The content of the notes comes from the video of teacher Han Ligang
4.1 Two services provided by the network layer
In computer communication, who should be responsible for reliable delivery? Is it a network system or an end system? The
answering system has
two services: what kind of service should the network layer provide to the transportation layer?
- Virtual circuit service
- Datagram service
4.1.1 Virtual Circuit Service
4.1.2 Datagram Service
4.1.3 Comparison of the two
The Internet now uses datagram services
4.2 Internet Protocol IP
4.2.1 Virtual Internet
Supplement:
1. Repeater can be understood as hub
2. Data link layer relay system: bridge or bridge (switch)
3. Now everyone thinks that the gateway is the interface of the router
4.2.2 IP address
IP hierarchy
Hierarchical IP address divides the 32-bit IP address into network ID and host ID.
Network address: (also called network number) uniquely specifies each network. Every computer in the same network shares the same network address and uses it As part of your own IP address.
Several special addresses
- 127.0.0.1 Loopback address of this address
- 169.254.0.0
reserved private network address: - 10.0.0.0
- 172.16.0.0–172.31.0.0
- 192.168.0.0–192.168.255.0
Subnet mask function: will tell you which are the network part and which are the host part
4.3 Dividing subnets and constructing supernets
4.3.1 Subnetting
Note: The host part cannot be all 0s or all 1s
! [insert image description here](https://img-blog.csdnimg.cn/20201208133648263.png?x-oss-process=image/watermark,type_ZmFuZ3poZW5na 
A sub Addresses that can be used on the network 1-62 Addresses that can be used on the B subnet 65-126
If the IP address is written as 192.168.201.167/29, where 29 represents the binary digits of the subnet mask
4.3.2 Supernet
Merge subnets
4.3.3 IP address and MAC hardware address
The router is the network device
source M1 and M2 write the MAC address, and the data packet plus the MAC address is the data frame
Controlling the proxy server based on the MAC address can only control computers in this network segment, and cannot control other network segments.
4.3.3.1ARP & RARP (Reverse ARP)
Our computer knows the MAC address, and the process of requesting an IP address is the process of reverse ARP
ARP spoofing
ARP spoofing P2P terminator network law enforcement officers use the shortcomings of this ARP. It
can be prevented by the ARP firewall. It is directly written when the returned MAC address is received for the first time, without changing the
ARP operating mechanism: (from Baidu Encyclopedia)
ARP The principle of deception is that the attacker sends fake ARP packets to the Internet, especially to the gateway. The purpose is to allow traffic sent to a specific IP address to be mistakenly sent to the place where the attacker replaced it. Therefore, the attacker can forward the traffic to the real gateway (passive sniffing) or retransmit it after tampering (man-in-the-middle attack). Attackers can also direct ARP packets to non-existent MAC addresses to achieve the effect of denial of service attacks, such as netcut software.
For example, a certain IP address is 192.168.0.254 and its MAC address is 00-11-22-33-44-55. There will be this ARP record in the ARP table of the computer on the network. When an attacker launches an attack, it will send out a large number of ARP packets that have tampered with the MAC address of 192.168.0.254 to 00-55-44-33-22-11. Then if the computer on the network writes this fake ARP into its own ARP table, if the computer wants to connect to other computers through the network gateway, the data packet will be directed to 00-55-44-33-22-11. MAC address, so the attacker can intercept and receive the data packet from this MAC address, and then send it back to the real gateway after tampering, or do nothing, making it impossible to connect online
How to determine ARP spoofing
Enter ipconfig in cmd to find the default gateway, and then ping this default gateway, you can know that it is not working. You can query the MAC address through arp -a
and then when you go to ping this address, you can't ping, and you are cheated by arp. I want to try Try to see if the arp under the window10 system can be changed back after changing it. Waiting to go back and experiment with the waste computer at home
4.3.4 IP data packet (report) format
**Version: **It can be judged whether you are using IPV4 or 6
**Total length: **The header plus the byte length of the data part
**Identification:** It is a counter used to generate the identification of the datagram, not The serial number, each time a data packet is generated, increase by 1.
**Flag:** Tells whether the packet is fragmented
**MTU: **Maximum transmission unit
fragment offset: Time to live
:
According to TTL (Time To live) Determine what operating system the other party is (the other party can change it, but generally no one changes it)
- Liunx 64
- Windows 2000/NT 128
- The unix 256
tracert plus the address command can view the path because the TTL of each router is subtracted by 1, so the remaining TTL plus the number of routers that the path travels can be used to infer what system his machine is.
For example: I ping www.baidu. com got 14 routes he passed, just add the 52=64 obtained when pinging, it is inferred to be unix
**protocol: **refers to what the upper layer protocol is, it is a number, you can check the TCP/IP protocol number
header on Baidu Checksum : It is to check whether there is any error in the header.
**Source address and destination address: **It is the IP address
4.3.5 IP forwarding packet flow
Data routing: The condition for the router to forward data packets on different network segments and the
network is unblocked: It can go back and return
. Routers along the way must know which interface the next hop of the target network is to
. Routers along the way must know which interface the next hop of the source network is to.
The windows gateway is the default route. Enter route print in cmd to view the
command ipconfig /all>d:\ipconfig.txt to save the information to the D drive
4.3.6 Network Load Balancing
That is, when there are multiple paths, you can let one path send packets and the other path send packets
4.4 Internet Control Message Protocol ICMP
4.4.1 Introduction to ICMP
Network congestion: Delayed
ping can check the communication between the two
pathping www.baidu.com can judge the communication between the two, and you can see the routing between the two,
some routers can not ping his address. But you can follow He pinged other places.
4.4.2 Dynamic routing protocol
RIP broadcasts 30s periodically. The best path is through the number of hops (but the selected path is not necessarily the best path, because the bandwidth between the routes is not known, and some hops are many but the transmission speed is fast) The maximum number of hops is 16 hops
Dynamic routing can be learned automatically, and dynamic routing can be changed after network changes
4.4.3 OSPF protocol
To find the best path through the OSPF protocol, there is a break between the routers. He can find another accessible path to replace it. If a short path is repaired, he will find the path after a period of time, and then start to follow this path. A short
path . There is a time process. OSPF dynamic routing protocol is open
, metric bandwidth supports multi-area triggered update
Three tables
- The neighbor table sends a hello packet to confirm whether the other party is
- Link state table
- Calculate routing table
4.4.4 Exterior Gateway Protocol BGP
4.5 Virtual Private Network VPN and Network Address Translation NAT
For example, if you want to access the private network address of the school at home, you can dial-up access via VPN, which is equivalent to using the private network address you want to access as data. After reaching
a public network server of the school, the server removes the public network address. Address and then access the school's intranet server.
4.5.1 Network address conversion process
netstat -n can view the source port and destination port. The
public network server will replace the source port of the private network, otherwise the port in the private network may be heavy. The
windows system can also perform address translation
NAT port mapping
4.5.2IGMP protocol
Multicast=broadcast
Review:
What problems can VPN technology solve?
For private network access, external network access
NAT technology allows us to use a public network address for a bunch of addresses. This technology has allowed VPI4 to persist for a long time.