TCP/IP protocol detailed

Source: Internet
Author: User
Tags message queue snmp domain name server file transfer protocol port number

1. TCP/IP protocol stack

Four-layer model
TCP/IP This protocol adheres to a four-tier model concept: The application layer, the transport layer, the interconnect layer, and the network interface layer.

Network interface Layer
The base of the model is the network interface layer. Responsible for the transmission and reception of data frames, the frame is an independent network information Transfer unit. The network interface layer places frames on the Web or takes frames off the web.

Interconnect Layer
The interconnect protocol encapsulates packets into an Internet datagram and runs the necessary routing algorithms.
Here are four interconnect protocols:
Internet Protocol IP: Responsible for addressing and routing packets between the host and the network.
Address Resolution Protocol ARP: Obtain the hardware host address in the same physical network.
Internet Control Message Protocol ICMP: sends a message and reports a delivery error about the packet.
Interconnect Group Management Protocol IGMP: is taken by the IP host to report host group members to the local multicast router.

Transport Layer
The transport protocol provides a communication session between computers. The choice of the transfer Protocol depends on the data transfer method.
Two transport protocols:
Transmission Control Protocol TCP: Provides a reliable communication connection for the application. Ideal for transferring large batches of data at a time. and applies to applications that require a response.
User Datagram Protocol UDP: Provides no connection communication, and does not guarantee the transmission packet reliably. Suitable for transmitting small amounts of data at a time, reliability is the responsibility of the application layer.

Application Layer
The application accesses the network through this layer.

Network Interface Technology
IP uses the network device Interface specification for NDIS to submit frames to the network interface layer. IP supports WAN and local network interface technologies.

Serial Line Protocol
TCP/IPG generally transmits data over the serial line via the Internet Serial Line protocol slip or point-to-Point protocol PPP. (is not what we usually call it asynchronous communication, for Linux to provide a remote connection to the friends should be more research on this knowledge)?

2. ARP

To communicate on the network, the host must know the hardware address of the other host (we do not always encounter the physical address of the NIC). Address resolution is the process of mapping a host IP address to a hardware address. Address Resolution Protocol ARP is used to obtain the hardware address of a host in the same physical network.

Explain the local IP address (friends who want to understand the work process of address resolution are optimistic)
host IP address resolves to hardware address:
(1) When one host communicates with another host, the ARP request is initialized. When the IP determines that the IP address is local, the source host looks for the hardware address of the destination host in the ARP cache.
(2) If the mapping is not found, ARP establishes a request, the source host IP address and hardware address will be included in the request, the request is broadcast, so that all local hosts can receive and processing.
(3) Each host on the local network receives a broadcast and looks for a matching IP address.
(4) When the target host determines that the IP address in the request matches its own, send an ARP reply directly, and pass the hardware address to the source host. Update its ARP cache with the source host's IP address and hardware address. When the source host receives the answer, it establishes the communication.

Resolving Remote IP addresses
Hosts in different networks communicate with each other, and ARP broadcasts the default gateway for the source host.
If the destination IP address is a remote network host, ARP broadcasts the address of a router.
(1) When the communication request is initialized, the destination IP address is known as the remote address. The source host is located in the local routing table, and if none, the source host is considered the IP address of the default gateway. In the ARP cache, locate the IP address (hardware address) that matches the gateway record.
(2) If the gateway's record is not found, ARP broadcasts the address of the requesting gateway instead of the destination host. The router responds to ARP requests from the source host with its own hardware address. The source host sends the packet to the router to deliver to the destination host's network, eventually reaching the target host.
(3) On the router, IP determines whether the destination IP address is local or remote. If it is local, the router obtains the hardware address with ARP (cache or broadcast). If it is remote, the router looks for the gateway in its routing table and then uses ARP to obtain the hardware address of the gateway. The packet is sent directly to the next target host.
(4) The target host receives the request and forms an ICMP response. Because the source host is on the remote network, the gateway for the source host network is located in the local routing table. When the gateway is found, ARP obtains its hardware address.
(5) If the hardware address of this gateway is not in the ARP cache, it is obtained through ARP broadcast. Once it obtains the hardware address, the ICMP response is sent to the router, which is then uploaded to the source host.

