The linux OSI Layer-7 model, TCP/IP protocol stack, and the structure of each layer reveal big secrets. The osi protocol stack

The linux OSI Layer-7 model, TCP/IP protocol stack, and the structure of each layer reveal big secrets. The osi protocol stack

When I learn Linux, I know the OSI model even if I am a little cute. What ?! You don't know !!! Okay, this secret is taken away. Thank you ~~~

 

I,Two protocols

(1OSI protocol model (layer-7) International ProtocolPDU: The data unit transmitted between peer-to-peer layers.

OSIProtocol (Layer 7) International Agreement	PDU Unit	Function	Instance
7Application Layer Application	Message	Provides network services for application processes (such as mail and terminal anti-counterfeiting;User access interface Provide User Authentication	HTTP Telnet
6Presentation Layer Presention	Message	Make sure that the receiving system can read the data. Format data and encode Build data and provideEncryption and decryption;CompressionExtract Data transmission syntax used for negotiation at the application layer	ASCLL, EBCDIC JPEG
5Session Layer Session	Message Message	Establish, manage, and terminateSessions between applicationsSession	Operating System Application read
4 Transport Layer Transport	Data Network Segment	Terminal-to-Terminal; Ensures data transmission reliability Establish, maintain, and terminate a virtual circuit Error Detection and recovery Information Flow Control to ensure reliability	TCP and UDP
3Network Layer Network	Data Packets Packet/package	SupportedLogical addressingAnd Path Selection Route Selection Select transfer data and Path	IP
2Data Link Layer Data link	Frame	UseMAC (physical) AddressAccess Media, error detection and correction	802.3/802.2 HDLC
1Physical Layer Physical	Data bit Byte	BinaryTransmission. electrical specification, mechanical Specification, process specification, and functional specification are defined for the initiation, maintenance, and closure of physical links.	EIA/TIA-232 V.35

Operation Model:

 

(2)TCP/IP protocol stack (Layer 4)Is a default mainstream protocol for both LAN and Internet

Protocols on cat/etc/protocols Query System (linux)

 

 

(3) similarities

Both are based on the concept of protocol stack.

Protocols in the protocol stack are mutually independent.

The lower layer provides services to the upper layer. Each layer has tags that distinguish the upper layer.

Differences

OSI is a first-in-first model; TCP/IP is a first-in-one protocol, followed by a model

OSI applies to various protocol stacks; TCP/IP applies only to TCP/IP Networks

Different Levels

(4) Each layer has its own structure. The following table is a simple example.

Data link layer frame		Internet IP protocol		Transport Layer TCP protocol		Application Layer
Target mac Address	Source mac Address	Source IP Address Address	Target IP Address Address	Source Port	Target Port	App	Data Date

 

 

 

II,Data link layer frame

(1)Ethernet FrameEthernet frameIEEE sets international standards

 

(2) Ethernet Frame (difference between EthernetII and 802.3) (data link layer)

Ethernet length: 72-1526 (Packet Capture: 60-15 14, excluding the last 4 bytes of the first 8)

EthernetII

8	6	6	2	46-1500	4
Preface Preamble	Target physical (Mac) Address	Source mac address	Type Upper layer type	Data (including upper-layer protocol header information)	Check data packet failure

IEEE 1, 802.3

7	1	6	6	2	46-1500	4
Preface Preamble	S O F	Target physical (Mac) Address	Source mac address	Length Length	Data (including upper-layer protocol header information)	Check data packet failure

EthernetII has the upper-layer file Type of the identifier Type, and IEEE 802.3 does not (problem exists)

 

(3) packet capture instance

 

 

(4) the mac address (48 bits) has different meanings in different places. media access control MAC

48 for 1 (12 F): Broadcast

 

 

 

Iii. Transport Layer, TCP and UDP protocols

(1) Differences Between TCP reliability and UDP Efficiency

Differences	TCP Reliability	UDP Efficiency
Connection Type	Connection-oriented Connection-oriented	Non-connection-oriented Connectionless
Serialization Sequencing	Yes	No
Uses	Email File sharing Downloading...	Voice streaming Video streaming

 

(2)TCP

1. Features

Working at the transmission layer to the connection protocol

Full Duplex Protocol

Semi-closed (when breaking up)

Error Check

Package data into segments, sorting, and serial numbers

Validation mechanism

Data Recovery and retransmission

Traffic control, sliding window

Congestion Control, slow start and congestion avoidance algorithms (slow start)

2.TCP Header(20 fixed [+ 40 option])

 

① Source port and target port: Processes on the computer need to communicate with other processes through the computer port, and a computer port can only be occupied by one process at a time, therefore, by specifying the source port and target port, you can know which two processes need to communicate. The source port and target port are expressed in 16 bits. The number of computer ports is calculated as 0-65535 (2 ^ 16,The server port is fixed; the client port is random

Cat/etc/services:

Http 80/tcp https 443/tcp ssh 22/tcp ftp 21/tcp File Transfer Protocol tftp 69/utp smtp 25/tcp mail

Pops 110/tcp dns 53/tcp/udp dhcp udp 67 68 automatically obtain IP telnet 23/tcp remote host mysql 3306/tcp Database

Oracle 1521/tcp SQL server 1433/tcp smb 445 139 137/udp windows Shared snmp 161udp Monitoring Management

②Serial numberThe number of the first byte of the data sent in this section. Each byte of the byte stream transmitted in the TCP connection is numbered sequentially. Because the serial number is represented by 32 bits, the serial number is rewound every 2 ^ 32 bytes, starting from 0 again.

