Tip: This article is a learning process, there are many shortcomings
Article Directory
Tip: The following is the content of this article, the following cases are for reference
1. Use cmder to complete the confirmatory experiment
1.ipconfig
ipconfig is a command line tool used to control network connections on computers with Microsoft operating systems. It is mainly used to display the configuration information of the current network connection (/all parameter).
Implementation 1
Use ipconfig/all to view the network configuration of your computer, and understand the meaning of each line as much as possible, paying special attention to the IP address, subnet mask, and gateway.
Implementation two
Use ipconfig/all to check the network configuration of the computer next to it to see if there are any similarities and differences.
Question:
Are your computer and the computer next to it on the same subnet, and why?
My computer is on the same subnet as the computer next to it, because we are connected to the same network.
Judgment method
2.ping
PING (Packet Internet Groper), Internet packet explorer, a program used to test the amount of network connection. Ping is a service command at the application layer working in the TCP/IP network architecture. It is mainly used to send ICMP (Internet Control Message Protocol) Echo request packets to a specific destination host to test whether the destination station is reachable or not. Learn about its status.
Implementation 1
To test the connectivity of a computer such as the Web server of Chongqing Jiaotong University, you can use the ping www.cqjtu.edu.cn command, or you can directly use the IP address.
Please grasp the meaning of the feedback information displayed on the screen after using this command, such as TTL, time, etc.
TTL
TTL is the abbreviation of Time To Live. This field specifies the maximum number of network segments that an IP packet is allowed to pass through before being discarded by the router. TTL is an 8-bit field in the IPv4 header.
Note: There is a difference between TTL and DNS TTL. Both are time to live. The former refers to the number of forwarding (hop counts) of ICMP packets, and the latter refers to the existence time of domain name resolution information in DNS.
Time
This time is the time when you send feedback to the other party after sending it to the other party's address.
Implementation 2
Use the ping/? command to understand the various options of the command and use them in practice.
Suppose you cannot ping a certain computer or IP, but you are sure that the network between the computer and you is connected, then what is the possible reason? How to deal with it to ensure ping through?
When your network fails to access a computer such as 14.215.177.39 (one of Baidu's IP addresses), we can generally use near and far connectivity tests to determine the problem. Now suppose your IP is 192.168.1.89, the IP of the computer next to you is 192.168.1.64, and the IP of the gateway is 192.168.1.1, then the process is as follows:
ping 127.0.0.1, test the status of your computer, if OK, then the machine The network software and hardware are working normally, otherwise, the problem lies with the machine, check the TCP/IP configuration of the machine, that is, the status of the network card, etc.
Ping 192.168.1.64, test the connectivity of the nearby computer, if OK, then the internal subnet is working normally, otherwise, The problem is between the local network outlet and the switch. Check the connection between the local network card and the switch.
Ping 192.168.1.1 and test the connectivity to the gateway. If OK, then the outlet of this subnet is working normally. Otherwise, the problemliesin the gateway. This is something you can't do. Report it to the network
managertoping 14.215.177.39 and test the connectivity of Baidu. If it is OK, then OK, otherwise, the problem lies outside the gateway. This is something you can't do. Report to the network manager or Robin Li?
Assuming that in the network investigation conducted in the cheats, pinging Baidu’s IP is ping 14.215.177.39, but pinging Baidu’s domain name is ping www.baidu.com. What is the possible reason? How to verify and resolve?
In addition, a classmate often asks: "You can access QQ, but you can't surf the Internet." The reason for this question is similar.
1. Some router ports do not allow du users to ping.
2. Access control. Regardless of how many hops are crossed in the middle, as long as there are nodes that dao filter ICMP, it is normal for Ping to fail. The most common is the behavior of firewalls.
3. Multi-route load balancing occasions. For example, when pinging the remote destination host, the successful reply and timed out appear alternately, and it turns out that there are two routes to the destination network segment on the gateway router. The weights of the two routes are equal, but there is a problem with one route.
