[Reminder] Need information or need to enter the deduction group communication to the bottom
TCP/IP protocol
TCP/IP is not a protocol, but a collective term for a family of protocols. It includes IP protocol, IMCP protocol, and TCP protocol.
Here are a few knowledge points that need to be paid attention to:
Internet address: that is, IP address, generally network number + subnet number + host number
Domain name system: In layman's terms, it is a database that can convert a host name into an IP address
RFC: TCP/IP protocol standard document
Port number: a logical number, the mark carried by the IP packet
Socket: Application programming interface
Working characteristics of the data link layer:
Send and receive IP datagrams for IP modules
Send ARP requests and receive ARP responses for the ARP module (ARP: Address Resolution Protocol, which converts IP addresses into MAC addresses)
Send RARP request and receive RARP reply for RARP
Next, let’s take a look at the working process of TCP/IP: The
data link layer obtains the data transfer information from ARP, and then obtains the specific data information from the
IP protocol.
Among the IP protocol headers, the most important is the TTL (the maximum number of network segments allowed by IP) field (eight bits), which stipulates that the data packet can pass through several routes before being discarded.
IP routing
The working principle of ARP protocol
The ICMP protocol (Network Control Document Protocol)
transmits the error information that the IP data packet cannot transmit to the host
Query message
1. Ping query: whether the host is reachable, by calculating the interval time and the number of packets transmitted
2. Subnet mask
3. Timestamp: get the current time
Error messages are
not generated:
1. ICMP error messages do not generate error messages
2. The source address is zero address, ring destination address, broadcast address, and multicast address
IP router selection protocol
static routing
Static routing
1. Configure the interface to generate routing table entries by default, or use route add to manually add table entries 2.
ICMP messages (ICMP redirect messages) to update table entries
3. Dynamic routing selection (only used between routes )
RIP (Routing Information Protocol)
Distributed routing protocol based on distance vector (distance record from router to each destination network)
Router's work:
1. Send a RIP request message to each known router, requesting a complete routing table
. 2. If accepting the request, hand over its own routing table to the requester; if not, process the IP request
Seek table entry (self part + hop count/part that does not have +16)
3. Accept the response, update the routing table
4. Update the routing table regularly (usually 30s, can only be said to be too frequent~)
OSPF (Open Shortest Path First Protocol)
Distributed Link State (network with interfaces to these two routers) protocol
1. When the link state changes, use a reliable flooding method to send information to all routers ( The link status of all neighboring routers)
2. Finally,
a three-way handshake of TCP/IP will be established for the topology of the entire network, and the hands will be broken up four times.
First, let’s first understand the TCP segment
I have also marked the important signs in the figure, focusing on the flag bit
ACK: confirm that the serial number is valid
RST: reset the connection
SYN: initiate a new connection
FIN: release a connection
The process of the three-way handshake (the client is represented by A, and the server is represented by B)
premise: A is opened actively, and B is opened passively
1. Before establishing a connection, B first creates a TCB (Transmission Control Block), ready to accept the connection request of the client process, and is in the LISTEN (listening) state
2. A first creates a TCB, and then sends a connection request to B, sets SYN to 1, and selects the initial sequence number seq=x to enter the SYN-SEND (synchronized sent) state
3. After B receives the connection request, it sends an acknowledgment to A, SYN is set to 1, ACK is set to 1, and an acknowledgment sequence number ack=x+1 is generated at the same time. At the same time, the initial sequence number seq=y is randomly selected to enter the SYN-RCVD (synchronously received) state
4. After A receives the confirmation connection request, ACK is set to 1, the confirmation number ack=y+1, seq=x+1, and it enters the ESTABLISHED (connection established) state. A confirmation connection is sent to B, and finally B also enters the ESTABLISHED (connection established) state.
To put it simply,
1. When a connection is established, the client sends a SYN packet (SYN=i) to the server, and enters the SYN-SEND state, waiting for the server to confirm
2. The server receives the SYN packet, and must confirm the client's SYN (ack =i+1), and at the same time send a SYN packet (SYN=k), that is, SYN+ACK packet, at this time the server enters the SYN-RECV state
3. The client receives the SYN+ACK packet from the server and sends an acknowledgement to the server Report ACK (ack=k+1), the packet is sent, the client and server enter the ESTABLISHED state, and the three-way handshake is completed
One point of knowledge interspersed here is a SYN attack, so what is a SYN attack? What are the conditions that happened? How to avoid it?
