1. Overview of TCP / IP
TCP / IP reference model
TCP / IP protocol cluster
The TCP / IP protocol cluster is the foundation of the Internet and the most popular form of networking today. TCP / IP is synonymous with a set of protocols, including many other protocols, forming a TCP / IP protocol cluster. The TCP / IP protocol does not fully comply with the seven-layer reference model of OSI. The latter is a seven-layer abstract reference model of a communication protocol in which each layer performs a specific task. The TCP / IP communication protocol uses a 4-layer hierarchical structure, and each layer relies on the network provided by its next layer to fulfill its needs.
Functions at all levels of the TCP / IP reference model
Application layer : provide users with various services or system application interfaces such as FTP, Telnet, DNS, SMTP, etc.
Host-to-host layer : establish, maintain and cancel an end-to-end data transmission process, control the speed of the transmission rhythm, adjust the order of data, etc.
Internet layer: define IP address; routing; realize data forwarding process from source to destination
Network access layer: (data link layer and physical layer)
Representative agreements at all levels:
Application layer: HTTP 80 hypertext transfer protocol, providing web browsing services
Telnet 23 remote login protocol, providing remote management services
FTP 20, 21 file transfer protocol, providing Internet file resource sharing service
SMTP 25 Simple Mail Transfer Protocol, providing Internet email service
POP3 110 post office agreement, providing Internet e-mail service
TFTP 69 (UDP) Simple file transfer protocol, providing simple file transfer service
Host to host layer:
TCP (Transmission Control Protocol) belongs to the connection-oriented network protocol, connection-oriented, reliable transmission, flow control and window mechanism, applications using TCP: web browser (http), file transfer (FTP), etc.
UDP (User Message Protocol) is a connectionless network protocol, connectionless, unreliable transmission, best effort transmission, applications using UDP: Domain Name System (DNS), video streaming; Voice over IP (VoIP)
TCP message format:
The port number ranges from 1 to 65535; the reserved port numbers from 1 to 1024 are well-know, and the port numbers that can be customized after 1024 are the numbers 192.168.12.23:80 followed by the IP address
Scource port (destination port) Destination port (destination port) Sequence number (sequence number) Acknowledgement number (acknowledgement number) These two are the fundamental to achieve reliable transmission of TCP. Window (the size of the sliding window), Checksum (checksum), Control bits (control bits)
UDP message format:
TCP connection establishment (three-way handshake) focus on three fields (seq, ack, ctl (control bit))
seq own serial number, ack is used to confirm the serial number ends, ctl = SYN (SYN: synchronization sequence number ( the Synchronize Sequence Numbers ..) is the TCP / IP to establish the use of the connection handshake the client and server of When establishing a normal TCP network connection, the client first sends a SYN message. The server responds with SYN + ACK to indicate that it has received the message, and finally the client responds with an ACK message.)
ack = 1 means I received your data, and please send the data with serial number 1
TCP connection disconnected (four waved hands)
TCP sliding window mechanism (the receiver controls the size of the data sent by the sender)
Internet layer: The network layer, also called the Internet layer, is responsible for sending packet messages from the source to the destination. The network layer provides logical addresses for devices in the network and is responsible for routing and forwarding data packets.
protocol:
ARP (Address Resolution Protocol): resolves the MAC address corresponding to the target IP address. Maintain the cache of ARP mapping (the correspondence between IP addresses and MAC addresses). Insecure and unreliable, because the receiving end does not make any confirmation, it may lead to message leakage (ARP hijacking) at the receiving end. You can enter ARP -a in the terminal to view the MAC address corresponding to the IP address
dst represents the target MAC address, and all F represents the broadcast data frame.
IP message format
Version Header Priority & Type of Service Total Length Identification Fragment offset Flags Time to live (TTL anti-ring, Error sending ICMP message) Protocol (Protocol number tells what the data is) Header checksum (header checksum to determine whether the data is damaged)
Internet layer tools:
Ping (ICMP) Ping is a command on network devices, Windows, Unix and Linux platforms. It is actually a small and practical application based on the ICMP (Internet Control Messages Protocol) protocol. Ping is often used to detect the network reachability of the destination node.
Traceroute / Tracert: Help us to find out the IP address of each router traversed from our local to the target node, which is helpful to analyze the data walking path.
Reference model:
Excerpt from: https://www.bilibili.com/video/av37359658