The network layer
defines a logical address given IP protocol
connecting different types of media
to select the best path through the data network
1, IP packet format
Version (Version): This field contains the IP version number, 4bit. The current IP version 4 (ie IPv4). This version is formed in the early 1980s, now both in the local area network or wide area networks, all using IPv4. The biggest problem faced is the lack of IPv4 IP address space, IPv6 is going to use the next version of IP, but it does not solve the problem of lack of IP addresses.
Header length (Header Length): This field indicates the length of the IP header, 4bit. Minimum IP header is 20 bytes, but its length is variable, depending on the length of the specific length of the option field.
Service type priority (Priority & Type of Service): This field indicates packet priority and service type, 8bit. By dividing a certain priority in the packet, to achieve a required QoS (Quality of Service).
Total length (Total Length): This field is used to indicate the length of the entire IP packet, 16bit. Up to 65,535 bytes, including header and data.
Identifier (Identification): This field indicates an identifier of an IP packet, 16bit. When the IP Fragmentation for upper layer data, assigns a number to a set of all fragments, then these numbers into the identifier field to ensure that fragments are not erroneously recombinant. Identifier field flag for a data packet, so that the receiving node may recombinant packets are fragmented.
Flag (Flags): flag field, 3bit. Fragmentation flag and is used to pass along information. For example, the current packet can not be fragmented (if the packet sent from one Ethernet to another Ethernet), or to indicate when a packet is fragmented in a series of slice, a final slice It has been sent.
Fragment Offset (Fragment Offset): This field is used to indicate the offset segment, 13bit. Offset information piece is contained in a fragment sequence refers to how to reconnect the sub-slice.
TTL (Time to Live): This field indicates a life cycle of IP packets, 8bit. This field contains the information may prevent unlimited forwarding a packet in the network continues cyclically. TTL value is the significance of a data packet before being abandoned in the network can experience maximum turnaround time. Each of the packet through a router checks the value of this field, when the TTL is 0, the packet will be discarded. TTL corresponds to the number of a data packet through the router. Each packet through a router, TTL will be decremented by one.
Protocol number (Protocol): protocol field, 8bit. This field is used to indicate the encapsulated IP packet in which a protocol is TCP or UDP, TCP protocol number is 6, UDP protocol number is 17.
Header checksum (Header Checksum): This field indicates the checksum, 16bit. The checksum is the 16-bit error detection field. Destination host in each network gateway and recalculated checksum of the header, just as the source machine doing the same. If the data has not been modified, two results should be the same.
Source IP address (Source IP Address): This field indicates a source address of the packet, 32bit. This is a network address, the device means that the data packet transmission network address.
Destination IP Address (Destination IP Address): This field indicates the destination address of the packet, 32bit. This is a network address, but refers to the network address of the receiving node.
Options (Options): a variable-length options field according to the actual situation, and IP can be used with a plurality of options. For example, the time of the data packet can be entered to create the like. After an option is the upper data
2, ICMP protocol
Full ICMP protocol (Internet Control Message Protocol) is "Internet Control Message Protocol", mainly used to transmit control messages in an IP network, providing feedback problems may occur in various communication environments. Through these feedback administrators can make judgments on the problems that occur, and then take the appropriate action to resolve.
ICMP is an "error detection and feedback mechanism", the IP packet is encapsulated, it used to send error and control messages. Its purpose is to enable administrators to control the connectivity of the network. When a router receives a packet can not be sent to the final destination, the router will send an ICMP host unreachable message to the source host.
ICMP protocol encapsulation
In the network, using ICMP protocol is implemented by various commands. Below ping command as an example, use the ping command and the information returned. The basic format of the ping command shown in the following.
C: \> ping [-t] [-l bytes] [-a] [-i] IP_Address
There can not access the target host is probably not configured correctly gateway configuration
ICMP return information as "host not found", indicating that DNS can not be parsed.
Return information to "Request timed out" indicating a response message is not received within a predetermined return time. Probably because caused by a firewall
ping -t: ping been down
ping -a: Displays the remote host name returns
ping -l: transmission packet size
3, ARP protocol
In the LAN, communications switch MAC address, to obtain the MAC address of the destination host will need to use the ARP protocol to resolve the destination IP address into the destination MAC address. Therefore, ARP (Address Resolution Protocol, Address Resolution Protocol) is responsible for the basic functions of a known IP address to resolve the MAC address, the MAC address to communicate on the switch.
ARP-related commands
ARP *** principles and deception
ARP ***: *** host sends a false MAC address is *** host to the gateway, while also sending a fake MAC address of the gateway to be the host ***
ARP spoofing: *** posing host MAC address of the destination host to the gateway, and MAC address to the target host posing as the gateway
ARP spoofing host
