TCP/IP study Note 1

Source: Internet
Author: User
Tags domain name server

TCP/IP protocol stack

This section briefly introduces the internal structure of TCP/IP and lays the foundation for discussing Internet-related security issues. TCP/IP protocol groups are popular in part because they can be used on a variety of channels and underlying protocols (such as T1 and X.25, Ethernet, and RS-232 serial interfaces. Specifically, TCP/IP is a set of protocols, including TCP and IP, UDP (User datainprotocol), and ICMP (Internet Control Message Protocol) protocol and other protocol groups.

Overview of TCP/IP architecture
The TCP/IP protocol does not fully comply with the OSI Layer-7 Reference Model. The traditional Open System Interconnection Reference Model is a layer-7 abstract reference model of communication protocols, where each layer executes a specific task. This model aims to make various hardware communicate with each other at the same level. These seven layers are: physical layer, data link layer, network layer, transmission layer, voice layer, presentation layer and application layer. The TCP/IP communication protocol uses a layer-4 hierarchy. Each layer calls the network provided by its next layer to meet its own needs. The four layers are:
  Application Layer: Application communication layer, such as simple Email transmission (SMTP), file transfer protocol (FTP), and network remote access protocol (Telnet.
  Transport Layer: In this layer, it provides communication sessions between nodes, data transmission services, and the selection of transmission protocols is determined by the data transmission method. For example, Transmission Control Protocol (TCP) and User Datagram Protocol (UDP). TCP and UDP add transmission data to the data packet and transmit it to the next layer. This layer is responsible for transmitting data, confirm that the data has been delivered and received.
Two transmission protocols:
Transmission Control Protocol TCP: provides reliable communication connections for applications. It is suitable for transmitting a large amount of data at a time. It is applicable to applications that require responses.
User Datagram Protocol (UDP): provides connectionless communication and does not guarantee reliable transfer packets. It is suitable for transmitting a small amount of data at a time, and the reliability is the responsibility of the application layer.
  Interconnect Network Layer: Encapsulates basic data into packets according to certain algorithms, so that each packet can reach the target host (but does not check whether it is correctly received), such as Internet Protocol (IP ).
The Interconnection protocol encapsulates data packets into Internet data packets and runs necessary routing algorithms.
There are four interconnection protocols:
Internet Protocol IP Address: responsible for addressing and routing data packets between the host and the network.
Address Resolution Protocol ARP: Obtain the address of the hardware host in the same physical network.
Internet Control Message Protocol ICMP: sends messages and reports transmission errors of packets.
Internet Group Management Protocol (IGMP): IP host used to report group members to a local multicast router.
  Network Interface Layer : Manages the actual network media and defines how to use the actual network (such as Ethernet and Serial Line) to transmit data. The basic layer of the model is the network interface layer. Sends and receives data frames. frames are independent network information transmission units. The Network Interface Layer places frames on the Internet or retrieves frames from the Internet.

Network Interface Technology
The IP uses the network device interface specification (NDIS) to submit frames to the network interface layer. IP addresses Support WAN and domestic network interface technologies.
Serial Line Protocol
TCP/IPG generally transmits data over the serial line protocol slip or Point-to-Point Protocol PPP over the Internet. (Do we usually call it asynchronous communication? If you want to use Linux to establish remote connections, you should study this knowledge )?

