Mainly to see the video explanation of TCP / IP, make notes. And then I read the book, made additional notes.
Label use of signs in the directory, for easy reference.
Reference Video: https:? //Www.bilibili.com/video/av10610680 t = 303
day1
Four-layer structure:
| Floor | main role |
|---|---|
| Application layer | Handle specific application details |
| Transport Layer | To-end for the application on both hosts Communications |
| Network layer | It processes the packet in the network |
| Link layer | Details of the process of any physical interface transmission medium |
Example: two hosts FTP program running
on the same layer, or a plurality of protocols on both sides corresponding to communicate.
Applications are typically user process , usually in the lower three (OS) kernel execution.
The application layer concerned with the details of the application, the three processing communication detail .
Is transmitted from the upper layer to the lower layer package , is received from a lower layer to an upper layer demultiplexing .
Port number:
servers generally identified by the well-known port number.
Random client port number, server port number is fixed.
The second chapter link layer
2.2 802 Ethernet and the IEEE:.
1. Concept:
Ethernet: is a standard, CSMA / CD medium access method, the rate of 10Mb / s, address 48bit
the IEEE 802: a slightly different set of criteria
2. Frame format:
Data 46-1500 byte
frame different fields:
Ethernet is the type;
802.3 length, not including the CRC check code subsequent data length of
the destination address, the source address is 6 bytes
type field:
0800-> the IP;
0806-> ARP protocol
2.7 loopback Interface:
allows the client and server programs running on the same host via TCP / IP communication.
localhost: 127 at the beginning of the IP address
Not understand the problem : the NAT P2 32: 20-38: 14
2.8 Maximum Transmission Unit MTU: calculated in the direction of
2.9 Path MTU: minimum MTU path
Chapter III IP: Internet Protocol
3.1 Introduction
IP provides an unreliable, connectionless of datagram delivery service.
Unreliable simple processing algorithm: discarding the data packets, ICMP message packets transmitted to the source terminal.
Connectionless: IP does not maintain any state information, IP datagrams may be different paths, may not send the order
- Command: ipconfig
to view session information netstat -an
to view the routing table netstat -r or route print or netstat -rn
3.2 IP datagram header:
Type of Service TOS: 3bit priority subfield (now ignored), TOS field 4bit of, 1bit set to 0
identification: ID
mark: df | mf |
protocol: 1-ICMP; 6-TCP ; 17 -UDP
options: recording path, time stamp, loose source routing, strict source routing station
during the transmission IP address unchanged, the destination address of the link layer, i.e., MAC address changes hop
day2
Chapter IV ARP: ARP
-
IP address (logical address) is mapped to the MAC address
-
Device drivers never checks the destination IP address of the IP datagram
4.2 an example
, if the destination host in the local network (such as Ethernet, token ring, or other end-point links), then the IP datagram can be sent directly to the object host. If the destination host in a remote network on, it is determined by the IP routing function is located next router address on the local network, and it forwards the IP datagram.Send ARP ARP request broadcast packet , all hosts on the network will receive; only the IP address of the host destination, unicast ARP reply packet back to the sending host; sending host can contract.
4.3 ARP cache
displays the contents of the cache all query command: arp -a
clear arp -d
4.4 ARP packet format of the
destination address is the number of bits of the full address is a broadcast address of a
frame type: 0806-ARP
hardware type: type of hardware address, an Ethernet address represents.
Protocol Type: 0800-IP
ARP request the Ethernet IP address, the hardware address length is 6, the protocol address length is four
operation field: 1-ARP request; 2-ARP reply; 3-RARP request; 4-RARP response
4.6 arp proxy: no ip routing device sends a request arp
4.7 free arp: means the host sends ARP to find its own IP address
Chapter 6 ICMP
6.1 Introduction
communicates error messages and other information that needs attention.
- ICMP message format:
ICMP protocol number 1
type + queries into the code :( messages and error messages)
the ping requests: 80
the ping response: 00
not up to 3x (type 3) redirect timeout 5 11
test and include: checking the header and the following data
ICMP error packet receiving module will be it with a particular protocol (according to the protocol field in the IP datagram header to determine) and user processes (according to TCP or UDP in the IP datagram comprising the first 8 bytes packet header of a TCP or UDP port number to judge) link.
- Where no ICMP error packets:
ICMP error message, the destination address is a broadcast or multicast address, the IP packet is not the first sheet of the article, the source address is not a single host
6.5 ICMP Port Unreachable
a rule ICMP is, ICMP error message must include that generated the error message datagram IP header (including any options), it must also include at least the first 8 bytes of the IP header back followed.
