The TCP/IP protocol workflow is as follows: On the source host, the application layer transmits a string of application data to the transport layer. The transport layer truncates the data stream of the application layer into groups, and the TCP header forms the TCP segment, which is sent to the network layer. At the network layer, the TCP segment is added with the IP header that includes the source and destination host IP address, an IP packet is generated and the IP packet is sent to the link layer. The link layer packs the IP packet on the data part of its Mac frame, adds the MAC address and frame head of the source and destination host, and sends the MAC frame to the destination host or IP router according to its destination MAC address. At the destination host, the link layer removes the frame head of the Mac frame and sends the IP packet to the network layer. The network layer checks the IP header and discards the IP packet if the header is validated and inconsistent with the calculated result, and if the checksum is consistent with the result, the IP header is removed and the TCP segment is sent to the transport layer. The transport layer checks the order number to determine if it is the correct TCP grouping and then checks the TCP header data. If correct, send a confirmation message to the source host, or request a postback message to the source host if the package is incorrect or missing. In the destination host, the transport layer removes the TCP header and sends the sorted packet composition to the application data stream. This means that the destination host receives a byte stream from the source host, as if it were to receive a byte stream from the source host directly.
First set:
Survey of Network basic knowledge
Date: 2008/3/3
Name: amxking
One, basic part
1, the Chinese full name of the OSI is (International Organization for Standardization),
They are (the application layer (application layer) Presentation layer (presentation layer) session layer (layer transport) Transport layer
Network layer (Network layer) (Data link layer) physical layer (physical layer).
2. Hub Hub works in the OSI Reference Model (physical) layer; The NIC works on the (physical) layer of the OSI Reference model;
Router router work at the OSI Reference Model (network) layer; switch switches work at the OSI Reference Model (data link) layer.
3, the IP address of machine A is 202.96.128.130, the subnet mask is 255.255.255.128, the network number of the IP address is (202.96.128),
The host number is (130).
4, the Chinese meaning of ARP (Address Resolution Protocol), please explain its working principle in a simple language.
1. First of all, each host in its own ARP buffer (ARP Cache) to establish an ARP list, to represent the IP address and the corresponding relationship between the MAC address.
2. When the source host needs to send a packet to the destination host, it first checks to see if there is a MAC address for the IP address in the ARP list.
If so, send the packet directly to the MAC address, and if not, initiate an ARP request broadcast packet to the local network segment to query for this purpose
The corresponding MAC address of the host. This ARP Request packet includes the IP address of the source host, the hardware address, and the IP address of the destination host.
3. When all hosts on the network receive this ARP request, they check that the destination IP in the packet is consistent with their IP address. Ignore this if it's not the same
packet; If the same, the host first adds the MAC address and IP address of the sender to its own ARP list, if the IP is already present in the ARP table
Information, it will be overwritten, then send an ARP response packet to the source host, telling each other that it is the MAC address it needs to find;
4. When the source host receives this ARP response packet, it adds the IP address and MAC address of the destination host to its own ARP list, and utilizes this information
Start the transfer of data. If the source host has not received an ARP response packet, the ARP query failed.
5. DNS refers to (domain Name System name systems). Please describe how it works in a simple language.
When a DNS client needs to query the name used in a program, it queries the DNS server to resolve the name.
Each query message sent by the client includes 3 messages to specify the question the server should answer.
1 specifies the DNS domain name, which is represented as a fully qualified domain name (FQDN).
2 The specified query type, which can specify a resource record based on the type, or as a specialized type of the query operation.
3 The specified category for the DNS domain name.
6. The difference between TCP and UDP
TCP provides connection-oriented, reliable data stream transmission, while UDP provides connectionless, unreliable data stream transmission.
Simply put, TCP is focused on data security, while UDP data transfer is faster, but security is generally
7, the role of the gateway.
It allows access to the extranet
Second, network command
1, what is the role of Ipconfig.
Displays the setting values for the current TCP/IP configuration
2, what is the result of running net share return.
List shared resources related information such as ipc$
3, net use and net user refers to what is respectively.
NET user is used to manage, add, and delete network users.
NET use for network device management, such as adding disks
4, how to view the current system open service under the command line.
To execute the Net Services command at the command line
5, in addition to the above command, there are, please write you know the order.
Taskill
Taslist
NET view display computer list
Netstat
Ftp
Telnet
Third, system ports and services
1, turn off the following services, what will happen, and please explain your opinion.
Automatic Updates
Cannot be updated automatically
Plug and Play
Disabling can cause USB to not be available.
Remote Registry Service
Prevent you from browsing the Web to modify your registration form
Computer Browser
The service cannot be used to maintain the latest list of computers on the network and to provide the program to which the list is requested.