4. The introduction of NAT will cause one-way Ping. NAT can play the role of concealing the internal address. When pinging from the inside, the ping can be done because the mapping relationship of the NAT table exists. When the ping of the internal host is initiated from the outside, there is no way to find the NAT entry of the border router.
Solution:
1. Open the Network and Sharing Center, change the adapter settings, right-click VMware Network Adapter VNnet8-select properties, and double-click Internet Protocol Version 4 (tcp/ipv4).
2. Modify the ip address to 192.168.0.4 and the subnet mask to 255.255.255.0, and confirm to save.
3.tracert
TRACERT (combined abbreviation of Trace Route), also known as tracing route, is a command-line program that can be used to trace the path taken by Internet Protocol (IP) packets to the destination address.
Implementation 1
To know which nodes (routers) and other states have passed through a computer such as www.baidu.com, you can use the tracert www.baidu.com command to view the feedback information and understand the number of nodes.
You can check where these nodes are located and which company they belong to through the website http://ip.cn, and you can roughly understand the path between the machine and the Baidu server.
Implementation 2:
ping.pe This website can detect the line status from major ISPs around the world to a site such as https://qige.io, and of course the routing status of each line to the host. Please use your browser to visit http://ping.pe/qige.io to learn more.
Question 1:
Tracert can tell us the nodes on the path and the approximate delay, so what is the principle behind it? This question can be verified with the Wireshark experiment in the second part.
By sending "Internet Control Message Protocol (ICMP)" response packets with different IP time-to-live (TTL) values to the target, the Tracert diagnostic program determines the route to be taken to the target. Each router on the path is required to decrement the TTL on the packet by at least 1 before forwarding the packet. When the TTL on the data packet is reduced to 0, the router should send a message "ICMP has timed out" back to the source system.
Tracert first sends a response packet with a TTL of 1, and then increments the TTL by 1 for each subsequent sending process until the target response or TTL reaches the maximum value to determine the route. The route is determined by checking the "ICMP timed out" message sent back by the intermediate router. Some routers directly discard packets with expired TTL without asking, which is not visible in the Tracert utility.
The Tracert command prints out the list of near-end router interfaces in the path that returns the "ICMP timed out" message in order. If the -d option is used, the Tracert utility does not query DNS on each IP address.
Question 2:
In the above two implementations, if you pay attention to the nodes in the path, you will find that the first hop in the path is the same whether you are visiting Baidu or Qige Teaching Network, and you should even find the first few The nodes are all the same, what is your explanation?
Because we are all connected to the school's subnet, if we want to access other websites, we must go through the school's network host, that is, the next hop is the school's main network, so it is the same.
The relationship between the gateway and the next hop, or the difference
Question 3
During the tracking process, you may see some nodes in the path displayed as *. What happened?
When the tracert command was executed, those nodes did not respond for some reason, so they are displayed as *.
Cheats
If you are using a Linux system, you should have used the My Trace Route or mtr command under it.
The speed of this command is much faster than tracert under Windows platform. For this reason, someone has also developed a command under Windows, you can give it a try. Secondly, you can try.
In addition, a global map is provided, and the visual display of the tracking path is also worth your visit (because Google Maps is used, scientific Internet access is required)
https://visualtraceroute.net/
http://en.dnstools.ch/ visual-traceroute.html
https://gsuite.tools/traceroute
4.ARP
ARP (Address Resolution Protocol) refers to the address resolution protocol. It is a protocol used to find and obtain the corresponding data link layer address, namely the MAC address, according to a given network layer address, that is, an IP address. The ARP protocol was defined in RFC 826 in 1982.
Implementation 1
Run the arp -a command to view the current arp cache, please pay attention to what is cached.
Then ping the IP of the computer next to you (note that you need to ensure that the computer's IP does not appear in the arp cache, or use arp -d * to delete all caches first), check the cache again, you will find some changes, please explain.
No change is seen, the reason is unknown.
Implementation two
Please use the arp /? command to understand the various options of this command.