ARP cache
To reduce the amount of broadcast, ARP saves address mappings in the cache for backup. The ARP cache holds dynamic and static items. Dynamic items are automatically added and deleted, and static items remain in the cache until they are calculated
Machine restarts.

The ARP cache always retains the hardware broadcast address (0XFFFFFFFFFFFFH) as a permanent entry for the local subnet.
This entry enables the host to accept ARP broadcasts. When you view the cache, the item is not displayed.
Each ARP cache record has a life cycle of 10 minutes and is deleted if it is not used within 2 minutes. When the cache capacity is full, the oldest record is deleted.

adding static (permanent) records
By adding static ARP entries, you can reduce the number of ARP requests to access the host.

Structure of the ARP packet
The fields for the ARP structure are as follows:
Hardware type-the type of hardware (Network access layer) used.
Protocol type--the value of the ether type is used for the protocol in the parsing process.
Hardware address Length-The byte length of the hardware address, which is 6 bytes in length for Ethernet and token rings.
Protocol address length-the length of the protocol address byte, the length of the IP is 4 bytes.
Action Number--Specifies the field where the action is currently performed.
The sender's hardware address-the sender's hardware address.
The sender's protocol address-the sender's protocol address.
Destination station hardware Address--the target's hardware address.
Destination Station protocol address--the target's protocol address.

3. ICMP and IGMP

Internet Control Message Protocol ICMP is used to report errors and control messages on behalf of the IP.
IP uses the Interconnect Group Management Protocol IGMP to tell the router that a host is available in the guidance group on a network.

ICMP source Suppress message: When the TCP/IP host sends data to another host, the router issues an ICMP source suppress message if the speed reaches the saturation of the router or link.

ICMP packet structure
Type: A 8-bit type field that represents the ICMP packet type.
Code: A 8-bit Code field that represents a feature in a specified type. If there is only one feature in a type, the Code field is set to 0.
Inspection and: A 16-bit check and on the ICMP part of the packet.
An additional data that specifies the type of data that varies with each ICMP type.

IGMP information is passed to other routers so that each multicast-enabled router learns which host group and which network.

IGMP Packet Structure
Version: IGMP version, the value is generally 0x1h.
Type: The type of IGMP message. The 0x1h type is called a host member request and is used on a multicast router to designate any member of a multi-level group to poll a network. The 0x2h type is called a host member report, which is used on the host to publish membership in a specified group or to answer a request from a host member of a router.
Unused: Unused domain names are sent by the sender 0 and ignored by the recipient.
Inspection and: A 16-bit inspection of the IGMP header and.
Group Address: The host uses this set of addresses to store IP multicast addresses in a host member request. In host member requests, the group address is zeroed, and the hardware-level multicast address is used to indicate the host group.

