1. Definition:
The TCP/IP model is also known as the DoD model (Department of Defense models). TCP/IP literally represents two protocols: TCP (Transmission Control Protocol) and IP (Internetwork protocol).
The TCP/IP protocol is not a collectively known protocol for TCP and IPs, but rather refers to the entire TCP/IP protocol family. In terms of the Protocol layering model, TCP/IP consists of four levels: network interface layer, network layer, Transport layer and application layer.
The TCP/IP protocol does not fully conform to the OSI seven-layer reference model, and the OSI (Open System interconnect) is a traditional open systems interconnect Reference Model, a 7-layer abstract reference Model for communication protocols, where each layer performs a specific task. The purpose of this model is to enable various hardware to communicate with each other at the same level. These 7 layers are: the physical layer, the Data Link layer (network interface layer), the Network layer (network layer), the transport layer, the session layer, the presentation layer, and the application layer (the application layer). The TCP/IP protocol uses a 4-tier hierarchy, each of which calls the network provided by its next layer to fulfill its own needs. Because arpnet designers focus on the interconnection of the network, allowing the communication subnet (network interface layer) to adopt existing or future protocols, so this level does not provide a special protocol. In fact, the TCP/IP protocol can be connected to any network through the network interface layer, such as X. Switch network or IEEE802 LAN.
Reference: TCP/IP protocol (36,000 section)
2. IP protocol
IP protocol is the protocol in the network layer, it mainly completes the sending function of the packet. The following table is the packet format for IP4:
0 4 8) 16 32
-----------------------------------------------
| version | Header Length | service type | Total packet Length |
-----------------------------------------------
| logo | DF | Mf| Fragment Offset |
-----------------------------------------------
| Survival Time | protocol | First more Test and |
-----------------------------------------------
| Source IP Address |
-----------------------------------------------
| Destination IP Address |
-----------------------------------------------
| Options |
==============================
| Data |
-----------------------------------------------
Structure definition of IP
structIP {#if__byte_order = = __little_endianunsignedintIP_HL:4;/*Header Length*/unsignedintIp_v:4;/*version*/#endif#if__byte_order = = __big_endianunsignedintIp_v:4;/*version*/unsignedintIP_HL:4;/*Header Length*/#endifu_int8_t Ip_tos; /*Type of service*/U_short Ip_len; /*Total Length*/U_short ip_id; /*Identification*/U_short Ip_off; /*Fragment offset Field*/#defineIP_RF 0x8000/* Reserved Fragment flag * *#defineIP_DF 0x4000/* DONT fragment flag * *#defineIP_MF 0x2000/* More Fragments flag * *#defineIp_offmask 0X1FFF/* Mask for fragmenting bits */u_int8_t Ip_ttl; /*Time to live*/u_int8_t ip_p; /*Protocol*/U_short ip_sum; /*Checksum*/ structIn_addr ip_src, IP_DST;/*Source and Dest address*/ };
The version number of the IP_VIP protocol, here is 4. Now IPV6 is out.
Ip_hlip the head of the package, this value is measured in 4 bytes. The IP protocol header has a fixed length of 20 bytes, and if the IP packet does not have an option, then this value is 5.
Ip_tos The service type that describes the priority provided.
Ip_len describes the length of the IP data, in bytes.
ip_id identifies this IP packet.
Ip_off fragment offset, which is used together with the above ID to reorganize fragments.
Ip_ttl survival time. Minus one when not passing through a route until it is abandoned for 0 o'clock.
The Ip_p protocol represents the high-level protocol that creates this IP packet, such as the TCP and UDP protocols.
Ip_sum the first checksum, providing a checksum of the header data.
The IP address of the IP_SRC, IP_DST sender, and receiver.
3. ICMP protocol
ICMP is a Message control protocol and is also at the network layer. When an IP packet is passed over the network, the ICMP protocol is used to report the error if an error occurs.
The structure of the ICMP packet is as follows:
0 8 16 32
-----------------------------------------------------
| Type | Code | Checksum |
-----------------------------------------------------
| Data | Data |
-----------------------------------------------------
ICMP is defined in:
structicmphdr{u_int8_t type; /*Message Type*/u_int8_t Code; /*type Sub-code*/u_int16_t Checksum; Union {struct{u_int16_t id; u_int16_t sequence; } Echo; /*Echo Datagram*/u_int32_t Gateway; /*Gateway address*/ struct{u_int16_t __unused; U_int16_t MTU; } Frag; /*Path MTU Discovery*/} un;};
4. UDP protocol
The UDP protocol is a protocol based on the IP protocol that is used in the transport layer. UDP and IP protocols are unreliable datagram services. The header format for UDP is:
0 16 32
---------------------------------------------------
| UDP Source Port | UDP Destination Port |
---------------------------------------------------
| UDP Datagram Length | UDP Datagram Checksum |
---------------------------------------------------
The UDP structure is defined in the following:
struct UDPHDR { u_int16_t source; u_int16_t dest; u_int16_t Len; u_int16_t Check;};
5. TCP protocol
The TCP protocol is also based on the IP protocol, but the TCP protocol is reliable, in order to send, TCP data structure is more complex than the previous structure.