Implementation 3
Generally speaking, there are often gateway caches in arp caches, and they are of dynamic type.
Assuming that the IP address of the current gateway is 192.168.0.1 and the MAC address is 5c-d9-98-f1-89-64, please use the arp -s 192.168.0.1 5c-d9-98-f1-89-64 command to set it to static Type of.
5.DHCP
DHCP (Dynamic Host Configuration Protocol) is a network protocol for IP networks. It is located in the application layer of the OSI model. It uses UDP protocol to work. It has two main purposes:
for intranet or network service providers. Automatically assign IP addresses to users. It is
used by intranet administrators for central management of all computers.
Simply put, DHCP allows computers to automatically acquire/release network configurations.
Implementation 1
Generally, the network configuration information that we automatically obtain includes: IP address, subnet mask, gateway IP, and DNS server IP. Use the ipconfig/release command to release the automatically obtained network configuration, and use the ipconfig/renew command to obtain it again to understand the working process and principle of DHCP.
Problem
In Windows, if the computer cannot obtain the configuration data of the DHCP server for some reason, Windows will automatically configure an IP address such as 169.254.xx according to a certain algorithm. Obviously, such an IP and related configuration information cannot allow us to truly access the Internet. Why? Since it is not possible to access the Internet, what is the point of adopting such a scheme in the Winodws system?
Because it automatically generated the IP address
6.netstat
Whether using TCP or UDP, any network service is associated with a specific port (Port Number). Therefore, each port corresponds to a certain communication protocol/service.
netstat (Network Statistics) is a command line program that accesses the network connection status and related information in the kernel. It can display the routing table, the actual network connection and the status information of the network interface device, and is related to the IP, TCP, UDP and ICMP protocols The statistical data is generally used to check the network service operation status of each port of the machine.
Implement a
Windows system and record some commonly used ports and services in the C:\WINDOWS\system32\drivers\etc\services file. Please check this file for the commonly used port number assignments.
Implementation 2
Use the netstat -an command to view the current network connection status of the computer. For more netstat command options, please refer to links 4 and 5 above.
7.DNS
DNS (Domain Name System) is the domain name system, which is a service of the Internet. As a distributed database that maps domain names and IP addresses to each other, it can make it easier for people to access the Internet. DNS uses TCP and UDP port 53.
Implement a
Windows system and record some fixed/static DNS information in the C:\WINDOWS\system32\drivers\etc\hosts file. For example, the commonly used localhost corresponds to 127.0.0.1. Please check the file to see what is recorded in the file.
Implementation 2 The
resolved DNS records will be cached to help speed up the resolution. Please use the ipconfig /displaydns command to view. We can also use the ipconfig /flushdns command to clear all DNS caches.
Implementation 3
Use the nslookup qige.io command to query the domain name using the default DNS server. Of course, you can also specify to use CloudFlare (1.1.1.1) or Google (8.8.8.8) global DNS server to resolve, such as: nslookup qige.io 8.8.8.8, of course, due to the reasons you understand, this may not be correct s answer.
8.cache
Cache is an important technology in the IT field. The cache we mentioned here is mainly browser cache.
Browser caching is performed based on the cache identifier of the HTTP message, which is a simple and efficient optimization method in performance optimization. An excellent caching strategy can shorten the distance of web page request resources, reduce latency, and because cached files can be reused, it can also reduce bandwidth and reduce network load.
To implement,
open the Chrome or Firefox browser, visit https://qige.io, then press F12 or Ctrl + Shift + I to open the developer tools, select the Network panel and refresh the page, you will be in the developer tools At the bottom see the time it took to load the page. Please take a closer look at which files are cached and which are not.
Implementation 2
Next, still in the Network panel, select the Disable cache option box to indicate that the cache is not currently used, and all page data comes from the Internet. Refresh the page and check the time it takes to load the page again at the bottom of the developer tools. You can compare the difference in loading speed with that with cache.
Not using cache is faster than using cache