4. IP

IP is a non-connected protocol, primarily responsible for addressing between hosts and routing packets, and it does not establish a session before exchanging data. Because it does not guarantee proper delivery, on the other hand, when the data is received, the IP does not need to receive confirmation, so it is unreliable.
There are some fields that are appended to the packet when the data is passed down from the transport layer, so let's take a look at these fields:
Source IP address: Identifies the sender of the datagram with an IP address.
Destination IP Address: Determine the datagram target with an IP address.
Protocol: Tells the destination IP whether to pass the packet to TCP or UDP.
Check and: A simple mathematical calculation to verify the integrity of the received package.
TTL survival time: Specifies how much time (in seconds) to stay on the network before a datagram is discarded. It avoids the endless loops of packets in the network. The Router decrements the TTL based on the time that the data resides in the router. Where the datagram passes through a router, the TTL is reduced by at least one second.
According to the knowledge we mentioned earlier about ARP, if the IP address destination is a local address, the IP will pass the packet directly to that host, and if the destination address is a remote address, the IP locates the route of the remote host in the local routing table (it seems as if we usually dial 1141 samples). If a route is found, the IP transmits the packet with it. If it is not found, the packet is sent to the source host's default gateway, also known as the router. (many times have been engaged in the definition of gateways and routers, in fact, I think that when learning is not necessarily dead key concept, now hardware and software products more and more, a moment very clear, as long as we use the time can solve practical problems. )
This way, when the router receives a packet, the packet is passed up to the IP:
(1) If traffic jams (sounds awful), the packet stalls in the router, and the TTL is reduced by at least 1 or more. If it drops to 0, the bag will be discarded.
(2) If the packet is too large for the next network, the IP will split it into several small packets.
(3) If the package is decomposed, the IP creates a new header for each new package, which includes: a flag to show the other packets behind; A packet ID that is used to determine that all packets are together; A packet offset that tells the receiving host how to regroup them.
(4) IP computing a new test and.
(5) IP Gets the destination hardware address of a route.
(6) IP forwarding packet.
On the next host, the package is sent to TCP or UDP. Each router repeats the process. Until the package arrives at the final destination. When the package arrives at the final destination, IP assembles the packet into its original package.

5. TCP

TCP is a reliable connection-oriented delivery service. It is segmented when the data is transferred, and the host Exchange data must establish a session. It uses bits to circulate the letter, that is, the data is used as a non-structured byte stream.
Specify the order number for each TCP-transmitted field to obtain reliability. If a fragment is decomposed into a few small segments, the receiving host knows if all the small segments have been received. By sending an answer to confirm that the other host received the data. For each small segment sent, the receiving host must return a confirmation at a specified time. If the sender does not receive a confirmation, the data is sent again, and if the received packet is corrupted, the receiving host will discard it because the acknowledgment is not sent and the sender resend the segment.

The sockets utility uses a protocol port number to indicate the uniqueness of its own application. The port can use any number from 0 to 65536. When the service is requested, the operating system dynamically assigns the port number to the client's application.

Sockets are similar to file handles on the essentials, because they function as endpoints for network traffic. An application produces a socket by defining three parts: the host IP address, the type of service (the connection-oriented service is TCP, no connection service is UDP), and the port used by the application.

TCP port
The TCP port provides a location for the delivery of information, and the port number less than 256 is defined as the common ports.

Three-time handshake for TCP
The TCP conversation is initialized by a three-time handshake. The purpose of the three-time handshake is to synchronize the sending and receiving of data segments, to tell other hosts how much data they can receive at one time, and to establish virtual connections.
Let's take a look at the simple process of shaking hands three times:
(1) The initialization host sends a session request through a data segment with a synchronous flag set.
(2) The receiving host responds by sending back a data segment that has the following items: The synchronization flag is set, the sequence number of the starting byte of the data segment that is being sent, and the reply with the byte order number of the next data segment that will be received.
(3) requesting the host to return a data segment with confirmation sequence number and confirmation number.

TCP Sliding window
The TCP sliding window is used to stage data to be transferred between two hosts, somewhat like the cache.
Each TCP/IP host has two sliding windows: one for receiving data and the other for sending data.

6. UDP

The User Datagram Protocol UDP provides a non-connected datagram service. It is suitable for applications that do not need to be answered and usually transmit only a small amount of data at a time.

UDP port
The port is used as a multiplexed message queue.
NETSTAT Network Status
* Domain Name server
File Transfer Protocol TFTP Ordinary
137 netbios-ns NETBIOS Command Service
138 NETBIOS-DGM NETBIOS Datagram Service
161 SNMP SNMP Network Monitor

IP Address Assignment

1. IP Address

An IP address identifies the location of a system in the network. We know that each IP address is made up of two parts: the network number and the host number. Where the network number identifies a physical network, all hosts on the same network need the same network number, which is unique on the Internet, and the host number determines the other TCP/IP hosts in the network, the server, and the router. For the same network number, the host number is unique. Each TCP/IP host is determined by a logical IP address.

