TCP / IP protocol system

1. OSI model

1. OSI seven-layer model,

 (1) Description of each layer structure

The data link layer, network layer (IP), link layer (tcp, udp) are in the kernel state. The 
application layer (DNS, ftp, https protocol) is in the user area. The 

application layer (data): determine the nature of the communication between processes to meet User needs and provides the 
presentation layer (data) of the network and user applications (file transmission, e-mail, file services, virtual terminals ): mainly solves the problem of syntax representation of user information, such as encryption and decryption (data formatting, code conversion, data encryption) 
session layer (data): provides a mechanism for communication between the establishment and maintenance of applications, including access authentication and session management, including, such as server authenticates the user login is (to lift or establish communication with other contacts) completed by the session layer 
transport layer (Segment): Realize data communication between user processes on different hosts in the network, reliable and unreliable transmission, error detection at the transport layer, flow control (provide end-to-end interface) 
Network layer (packet): provide logical addresses ( the IP), routing the data transmission end to the destination from the source (a data packet routing) 
data link layer (frame) The upper layer data encapsulated in a frame, the MAC address of the media access, the error detection and correction (the address frame transmission and error detection) 
physical layer (bit stream): transfer, a physical interface, the electrical characteristics of the bitstream between the device (Transmit data on physical media in the form of binary data)

(2) Equipment application

Gateway: application layer, transport layer 
(gateway is interconnected by a four-wire network on the transport layer, is the most complex network interconnection device, only used for the interconnection of two networks with different high-level protocols. The structure of the gateway is similar to that of router The difference is the interconnection layer. The gateway can be used for both WAN and LAN interconnection. 

Router: network layer 
(routing, store and forward) 

Switch: data link layer, network layer 
(identify the MAC address in the data packet Information, forward according to MAC address, and record these MAC addresses and corresponding ports in an internal address table in their own) 

Bridge: data link layer 
(connect two LANs, forward frames based on MAC address) 

hub ( Hub): Physical layer 
(pure hardware equipment, mainly used to connect network terminals such as computers) 

Repeaters :: Physical layer 
(regenerate and retime network signals at the bit level, so that they can transmit longer on the network distance)

2. Five-layer protocol architecture,

2. TCP / IP protocol system

1. Adopt 4-layer structure, application layer, transmission layer, network layer, data link layer


 Each layer calls the protocol provided by the lower layer to complete the demand;


Data link layer: 
(1 ) ARP (Address Resolution Protocol): It implements the conversion from IP address to physical address (usually MAC address, popular understanding is the network card address).
     Application: The network layer uses the IP address to find a machine, while the data link layer uses the physical address to find a machine. Therefore, the network layer must first convert the IP address of the target machine into a physical address before using the data link layer to provide Service. (
2) RARP (Reverse Address Resolution Protocol): As the name implies, it is the opposite of ARP. It implements the conversion from physical address to IP address
     : RARP protocol is only used for some diskless workstations on the network because of lack of storage Devices, diskless workstations cannot record their own IP addresses, but you can see the mapping from physical addresses to IP addresses through RARP.
Network layer:
(1) IP
(2) ICMP: mainly used to detect network connection

    8-bit type: ICMP messages are divided into two categories: one is error messages, such as target unreachable (type value 3) and redirection (type value 5); the other is query messages, use To query network information.

    Some ICMP messages also use 8-bit code fields to subdivide different conditions. For example, the code value 0 indicates network redirection, and the code value 1 indicates host redirection.

    16-bit checksum: Cyclic redundancy check (CRC) is performed on the entire message (including header and content).

    Note: The ICMP protocol is not strictly a network layer protocol, because it uses the services provided by the IP protocol at the same layer, and generally speaking, the upper layer protocol uses the services provided by the lower layer protocol.