Protocols in TCP/IP
The following is a brief introduction of what functions are available in TCP/IP protocols and how they work:
1. IP
Internet Protocol IP is the heart of TCP/IP and the most important protocol in the network layer.
The IP layer receives a packet from a lower layer (network interface layer, such as an Ethernet device driver) and sends the packet to a higher layer-TCP or UDP layer, the IP layer also sends packets received from the TCP or UDP layer to the lower layer. IP packets are unreliable because the IP does not do anything to confirm that the packets are sent in order or are not damaged. An IP packet contains the address (source address) of the host that sent the packet and the address (Destination Address) of the host that received the packet ).
When receiving data packets, high-level TCP and UDP services generally assume that the source address in the packet is valid. It can also be said that IP addresses form the authentication basis for many services. These services believe that data packets are sent from a valid host. IP validation contains an option called IP source routing, which can be used to specify a direct path between the source address and the destination address. For some TCP and UDP services, the IP packet with this option is transmitted from the last System in the path, rather than from its actual location. This option exists for testing, indicating that it can be used to fool the system for a normally prohibited connection. Therefore, many services that rely on the IP Source Address for confirmation will have problems and will be illegally infiltrated.
2. TCP
If an IP packet contains a TCP packet that has been blocked, the IP will send them to the upper layer. TCP sorts packets and checks errors to connect virtual circuits. TCP packets include serial numbers and validation, so packets not received in order can be sorted, and damaged packets can be re-transmitted.
TCP sends its information to higher-level applications, such as telnet service programs and customer programs. Applications send information back to the TCP layer in turn, and the TCP layer forwards them down to the IP layer, device drivers and physical media, and finally to the receiver.
Connection-oriented services (such as telnet, FTP, rlogin, X Windows, and SMTP) require high reliability, so they use TCP. In some cases, DNS uses TCP (sending and receiving domain name databases), But UDP is used to transmit information about a single host.
3. UDP
UDP and TCP are on the same layer, but data packets are not sent in an incorrect or duplicated order. Therefore, UDP is not applied to connection-oriented services that use virtual circuits. UDP is mainly used for query-oriented services, such as NFS. Compared with FTP or telnet, these services require less information to be exchanged. Services that use UDP include NTP (Network Time Protocol) and DNS (DNS also uses TCP ).
Spoofing UDP packets is easier than spoofing TCP packets because UDP does not establish an initial connection (also known as a handshake) (because there is no virtual circuit between the two systems). That is to say, UDP-related services face greater risks.
4. ICMP
ICMP and IP are on the same layer. It is used to transmit control information of IP addresses. It is mainly used to provide information about the path to the destination address. ICMP's 'redirection' information notifies the host of a more accurate path to other systems, while the 'unreachable' information indicates that the path is faulty. In addition, if the path is unavailable, ICMP can terminate the TCP connection in a decent manner. Ping is the most common ICMP-based service.
5. TCP and UDP port structure
TCP and UDP services usually have a relationship between customers and servers. For example, a Telnet service process starts to be idle on the system and waits for a connection. The user uses the Telnet client program to establish a connection with the service process. The customer program writes information to the service process. The service process reads the information and sends a response. The customer program reads the response and reports it to the user. Therefore, this connection is duplex and can be used for reading and writing.
How are the multiple Telnet connections between the two systems confirmed and coordinated? The TCP or UDP connection uniquely uses the following four items in each information for confirmation:
The IP address of the source IP address sending package.
The IP address of the destination IP address receiving package.
The port connecting to the source system.
The port connecting to the target system.
A port is a software structure used by a client program or service process to send and receive information. A port corresponds to a 16-bit number. A service process usually uses a fixed port, for example, SMTP uses 25 and xwindows uses 6000. These port numbers are 'widely known 'because they need to communicate with the destination address when establishing a connection with a specific host or service.