Chapter 7 ping
Determine where the problem
host up depends not only on whether the IP layer up, also depends on what kind of protocol and the port number used
most TCP / IP implementations ping service direct support in the kernel (the ping device)
- ICMP echo request and echo reply packet format:
Identifier: ID number of the sending process
ID: 1 Increments
padding data: Unix time contract data has
the same Windows identifier, one by one plus a sequence number, meaningless data, computer time is automatically calculated
IP record route option:
R option to record all outbound ping interface in the back and forth are recorded
disadvantage: the limited network can be recorded, only nine storage addresses; hosts must support all
code type specified IP options, the options for the RR value 7
- IP timestamp option
Traceroute program
win command: the tracert
TTL: When the TTL field router receives the IP datagram is 0 or 1, the route which does not forward the data packet, and transmits "the ICMP Timeout" message to the source machine
Traceroute sends UDP data packets to the destination the host can not select a value as the UDP port number (greater than 30,000), i.e., port numbers randomly . With the port number of packets sent and increased 1. Gradually increasing the TTL value, the destination host can not use this port number is generated ** "port unreachable" error **.
tracert through ICMP operation request sent
through a firewall TTL unabated
- IP source routing options
by-hop change the destination address, you can complete the routing
strict source station: must be directly connected
to disable the command: no ip source-route
IP routing
Routing daemon
- Routing principles: 1 matching host address network address 2 match 3 match the default path
CISO: 1 Details PBR specific routes 3 2 4 policy default route default route - Routing Table Initialization: initialize each interface, create a direct route for the interface
- Or do not forward: router forwarding Layer 2 switch and the PC are not forwarded by default
- ICMP redirect error:
day3
UDP
Is a simple oriented datagram transport layer protocol: each output operation process are exactly generating a UDP datagram, and assembled into an IP datagram to be transmitted. Unreliable .
Oriented TCP byte stream protocol
-
Typical applications: query class (fast), data transmission, voice and video streams
-
UDP encapsulation:
port number indicates the transmission and receiving processes. TCP port numbers and UDP port numbers each independently (rsh = 514 and the syslog)
UDP length field refers to the byte length of the UDP header and UDP data, the minimum value of the field is 8 bytes.
UDP checksum covers the UDP header and UDP data. UDP checksum is optional, TCP is mandatory.
12 bytes of pseudo-header , checksum calculation is provided.
Data packets sent and received data packets having the same checksum value . -
IP fragmentation
IP the MTU (an interface) with the data packet length comparison;
fragmentation may occur in the original sending host, can also occur in the intermediate routers ;
reassembled completed by the destination of the IP layer, which purpose is to fragment and reassembly process is transparent to the transport layer (TCP and the UDP) .
DF = 1 indicates the Do not Fragment, discarded directly and inform MTU; MF = 1 indicates that this slice is not the last one.
Not retransmit a fragment, it requires retransmission of the entire data packet .
After slicing only the first sheet with a ICMP message .
Except the last fragment, the other fragments of the data portions (portions other than the outer IP header) is an integer multiple of 8 bytes.
IP datagrams are IP layer transfer unit end to end, the packet is a unit of data between the IP layer and the link layer. -
ICMP unreachable error (to be fragmented)
of the first data packet to the receiving sheet, unless otherwise implemented without requiring any ICMP error is generated.
The maximum UDP datagram length: with the socket API, the kernel implementation of TCP / IP, the source and destination of the fulfillment of the relevant
data packet truncation: depends on the programming interface and implementation
ICMP source quench: intermediate router cache is not enough, and transmitted by the intermediate routers , our sock does not receive the program or source quench message error, or shift them to ignore the received
UDP input queue: fast transmission speed of the transmitting end, the receiving end of the buffer is full, this does not have any error
limit local IP address : local has multiple IP addresses, only one address only open port number; do not open another address
restrictions Remote address:
each port has multiple recipients: most systems allow only one program at a time endpoint a local IP address and UDP port number associated with the
Broadcast and multicast
It applies only to broadcast and multicast UDP
TCP unicast were running on two hosts (determined by IP address) in the two processes (determined by the port number) there is a connection between.
- From the lower layer to the upper layer
[] interface card: normal mode (the destination address is a unicast MAC address of its own, or unicast), a mixed / hybrid mode (capture) - If the frame check and error -> discarding
[Device Driver] : protocol (IP or ARP) frame type used - if there is no information or the upper layer does not belong to a multicast address -> discards
[IP]: filtering the IP address of the source and destination address -> discards
[UDP] : If there is no local destination port number, only to discard broadcast
conclusion: less multicast receiving host, consumes less resources
TCP
-
Providing connection-oriented , the reliability of the byte stream service.
The exchange of data must be established before a TCP connection, point to point connection.
