Knowledge points of network security basic course (1)
1. OIS seven-layer model diagram
1. Application layer
Realize various services, user interfaces, and applications (file transfer, email, file service, virtual terminal) through human-computer interaction.
Required equipment: gateway.
From abstract language → coding
2. Presentation layer
Data representation, compression and encryption (data formatting, code conversion, data encryption).
Required equipment: gateway.
From code → binary
3. Session layer
Session establishment and termination (releasing and establishing contact with other contacts), application device session distinction, providing session layer address, application internal address, there is no unified standard (setting rules for application).
Required equipment: gateway.
4. Transport layer
Segmentation (limited by MTU) provides an end-to-end interface.
Corresponding protocol (TCP/UDP).
Required equipment: gateway.
5. Network layer
Select routing and addressing for data packets.
Internet Internet Protocol→IP→Router→Logical Addressing
Required equipment: router.
6. Data link layer
LLC logical link control (two-layer check to ensure data integrity) + MAC media access control layer MAC address check to ensure error-free data link, transmission of frames with addresses, and error detection function to control the physical layer .
Required equipment: switches, bridges, network points.
7. Physical layer
A hardware device that transmits bit streams and transmits data on physical media in the form of binary data.
Required equipment: hub, repeater.
2. How to make the network wider
1. Node increase:
The increase of nodes requires a hub (HUB), but it also brings security, address, delay, and conflict issues.
Address: The 48-bit serial number of the MAC address of the network card chip is programmed in the factory and is unique in the world and displayed in hexadecimal.
Conflict: (all nodes send data at the same time, causing the current to meet and cancel out on the physical medium) CSMA/CD carrier sense multiple access/conflict detection. Queuing cannot completely resolve the conflict, but will increase the delay.
2. The distance is extended
To extend the distance, it needs a repeater (also called an amplifier) to pressurize it. A maximum of four repeaters are allowed. It cannot be extended indefinitely, but can only be extended relatively.
3. Increased network demand: bridge-switch
1. Unlimited transmission distance
The switch performs a complete copy and rewrite.
2. There is no conflict at all
All nodes can send and receive their own data at the same time
3. Unicast-one to one
When a piece of data enters the switch, first check the source MAC address in the data, then map the mac and the number of the incoming interface to the local MAC address table; then check the target mac in the data, based on the mac address table The record is only forwarded to the only interface (unicast); if there is no record, the traffic will be flooded;
flooding: all the interfaces except the traffic entering the interface are copied and transferred out;
Four, OIS seven-layer reference model and TCP/IP layered model
Summary: The network becomes larger-unlimited distance, no conflict, unicast-switch-MAC-flooding-flooding range-router-IP-ARP-broadcast (forcing the switch to flood) ——Broadcast domain (flooding domain)——Gateway——DNS
Five, noun supplement
UDP: User Datagram Protocol
Non-connection-oriented unreliable transmission protocol
Only complete the basic work of transmission-segmentation, port number
TCP: Transmission Control Protocol
Connection-oriented reliable transmission protocol
In addition to the completion of the basic work of the transmission, it will additionally guarantee the reliability of the transmission.
Connection-oriented — establish end-to-end virtual link
reliable transmission through three-way handshake — 4 types of reliable transmission mechanisms — Confirm retransmission sequence flow control (sliding window)
IPV4 header:
Noun notes:
1. DNS: domain name resolution service finds the corresponding ip address through the domain name
2. MTU: the maximum capacity of each segment when the maximum transmission unit is divided into 4 layers
3. OSI: Open System Interconnection Reference Model-7-layer model
4. TCP/ IP protocol plank 5 layer (4 layer) model
5. ARP address resolution protocol-through the opposite end to obtain another kind of address
a. Forward ARP-known the opposite end's IP address, through the broadcast to obtain the opposite end's MAC address
b , Reverse ARP-Know the local MAC address, get the local IP address
c, Gratuitous ARP-When the device just uses the ip address or during use, forward ARP requests are made, but the requested address is local ip address; used for address conflict detection.
6. Duplex-Full duplex and half duplex Decapsulation-
the process of data reading and identification, which is the opposite of
encapsulation. Encapsulation-the process of data processing from high-level to low-level-the data packet keeps increasing during the process.
7. PDU: Protocol Data Unit -The name of the unit of each layer of data
Application layer data message
Transmission layer segment
Network layer packet
Data link layer frame
Physical layer bit stream
6. IPV4 address:
32-bit binary structure, dotted decimal notation
192.168.1.1
1. There is an ABCDE classification:
Where ABC is a unicast address-only a unicast address can be used as a source ip address or a target ip address
. Class D is a multicast address-only a target ip address
. Class E is a reserved address.
Based on the first 8 bits of the ip address Classify:
A 1-126
B
128-191 C 192-223
D 224-239
E 240-255
In addition, only the network bit (identification corresponding to the broadcast domain) + host bit concept exists in the unicast address, so only the unicast address has sub Net mask;
The difference between the three types of ABC:
A The default subnet mask: 255.0.0.0
B The default subnet mask: 255.255.0.0
C The default subnet mask: 255.255.255.0
2. Special address:
1.
127 -Loopback address 127.0.0.1 2. 255.255.255.255 Restricted broadcast address-router does not forward the packet 3,
0.0.0.0 1) Default-all addresses 2) Invalid-no address
4. In each segment The host bits in the address are all 0s.
192.168.1.0 255.255.255.0 is not a unicast address and cannot be configured to the device as an ip;
network number—represents the network segment
192.168.1.x 255.255.255.0=192.168.1.0 255.255.255.0 = 192.168. 1.0/24 (shorthand)
5. All 1s in the host address in each segment is not a unicast address and cannot be configured as an ip for the device;
direct broadcast address
192.168.1.11111111/24 = 192.168.1.255/24
6. 169.254.0.0/16 local link address, automatic private address terminal device after the automatic acquisition of the ip address fails, the local automatically assigned ip address, the network bit is fixed, and the host bit is random;
Seven, VLSM variable length subnet mask subnet division
By extending the length of the subnet mask, borrowing bits from the host bit to the network bit, a network number can be divided into multiple for marking multiple broadcast domains, but the scope of each broadcast domain will be reduced;
Eight, CIDR-classless inter-domain routing
Take the same bit, go to the different bit
User mode view parameters
system-view
[Huawei] System mode management device
[Huawei-???] Various dedicated configuration modes, only for certain configuration entry
Quit retreat layer by layer
Help system:
View the commands and comments that can be entered after the mode or the word. The
Tab key automatically completes a word
[Huawei]interface GigabitEthernet 0/0/0 Enter interface
[Huawei-GigabitEthernet0/0/0]ip address 192.168.1.250 255.255.255.0 Configure ip address
[Huawei-GigabitEthernet0/0/0]quit Quit
[Huawei]interface GigabitEthernet 0/ 0/1
[Huawei-GigabitEthernet0/0/1]ip address 192.168.2.1 24
display ip interface brief View interface summary