Format of IP datagrams
An IP datagram consists of a header and data.
The first part of the header is a fixed length of 20 bytes, which all IP datagrams must have.
Following the fixed part of the header are optional fields of variable length. (optional)
The IP protocol mainly sends packets from the source address to the destination address. The most important thing is the source address and the destination address. The source and destination addresses each occupy 4 bytes.
Version 4 bits, used to specify whether it is IPV4 or IPV6.
This field occupies 8 bits, and its function is to add a mark to the data packet and forward it with the mark on the router side, which can ensure that the traffic bandwidth of a certain application is guaranteed.
Occupies two bytes, the total length refers to the header plus the data part, and the maximum length of the data packet is 65535 bytes. The network card usually has a maximum transmission unit MTU, the largest transmission unit is 1500 bytes, that is, the size of the data packet that the network card can receive is 1500 bytes, the network card needs to be fragmented, and each fragment must be added to the network The address of the layer, when the receiver receives these slices, it must be packaged.
How does it know that it is assembled into a bag, and there is a logo in it.
After a data packet is fragmented, the identifiers are the same, and the receiving end sees that the identifiers of several fragments are the same, so how to splicing correctly, which requires fragment offset.
The slice offset is used to indicate how many bytes the first byte of this slice is in the whole slice. After the receiving end receives it, it will assemble the slices into a package according to the photo offset.
If the slice flag is 1, it means that there are still slices behind, and if it is 0, it means that there are no slices behind.
IP datagram fragmentation
The total length of a datagram is 3820 bytes, the length of its data part is 3800 bytes (using a fixed header), and it needs to be fragmented into datagram fragments with a length of no more than 1420 bytes.
Because the length of the fixed header is 20 bytes , the length of the data part of each datagram fragment cannot exceed 1400 bytes.
So it is divided into 3 datagram pieces, the length of the data part is 1400, 1400 and 1000 bytes respectively.
The original datagram header is copied as the header of each datagram fragment, but the values of the relevant fields must be modified.
When fragmenting, the headers are copied, and then the offset is calculated, and the fields inside are modified. 8 bytes are 1 unit.
It can be seen that the identifiers of the shards are the same, and MF 1 means that there are shards behind the shard. The total length will also change after sharding.
survival time
The maximum value is 255, which is related to the number of routers. Computer A communicates with computer B. If A wants to send a packet to computer B, it needs to go through the router. Assuming that the TTL is 128, the TTL is first reduced before the router receives the packet and forwards it. Go to 1, go to forward again, it becomes 127. After forwarding once, the time-to-live value is decremented by one. After three routers and finally reaching computer B, the TTL value seen by computer B is 125.
The data packets sent by the computer have a default TTL, which is related to the system. Windows has a default value, and Linux also has a default value.
If two Windows computers are pinging on the same network segment, then the TTL is 128, because it is not a router, if there is a router in the middle, it is 127, and if the packet returns through two routers, it is 126.
If it is a Linux system, the default TTL is 64, so the initial value of TTL is either 128 or 64.
tracert can track how many routers it has passed through. Generally, there are not many routers, such as 50 routers.
C:\Users\12396>ping www.baidu.com
正在 Ping www.a.shifen.com [180.101.49.12] 具有 32 字节的数据:
来自 180.101.49.12 的回复: 字节=32 时间=15ms TTL=53
来自 180.101.49.12 的回复: 字节=32 时间=15ms TTL=53
180.101.49.12 的 Ping 统计信息:
数据包: 已发送 = 2,已接收 = 2,丢失 = 0 (0% 丢失),
往返行程的估计时间(以毫秒为单位):
最短 = 15ms,最长 = 15ms,平均 = 15ms
Control-C
^C
C:\Users\12396>tracert www.baidu.com
通过最多 30 个跃点跟踪
到 www.a.shifen.com [180.101.49.12] 的路由:
1 3 ms 1 ms 1 ms 172.17.0.2
2 4 ms 9 ms 11 ms 115.196.12.1
3 127 ms 127 ms 28 ms 61.164.23.172
4 6 ms 5 ms 6 ms 183.129.250.141
5 13 ms 13 ms 13 ms 202.97.33.157
6 * 14 ms 14 ms 58.213.95.106
7 * * 17 ms 58.213.95.126
8 11 ms 18 ms 12 ms 58.213.96.90When it is specified as 1, the TTL field of the data packet sent by the computer is 1. When it is decremented by one through the router, it becomes 0, so the gateway returns a data packet to tell you that the TTL transmission has expired.
C:\Users\12396>ping www.baidu.com -i 1
正在 Ping www.a.shifen.com [180.101.49.11] 具有 32 字节的数据:
来自 172.17.0.2 的回复: TTL 传输中过期。
来自 172.17.0.2 的回复: TTL 传输中过期。
来自 172.17.0.2 的回复: TTL 传输中过期。If the TTL is 2, then the information is returned from the second router, and similarly if it is 3, it will be returned from the third router. Using -i can also trace the packet to see how many routers it has passed.
C:\Users\12396>ping www.baidu.com -i 2
正在 Ping www.a.shifen.com [180.101.49.12] 具有 32 字节的数据:
来自 115.196.12.1 的回复: TTL 传输中过期。
来自 115.196.12.1 的回复: TTL 传输中过期。
180.101.49.12 的 Ping 统计信息:
数据包: 已发送 = 2,已接收 = 2,丢失 = 0 (0% 丢失),
Control-C
^CThe role of TTL is mainly to avoid loops. For example, the default route on router A points to B, and the default route on router B points to A. Such a network will form a loop. If there is no TTL limit, the data packet will never be on the link. Disappeared, so after the TTL of the data packet is exhausted through the TTL limit, it is directly discarded, and the router returns to the client that the TTL is exhausted.