Reference documents:
* "TCP/IP detailed Volume One: agreement";
1. IP Internetwork Protocol 1.1 features:
unreliable : The IP datagram cannot be guaranteed to reach its destination successfully;
No connection : Do not maintain any information about the subsequent datagram status, that is, no handshake, such as UDP is not connected;
1.2 IP Header
Normal IPv4 Header length 20 bytes (Unless the Option field is included);
network byte order : Big-endian;
service Class (TOS): A total of 8 bits, the actual effective bit 4bit, the minimum delay, maximum throughput, maximum reliability, minimum cost;
Different protocols have different requirements: Telnet and rlogin are used for a small amount of interaction data requiring minimal transmission delay, FTP requires maximum throughput, SNMP (network management) and routing protocols require maximum reliability;
total length : A total of 16 bits, so the IP datagram up to 65535, note that most of the link layer will be fragmented, the host does not require the receipt of more than 576 bytes of datagrams; applications using UDP (Rip,tftp,bootp,dns, SNMP) limits User Datagram length to 512 bytes. But in fact most implementations allow more than 8192 bytes of datagram; The total length is important because some data links need to be populated to achieve the minimum length;
identification field : Each message is added with a value of 1 for fragmentation and reassembly;
Slice offset field : Used for sharding and reassembly;
TTL (time-to-live): 8-bit, sets the maximum number of routers the datagram can pass, the initial value is set by the source host (typically 32 or 64), after a router that handles it, minus 1, is discarded 0 o'clock, and sends an ICMP notification source host.
Checksum :
The IP checksum (the ICMP,IGMP,UDP,TCP algorithm is the same) calculation method.
Sender:
(1) First, the test and the field is set to 0;
(2) First every 16bit binary inverse code summation;
(3) The results are saved to the test and field;
Receiving Party:
(1) The first every 16bit binary inverse code summation, including the checksum;
(2) If the first error, the results should be all 1, otherwise discarded by the upper layer to detect the loss of data reported retransmission;
The binary number of fixed digits and its own inverse code add, of course, all is 1.
Routers often only modify the TTL field, so the checksum is added when forwarding.
Optional: variable-length optional information, including security and processing restrictions, record path timestamps, etc.;
1.3 IP route Selection
Most hosts use a simple routing mechanism : if the destination host and the source host in the same shared network, then the IP datagram directly to the destination host, otherwise, the host sends the datagram to a default router, forwarded by the router to the datagram.
Routing Table :
Route Table Entry format:
(1) Destination IP address: Can be the full host address or network address, network address designated network all the host;
(2) IP address of next-hop router;
(3) Logo:
A flag indicating whether the destination IP address is a network address or a host address;
Another flag indicates whether the next station router is a true next-station router or a directly connected interface;
(4) Specify a network interface for datagram transmission;
Select search order for IP routing :
(1) Look for a table that can match the destination IP address exactly;
(2) Looking for the target network number to match the table;
(3) Looking for "default table";
(4) The above are found, not sent, returned to the host unreachable or the network is not up to;
When (1) or (2) is unsuccessful, use the "Default" table;
Assigning a router to a network without having to specify a router for each host can greatly reduce the size of the routing table;
1.4 IP Subnet Addressing
The reason is a class, B network under the host number is too large, need to be further divided, of course, C-type network can also be divided.
Subnet addressing: Divides the host number into a subnet number and a host number.
partitioning the role of subnets :
(1) External hidden Internal network organization (obviously need further routing internally);
(2) Reduce the size of the Internet routing table;
1.5 Subnet Mask
Because the network number and host number in the IP address are determined;
1.6 Special IP addresses
(1) 0.0.0.0: Can be the source side, indicating all the unclear host and destination network;
(2) 127.xxx.xxx.xxx: loopback address;
(3) network number + all 1 host number or network number + subnet number + Full 1 host number : Broadcast address with network/subnet for the purpose;
(4) 255.255.255.255: Limit the broadcast address, this address can not be forwarded by the router;
A host can exist with multiple subnets at the same time, so there may be multiple IP addresses and their subnet masks.
1.7 Command ifconfig command
View, configure, enable, or disable network interfaces.
Grammar:
ifconfig [Network equipment][down up-allmulti-arp-promisc][add< address >][del< address;] etc;
Use:
IFCONFIG-A: Display all interface information;
Ifconfig eth0: Display eth0 interface card information;
Ifconfig down eth0: Close the eth0 network card;
Ifconfig up eth0: Turn on the eth0 network card;
Ifconfig eth0 Add 33FFE:3240:800:1005::2/64: Add IPV6 address for eth0 Nic;
Ifconfig eth0 192.168.1.56: Configure the IP address for the eth0 Nic;
And so on
Reference: Ifconfig command;
Netstat command
Display network connections, routing tables, interface states, spoofing connections, network link information, and multicast member groups;
Usage:
netstat-a | MORE: List all ports;
Netstat-at: List all TCP ports;
NETSTAT-AU:UDP;
Netstat-r: Display core routing information;
Netstat-i: List all network interfaces;
Reference: Netstat command;
2. ARP
ARP provides dynamic mapping between the IP address and the corresponding hardware address. Dynamic refers to the process is automated, program users and system administrators do not have to care.