In the three-way handshake process, after the Server sends the SYN-ACK, the TCP connection before receiving the Client's ACK is called half-open connect. At this time, the Server is in the SYN_RCVD state. When the ACK is received, the Server transfers to ESTABLISHED status. The SYN attack is that the client forges a large number of non-existent IP addresses in a short period of time, and continuously sends SYN packets to the server, the server replies to the confirmation packet, and waits for the client's confirmation. Because the source address does not exist, the server needs to constantly re- Until the timeout expires, these forged SYN packets will occupy the unconnected queue for time, causing normal SYN requests to be discarded because the queue is full, causing network congestion and even system paralysis. SYN attack is a typical DDOS attack. The way to detect SYN attack is very simple, that is, when there are a large number of semi-connected states on the Server and the source IP address is random, you can conclude that it has been attacked by SYN. Use the following command to make it Current:
#netstat -nap | grep SYN_RECV
The process of breaking up four times (the client is represented by A and the server is represented by B)
Since the TCP connection is full-duplex, each direction must be closed separately. This principle is that when one party completes the data sending task, it sends a FIN to terminate the link in this direction. Receipt of a FIN only means that there is no data flow in this direction, and no data will be received, but data can still be sent on this TCP connection. Knowing that FIN is also sent in this direction, the party that first shuts down will take the initiative. Close, and the other party performs passive shutdown.
Prerequisite: A is actively closed, B is passively closed
Someone may ask, why is there a three-way handshake when connecting, but four waves of hands when disconnecting?
This is because the server in the LISTEN state, after receiving the SYN message for establishing a connection request, puts the ACK and SYN in one message and sends it to the client. When the connection is closed, when receiving the FIN message from the other party, it only means that the other party no longer sends data but can still receive data. You may not send all the data to the other party, so you can close immediately or send some After the data is sent to the other party, a FIN message is sent to the other party to indicate that they agree to close the connection now. Therefore, the own ACK and FIN are generally sent separately.
1. A sends a FIN to close the data transfer from A to B, and A enters the FIN_WAIT_1 state.
2. After B receives the FIN, it sends an ACK to A to confirm that the sequence number is the received sequence number +1 (same as SYN, one FIN occupies one sequence number), and B enters the CLOSE_WAIT state.
3. B sends a FIN to close the data transmission from B to A, and B enters the LAST_ACK state.
4. After A receives the FIN, A enters the TIME_WAIT state, and then sends an ACK to B, confirming that the
serial number is the received serial number + 1, B enters the CLOSED state, and completes four waves.
Simply put,
1. Client A sends a FIN to close the data transmission from Client A to Server B (message segment 4).
2. Server B receives this FIN, it sends back an ACK, confirming that the sequence number is the received sequence number plus 1 (message segment 5). Like SYN, a FIN will occupy a sequence number.
3. Server B closes the connection with client A and sends a FIN to client A (message segment 6).
4. Client A sends back an ACK message confirmation, and sets the confirmation sequence number to the received sequence number plus 1 (message segment 7).
After A enters the TIME-WAIT state, it will not release TCP immediately. It must wait for the time 2MSL (the longest message segment life) set by the timer before A enters the CLOSED state. why?
1. In order to ensure that the last ACK segment sent by A can reach B
2. Prevent "failed connection request message segment" from appearing in this connection
OK~Is it hard to understand? Let’s call it “humane”
Three-way handshake process
1. The client sends a request "Open the door, I want to come in" to the server
2. The server sends "Come in, I'll open the door for you" to the client
3. The client has kindly sent a "thank you, I'm coming in" to the server
Four waved process
1. The client sends "It's late, I'm leaving" to the server, and waits for the server to get up to send him
2. The server hears it and sends "I know, then I will send you out" to the client, and wait for the client to leave
3. After the server closes the door, it sends "I closed the door" to the client, and then waits for the client to leave
4. The client sends "I know, I'm leaving", and then he left
I still have a lot of organized data files and video files, and get more data files. The
previous teaching videos are mainly for the novice Xiaobai to make some detours. I want a full set of videos, materials, Q&A, or Huawei, H3C, related certification learning materials + Q group: 787295480 The
materials are a bit too much, I will not list them all, first write here, if you have any questions, please leave a message, private message exchanges and discussions~