TCP/IP network packet

In general, for network programming, we only need to call encapsulated functions or components to complete most of the work, but in some special cases, we need to have a deep understanding.

Network Packet structure and protocol analysis. Such as network monitoring and troubleshooting ......

 

The IP package is insecure, but it is the foundation of the Internet and widely used in various aspects. More than 10 protocol families (as far as I know) derived from the IP protocol will appear in the future

More IP-based protocols...

 

Let's start with the actual situation!

When talking about the Internet speed, we use bandwidth to describe it professionally. In fact, neither the network speed nor the bandwidth is accurate. For example, 1 MB, 512 K ......

Some students in the school may have questions about why the download speed cannot exceed kb even though my business is 1 MB? Why is the K cap over 50 K ?...

 

1 m Refers to 1 Mbps = 1 million bits per second, that is, 1 m bits per second, that is, 1048576 binary bits are transmitted in one second. We know a byte

It is 8 binary bits.

Okay, you have another problem. Even so, 1 m = 1048756 then 8 = 131072 then 1024 = 128 K. There should also be 120 kb. Why is the download speed still very low to kb,

Thank God for all the help. After reading this article, your account is correct ......

 

1. protocol hierarchy

 

 

Protocol Stack:

Layers in OSI	Function	TCP/IP protocol family
Application Layer	File transmission, email, file service, virtual terminal	TFTP, HTTP, SNMP, FTP, SMTP, DNS, telnet, etc.
Presentation Layer	Data formatting, code conversion, and Data Encryption	No agreement
Session Layer	Release or establish contact with other contacts	No agreement
Transport Layer	Provides end-to-end Interfaces	TCP, UDP
Network Layer	Select a route for a data packet	IP, ICMP, OSPF, OSPF, IGMP, rip
Data Link Layer	Transmitted frame with address and Error Detection Function	Slip, cslip, PPP, MTU, ARP, RARP
Physical Layer	Transmit data on physical media in the form of binary data	Iso2110, IEEE802, and 802.2

Note that TCP itself does not have the error detection function caused by noise during data transmission, but implements the error retransmission function that times out;

 

Data format:

 

 

 

 

 

Link Layer data frame: frame header + IP data packet + frame end (the frame header includes the MAC address and type of the source and target hosts, and the frame end is a checkword) IP data packet: IP header + TCP data information (the IP header includes the source and Target Host IP addresses, types, and lifetime) TCP data information: TCP Header + actual data (the TCP Header includes the source and target host port numbers, sequence numbers, validation numbers, and verification characters)

 

The Ethernet frame format is as follows:

 

The source address and destination address are the hardware address (also called the MAC address) of the network card. The length is 48 bits and is fixed at the factory of the network card.Run the ifconfig command to check that the "hwaddr 00: 15: F2: 14: 9e: 3f" part is the hardware address.The Type field has three values, corresponding to IP, ARP, and RARP respectively. The end of the frame is a CRC check code.

The Data Length in an Ethernet frame is defined as a minimum of 46 bytes, a maximum of 1500 bytes, and a minimum of 46 bytes for ARP and RARP packets. Fill in the following bits. The maximum value is 1500Maximum Transmission Unit (MTU ),Different network types have different MTUS. If a data packet is routed from the Ethernet to the dial-up link and the packet length exceeds the MTU of the dial-up link, fragmentation is required for the data packet ). The output of the ifconfig command also contains "MTU: 1500 ". Note that the MTU concept refers to the maximum length of the payload in a data frame, excluding the length of the frame header.

 

 

IP packet structure:

, A scale represents 1 binary bit (BIT ).

1-1. Version 4-bit, indicating the version number. Currently, the most widely used version is 4 = B1000, which is also known as IPv4. I believe IPv6 will be widely used in the future and can be assigned to every button in the world.

An IP address.

1-2. The header length is 4 bits and the length of the packet header. It indicates how many 32-bit long integers are contained in the packet header, that is, how many 4 bytes of data are contained. If there is no option, the value is 5 (in red ).

