1. IP packet format
IP field
Version (Version): This field contains the version number of the IP, 4bit. The current version of IP is 4 (ie IPv4).
Header Length: This field is used to indicate the length of the IP data packet header, 4 bits. The minimum length of the IP data packet header is 20 bytes, but its length is variable. The specific length depends on the length of the optional field.
Priority & Type of Service: This field is used to indicate the priority and service type of the data packet, 8bit. By dividing a certain priority in the data packet, it is used to achieve Qos (Quality of Service) requirements.
Total Length: This field is used to indicate the length of the entire IP data packet, 16 bits. The maximum length is 65535 bytes, including packet header and data.
Identifier (Identification): This field is used to indicate the identifier of the IP data packet, 16bit. When IP fragments the upper layer data, it will assign the same set of numbers to all the fragments, and then put these numbers in the identifier field to ensure that the fragments will not be reorganized by mistake.
Flags: Flag field, 3bit. The current packet cannot be fragmented (when the packet is sent from one Ethernet to another Ethernet), or when a packet is fragmented, it is used to indicate whether the last fragment in a series of fragments has been issue.
Fragment Offset: This field is used to indicate the fragment offset, 13bit. The information contained in the segment offset refers to how to reconnect the fragments in a fragment sequence.
TTL (Time to Live): This field is used to indicate the life cycle of an IP data packet, 8bit. Each time a data packet passes through a router, the TTL will be reduced by 1. When the TTL value is 0, the packet will be discarded. It can prevent a data packet from being forwarded endlessly in the network.
Protocol number (Protocol): Protocol field, 8bit. This field is used to indicate which protocol is encapsulated in the IP data packet, whether it is TCP or UDP, the protocol number of TCP is 6, and the protocol number of UDP is 17.
Header Checksum: This field is used to indicate the checksum, 16bit. The receiver and the gateway are used to verify whether the data has been changed.
Source IP Address: This field is used to indicate the source address of the data packet, 32 bits.
Destination IP Address: This field is used to indicate the destination address of the data packet, 32bit.
Options (Options): The optional field can be lengthened according to the actual situation, and there are multiple options that can be used with IP. For example, you can enter the time when the data package was created, etc. After the optional must, it is the upper data.
2. ICMP protocol
1. ICMP protocol (Internet Control Message Protocol)
1) ICMP is an "error detection and feedback mechanism"
2) Encapsulated by IP data packets
3) Used to send error and control messages
2. Encapsulation of ICMP protocol
1) ICMP belongs to the network layer protocol
2) Encapsulation process of ICMP data
3. Basic use of ICMP (Ping)
(1) Basic format of Ping command
(2) Common parameters of Ping command in Windows system
4. Traceroute path command
win: tracert IP/domain name
Linux: traceroute IP/domain name
3.ARP protocol
1. Broadcasting and broadcasting domain
Broadcasting: data frame with broadcast address as the destination address
Broadcasting domain: the collection of all nodes in the network that can receive the same broadcast
Broadcasting address: FF-FF-FF-FF-FF-FF
2. ARP protocol overview
The basic function of ARP (Address Resolution Protocol) is responsible for resolving a known IP address into a MAC address.
3. ARP working principle
1) When PC1 sends data to PC2, it will first check its own ARP cache table.
2) If the check is not in the ARP cache table, ARP will send a broadcast to find the MAC address of the destination. The ARP request includes the IP address and MAC address of PC1 and the IP address and MAC address of PC2 (in this case, the broadcast address FF-FF-FF-FF-FF-FF)
3) After the switch receives the broadcast, it will flood it. All hosts except PC1 send ARP request messages, PC3 and PC4 receive the information, compare the IP address and find that they are not themselves, discard the ARP request message; PC2 receives it, and finds that it is its own information, and sends it in the form of unicast ARP responds and caches the correspondence between PC1's IP address and MAC address in its own ARP table.
4) After PC2's ARP reply to PC1, PC1 adds the correspondence between PC2's IP address and MAC address in its own ARP table. After that, PC1 and PC2 communicate in unicast form.
The ARP command in the Huawei system
[Huawei]dis mac-address View mac address information
[Huawei]arp static <IP> <MAC> Bind ARP
[Huawei]undo arp static <IP> <MAC> Unbind
<Huawei>reset arp all clear mac address table