③Confirmation Number: Indicates that the recipient expects to receive the senderNextThe ID of the first byte of the packet segment. That is, to tell the sender: the first byte of the data that I want you (the sender) to send next time is the confirmation number.

④ Data offset: indicates the length of the TCP packet segment, which consists of four digits. Because the TCP header contains an option with a variable length, you need to specify the length of the TCP packet segment. It indicates how far TCP is from the start of the packet segment. The unit of this field is 32 bits (4 bytes for calculation), and the 4 bits for Binary represents a maximum of 15 bits, so the data offset is the maximum of 60 bytes for the TCP header.

⑤ Mark bit(The next part is about three handshakes and four handshakes)

URG: indicates whether the data sent in this section contains emergency data. Urgent pointer is valid only when URG = 1, and URG = 0 is invalid.

ACK: Indicates whether the preceding validation number field is valid. ACK = 1, which indicates valid. The preceding validation number field is valid only when ACK = 1. TCP requires that the ACK must be 1 after the connection is established. The TCP packet segment with the ACK mark is called the validation packet segment.

PSH: Prompt that the receiving end application should read data from the TCP receiving buffer immediately to free up space for receiving subsequent data. If1, Indicates that the other party shouldNowExtract dataTo the upper layerApplication instead of caching. If the application does not read the received data, it will stay in the TCP receiving buffer.

RST: If you receiveRST = 1Message, indicating a serious error (such as host crash) occurred when connecting to the host. You must release the connection beforeReestablish connection. It also indicates that the data sent to the host last time has a problem and the host rejects the response. The TCP packet segment with the RST flag is called the reset packet segment.

SYN: InEstablish a connectionUsed to synchronize sequence numbers. WhenSYN = 1, ACK = 0Indicates that this isRequest to establish a connectionWhenSYN = 1, ACK = 1Indicates the other partyAgree to establish connection. SYN = 1 indicates a request to establish a connection or agree to establish a connection. SYN is set to 1 only in the first two handshakes. The TCP packet segment with SYN flag is called the synchronous packet segment.

FIN: Indicates that the local end of the notification mustClose connectionMark whether the data has been sent. IfFIN = 1, That is, tell the recipient: "My data has been sent, you canRelease connectionThe TCP packet segment with the FIN flag is calledEnd message segment

6. Window Size: indicates the amount of data sent by the other party, that is, the amount of data sent by the other party starting from the confirmation number in this section.

7. checksum: provides additional reliability.

Marker emergency pointer: Mark the location of emergency data in the data field

Limit option part: the maximum length can be calculated based on the length of the TCP header. The length of the TCP header is 4 bits. the maximum length of the Option part is: (2 ^ 4-1) * 4-20 = 40 bytes.

Common options:

Maximum Segment Length: Maxium Segment Size, MSS

Windows Scaling

Timestamp: Timestamps

 

3. TCP PORT

The transport layer uses the port number to determine the application layer protocol.

IANA: Internet digital distribution organization (responsible for domain name, digital resource, protocol allocation)

0-1023: System port or privileged port (available only to administrators). As we all know, it is permanently assigned to a fixed System Application for use, 22/tcp (ssh ), 80/tcp (http), 443/tcp (https)

1024-49151: User port or registered port, but the requirements are not strict. It is allocated to the application for registration as an application, 1433/tcp (SqlServer), 1521/tcp (oracle ), 3306/tcp (mysql), 11211/tcp/udp (memcached)

49152-65535: dynamic port or private port, random port used by the client

Cat/proc/sys/net/ipv4/ip_local_port_range query the dynamic port or private port range (linux)

 

4. TCP timeout retransmission

In abnormal network conditions (timeout or packet loss occurs at the beginning), TCP controls data transmission to ensure its promised reliable services

Two kernel parameters related to TCP timeout retransmission:

/Proc/sys/net/ipv4/tcp_retries1, which specifies the minimum number of retransmission times of TCP before the underlying IP address takes over. The default value is 3.

/Proc/sys/net/ipv4/tcp_retries2: specify the maximum number of retransmissions that can be executed by TCP before the connection is abandoned. The default value is 15 (usually 13 ~ 30 min)

 

5. Fixed TCP window: knowing the window size, sender fixed sending n, and the hacker replied to ACK n + 1

Sliding window: do not know the window size. For example, if the sender sends four, the worker replies to ACK 3, indicating that only two are received, the window size is 2, and the next sender sends only two

 

6. Congestion Control: TCP improves network utilization, reduces packet loss rates, and ensures the fairness of network resources to each data stream.