For reliability: data block; timer, not timely received, sending packets on the segment; the receiving terminal sends an acknowledgment;
holding data and header checksum; of the TCP packet processing (sorting, IP layer processing error); flow control -
TCP provides services for the application layer
TCP byte stream of content without any explanation, interpretation byte stream of the application layer on both sides interpreted connected by TCP.
Reference: TCP packet Comments
- TCP header of each field
of an IP address and a port section called a jack (socket). Jack socket pair of
ID : identification data received from the byte stream sent by the originator to TCP TCP, but the identification number of the first data byte in this end of the packet. Each byte in the byte stream will TCP connection ID of the transmitted sequence. Since the serial number is represented by 32 bits, so each 2 ^ 32 bytes, the sequence number wraparound occurs again from zero. SYN and FIN are each one sequence number.
The acknowledgment number: the last byte of data has been successfully received serial number plus one. Only when an ACK, acknowledgment number field is valid. Transmits the ACK does not occupy any number, once the connection is established, this field is always set, ACK flag is always set to 1.
TCP provides full-duplex service application layer, each end of the connection must transfer data number in each direction.
TCP can be stated that there is no choice to confirm or deny the sliding window protocol.
Flag
Flow control: the window size is the number of bytes, the sender is the receiver controls the number of packets can be continuously transmitted unacknowledged. 16bit, up to 65535 bytes. (Flow control recipient)
The most common optional field is the longest packet size.
TCP packet data part segment is optional
- TCP connection is established
send a SYN end of the first execution active open . And returns the next received SYN SYN other end of a passive open.
ISN Initial Sequence Number - Connection terminates
a TCP connection can still send data after receiving a FIN. - Connection establishment timeout: the first SYN retransmission mechanism
- The maximum segment size MSS: If no segmentation occurs, MSS better.
Local MSS bit MTU-40; when not local, the default MSS 536 - TCP's half-close
- 2MSL waiting time: no segment is discarded before the maximum time within the network.
Initiates one end IP address and port number disconnected, can not be reused.
When the connection is 2MSL waiting, any late segment will be discarded. - Quiet time: You can not establish any connections within the MSL time of restart time.
- Reset segment RST (reset): Now the TCP connection.
1 transmits a connection request TCP connection port channel does not exist;
2. abnormal termination of a connection (abnormal release), speed
3. Detection half-open connection
4. At the same time opens and closes
- (Up to 40bit) TCP option
-option arrangement TLV structure: type-length-value
need to add a bit less than 4bit
TCP interactive data stream
Features: multiple number of packets, all packets
typically each interaction will produce a packet key, inefficiency
- Subjected delayed ACK acknowledgment delay: waiting 200ms, to see whether the data transmitted with
- Nagle algorithm: a TCP connection requires a maximum of one packet unfinished unacknowledged. Other small packets can not be transmitted before the acknowledgment of the packet arrives. Instead, TCP packet collect these few, and with a packet sent out of the way when the confirmation is sent.
For an adaptive network, reducing the number of packets transmitted; increased latency
- Notice the window size
problem?
The TCP data flow into blocks
-
Normal traffic: every other segment acknowledgment strategy.
The order of transmitting packets on the line by many factors beyond its control. -
Fast and slow sender recipient: Window Update ACK
-
Sliding window: allows the sender stops and waits for the acknowledgment can be sent before a plurality of consecutive packets.
Window collapse: data to be sent and confirmed when
the window open: the other end of the receiving process reads acknowledged data has been released and the TCP receiving buffer of
the left edge = ACK sequence number to determine the position of
the right direction size = ACK sequence number + WIN -
PUSH flag: the flag used by the sender to inform the recipient will submit all the received data to the receiving process.
-
Slow start:
there may be between the transmitting and receiving a plurality of routers and slower rate link
congestion window is flow control imposed by the sender, the advertised window is flow control receiver used.
Increasing the TCP sender: congestion window cwnd
two hosts to establish the TCP connection, cwnd = 1
emission limit sender = min (the congestion window and the advertised window)
to each received the ACK, the congestion window is increased by one segment, index increase
Packet transmission time: the propagation delay (the electromagnetic wave propagation rate in the medium) + transmission delay (bandwidth, packet size)
to make maximum use of the bandwidth of a link, the sender must ensure constantly being sent by ACK receiver, as the size of the window size by identifying and updating data.
(Bandwidth delay product) = bandwidth of transmission channel capacity * RTT
Congestion occurs: 1. From fast to slow convergence of the pipe 2. Multi-Channel
-URG identification Emergency mode:
the URG = 1, the urgent pointer is valid, a positive offset value, and adding the sequence number field indicates the serial number of the last byte of urgent data. Receiving process reads the data stream and to inform the appropriate urgent pointer encountered.
Examples: Telnet and Rlogin from server to client using the "Emergency mode: Because the data stream in this direction is likely to be stopped client TCP, so that the application data is read.