ARP
To communicate over the network, the host must know the hardware address of the host to which the host belongs (we are not familiar with the physical address of the NIC ). Address Resolution is the process of ing Host IP addresses into hardware addresses. Address Resolution Protocol ARP is used to obtain the hardware address of a host on the same physical network.
Explain the local IP address (a friend who wants to know about the address resolution process is ready)
Host IP address resolved to hardware address:
(1) initiate an ARP request when a host needs to communicate with another host. When the IP address determines that the IP address is local, the source host searches for the hardware address of the target host in the ARP cache.
(2) If no ing is found, ARP creates a request, and the source host IP address and hardware address are included in the request. The request is broadcast, allows all local hosts to receive and process data.
(3) Each host on the local network receives a broadcast and finds a consistent IP address.
(4) When the target host determines that the IP address in the request is consistent with its own, it directly sends an ARP reply and transmits its hardware address to the source host. Update the ARP cache with the IP address and hardware address of the source host. After receiving the answer, the source host establishes communication.
Resolve remote IP addresses
Hosts in different networks communicate with each other. ARP broadcasts the default gateway of the source host.
If the target IP address is a remote network host, ARP broadcasts the IP address of a vro.
(1) When initiating a Communication Request, the target IP address is known as a remote address. The source host is located in the local routing table. If no, the source host considers it as the IP address of the default gateway. Find the IP address (hardware address) that matches the gateway record in the ARP cache ).
(2) If no record is found for the gateway, ARP broadcasts the request to the gateway address instead of the address of the target host. The router uses its own hardware address to respond to the source host's ARP request. The source host sends data packets to the vro to transmit the packets to the network of the target host, and finally reaches the target host.
(3) On the vro, the IP address determines whether the destination IP address is local or remote. If it is local, the router uses ARP (cache or broadcast) to obtain the hardware address. If it is remote, the router searches for the gateway in its route table, and then uses ARP to obtain the hardware address of the gateway. Data packets are directly sent to the next target host.
(4) The target host generates an ICMP response after receiving the request. Because the source host is on the remote network, the gateway of the source host network will be searched in the local routing table. After finding the gateway, ARP gets its hardware address.
(5) If the hardware address of the gateway is not in the ARP cache, it is obtained through ARP broadcast. Once it obtains the hardware address, the ICMP response is sent to the vro and then to the source host.

ARP cache
To reduce the broadcast volume, ARP saves the address ing in the cache for backup. The ARP cache stores Dynamic and Static items. Dynamic items are automatically added and deleted, and static items are retained in the cache until the computer restarts.
The ARP cache always retains the hardware broadcast address (0 xffffffffffffh) as a permanent item for the local subnet. This enables the host to accept ARP broadcasts. This item is not displayed when you view the cache.
The lifecycle of each ARP cache record is 10 minutes, and is deleted if it is not used within 2 minutes. When the cache capacity is full, delete the oldest record.
Add static (permanent) records
You can add static ARP entries to reduce the number of ARP requests to access the host.

ARP packet structure
The ARP structure fields are as follows:
The hardware (network access layer) used by the hardware type.
The protocol in the protocol type parsing process uses an Ethernet value.
Hardware address length: the length of the hardware address in bytes. For Ethernet and card ring, the length is 6 bytes.
Protocol address length: the length of the Protocol address byte. The IP address length is 4 bytes.
The Operation Number specifies the field for the current operation.
The hardware address of the sender.
The Protocol address of the sender.
The hardware address of the target.
The Protocol address of the target.

3. ICMP and IGMP
Internet Control Message Protocol ICMP is used to report errors and control messages on behalf of IP addresses.
The IP address uses the IGMP protocol to tell the router that there are available hosts in the Guidance Group on a network.
ICMP
ICMP Source suppression message: When the TCP/IP host sends data to another host, if the speed reaches the saturation of the router or link, the router sends an ICMP Source suppression message.
ICMP packet structure
Type: an 8-bit field indicating the ICMP data packet type.
Code: an 8-bit code field, indicating a function of the specified type. If one type has only one function, the code field is set to 0.
Check: A 16-bit check on the ICMP part of the data packet.
The additional data of the specified type changes with each ICMP type.

IGMP
IGMP information is sent to other routers so that each vro supporting multi-channel broadcasting knows which host group and which network.
IGMP Package Structure
Version: IGMP version. The value is generally 0x1 h.
Type: IGMP message type. The 0x1 H type is a host Member request. It is used on a multicast router to specify that any member in a multi-level group polls a network. The 0x2 H type is called host Member report. It is used to publish members in a specified group on the host or to answer requests from host members of a vro.
Unused: unused domain names are set to zero by the sender and ignored by the recipient.
Test: A 16-bit test of the IGMP header.
Group address: the host uses this group address to store IP multicast addresses in a host Member request. In host Member requests, the Group address is set to zero, and the hardware-level multi-channel broadcast address is used to mark the Host group.

