1. Link layer protocol:
- Responsible for data transmission between adjacent devices; adjacent devices: two connected devices are adjacent devices.
- A router may be connected to many devices, which means that one device has many adjacent devices. How to specify the adjacent device?
- The identification of neighboring devices is carried out through the hardware device of the physical network card: MAC address identification.
- The IP address describes the overall starting point and end point of the road;
- The MAC address describes the starting point and end point of each interval on the road.
1. Ethernet frame protocol format:
(1) Destination address/source address – 6 bytes : refers to the hardware address of the network card, indicating which address to which address;
(2) Type – 2 bytes : upper network layer protocol type, used for data separation; ( IP, ARP, RARP)
(3) Data : network layer data;
(4) CRC – 4 bytes : checksum data frame tail.
- After a network card encapsulates the Ethernet frame (including the source address, destination address, and upper-layer protocol), it broadcasts the data frame to its adjacent devices. After receiving the data, the network card checks whether it is its own. If so, it accepts it. If not, , it is discarded directly.
2. Understanding of MTU: Maximum Transmission Unit – Limits the size of link layer data frames:
- Mainly to limit the length of network layer IP messages:
- MSS: the data size handed over by the application layer to the transport layer;
- Assuming MTU = 1500; then the maximum MSS is 1500-20-20 = 1460; (the minimum IP header and TCP header are both 20 bytes)
- MSS of udp = MTU - 28; udp header is fixed at 8 bytes.
(1) The impact of MTU on tcp:
- When tcp is transmitting, it will calculate its own MSS through MTU during the three-way handshake, and negotiate between the two parties. Each time, data not exceeding the size of mss will be taken out from the sending buffer for transmission. Therefore, we say that tcp is transmitting. The data is fragmented at the network layer, so fragmentation is not performed at the network layer.
(2) The impact of MTU on udp:
①. Once the data carried by UDP exceeds 1472 (1500 - 20 (IP header) - 8 (UDP header)), it will be divided into multiple IP datagrams at the network layer.
②. Any loss of any one of these multiple IP datagrams will cause the network layer reassembly at the receiving end to fail. This means that if the UDP datagram is fragmented at the network layer, the probability of the entire data being lost greatly increases.
③. Therefore, when writing a UDP transmission program, you must consider the impact of mss (the size of sendto transmission should not be larger than mss), and try not to fragment.
(3) The impact of MTU on ip protocol:
① Divide the larger IP packet into multiple small packets and label each small packet;
② The 16-bit identifier (id) of the IP protocol header of each small packet is the same;
③ The 3-digit IP protocol header of each small packet In the flag field, the second bit is 0, indicating that fragmentation is allowed, and the third bit indicates the end mark (whether it is the last packet, if so, set it to 1, otherwise set it to 0); ④ When reaching the opposite end, these will
be The small packets will be reorganized in order, assembled together and returned to the transport layer;
⑤ Once any of these small packets is lost, the reassembly at the receiving end will fail. However, the IP layer will not be responsible for retransmitting the data;
(2) ARP protocol and RARP:
1.ARP protocol:
(1) Note that the source MAC address and destination MAC address appear once each in the Ethernet header and ARP request. This is redundant when the link layer is Ethernet, but it is possible if the link layer is other types of networks. necessary.
(2) Hardware type refers to the link layer network type, 1 is Ethernet;
(3) Protocol type refers to the address type to be converted, 0x0800 is the IP address;
(4) Hardware address length is 6 bytes for Ethernet addresses;
( 5) The protocol address length is 4 bytes for the IP address;
(6) The op field is 1 for ARP request, and the op field is 2 for ARP reply.
- Obtain the MAC address from the IP address, a protocol between the network layer and the data link layer. There are both IP addresses and MAC addresses in the protocol;
- Broadcast an arp request to the neighbor (including the other party's IP address and its own information). After the neighbor device receives the arp request, it parses it to see if the destination IP address matches its own. If it does not match, it will be discarded directly. If it matches, it will be discarded directly. , then organize the arp response, fill in your own mac address and reply to the other party.
- After obtaining the other party's mac address, the relationship between the mac address and the IP address will be cached for a short period of time (20-30 minutes).
- arp LAN spoofing attack: the malicious host pretends to be the destination host and replies to the source host arp response.
2.RARP protocol:
- RARP finds the corresponding IP address based on the MAC address ;
(1) The sender sends a local RARP broadcast packet, declares its MAC address in the broadcast packet, and requests any RARP server that receives this request to allocate an IP address.
(2) After receiving this request, the RARP server on the local network segment checks its RARP list to find the IP address corresponding to the MAC address. If it exists, the RARP server will send a response packet to the source host and provide the IP address to the other host for use; if it does not exist, the RARP server will not respond at all.
(3) After receiving the response information from the RARP server, the source end uses the obtained IP address to communicate; if it does not receive the response information from the RARP server, it means that the initialization failed.