Knowledge point combing
Overview
- IP header protocol domain (8bit):
1--ICMP
2--IGMP
6--TCP
17--UDP
- ICMP and IGMP protocol positioning
For IP, ICMP and IGMP are subsidiary protocols, so they are often divided into the same layer;
but when data frame demultiplexing (Demultiplexing), they are divided into the upper layer of IP, because ICMP and IGMP messages are encapsulated in IP data Report in the middle.
- Port numbers
TCP and UDP both use 16-bit port numbers to identify applications. Port numbers 1~1023 are managed by IANA, 1~255 are commonly used well-known port numbers, and 256~1023 are often Unix system service port numbers. Port numbers between 1024 and 5000 are often temporary port numbers; those greater than 5000 are reserved port numbers for uncommon services.
Common port numbers:
echo--7
discard--9
daytime--13
chargen--19
time--37
FTP--21
Telnet--23
domain--53
TFTP--69
The above ports are all derived from NCP (Network Control Protocol, the predecessor of TCP protocol). Due to the simplex mechanism, each application service requires two connections, so paired port numbers are reserved. Later, TCP and UDP became ie standard transport layer protocols. Each application service only needs one port number, so choose an odd number among them.
- internet and internet
internet: Use a common protocol suite to connect multiple networks.
Internet: A collection of hosts communicating with each other via TCP/IP worldwide.
The Internet can be understood as an instance of the internet.
Link layer
Data frame MTU: Maximum transmission unit
IP layers
IP datagram TTL (8 bits): Time to live, which sets the maximum number of routes that datagram i can pass. It is usually 32 or 64. When the value is 0, it is discarded and an ICMP datagram is sent to notify the source host.
Common commands:
ifconfig -a 查询主机网络信息
netstat 查询接口信息
ARP: Address Resolution Protocol
32-bit IP address------>48-bit hardware MAC address
tcpdump command: dump the traffic on a network.
A packet analysis tool that intercepts data packets on the network according to the user's definition.
ARP proxy:
If it is found that the MACs of the hosts obtained in the same subnet are the same, there are often intermediate routers acting as ARP proxy.
RARP: Reverse Address Resolution Protocol
When there is no RARP server on the network, the destination addresses of RARP packets are all Ethernet broadcast addresses. The interval between two retransmissions uses a time-out retransmission mechanism with a multiple-increasing relationship. When the sending interval exceeds the threshold, it is reset to the initial interval.
When observing, you can use:
tcpdump -e to view the address information of the hardware layer
When running the RARP service, I encountered a problem:<
$ rarp -a
内核不支持 RARP。
ICMP: Internet Control Message Protocol
The first four bytes of all ICMP messages are the same, and the remaining bytes are different from each other.
ICMP packets are exchanged between hosts without the destination port number.
Ping
Verify that the host is reachable and determine how far away the host is.
The ping -R host is equivalent to traceroute, but is limited by the length of the IP datagram header and can store up to 9 IP addresses.
Broadcast and multicast
The lowest bit of the highest byte of the address in the Ethernet is set to 1, indicating that the address is multicast; the
broadcast address FF: FF: FF: FF: FF: FF can see a special case of the multicast address.