2. Ports and relative services
FTP (21 File transfer FTP service)
The port for Terminal Services is (3389)
Port 23 is the default port (TELNET) Open
Port 25 is open (e-mail SMTP)
Port 109 is (POP2) Open
Port 1433 is (SQL Server) Open
Four, network protocol
Icmp:
is an abbreviation for the Internet Control Message Protocol (Internet-controlled messaging protocol).
It is a child protocol of the TCP/IP protocol family that is used to pass control messages between IP hosts and routers.
Control message refers to network communication, whether the host is up to, whether the route is available or not.
Although these control messages do not transmit user data, they play an important role in the transfer of user data.
Tftp:
Trivial file Transfer Protocol is a protocol in the TCP/IP protocol family for simple file transfer between the client and the server
Provides an uncomplicated, inexpensive file transfer service.
HTTP:
HTTP Hypertext Transfer Protocol, an object-oriented protocol belonging to the application layer, is suitable for distributed hypermedia information System because of its simple and fast way.
It was proposed in 1990, after several years of use and development, has been continuously improved and expanded.
DHCP: Dynamic Host Configuration Protocol, a means of enabling the system to connect to the network and obtain the required configuration parameters
Second set:
Network Knowledge Examination
Date: 2008/3/3
Name: amxking
One, fill in the blanks.
1, the protocol used to transmit information between the browser and the WWW server is (http).
2, in the Star LAN structure, the device that connects the file server with the workstation is (switch).
3, after the installation of the Linux system, the system automatically created by the Administrator account is (root).
4, the unit is divided into a legitimate IP address 202.112.68.40 mask is 255.255 255.248, where the external port of the router and the ISP occupies 2,
If you use 202.112.68.41 and 202.112.68.42, the Mask is 255.255.255.252
Q: 1, what is the legal IP available to use?
Also available are 202.112.68.44/29, 202.112.68.45/29, 202.112.68.46/29
Q: 2, use the internal IP for address translation, if you use a host to connect the two networks inside and outside, please say 2 different network access method, and compare.
1 host to connect a network card to bind two different subnet address, run the agent software, the internal network to the gateway set point to the host.
2 the host Plug 2 network cards, respectively connected to the internal and external network, the host to the gateway and address translation role.
1 in the scheme if the intranet embezzled host legitimate IP can bypass the host
2 cannot bypass the host.
Q: What internal IP is reserved on the 3,internet is available for use.
can use 10.0.0.0 or 172.16 straight 172.31 or 192.168.0 straight 192.168.255
5, how to plan the firewall, the internal business Server and some PC computer and the Internet isolation.
Can build a demilitarized zone, the internal business Server through the intranet router to provide services internally.
Some PCs access the Internet via an external network by connecting some PC computers that are internet,internet on the intranet.
Set up a router or proxy server as a firewall between the demilitarized zone and the intranet to restrict external access.
6, in China, currently available to choose a large number of users to choose the access mode, and their respective access rate.
DDN Max 2M
ISDN 64k*2 (2b+d)
Frame Relay Max 2M
X.25 64K
[[[DDH (Max 2M)
ADSL (Asymmetric digital subscriber line, downlink rate from 512kbit/s to 8mbit/s, and uplink rate from 64kbit/s to 640kbit/s)
ISDN (Integrated Services Digital network can reach a maximum speed of 64Kbps or 128Kbps)]]
7, the 2 subnets quarantined by routers can share a single DHCP server. Can't
8, the user through what command can see their own application to the local IP address. What command can I use to request IP from the DHCP server again? What command to use to free IP.
Ipconfig/all
Ipconfig/release Free IP
Ipconfig/renew Get new IP
The multiplexing technology used by 8,ADSL is (a)
A. Frequency division multiplexing B. Time Division Multiplexing
C. Code Division Multiple Access D. Air Division multiple addresses
Second, question and answer questions.
1, write down the function of the network command below.
Netstat–p (only print statistics and protocol control block information for the protocol giving the name)
Net view (displaying a list on a computer on the current domain or network)
How to display Windows services (NET services) at the command line
2, the role of the net bridge.
is a bridge between a local area network and another LAN
3, with a command to achieve: The remote host C disk map to its own F disk
net use F: \ \ Remote host ip\c$ "password"/user: "username"
5, firewall port protection refers to.
Refers to the firewall through the setting of port switches, the closure of some non-essential ports, to achieve a certain safety protection purposes of the behavior.
1, establish the Connection agreement (three times handshake)
(1) The client sends a TCP message with a SYN flag to the server. This is message 1 in the three handshake process.
(2) server-side response to the client, this is the three handshake in the 2nd message, this message with both ACK and SYN logo. It therefore represents a response to a client-side SYN message, while labeling SYN to the client and asking the client if it is ready for data communication.
(3) The customer must again respond to the service segment an ACK message, this is the message segment 3.
2. Connection termination agreement (four waves)
Because the TCP connection is Full-duplex, each direction must be closed separately. The principle is that when one party completes its data sending task, it can send a fin to terminate the connection in this direction. Receiving a fin only means that there is no data flow in this direction, and a TCP connection can still send data after receiving a fin. The side that first closes will perform the active shutdown while the other side performs the passive shutdown.