0 4 8 10 16 24 32
-------------------------------------------------------------------
| SOURCE Port | Destination Port |
-------------------------------------------------------------------
| Serial number |
------------------------------------------------------------------
| Confirmation Number |
------------------------------------------------------------------
| | | u| a| p| s| F| |
| header Length | reserved | r| c| s| y| i| Windows |
| | | G| k| h| n| n| |
-----------------------------------------------------------------
| Checksum | Emergency Pointers |
-----------------------------------------------------------------
| Options | Padding bytes |
-----------------------------------------------------------------
The structure of TCP is defined in:
structTCPHDR {u_int16_t source; u_int16_t dest; u_int32_t seq; u_int32_t Ack_seq;#if__byte_order = = __little_endianu_int16_t res1:4; u_int16_t Doff:4; u_int16_t Fin:1; u_int16_t syn:1; u_int16_t rst:1; u_int16_t PSH:1; u_int16_t ACK:1; u_int16_t Urg:1; u_int16_t Res2:2;#elif__byte_order = = __big_endianu_int16_t Doff:4; u_int16_t res1:4; u_int16_t Res2:2; u_int16_t Urg:1; u_int16_t ACK:1; u_int16_t PSH:1; u_int16_t rst:1; u_int16_t syn:1; u_int16_t Fin:1;#endifu_int16_t window; u_int16_t check; u_int16_t urg_prt;};
Source port from which to send TCP data.
Dest accepts the destination port for TCP data.
SEQ identifies the starting sequence number of the data bytes that the TCP contains.
ACK_SEQ confirms the serial number, indicating the next accepted data sequence number for the receiving party.
Doff data The first ministerial degree, as with the IP protocol, in 4 bytes, the average time is 5.
Urg If the emergency data pointer is set, the bit is 1.
ACK If the confirmation number is correct, then 1.
PSH if set to 1, the receiving party receives the data and gives it to the previous program immediately.
When the RST is 1, it indicates a request to reconnect.
When the SYN is 1, it indicates that the connection was requested.
When Fin is 1, it means that relatives close the connection.
window shows the size that the receiver can receive.
Check to make the TCP data more core.
Urg_ptr if urg=1, then indicate the offset value of the serial number that the emergency data begins for the historical data.
6, the establishment of TCP connection
TCP protocol is a reliable connection, in order to ensure the reliability of the connection, TCP connection to be divided into several steps. We call this connection process the "three-time handshake".
Here we analyze the process of establishing a connection from an instance.
The first step the client sends a TCP packet to the server, indicating that the connection is being requested. To do this, the client sets the SYN bit of the packet to 1 and sets the sequence number seq=1000 (we assume 1000).
The second step of the server received the packet, and from the SYN bit to 1 know that this is a connection to make a request, so the server also sends a TCP packet to the client. Because it responds to the client's request, the server sets the ACK to 1,sak_seq=1001 (1000+1) and sets its own serial number. seq=2000 (We assume 2000).
The third step is that the client receives TCP from the server, and from ACK 1 and ack_seq=1001 knows that it is from the server to confirm the information. The client also sends a confirmation message to the server,
Client settings ack=1, and ack_seq=2001,seq=1001, are sent to the server, where the client completes the connection.
The last step the server receives the confirmation information, also completes the connection.
With the above steps, a TCP connection is established. Of course there may be errors in the setup process, but the TCP protocol can guarantee that it will handle the errors.
Say one of the mistakes:
Have you heard of DOS? (not the operating system AH). This spring festival, the United States, the five major sites were attacked together. The attacker is using a DOS (Denial of service) approach. To summarize the principle of saying:
The client first steps, and the server receives the second step. Following a normal TCP connection, the client should take a third step. However, the attacker does not actually take a third step because the client modifies its IP address at the first step, that is, topopulate the IP column of the sender of the IP packet with an I p that does not actually exist. This way, the server will not receive a confirmation signal from the third step because no one is receiving the IP address. This way the server will wait over there until it expires. This way, when a large number of customers make a request, the server waits a lot until all the resources are exhausted and no longer receives the client's request. This will not succeed if a normal user makes a request to the server because there is no resource.
Vii. TCP/IP protocol