synchronously receives) the state
4. A after receiving the confirmation connection request, the ACK 1, the confirmation number ack=y+1,seq=x+1, enters the established (established connection) status. A confirmation connection is made to B, and finally B enters the established (connected) state.

In simple terms, it is

1. When a connection is established, the client sends a SYN packet (syn=i) to the server and enters the Syn-send state, waiting for the server to confirm
2. The server receives the SYN packet, must confirm the customer's SYN (ACK=I+1), and also sends itself a SYN packet (syn=k), namely the Syn+ack packet, when the server enters the SYN-RECV state
3. The client receives the server's Syn+ack packet, sends the acknowledgment ACK (ACK=K+1) to the server, the packet is sent, the client and the server enter the established state, and the three handshake is completed.

This is interspersed with a knowledge point is a SYN attack, then what is a SYN attack? What are the conditions that occur? How to avoid it? In the three-time handshake process, after the server sends Syn-ack, the TCP connection before the client's ACK is called a half-connection (Half-open Connect), and the server is in SYN_RCVD state when the ACK is received. The server is transferred to the established state. SYN attack is the client in a short period of time to forge a large number of non-existent IP address, and to the server to continuously send SYN packets, the server replies to confirm the package, and wait for client confirmation, because the source address is not present, so the server needs to continue to resend until time-out, These bogus SYN packets take the time to occupy the disconnected queue, causing the normal SYN request to be discarded because the queue is full, causing network congestion and even system paralysis. SYN attack is a typical DDoS attack, the way to detect a SYN attack is very simple, that is, when the server has a large number of semi-connected state and the source IP address is random, you can conclude that the SYN attack, using the following command can be used to present:
#netstat-nap | grep syn_recv Four break-up process (client we use a to indicate that the server side with B) because the TCP connection is full duplex, so each direction must be closed separately. This principle is when a party completes the data sending task, sends a fin to terminate the link in this direction. Receiving a fin just means that there is no data flow in this direction, neither is receiving data, but still sending data on this TCP connection, knowing that this direction also sends Fin, the one who first shuts down will perform the active shutdown and the other side performs a passive shutdown. Prerequisite: A active shutdown, b passive close someone may ask, why is the connection when the time is three handshake, and disconnect when the need to wave four times? This is because the server is in the listen state, after receiving the SYN message to establish the connection request, the ACK and SYN are placed in a message sent to the client. And when the connection is closed, when the other side of the fin message, only to indicate that the other party no longer send the data but also can receive data, you may not all the data are sent to each other, so you can immediately close, you can send some data to each other, then send fin message to the other side to express the consent to now close the connection, Therefore, your own ACK and fin are generally divided into the development of send.

1. A sends a fin to turn off the data transfer from A to B, and a enters the fin_wait_1 state.
2. b After receiving FIN, send an ACK to a, confirm that the serial number is received sequence number +1 (same as SYN, one fin occupies a serial number), B enters the close_wait state.
3. B sends a fin to turn off the data transfer from B to a and b into the Last_ack state.
4. A after receiving fin, a enters the time_wait state, then sends an ACK to B, confirming that the serial number is received by the serial number +1,b into the closed state, four times to complete the wave.

In short, it's

1. Client A sends a fin to turn off customer A to Server B data Transfer (message segment 4).
2. Server B receives this fin, which sends back an ACK confirming that the sequence number is received plus 1 (message Segment 5). As with Syn, a fin will occupy a sequence number.
3. Server B Closes the connection to client A and sends a fin to client a (message segment 6).
4. Client A sends back an ACK message acknowledgment and sets the confirmation sequence to receive the serial number plus 1 (message segment 7).

A after entering the time-wait state, the TCP will not be released immediately, the time required to wait for the timer set time of 2MSL (the longest message segment life), a before entering into the closed state. Why?

1. To ensure that the last ACK segment sent by a can reach B
2. Prevent "Invalid connection request message segments" from appearing in this connection

Ok~ is it difficult to understand the feeling? Let's just say "humane point". Three-time handshake process

1. The client sends a request, "Open the door, I'll come in." To the server
2. The server sends a "come in, I'll open the door for you" to the client
3. The client has very polite to send a "Thank you, I want to come in" to the server

Four wave flow

1. The client sends a "time is not early, I want to go" to the server, waiting for the server to get up and send him
2. The server hears, sends a "I know, then I send you to go out" to the client, wait for the client to go
3. After the server closes the door, send a "I closed" to the client, and then wait for the client to go (a dead-sentimental AH)
4. The client sends a "I know, I'm Gone" and then I'm gone.

OK, come here first, and follow Yo ~ ~ ~

Summary of the TCP/IP protocol detailed content