4. IP
IP is a connectionless protocol. It is mainly responsible for addressing between hosts and setting routes for data packets. It does not establish a session before data is exchanged. Because it does not guarantee correct transmission, on the other hand, when the data is received, the IP address does not need to be confirmed, so it is unreliable.
Some fields will be appended to the data packet when the data is transferred from the transport layer. Let's look at these fields:
Source IP Address: Use the IP address to determine the datagram sender.
Destination IP Address: Use the IP address to determine the destination of the datagram.
Protocol: indicates whether the IP address of the target machine sends packets to TCP or UDP.
Check and: a simple mathematical computation used to verify the integrity of the received package.
TTL survival effective time: specifies the time (in seconds) on the network before a datagram is discarded ). It avoids endless loops of packets in the network. The router will decrease the TTL based on the time when the data stays in the router. When a data packet passes through a vro, TTL is reduced by at least one second.
 
According to the ARP knowledge we mentioned earlier, if the IP address destination is a local address, the IP address directly transmits the packet to that host. If the destination address is a remote address, the IP address is in the local routing table.
Find the route for the remote host (it seems that we usually dial 114 ). If a route is found, the IP uses it to send packets. If not found, the data packet will be sent to the default gateway of the source host, also known
Vro. (I have been defining gateways and routers for many times. In fact, I don't think the concept of failover is always the case. Now there are more and more products integrated with hardware and software. At the moment, it is very clear, as long as we
It can solve practical problems .)

In this way, when the router receives a packet, the packet is forwarded to the IP Address:
(1) if the traffic is congested (which sounds terrible), the packet stops in the router, and the TTL is at least reduced by 1 or more. If it drops to 0, the package will be discarded.
(2) If the package for the next network is too large, the IP address will split it into several packets.
(3) If the package is decomposed, the IP creates a new header for each new package, which includes a flag to show other packets behind it; a packet ID, used to determine that all packets are together. A packet offset is used to tell the receiving host how to re-combine them.
(4) A new test for IP computing.
(5) the IP address is used to obtain the target hardware address of a route.
(6) IP Forwarding packet.
In the next host, packets are sent to TCP or UDP. Each vro must repeat the process. Until the package reaches the final destination. When the package arrives at the final destination, the IP address is assembled into the original package.

5. TCP

TCP is a reliable connection-oriented transmission service. It performs data transmission in segments, and the host must establish a session to exchange data. It uses bitstream communication, that is, data is used as a non-structured byte stream.
 
Specify the sequence number for each TCP transmission field to obtain the reliability. If a segment is divided into several segments, the receiving host will know whether all segments have been received. Send a response to confirm other
The host receives data. For each small segment sent, the receiving host must return a confirmation at a specified time. If the sender does not receive the confirmation, the data will be re-sent. If the received data packet is damaged
The receiving host will discard it because it is confirmed that it has not been sent, and the sender will resend the segment.

Port
The sockets utility uses a protocol port number to indicate the uniqueness of its own application. Port can use any number between 0 and 65536. When a service request is sent, the operating system dynamically assigns a port number to the client application.
Socket
A socket is similar to a file handle because it serves as the end point of network communication. An application generates a socket by defining three parts: the Host IP address, service type (connection-oriented service is TCP, and connection-free service is UDP), and the port used by the application.

TCP port
The TCP port provides a specific location for information transmission, and the port number smaller than 256 is defined as a common port.

TCP three-way handshake
TCP dialogs are initialized through three handshakes. The three-way handshake aims to synchronize the sending and receiving of data segments, tell other hosts the data volume they can receive at a time, and establish a virtual connection.
Let's take a look at the simple process of the three handshakes:
(1) initialize the host to send a session request through a data segment of the synchronization flag.
(2) the receiving host sends a response by sending back data segments with the following items: the sequence number of the Start byte of the data segment to be sent, and the response carries the sequence number of the next data segment to be received.
(3) request the host to send another data segment with the sequence number and serial number.
TCP Sliding Window
The TCP sliding window is used to store data to be transferred between two hosts, which is a bit similar to cache.
Each TCP/IP host has two sliding windows: one for receiving data and the other for sending data.
6. UDP
User Datagram Protocol UDP provides the connectionless datagram service. It is applicable to applications that do not require a response and generally send only a small amount of data at a time.
UDP port
The port is used as a multiplexing message queue.
15 netstat network status
53 Domain Name Server
69 TFTP normal File Transfer Protocol
137 NETBIOS-NS NetBIOS Command Service
138 NETBIOS-DGM NetBIOS datagram Service
161 SNMP Network Monitor
IP Address Allocation
1. IP Address
 
The IP address identifies the location of a system in the network. We know that each IP address is composed of two parts: the network number and the host number. The network number identifies a physical network and all hosts on the same network.
The same network number is required, which is unique on the Internet. The host number determines a worker, server, or other TCP/IP host in the network. The host number is unique for the same network number.
. Each TCP/IP host is determined by a logical IP address.