 Transport layer:

 (1) TCP protocol (transmission control protocol): provides reliable, connection-oriented and streaming services for the application layer

 (2) UDP protocol (User Datagram Protocol): provides unreliable, connectionless and datagram services for the application layer

 (3) SCTP protocol (Stream Control Transmission Protocol): transmission of telephone signals


 Application layer:

(1) OSPF (Open Shortest Path First) protocol: It is a dynamic routing update protocol used for communication between routers to inform each other of their respective routing information.

(2) DNS (Domain Name Service) protocol: provides conversion of machine domain names to IP addresses. (For example, if you convert to Baidu's IP, you can enter it directly by entering the domain name. Because the IP address is too troublesome to remember, just like everyone is uniquely identified by the ID card, but it is for easy remembering Name. DNS is a process of mapping names to ID cards)

(3) The telnet protocol is a remote login protocol that enables us to complete remote tasks locally.

(4) HTTP protocol (Hypertext Transfer Protocol) is a stateless, application-layer protocol based on request and response mode, often based on TCP connection.

(5) TFTP agreement

(6) SNMP protocol

(7) SMTP protocol

2. The difference between tcp protocol and udp protocol


 3. TCP three-way handshake <request ---> response ---> confirmation>

There are 6 kinds of bit codes: TCP flag bit: SYN connection establishment flag, ACK confirmation bit, PSH transmission, FIN end to close the connection, RST reset bit, URG emergency bit; seq start sequence number, ack confirmation number;


The first handshake: the TCP client process first sends a TCP segment to the TCP server process, the flag bit SYN = 1 (flag) in the header of the segment, the starting sequence number seq = x, the segment is called It is a SYN segment, which is encapsulated in an IP data packet and sent to the server; the 

second handshake: After the TCP SYN segment reaches the server, both SYN and ACK are 1, and the confirmation number ack = x + 1, the server Let your starting sequence number seq = y, which is called SYNACK segment sent to the client; the 

third handshake: After receiving the SYNACK packet, send the third segment to the server, allowing the server Confirm the connected segment, the segment confirmation number ack = y + 1, start sequence number seq = x + 1, after sending, the client and server both enter the ESTABLISHED state, complete three handshake, and start transmitting data .

4. Four waves


1) The client process sends a connection release message and stops sending data. Releasing the data packet header, FIN = 1, the sequence number seq = u (equal to the sequence number of the last byte previously transmitted from the data plus 1) In this case, the client enters the WAIT-1-the FIN (termination waiting 1) Status. TCP stipulates that even if the FIN segment does not carry data, it will consume a sequence number.
2) The server receives the connection release message and sends an acknowledgment message, ACK = 1, ack = u + 1, and brings its own serial number seq = v. At this time, the server enters CLOSE-WAIT (close wait )status. The TCP server notifies the higher-level application process that the client is released in the direction of the server. At this time, it is in a semi-closed state, that is, the client has no data to send, but if the server sends data, the client still has to accept it. This state will continue for a period of time, that is, the duration of the entire CLOSE- WAIT state.
3) After the client receives the confirmation request from the server, at this time, the client enters the FIN-WAIT-2 (termination wait 2) state, waiting for the server to send a connection release message (before this, it is necessary to accept the last message sent by the server data).
4) After the server sends the last data, it sends a connection release message to the client, FIN = 1, ack = u + 1, because in the semi-closed state, the server is likely to send some more data, assuming that at this time The serial number is seq = w. At this time, the server enters the LAST- ACK state, waiting for the client's confirmation.
5) After receiving the connection release message from the server, the client must send an acknowledgment, ACK = 1, ack = w + 1, and its serial number is seq = u + 1, at this time, the client enters TIME- WAIT (Time Waiting) status. Note that the TCP connection has not been released at this time, it must pass 2 ∗∗ MSL (maximum message segment life) time, and the client enters the CLOSED state after the corresponding TCB is revoked.
6) As long as the server receives the confirmation from the client, it immediately enters the CLOSED state. Similarly, after revoking the TCB, this TCP connection is ended. As you can see, the server ends the TCP connection earlier than the client.


Guess you like