arp protocol
Address Resolution Protocol Address Resolution Protocol Obtains the MAC address of the corresponding host through a known IP
arp will maintain an arp table in the content space, which records the records corresponding to the IP and MAC that have communicated with the host. Search based on broadcast
Before the three-way handshake, the two hosts must first obtain the MAC address of the target through the arp protocol
Before arp broadcasts, it will first calculate whether the target ip and the local ip are in the same network segment through the IP address and netmask. If it is the same network segment, then directly in
This network segment sends a broadcast packet to obtain the MAC address. If it is not in the same network segment, arp will unicast the data to the router gateway until it reaches the router on the network segment where the target host is located.
Broadcast again to obtain the MAC address of the target host. When spreading across routes, only the source MAC address and the target MAC address are constantly changing
Based on the working mechanism of arp, arp attack can be carried out. arp does not have any verification. As long as any party responds, the receiver will consider it to be normal data.
Host-to-host packet delivery
1. You must first know the IP address of the other party
2. Resolve the MAC address of the other party through the arp protocol and IP address
3. TCP three-way handshake
4. Real data transfer
IP and network protocols
ip packet header
4 digits ip protocol version number ipv4 or ipv6
4 bits header length
Every time a packet passes through a router, the TTL of the packet is reduced by 1
Cut a large package and send it
mtu represents the data content size of the frame, does not include the header information data of the frame
A specific example is given to illustrate the principle of IP packet fragmentation. The MTU value of Ethernet is 1500 bytes. It is assumed that the sender's protocol layer sends a data packet with a length of 3008 bytes to the IP layer.
Then the total length of the IP packet after adding a 20-byte IP header is 3028 bytes. Because 3028 > 1500, the data packet will be fragmented
When fragmenting, only the upper layer data is fragmented, and the original IP header does not need to be fragmented, so the length of the data to be fragmented is only 3008, not 3028
binary to decimal conversion
0000 0000 0
0000 0001 1
0000 0010 2
0000 0100 4
0000 1000 8
0001 0000 16
0010 0000 32
0100 0000 64
1000 0000 128
Linux operating system commands for decimal and binary conversion
bc convert decimal to binary obase=2 convert binary to decimal ibase=2
Structure and Purpose of IP Addresses
1. IP address is composed of two parts: network ID and host ID
2. The network ID indicates which network segment it belongs to, and the host ID indicates which host in the network segment.
3. The IP address is composed of 4 bytes of 32-bit binary numbers
4. The advantage of using IP addresses to identify devices in the network over using MAC addresses is that it is convenient for people to set and manage. MAC addresses are produced by manufacturers and cannot be manually modified.
Class A IP
1. The first bit must be 0, and the first 8 bits are the network ID (the variable bit of the network ID is 7 bits)
2. The last 24 digits are the host ID
3. Network segment range Binary 0000 0000 - 0111 1111 Decimal 0 -127
4. 0 has a special meaning, it means unknown (no) address, 127 means that the local loopback address cannot be assigned to the network card, so the value range is 1-126
Class B IP
1. The first two bits must be 10, and the first 16 bits are the network ID (the variable bits of the network ID are 14 bits)
2. The last 16 digits are the host ID
3. Network segment range 128 - 191
Class C IP
1. The first three digits must be 110, and the first 24 digits are the network ID (the network ID can be changed to 21 digits)
2. The last 8 digits are the host ID
3. Network segment range 192 - 223
Class D IP
Indicates a multicast address, which cannot be assigned to a computer
Network range 224 - 239
E type IP
reserved address
Network range 240 - 254
Network and host-wide data formulas
The number of IPs in a network segment cannot be assigned to a host in two special cases
126.0.0.0 The host number is all 0, which means the 126 network segment number. This IP cannot be assigned to any host.
126.255.255.255 The host number is all 1, which means the broadcast of this network segment 126. This IP cannot be assigned to any host.
Calculate the number of network segments
Number of network segments = 2^ variable number of network ID bits
Count the number of hosts in a network
Number of hosts that can be included = 2 ^ host ID bits - 2 = 2 ^(32 - network ID bits) - 2
number of subnets
Number of subnets = divided into 2^N subnets (N represents the number of bits that the network ID borrows from the host ID)
Classless IP allocation method (classless CIDR)
More flexible than classful IP allocation
The IP address has a total length of 32 bits. The length of the network ID and host ID is no longer fixed, but flexibly adjusted according to the actual situation.
Determine whether two hosts have two types on the same network segment
1. Whether the physical device is in a network segment is to check whether the two are on the same interface of the router
2. Is it logically in a network segment? According to the set IP address calculation, check whether the network ID is the same or not. Even if the two are on the same switch, the IP can be set to be in a different network segment.
3. If the two are not in the same network segment physically or logically, then the communication between the two must go through the router
Calculate network ID and host ID for classless IP
Calculated by netmask (subnet mask) and IP address
How many bits of the network ID in the IP address correspond to 1 in the netmask, and how many bits of the host ID correspond to 0 in the netmask
In netmask, each 255 represents 8 1 255.255.0.0 represents the first 16 bits of the IP address is the network ID, and the last 16 bits are the host ID
CIDR Classless Inter-Domain Routing Notation: IP/Network ID bits 192.168.2.10/22
Subnet mask correspondence table
0000 0000 0
1000 0000 128
1100 0000 192
1110 0000 224
1111 0000 240
1111 1000 248
1111 1100 252
1111 1110 254
1111 1111 255
Subnetting
Divide a large network into multiple smaller networks
Public IP Addresses and Private IP Addresses
Public IPs have routing records on Internet routers, and private IP addresses have no routing records on Internet routers. Private IP addresses are used in LANs
Class A private IP 10.0.0.0 - 10.255.255.255
Public IP 1.0.0.0 - 9.255.255.255
11.0.0.0 - 126.255.255.255
Class B private IP 172.16.0.0 - 172.31.255.255
Public IP 128.0.0.0 - 172.15.255.255
172.32.0.0 - 191.255.255.255
Class C private IP 192.168.0.0 - 192.168.255.255
Public IP 192.169.0.0 - 192.167.255.255
192.169.0.0 - 223.255.255.255
special address
0.0.0.0 is not really an IP address, it represents a set: all unknown hosts and destination networks
255.255.255.255 restricts the broadcast address, the broadcast of the network layer. The broadcast is divided into the broadcast of the data link layer and the broadcast of the network layer
127.0.0.1 - 127.255.255.254 The local loopback address As long as the IP address starting with 127 is expressed as the local loopback address