Network number and host number
IP addresses can be expressed in binary format (1 and 0 are too large to be confused) or in dotted decimal format. Each IP address is 4 bytes in length and consists of four eight-bit fields. It is usually called an eight-bit body. The octal is separated by periods (.) and represents a decimal number between 0 and. The four domains of an IP address indicate the network number and host number respectively.

2. Address type

To adapt to networks of different sizes, five IP address types are defined on the Internet. You can determine the address type by the first eight digits of the IP Address:

Type IP Format network number host number
Class a w. x. y. z w x. y. Z
Class B W. x. y. z w. X Y. Z
Class c w. x. y. z w. x. y z

Let's take a look at these five types of addresses:
Class A address: You can have a large number of hosts. The highest bit is 0, followed by 7 digits indicating the network number, and the remaining 24 digits indicating the host number, which allows a total of 126 networks.
Class B address: allocated to medium-sized and large-scale networks. The maximum two addresses are placed at 10 of the binary value, and 16384 networks are allowed.
Class C address: used for LAN. The third-digit is set to 110 of the binary value, and approximately 2 million networks are allowed.
Class D address: used for multicast group users. The top four digits are set to 1110, and the remaining digits are used to indicate the group to which the client belongs.
Class E address is a type of address for testing only.

3. Address Allocation Guide

When assigning network and host numbers, observe the following rules:
(1) The network number cannot be 127. As you know, this ID is retained for loop and diagnosis. Remember to ping
127.0.0.1?
(2) You cannot set the network and host numbers to 1. If each bit is 1, The address will be interpreted as Intranet
Broadcast instead of a host number. (TCP/IP is a broadcast protocol)
(3) corresponding to the preceding one, you cannot set 0; otherwise, the address is interpreted as "this network ".
(4) for this network, the host number should be unique. (Otherwise, an error such as IP Address allocation or conflict will occur)

Allocate network number
Each network and wide-area connection must have a unique network number, which is used to distinguish different hosts in the same physical network. If the network is connected by a router, each wide-area connection requires a unique network number.

Allocate host number
The host number is used to distinguish different hosts in the same network, and the host number should be unique. All Hosts, including interfaces between routers, should have a unique network number. The host number of the router, which must be configured as the default gateway address of the workstation.

Valid host number

Class A: 255.0.0.1 -- 255.255.255.254
Class B: W. x.0.1 -- W. x.255.254
Class C: W. X. y.1 -- W. X. y.254

4. subnet shielding and IP address

Each host on a TCP/IP needs a subnet mask number. It is a 4-byte address used to encapsulate or "block" a part of an IP address to distinguish between a network number and a host number. When the network has not been divided into subnets, you can use the default subnet shielding. When the network is divided into several subnets, you need to use a custom subnet shielding.

Default Value

Let's take a look at the default subnet shielding value, which is used for a network that has not been divided into subnets. This default value is required for each host even on a single-segment network.
Its form depends on the network address type. In its four bytes, all bits corresponding to the network number are set to 1, so the decimal value of every eight bits is 255; set all pairs to 0. For example, the class C network address 192.168.0.1 and the corresponding default shielding value 255.255.255.0.

Determine the destination address of the Data Packet

 
We say that the "and" Operation on the shielded value and IP address value is actually an internal process, which is used to determine whether a data packet is sent to a host on the local or remote network. The corresponding operation process is as follows: when
During TCP/IP initialization, the host's IP address and subnet shielding value are "consistent ". Before the packet is sent, make the destination address and the blocked value as "and", so that if the source IP address and destination IP address are found
If the IP address matches the IP address, the IP protocol will know that the data packet belongs to a host on the local network. Otherwise, the data packet will be sent to the vro.