1-3. service type, including 8 binary bits. The meaning of each bits is as follows:

Process Field: 3 bits, set the importance of the data packet. The greater the value, the more important the data is. value range: 0 (normal )~ 7 (Network Control)

Latency field: 1 bit; Value: 0 (normal); 1 (low latency)

Traffic field: 1 bit; Value: 0 (normal); 1 (high traffic)

Reliability field: 1 bit; Value: 0 (normal); 1 (extremely high reliability)

Cost field: 1 bit; Value: 0 (normal); 1 (special minimum cost)

Reserved field: 1 bit, not used

1-4. The total length of the package is 16 bits. The total length of the current data packet, in bytes. Of course, the maximum value is only 65535, and 64 KB.

2-1. The 16-bit re-identification is sent to the identity assigned by the host for the receiver to perform sharding.

2-2. mark 3. Their respective meanings are as follows:

Reserved field (2): 1 bit, not used

Field-insensitive (1): 1 bit; Value: 0 (datagram segmentation allowed); 1 (datagram cannot be segmented)

More bits (0): 1 bits, value: 0 (there is no package after the packet, this package is the final package), 1 (there are more packages after the packet)

2-3. The segment offset is 13 BITs. It is combined with more bits to help the receiver combine segmented packets in bytes.

3-1. The survival time is 8 bits. The TTL (time to live) that is often seen by the ping command is this. Each time a vro passes through, the value is reduced by one to zero and discarded.

3-2. The 8-bit protocol code indicates the upper-layer protocol that uses the package, such as TCP = 6, ICMP = 1, UDP = 17, etc.

3-3. header check and 16-bit check are the IPv4 packet header checksum.

4-1. Source start address, 32-bit 4-byte. We often see that IP addresses are separated by DOTS.

5-1. Destination Address, 32-bit, same as above.

6-1. Optional options, mainly for some special circumstances, often Security Routing will be used as an attack to filter out, universal (tp_link) TL-ER5110 routing can do so.

7-1. user data.

 

TCP packet structure:

1-1. The source start port is 16 bits, and the range is of course 0.

1-2. Destination Port, same as above.

2-1. The data serial number is 32 bits. TCP creates a number for each byte sent. The serial number of the first byte of the current data packet is stored here.

3-1. Check that the serial number is 32 bits. For the sake of security, TCP tells the recipient that he wants to receive the first byte serial number of the next packet.

4-1. The offset is 4 bits, similar to the IP address, indicating the number of 32 bits from the header.

4-2. Retain 6 bits. if not used, set it to zero.

4-3. URG-When URG = 1, the emergency pointer field is valid. It tells the system that there is urgent data in this packet segment and should be transmitted as soon as possible (equivalent to high-priority data ).

4-3. confirm that the bit Ack is valid only when ACK = 1. When ACK = 0, the confirmation number is invalid.Refer to TCP three-way handshake

4-4. Reset the bit RST (reset)-When RST is set to 1, it indicates that a serious error occurs in the TCP connection (for example, due to host crash or other reasons). You must release the connection and then restart the connection.

Establish a transportation connection.Refer to TCP three-way handshake

4-5. synchronous bit syn-if the synchronous bit SYN is set to 1, this indicates a connection request or connection to receive packets.Refer to TCP three-way handshake

4-6. Terminate bit fin (final)-used to release a connection. When fin = 1, it indicates that the data of the sending end of the message segment has been sent and the transport connection needs to be released.

4-7. The window field is 16 bits. The window field is used to control the data volume sent by the recipient, in bytes. The end of the TCP connection determines its receiving window based on the size of the cache space.

And then notify the recipient to determine the upper limit of the recipient's sending window.

5-1. Packet checksum and 16 bits, includingHeaderAndDataThese two parts. During the calculation test, a 12-byte pseudo header must be added before the TCP packet segment.

5-2. The emergency pointer is 16 bits, indicating the serial number of the last byte of the emergency data in this section.

6-1. Optional 24-bit, similar to IP, is optional.

6-2. Fill in 8 bits so that the options are 32 bits.

7-1. User Data

Reprinted:Click Open Link