Network protocol

port:

We know that a host with an IP address can provide many services, such as Web services, FTP services, SMTP services, etc. These services can be achieved through one IP address. So, how do hosts differentiate between different network services? Obviously can not rely on IP addresses, because the relationship between IP addresses and network services is a one-to-many relationship. In fact, different services are distinguished by "IP address + port number".

arp protocol - query the correspondence between IP addresses and MAC addresses:

The address resolution protocol, ARP (Address Resolution Protocol), is a TCP/IP protocol that obtains physical addresses based on IP addresses.

When a host sends information, it broadcasts an ARP request containing the target IP address to all hosts on the network, and receives a return message to determine the physical address of the target.

　　After receiving the return message, the IP address and physical address are stored in the local ARP cache and kept for a certain period of time, and the ARP cache is directly queried in the next request to save resources.

　　The address resolution protocol is based on the mutual trust of each host in the network. The hosts on the network can send ARP reply messages independently. When other hosts receive the reply message, they will not detect the authenticity of the message and record it. Enter the local ARP cache; thus the attacker can send a fake ARP reply message to a certain host, so that the information sent cannot reach the expected host or reach the wrong host, which constitutes an ARP spoofing. ARP commands can be used to query the correspondence between IP addresses and MAC addresses in the local ARP cache, and to add or delete static correspondences. Related protocols are RARP and proxy ARP. NDP is used to replace the Address Resolution Protocol in IPv6. 

 

 

 

tcp protocol and udp protocol:

Used for communication between applications. If the ip address and the mac address help us determine a unique machine, how can we find a software on a machine?

TCP protocol

When an application wants to communicate with another application over TCP, it sends a communication request. This request must be sent to an exact address. After the two sides "handshake", TCP will establish a full-duplex (full-duplex) communication between the two applications.

　　This full-duplex communication will occupy the communication line between the two computers until it is closed by one or both parties.

 TCP three-way handshake

TCP is the transport layer protocol in the Internet and uses a three-way handshake protocol to establish connections. When the active party sends a SYN connection request, it waits for the other party to answer SYN+ACK[1], and finally performs ACK confirmation for the other party's SYN. This method of establishing a connection prevents false connections from being made. [1 ]
The process of the TCP three-way handshake is as follows:
The client sends a SYN (SEQ = x) message to the server and enters the SYN_SEND state.
The server receives the SYN message, responds with a SYN (SEQ =y)ACK (ACK=x+1 ) message, and enters the SYN_RECV state.
The client receives the SYN message from the server, responds with an ACK (ACK =y+1 ) message, and enters the Established state.
After the three-way handshake is completed, the TCP client and the server successfully establish a connection, and data transmission can begin.

TCP three-way handshake

The popular description of the 3-way handshake is:

A said to B: My serial number is x, and I want to request a connection from you; (the first handshake, send a SYN packet, and then enter the SYN-SEND state)

After hearing this, B said to A: My serial number is y, and I look forward to your next sentence if the serial number is x+1 (meaning that if the serial number is x, that is, ack=x+1), I agree to establish a connection. (Second handshake, send ACK-SYN packet, then enter SYN-RCVD state)

After A hears B saying that he agrees to establish a connection, he says to A: and confirm that you agree to connect with me (ack=y+1, ACK=1, seq=x+1). (The third handshake, A has entered the ESTABLISHED state)

That is, A asks B. The first handshake is that A asks B that I want to send you a message now. After B receives it, he will answer: OK, you can send me a message. After A receives the message back from B, it will I will continue to report back to B that I have received your confirmation message. This link is established

 

Establishing a connection requires three handshakes and terminating a connection requires four waves:

Establishing a connection requires three handshakes, and terminating a connection requires four handshakes, which is caused by TCP's half-close .
( 1 ) An application process calls close first, and the end is said to perform "active close". The TCP on this end then sends a FIN segment, indicating that the data is sent.
( 2 ) The peer that receives the FIN performs a "passive close", and the FIN is confirmed by TCP.
Note: The receipt of a FIN is also passed to the receiving application as an end-of- file , after any other data that has been queued for the application to receive, because the receipt of a FIN means that the receiving application The process has no additional data to receive on the corresponding connection.
( 3 ) After a period of time, the application process that receives this end-of-file character will call close to close its socket. This causes its TCP to also send a FIN.
( 4) The original sender TCP that received the final FIN (that is, the end that performed the active close) confirms the FIN. [1 ]
Since each direction requires a FIN and an ACK, 4 segments are usually required.
Notice:
( 1) "Usually" means that, in some cases, the FIN of step 1 is sent along with the data. In addition, the subsections sent in steps 2 and 3 are from the end that performs passive shutdown, and may be merged into one subsection . [2 ]
( 2) Between steps 2 and 3, it is possible to flow data from the side that performs passive closing to the side that performs active closing, which is called "half-close" .
( 3 ) When a Unix process terminates either voluntarily (calling exit or returning from the main function) or involuntarily (receiving a signal to terminate the process), all open descriptors are closed, which also results in still open A FIN is also issued on any TCP connection.
Either the client or the server can perform an active shutdown on either side. Typically, the client performs an active close, but some protocols, such as HTTP /1.0, perform an active close by the server. [2]

Four waves of TCP

1. After the conversation between A and B is over, A wants to end the conversation and says to B: I want to close the connection (seq=u,FIN=1). (The first wave, A enters FIN-WAIT-1)

2. After receiving the message from A, B said: Confirm, you want to close the connection. (seq=v, ack=u+1, ACK=1) (the second wave, B enters CLOSE-WAIT)

3. After A receives the confirmation from B, it waits for a while, because B may have something to say to him. (A enters FIN-WAIT-2 at this time)

4. After B has said what he has to say (but may have more to say), he says to A, I'm going to close the connection. (seq=w, ack=u+1, FIN=1, ACK=1) (the third wave)
5. After receiving the message that B wants to end the connection, A says: The message that you want to close the connection has been received. (seq=u+1, ack=w+1, ACK=1) (the fourth wave, then A enters CLOSED)
6. After B receives A’s confirmation, it also enters CLOSED.

 

Waving four times is like:

If A wants to close the connection with B, it will send a message to B that I want to close the connection (the first wave), and after B receives it, it will return a message that I have received that you want to disconnect (the first time you want to disconnect). Wave a second time), then B may still have something he wants to say. B continues to send A a paragraph of what he wants to say, or he may not say it (the third wave), and after A receives B's end message, he will say: Received To the message that you want to close the connection (the fourth wave)