Some of my questions:
* The process of ARP parsing;
* Apr get IP address corresponding to the hardware address to whom, how to save, update;
Basic concepts of 2.1 ARP
- The network interface has a hardware address (such as a 48bit hardware address, the identification of different Ethernet or Token Ring network interface), the hardware level communication must have the correct interface address;
- TCP/IP has its own address, 32bit IP address, only know that the IP address can not allow the kernel to send a frame data host;
- The function of Arp lies in the dynamic mapping between the two;
- The point-to-point link does not use ARP because the IP address on the other end of the kernel must be told when the link is set, and there is no hardware address like Ethernet;
The basic process of 2.2 ARP
Take an FTP request process as an example:
ftp bsdi
FTP is the application layer protocol, BSDI is the hostname, according to the level of the computer network, self-defined downward interpretation of the process:
1. Host name to IP address: DNS;
2. Establish TCP connection with IP address: TCP;
3. TCP sends IP datagram to remote host: Two cases, located in the same local network (directly to the destination host)/remote network (IP routing function to determine the next station route), note that both cases are sent to the host or router on the local network ;
At this point, if the sender does not know (the cache does not have) the other's hardware address, this IP datagram send behavior will trigger the process of ARP. We already know where to send the data to the network layer (IP and IP routing). But the data link layer requires the hardware address of the destination to be known, and the process of starting the ARP (Ethernet as an example):
- The broadcast sends an ARP request (which is an Ethernet data frame) that requires the network host to return its own IP address.
- The ARP layer of the destination host, which returns APR response (including IP address and corresponding hardware address);
- Received ARP reply, before that IP data can be sent;
2.3 ARP cache for storage and format
Like DNS, ARP works by mapping, in effect a key is a map of the IP address. and DNS at different levels have their own cache and TTL, each host has its own ARP cache, the survival time is generally 20 minutes .
ARP command query to cache entry
Address HWtype HWaddress Flags Mask Iface192.168.43.1 ether 0c:1d:af:d6:ab:bb C wlan0
Grouping format
From ARP in the packet format of ARP, we can see:
* ARP can be used for different types of networks (except for IP protocol unexpected addresses can also be resolved);
* ARP can be used for different hardware types of network, not limited to Ethernet;
* Grouping contains an action field whose values represent different types of ARP operations: 1 for ARP requests, 2 for ARP responses, 3 for RARP requests, and 4 for RARP responses;
2.4 ARP Test
Environment : Based on the school intranet, Ubuntu 15;
Required command:
* Grab Bag: tcpdump, Parameters: filter (e.g. Tcp,arp),-E (View link layer header information),-I (Specify interface);
* Ifconfig, view your HW address and IP address;
* Request, Telnet, trigger ARP process;
* ARP: view ARP cache;
Test One: general example: Requesting a host on the same local network
(1) Ifconfig View your IP address:
Get a private address and subnet mask:
inet addr:172.28.185.203 Bcast:172.28.191.255 Mask:255.255.192.0
and can see because I am currently using the wireless network, the network interface is: Wlan0;
(2) View the existing ARP cache:
-a? (172.28.128.1) at ac:85:3d:b2:c0:b4 [ether] on wlan0
This is the address of the router on which the subnet is located;
(3) Request a host address of the same network, ip:172.28.185.203, while using the packet capture program to view
-e -i wlan0
View ARP requests and responses on Wlan0;
172.28.185.136172.28.185.136...
Of course, there is not necessarily a connection, the other side does not necessarily open telnet, but can still trigger ARP request, Tcpdump returned as follows:
Listening on Wlan0, Link-type EN10MB (Ethernet), capture size262144bytes the: One:37.230876 9C:4E: $: C6:e8: the(Oui Unknown) > Broadcast, EtherType ARP (0x0806), length the: Request Who-has172.28.185.136Tell172.28.185.203, length - the: One:37.278147Ac -:3D:B2:C0:B4 (Oui Unknown) >9C:4E: $: C6:e8: the(Oui Unknown), EtherType ARP (0x0806), length About: Reply172.28.185.136Is-at AC: -:3D:B2:C0:B4 (Oui Unknown), length the
2.5 ARP Proxy
ARP proxy : If the ARP request is sent to another network, the router connecting the two networks can answer the request.
The ARP proxy (usually the router) knows the host to forward the IP datagram to the subnet (the necessary ARP in this subnet)
The benefits of subnetting in the network layer we have said: (1) Hide the internal network organization structure, (2) Reduce the size of the routing table.
I think this hop-hopping approach is similar to the combination pattern in design mode or the responsibility chain pattern, reducing the coupling (the size of the routing table is reduced). It also has a similar effect on the ARP layer, without having to broadcast ARP requests to the host's large number of networks, while hiding the details of the physical network.
2.6 Free ARP
The host sends ARP to find its own IP address.
Role:
1. Determine if there are other hosts that have the same IP address set;
2. Send free ARP host if you change the IP address (network card replacement, etc.), other hosts receiving the broadcast can update their ARP cache (if any) with the new sender IP and hardware address mappings.
2.7 arp command
Important Parameters:
Arp-a: Displays all contents of the cache;
Arp-n: Displays dotted decimal IP instead of host name;
Arp-s: Add cache entry manually, this added item is not over time by default, unless you add temp at the end;
3. RARP: Reverse Address Resolution Protocol
Diskless machine, x terminal or diskless workstation, get the process from IP. A host with a local disk reads an IP address from a configuration file on disk when the system boots.
The request is a link-layer broadcast, and the answer is unicast.
3.1 Rarp grouping format
Packet format and ARP basically always, different is the frame type is 0x8035, and the operation code is 3 and 4;
Some features of 3.2 rarp
- Incremental time-out with thresholds method: Rarp can be re-sent, time is incremented, but when a threshold is reached, it decreases;
- Rarp server is a user process: Because the RARP server needs to read the disk configuration file (kernel process generally does not do this);
- There are multiple RARP servers on each network: To prevent a shutdown, diskless systems generally use the first received RARP response;
- The implementation of RARP is related to the system;
Problem
- How do I handle response conflicts for multiple RARP servers?
Answer: (1) The server can set a random delay time before sending the response;
(2) Setting the main rarp;
TCP/IP Learning Note (iii)--IP,ARP,RARP