Network number and host number
There are two representations of the IP address: binary representation (1 and 0 are too much to be confused) and dotted decimal notation. Each IP address is 4 bytes long and consists of four 8-bit fields, which we typically refer to as eight-bit bodies. The eight-bit body is separated by a period, expressed as a decimal number between 0-255. The 4 domains of an IP address indicate the network number and the host number, respectively.

2. Address Type

To accommodate networks of different sizes, the Internet defines 5 types of IP addresses.
The type of address can be determined by the first eight bits of the IP address:
Type IP form Network number host number
Class A w.x.y.z W x.y.z
Class B w.x.y.z w.x y.z
Class C w.x.y.z w.x.y Z
Let's take a look at these 5 types of addresses:
Class A address: can have a large number of hosts, the highest bit is 0, followed by the 7-bit network number, the remaining 24 is the host number, a total of 126 networks allowed.
Class B Address: Allocated to medium-sized and large-scale networks, up to two bits are always placed in binary 10, allowing 16,384 networks.
Class C address: Used for LAN. The high three bits are set to binary 110, which allows approximately 2 million networks.
Class D Address: Used by multicast group users, the high four bits are always set to 1110, and the remaining bits are used to indicate the group to which the client belongs.
The E-class address is a test-only address.

3. Address Assignment Guide

There are a few guidelines to follow when assigning network numbers and host numbers:
(1) The network number cannot be 127. You know that the identification number is reserved for the circuit and diagnostic functions, remember the usual ping
(2) You can not set the network number and the host number of 1. If each person is 1, the address will be interpreted as a net
Broadcast instead of a host number. (TCP/IP is a protocol that can be broadcast)
(3) corresponding to the above, you can not set 0, otherwise the address is interpreted as "this network."
(4) For this network, the host number should be unique. (otherwise an error such as an IP address has been assigned or there is a conflict)

Assigning network numbers
For each network and wide area connection, you must have a unique network number, which is used to differentiate between hosts in the same physical network. If the network is connected by a router, a unique network number is required for each wide-area connection.

Assigning host numbers
The host number is used to differentiate between different hosts in the same network, and the host number should be unique. All hosts, including the interface between routers, should have a unique network number. The host number of the router to be configured as the default gateway address for the workstation.

Valid host number
Class A: w.0.0.1--w.255.255.254
Class B: w.x.0.1--w.x.255.254
Class C: w.x.y.1--w.x.y.254

4. Subnet mask and IP address

Each host on TCP/IP requires a subnet screen number. It is a 4-byte address that is used to encapsulate or "mask" a portion of an IP address to differentiate between the network number and the host number. The default subnet mask can be used when the network is not partitioned into subnets, and a custom subnet mask is used when the network is divided into subnets.

Default value
Let's take a look at the default subnet mask value, which is used for a network that has not yet been divided into subnets. This default value is required for each host, even on a single-segment network.
Its form depends on the address type of the network. In its 4 bytes, all the digits of the corresponding network number are set to 1, so the decimal value of each eight-bit is 255; all pairs are set to 0 for the host number. For example, the C class network address and the corresponding default masking value

Determine the destination address of the packet
We say that the "and" operation of the Shield value and the IP address value is actually an internal process that is used to determine whether a packet is passed to a host on a local or remote network. The corresponding procedure is as follows: When TCP/IP is initialized, the IP address and subnet mask value of the host is "with". Before the packet is sent, the destination address and the masked value as "and", so if the source IP address and destination IP address is found to match, the IP protocol knows that the packet belongs to a host on the local network, otherwise the packet will be sent to the router.
Note: We know that the "and" action is to compare each of the IP addresses with the corresponding bits in the subnet mask in logic.