Note: we know that the "and" operation is to logically compare each bit in the IP address with the corresponding bit in the subnet mask.

Create a subnet

1. About subnets

A network may actually have multiple physical CIDR blocks. We call these CIDR blocks as subnets. The IP addresses used are derived from a certain network number. To divide a network into several subnets, you must use different network numbers or subnet numbers. Of course, dividing subnets has its advantages. By dividing subnets, each unit can connect complex physical network segments into a network, and can:
(1) hybrid use of a variety of technologies, such as Ethernet and ring-based network. (The two most popular interfaces support this function)
(2) overcome the limitations of current technology, such as breaking through the maximum number of hosts in each segment.
(3) reduce network congestion through redirection transmission and broadcast transmission.

Achieve subnet division

Before dividing subnets, we must first analyze our needs and future plans. Generally, we follow the following principles:
(1) determine the number of physical segments in the network. (That is, the number of subnets)
(2) determine the number of hosts required for each subnet. Note that a host must have at least one IP address.
(3) Based on this requirement, it is defined as the subnet shielding of the entire network, the unique subnet number of each subnet, and the host number range of each subnet.

Subnet Mask
Before defining a subnet shield, it is essential to determine the number of subnets required in the future and the number of hosts per subnet. Because when more bits are used for subnet shielding, more available subnets exist, but the number of hosts in each subnet decreases. (This is the opposite of IP address definition)
2. Define subnet shielding
When dividing a network into several subnets, you must define subnet shielding. Let's take a look at the defined steps:
(1) determine the number of physical network segments, that is, the number of subnets, and convert the number to the binary number. For example, a Class B address has six subnets, which are 110.
(2) Calculate the binary digits of the number of physical network segments (the number of subnets). Here it is 110, so three digits are required.
(3) convert the back code to the corresponding decimal value in a high order (from left to right). Because three digits are required, the first three digits of the host number are used as the subnet number, this is 11100000, so blocking is 255.255.254.0.

3. Define the subnet number

The subnet number is the same as the number of digits blocked by the subnet.

(1) list the digits used by the subnet numbers in the order of high to low. For example, the subnet mask uses three bits, and the binary value is 11100000.
(2) convert the lowest digit 1 to decimal. Use this value to define the subnet increment. In this example, It is 1110, so the increment is 32.
(3) Use this increment to add the subnet number starting from 0 until the next value is 256. In this example, W. x.32.1-W. x.63.254 and W. x.64.1-W. x.127.254.

4. Define the host number in the subnet

As shown in the preceding example, once the subnet number is defined, the host number of each subnet has been determined. The value obtained after each increment indicates the starting value of the host number range in the subnet.
Determine the number of hosts in each Subnet
(1) calculate the number of available digits of the host number. For example, if a three-digit network number is defined in the B-class network, the remaining 13-digit defines the host number.
(2) convert the remaining number of digits, that is, the host number, to the decimal number, and then subtract 1. For example, if the 13-bit value is 1111111111111 in decimal format, the number of hosts in each subnet in the network is 8191.

Implement IP routing

1. Introduction to IP routing

 
A route is the process of selecting a data packet transmission path. When the TCP/IP host sends an IP packet, the route appears and appears again when it reaches the IP router. The router is directed from a physical network
Another device that sends data packets over a physical network. A router is usually called a gateway. For the sent host and router, you must decide where to forward data packets. When determining the route, the IP layer queries the path in the memory
By table.

(1) When a host tries to communicate with another host, the IP address first determines whether the target host is a local network or a remote network.
(2) If the target host is a remote network, the IP address queries the route table to select a route for the remote host or remote network.
(3) If no clear route is found, the IP address uses the default gateway address to transmit data to another router.
(4) In the vro, the route table is the remote host or network query route again. If no route is found, the packet is sent to the default gateway address of the vro.
Each time a route is found, the data packet is transferred to the next-level router, which is called a "Hop" and finally sent to the target host.

If no route is found, the source host receives an error message.

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.