(1) The TCP client sends a FIN, which is used to turn off client to server data transfer (message segment 4).
(2) The server receives this fin, it sends back an ACK, confirming that the serial number is the received number plus 1 (message Segment 5). Like Syn, a fin will occupy an ordinal number.
(3) The server shuts down the client's connection and sends a FIN to the client (message segment 6).
(4) The customer segment sends back ACK message confirmation, and the confirmation serial number is set to receive the serial number plus 1 (message paragraph 7).
CLOSED: There's nothing to say about this, the initial state.
LISTEN: This is also very easy to understand a state, indicating that a server side of the socket is in the listening state, you can accept the connection.
SYN_RCVD: This state is accepted to the SYN packet, under normal circumstances, this state is a server-side socket in the establishment of TCP connections during the three handshake session in the process of a middle state, very short, basically with netstat you are very difficult to see this state, Unless you deliberately write a client test program, intentionally three times TCP handshake process of the last ACK message is not sent. Therefore, when the client's ACK message is received, it will enter the established state.
Syn_sent: This state echoes with SYN_RCVD, when the client socket performs connect connection, it first sends the SYN message, so it then enters the syn_sent state and waits for the 2nd message in the service side to send a handshake of three times. The Syn_sent state indicates that the client has sent a SYN message.
Established: This is easy to understand, indicating that the connection has been established.
Fin_wait_1: This state to explain, in fact, the real meaning of fin_wait_1 and fin_wait_2 state is to represent the fin message waiting for each other. And the difference between the two states is: fin_wait_1 state is actually when the socket in the established state, it wants to actively shut down the connection, sent the FIN message to the other side, when the socket is entered into the fin_wait_1 state. And when the other side response ACK message, then into the fin_wait_2 state, of course, in the actual normal circumstances, regardless of what the other side of the case, should immediately respond ACK message, so fin_wait_1 state is generally more difficult to see, and Fin_wait_ 2 states can also sometimes be seen with netstat.
Fin_wait_2: This state is explained in detail above, in fact, the socket in the state of fin_wait_2, which means that a half connection, that is, one side requires a close connection, but also told the other side, I have some data to be sent to you, and then close the connection.
Time_wait: said that received the other side fin message, and sent an ACK message, and so on 2MSL can return to the closed available state. If the fin_wait_1 state, received the other side with the FIN flag and ACK sign message, you can go directly to the TIME_WAIT state, without the fin_wait_2 state.
CLOSING: This state is more special, the actual situation should be very rare, belong to a relatively rare exception state. Normally, when you send a fin message, it is supposed to receive (or simultaneously receive) the other's ACK message, and then receive the other's fin message. But the closing state means that after you send the FIN message, you do not receive an ACK message from the other side, but you also receive a fin message from the other side. Under what circumstances would such a situation arise? In fact, it is not difficult to draw a conclusion: that is, if the two sides close at the same time a socket, then there are both sides send fin message, also will appear closing state, that both sides are closing the socket connection.
Close_wait: The meaning of this state is actually that it is waiting to be closed. How to understand it. When the other side close a socket and send fin message to yourself, your system will undoubtedly respond to an ACK message to the other side, then into the close_wait state. The next thing you really need to consider is whether you still have data to send to each other, and if not, then you can close the socket, send a FIN message to the other, or turn off the connection. So what you need to do in the close_wait state is to wait for you to close the connection.
Last_ack: This state is relatively easy to understand, it is a passive closed side in the sending fin message, the last wait for the other ACK message. When the ACK message is received, it can be entered into the closed available state.
Finally there are 2 questions to answer, my own analysis after the conclusion (not necessarily guaranteed 100% correct)
1, why the establishment of the Connection Agreement is three times handshake, and closed the connection is four times handshake.
This is because the socket in the listen state of the server when the SYN message is received, it can send ack and SYN (ACK to respond, and SYN to sync) in a message. But when you close the connection, when receiving a fin message from each other, it simply means that the other party has no data to send to you, but not all of your data is sent to each other, so you may not be able to immediately close the socket, that is, you may also need to send some data to each other after the Send fin message to each other to indicate that you agree that the connection can now be closed, so it's ACK and fin messages are sent in most cases separately.
2, why the TIME_WAIT state also need to wait 2MSL before return to the closed state.
This is because: although both sides agreed to close the connection, and the handshake of the 4 messages are also coordinated and sent over, can reasonably be directly back to the closed state (as from the Syn_send state to the establish state), but because we have to pretend that the network is unreliable, You can not guarantee that your final ACK message will be received by the other side, so the other side in the Last_ack state of the socket may be due to timeout did not receive an ACK message, and resend the fin message, so the role of this time_wait state is to resend the likely loss of the ACK message.