Establish subnets

1. Introduction to Subnets
A network may actually have more than one physical network segment, which we call the subnet, and the IP address it uses is derived from a certain network number.
Dividing a network into several subnets requires a different network number or subnet number. Of course, the network has its advantages, by dividing the subnets, each unit can connect complex physical network segments into a network, and can:
(1) Mixed use of various technologies, such as Ethernet and Token Ring network. (both of the most popular interfaces are supported.)

(2) Overcome the limitations of current technology, such as breaking the maximum limit for each segment of the host.
(3) Reduce network congestion by redirecting transmission and reducing transmission modes such as broadcasts.

Implementing Subnet Partitioning
Before we begin to divide the subnets, we must first analyze our own needs and future plans. In general, we follow these guidelines:
(1) Determine the number of physical segments in the network. (That is, the number of subnets)
(2) Determine the number of hosts required per subnet. Note A host at least one IP address.
(3) Based on this requirement, define: Subnet masking for the entire network, unique subnet number per subnet, and host number range for each subnet.

Subnet screen bit
Before defining a subnet mask, it is an essential step to determine the number of subnets that will be needed in the future and the number of hosts per subnet. Because when more bits are used for subnet masking, there are more subnets available, but fewer hosts in each subnet. (This is the opposite of the concept of defining an IP address)

2, define the subnet screen
When you divide a network into subnets, you must define a subnet mask. Let's take a look at the steps of the definition:
(1) Determine the number of the physical network segment, which is the subnet, and convert the number to a binary number. For example, a Class B address, 6 subnets is 110.
(2) Calculate the number of bits (number of subnets) of the physical network segment, here is 110, so 3 bits are required.
(3) in high order (from left to right) this anti-code conversion to the corresponding decimal value, because 3 bits, the host number is the first 3 bits as the subnet number, here is 11100000, so the shield is

3. Define the subnet number
The subnet number is the same as the number of subnets shielded.
(1) Lists the number of digits in the order in which the subnet numbers are used in high to low. For example, a subnet mask uses 3 bits, and a binary value of 11100000.
(2) Convert the lowest one 1 to decimal, and use this value to define the increment of the subnet. In this example is 1110, so the increment is 32.
(3) Use this increment to iterate the subnet number starting at 0 until the next value is 256. This example is w.x.32.1-w.x.63.254, w.x.64.1-w.x.127.254 and so on.

4, define the host number in the subnet
As seen from the above example, once the subnet number is defined, the host number of each subnet has been determined. The value we derive after each increment indicates the starting value of the range of host numbers in the subnet.
Determine the number of hosts in each subnet
(1) Calculate the number of digits available for the host number. For example, in a Class B network with a 3-bit defined network number, the remaining 13 bits define the host number.
(2) Convert the remaining digits, which is the host number, to Decimal, minus 1. For example, a 13-bit value of 1111111111111 is converted to a decimal word is 8191, so the number of hosts per subnet in this network is 8190.

Implementing IP Routing

1. Introduction to IP Routing

Routing is the process of selecting a packet transmission path. When the TCP/IP host sends a packet, the route occurs and occurs again when the IP router arrives. Routers are devices that send packets from one physical network to another, often referred to as gateways. For sending hosts and routers, you must decide where to forward the packets. When you decide on a route, the IP layer queries the routing table that is located in memory.
(1) When a host tries to communicate with another host, the IP first determines whether the destination host is a local network or a remote network.
(2) If the destination host is a remote network, IP will query the routing table to select a route for the remote host or remote network.
(3) If no definitive route is found, IP transmits one data to the other router with the default gateway address.
(4) In this router, the routing table is routed again for the remote host or network query, and if no route is found, the packet is sent to the router's default gateway address.
Each time a route is found, the packet is forwarded to the next-level router, called a "skip step", and is eventually sent to the destination host.
If no route is found, the source host receives an error message.

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.