Tcp,udp,icmp,ip protocol interpretation?

Communication protocols for TCP/IP

This section briefly introduces the internal structure of TCP/IP and lays the groundwork for discussing security issues related to the Internet. TCP/IP protocol groups are popular in part because they can be used on a wide variety of channels and underlying protocols such as T1 and X., Ethernet, and RS-232 serial interfaces. Specifically, the TCP/IP protocol is a set of protocol groups that includes the TCP protocol and IP protocol, the UDP (User Datagram Protocol) protocol, the ICMP (Internet Control Message Protocol) protocol, and some other protocols.

Overview of TCP/IP overall architecture

The TCP/IP protocol does not fully conform to the OSI seven-layer reference model. The traditional open System Interconnect Reference Model is a 7-layer abstract reference Model for communication protocols, where each layer performs a specific task. The purpose of this model is to enable various hardware to communicate with each other at the same level. These 7 layers are: Physical layer, Data link layer, network layer, transport layer, Session layer, presentation layer and application layer. The TCP/IP protocol uses a 4-tier hierarchy, each of which calls the network provided by its next layer to fulfill its own needs. These 4 layers are:

Application tiers: Layers of communication between applications, such as simple e-mail Transfer (SMTP), File Transfer Protocol (FTP), Network Remote Access Protocol (Telnet), and so on.

Transport layer: In this layer, it provides data transfer services between nodes, such as Transmission Control Protocol (TCP), User Datagram Protocol (UDP), and so on, TCP and UDP to the packet to transmit data and transfer it to the next layer, this layer is responsible for transmitting data, and to determine that the data has been delivered and received.

Interconnect Network layer: responsible for providing the basic data packet transfer function, so that each packet can reach the destination host (but not check whether it is received correctly), such as Internet Protocol (IP).

Network interface layer: the management of the actual network media, define how to use the actual network (such as Ethernet, Serial line, etc.) to transmit data.

Protocols in TCP/IP

Here's a quick introduction to what the protocols in TCP/IP are all about and how they work:

1. Ip

Internet Protocol IP is the heart of TCP/IP and the most important protocol in the network layer.

The IP layer receives packets sent from a lower layer (such as an Ethernet device driver) and sends the packet to a higher-level---TCP or UDP layer, whereas the IP layer transmits packets received from the TCP or UDP layer to the lower level. IP packets are unreliable because the IP does not do anything to confirm that the packets are sent sequentially or are not corrupted. The IP packet contains the address (source address) of the host that sent it and the address of the host that received it (the destination).

High-level TCP and UDP services typically assume that the source address in the package is valid when the packet is received. It can also be said that IP addresses form the basis of authentication for many services, which believe that packets are sent from a valid host. IP acknowledgement contains an option called IP Source routing, which can be used to specify a direct path between a source address and a destination address. For some TCP and UDP services, the IP packet using this option seems to be passed from the last system on the path, not from its real location. This option is available for testing purposes, which means it can be used to trick the system into making connections that are normally forbidden. Then, many services that rely on IP source address validation will cause problems and will be hacked.

2. TCP

If there are TCP packets already sealed in the IP packets, then IP will transfer them to the TCP layer. TCP sorts the packets and checks for errors, and realizes the connection between the virtual circuits. TCP packets include sequence numbers and acknowledgments, so packages that are not received sequentially can be sorted, and corrupted packets can be re-transmitted.

TCP sends its information to higher-level applications, such as Telnet's service programs and client programs. The application turns the information back to the TCP layer, and the TCP layer sends them down to the IP layer, device drivers and physical media, and finally to the receiver.

Connection-oriented services (such as Telnet, FTP, rlogin, X windows, and SMTP) require a high degree of reliability, so they use TCP. DNS uses TCP (sending and receiving domain name databases) in some cases, but uses UDP to transmit information about a single host.

3.UDP

UDP is located at the same level as TCP, but the order of packets is incorrect or re-sent. Therefore, UDP is not applied to connection-oriented services that use virtual circuits, and UDP is primarily used for services that are query-----responsive, such as NFS. These services need to exchange less information relative to FTP or telnet. Services that use UDP include NTP (Network Time Protocol) and DNS (DNS also uses TCP).

Spoofing UDP packets is easier than spoofing TCP packets because UDP does not establish an initialization connection (also known as a handshake) (because there is no virtual circuit between the two systems), that is, UDP-related services are at greater risk.

4.ICMP

ICMP is located on the same level as IP, and it is used to transmit control information for the IP. It is primarily used to provide information about the path to the destination address. ICMP ' Redirect ' information informs the host of a more accurate path to other systems, while the ' unreachable ' message indicates a problem with the path. Additionally, if the path is not available, ICMP can cause the TCP connection to ' gracefully ' terminate. Ping is the most commonly used ICMP-based service.

5. Port structure for TCP and UDP

TCP and UDP services typically have a client/server relationship, for example, when a Telnet service process begins to be idle on the system and waits for a connection. The user uses the Telnet client to establish a connection to the service process. The client program writes information to the service process, the service process reads out the information and responds, and the client reads the response and reports to the user. Thus, the connection is duplex and can be used for reading and writing.

How the multiple Telnet connections between the two systems are mutually acknowledged and coordinated. The TCP or UDP connection uniquely uses the following four items in each message for confirmation:

The IP address of the source IP address that sent the package.

Destination IP Address the IP address of the receiving packet.

The port on the source port of the connection on the source system.

The port on which the destination port is connected on the destination system.

A port is a software structure that is used by client programs or service processes to send and receive information. One port corresponds to a 16-bit number. A service process typically uses a fixed port, for example, SMTP uses 25, Xwindows uses 6000. These port numbers are ' well-known ' because these and destination addresses are required to communicate when establishing a connection to a particular host or service.