Slow start, congestion avoidance, fast retransmission, and fast recovery

/Proc/sys/net/ipv4/tcp_congestion_control view the current congestion control algorithm

 

(3) UDP features

1. Features

Working on the transport layer

Provide unreliable network access

Non-connection-oriented protocol

Limited Error checks

High Transmission Performance

No data recovery features

2. Baotou

 

 

Iv. Internet Layer

Internet layer protocol:ICMP, ARP, RARP, IPAnd other Protocols

(1)ICMP protocol, Relatively outer of the Internet

① It is used to transmit control messages between IP hosts and routers, and is mostly used to check the status.

② Classic command: ping Command

③ The characteristics of the ICMP protocol determine that it is very easy to be used to attack routers and hosts on the network. Sending ICMP packets to the target host for a long, continuous, and massive period of time will ultimately paralyze the system. A large number of ICMP data packets will form an "ICMP Storm", making the target host consume a lot of CPU resources for processing, so it is exhausted. For example, you can ping a large number of addresses.

Echo 1>/proc/sys/net/ipv4/icmp_echo_ignore_all disable ping and do not reply to other ping requests (the default value is 0)

④ When viewing the packet capture tool, 8 indicates sending, 0 indicates returning

 

 

(2)ARPAddress Resolution Protocol

① Send a broadcast request to all hosts on the network based on the IP address and receive the returned message to determine the target physical mac address. That is, you have an IP address to obtain the mac address.

② Purpose: restart and avoid IP address conflicts when restarting network services; query mac addresses

③ ARP table query command: ip neigh/arp-n

 

 

④ Arp command:

Arp-a views the relationship between IP addresses and mac addresses (linux). There are three relationships: dynamic, static, and permanent.

Arp-d deletes a ing.

Add one arp-s IP mac manually (permanent)

Arping-I ensX IP Address: view the mac address corresponding to the IP address

Arp-a view the relationship between IP addresses and mac addresses (windows)

⑤ Attackers can also be attacked, so that they can send pseudo ARP response packets to a host so that the messages they send cannot reach the expected host or reach the wrong host, this constitutes an ARP spoofing.

 

(3)RARPReverse ARP Protocol

There is a mac address, get the IP address

Example: diskless workstation (bank, ensuring data security)

 

(4) IP protocol

1. Features

Run on OSI network layer

Connectionless protocols

Process data packets independently

Hierarchical Addressing

Best effort for Transmission

No data recovery function

2. Baotou

 

①Version: 4 digits. The current IP protocol version is 4,Ipv4

② Header Length: 4 bits. The maximum value can be 15 units. One unit is 4 bytes. Therefore, the maximum length of the IP header is 60 bytes.

③ Differentiated Services: Eight services are used to obtain better services. In the old standard, they are called service types, but they have never been used. and then renamed it "differentiated service. this field takes effect only when DiffServ is used. generally, it is not used.

④ Total length: 16 digits, indicating the length of the sum of the header and data, in bytes. Therefore, the maximum length of a datagram is 65535 bytes, and the total length must not exceed the maximum transmission unit MTU.

⑤ Identifier: it occupies 16 bits. It is a counter. Generally, each packet sent is added with a value of 1. It is also used for packet sharding. In several shards of the same package, the value is the same

⑥Flag(Flag): three digits. Currently, only the last two digits are meaningful.

DF: Don't Fragment when the middle one is allowed only when DF = 0

MF: More Fragment, the highest bit. MF = 1 indicates that there are still parts. MF = 0 indicates the last part.

7. segment offset: 12-bit. This refers to the relative position of a part in the original group after a long group is split. The segment offset is in 8 bytes.

Timeout Time: the maximum number of routers that can pass the TTL (Time To Live) datagram in the network. The TTL field is an 8-bit field initially set by the sender. the recommended initial value is specified by the Allocation Number RFC. The current value is 64. When an ICMP response is sent, the TTL is usually set to the maximum value of 255.

The default value is 64 in linux. The default value is 128 in windows.

Cat/proc/sys/net/ipv4/ip_default_ttl queries the TTL of the Local Machine

Echo 128>/proc/sys/net/ipv4/ip_default_ttl to modify the automatic ttl, disguised as windows

Protocol: Indicates the protocol used for the data carried by the datagram so that the IP layer of the target host can hand over the data part to which processing process,1 indicates ICMP, 2 indicates IGMP, 6 indicates TCP, and 17 indicates UDP.

Token header check: occupies 16 bits. It only checks the header of the datagram and does not test the data part. Here, a simple calculation method is used instead of the CRC check code.

⑪ Source address and Destination Address: Each occupies 4 bytes, respectively recording the source address and Destination Address

 

3. display information after packet capture

 

 

Okay, I think the content is a bit Doha. Let's take a look at it. If you have any questions, please comment and discuss them together ~~~ This article is here...