1 difference, Http and Https of
Http protocol runs on top of TCP, clear text transmission, the client and the server can not verify the identity of the other; Https is wearing SSL (Secure Socket Layer) Http shell, run on SSL, SSL runs on top of TCP, is add HTTP encryption and authentication mechanisms. Following differences exist between the two:
-
Different ports: the use of different Http and Http connection, a port are not the same, the former is 80, which is 443;
-
Resource consumption: comparison and HTTP communications, Https communication due to adhesion subtraction process consumes more CPU and memory resources;
-
Cost: Https communication needs certificates which the certification body to the general need for later;
encryption Https is an encryption mechanism and mixing with a shared key encryption and public key encryption.
2, symmetric encryption and asymmetric encryption
Symmetric key encryption means that encryption and decryption use the same key, the biggest problem with this approach is the key to send the question of how securely the key to your partner; and asymmetric encryption means using a pair asymmetric keys, namely public and private keys, public key can be freely published, but the private key known only to themselves. One ciphertext transmitted using the other's public key encryption, the other after receiving the encrypted information, using its own private key to decrypt.
Since asymmetric encryption method does not require sending the private key to decrypt, so can guarantee the security; however, it is very slow and compared to symmetric encryption, so we still have to use symmetric encryption to deliver a message, but using symmetric encryption the key we can send out through asymmetric encryption.
3, three-way handshake with the four waving
. (1) three-way handshake (I want you to build links, you really want me to link it, and I really want you to build links, successful):
-
The first handshake: Client SYN flag bit is set to 1, a randomly generated value seq = J, and the packet is sent to the Server, Client enters the SYN_SENT state, waiting for acknowledgment Server.
-
Second handshake: Server receives the packet data from the flag bit SYN = 1 know Client requests to establish a connection, Server SYN and ACK flag bit are set to 1, ack = J + 1, a randomly generated value seq = K, and the data packet to acknowledge a connection request to the Client, Server enters SYN_RCVD state.
-
Third handshake: the Client receives acknowledgment, checking whether the ack J + 1, ACK is 1, then if the correct ACK flag is set to 1, ack = K + 1, and the packet is sent to the Server, Server checks whether the ack K + 1, ACK is 1, if correct, the connection is established, Client and Server enters eSTABLISHED state, complete the three-way handshake, then you can begin to transfer data between Client and Server.
. (2) four times and waved (I want you break the link; good, I have to break it and you break the link; good, breaking it.):
-
The first wave: Client sends a FIN, for closing the data transfer Client Server tenderer, Client enters FIN_WAIT_1 state.
-
Second wave: Server receives the FIN, ACK to send a Client, the acknowledgment number for the receipt number +1 (the same SYN, FIN a occupy a sequence number), Server enters CLOSE_WAIT state. At this TCP connection in a semi-closed state, that is, the client has no data to send, but if the server sending data, the client still receiving.
-
Third Wave: Server sends a FIN, for closing the Client Server data transfer, LAST_ACK Server enters state.
-
The fourth wave: the Client receives the FIN, Client enters TIME_WAIT state, and then sends an ACK to the Server, for the receipt of the acknowledgment number number + 1, Server enters the CLOSED state, four complete wave.
4. Why TCP connection requires three-way handshake, the two can not be what, and why?
To prevent the link has expired request packets suddenly transferred to the server, resulting in an error.
Connected client sends a request message is not lost, but in the long stay of a network node, resulting in delayed to some time after the release of the link before reaching Server. That is, Server mistakenly think that this is a new link request issued by the Client, so he sends an acknowledgment packet to the client, agreed to establish a link. If a "three-way handshake", so long as the Server send a confirmation packet, the new link is established. As the client makes a request at this time it did not establish a link, so it does not ignore the confirmation Server, nor communicate with the Server; and then waiting for Client Server has been requested, so that Server is wasted certain resources. If a "three-way handshake", in this case, because the Server does not receive confirmation from the client, you will know Client does not require the establishment of a request, it will not establish the link.
5, TCP protocol on how to ensure the reliability of transmission
TCP provides a connection-oriented, reliable byte stream service. Among them, two connection-oriented means that applications that use TCP (usually a client and a server) before exchanging data with each other must first establish a TCP connection. In a TCP connection, only two parties communicate with each other; and the byte stream service applications exchange means two 8bit bytes is byte stream by the TCP connection, TCP byte stream is not inserted record identifiers.
For reliability, TCP be ensured by:
-
Packet Checksum: object detecting any change in the data transmission process, if the check is wrong the packets, and the segment is discarded in response is not given, then the TCP sender will time out after the end of the data retransmission data;
-
Packet reordering of the disorder: Since TCP segment as the IP datagram transmission, to reach the IP datagram may be out of order, so the arrival of TCP segments may also be out of order. TCP will reorder out of sequence data before to the application layer;
-
Discards the duplicate data: For repetitive data, it is possible to discard duplicate data;
-
Response mechanism: When a TCP connection is received from the bottom of the other end of the TCP data, it sends an acknowledgment. This acknowledgment is not sent immediately, usually postpone fraction of a second;
-
Retransmission timeout: When TCP sends a segment, it starts a timer and wait for the destination to acknowledge receipt of this segment. If you can not receive a confirmation, it will retransmit this segment;
-
Flow Control: TCP connections each party has a fixed size of buffer space. Receiving TCP only allows the other end of the transmission and reception side buffer can receive data, which may prevent the host resulting in faster slower host buffer overflow, which is flow controlled. Flow control protocol TCP is used a variable size sliding window protocol.
6, the client requests the ongoing links would happen? DDos (Distributed Denial of Service) attack?
The server creates a link for each request and send its confirmation message, then wait for the client to confirm
1), DDos attack
- The client sends a request packet to the server links
- The server sends an acknowledgment packet to the client
- The client does not send an acknowledgment packet to the server, the server has been waiting for confirmation from the client
2), DDos prevention approach (no complete cure, unless we do not use TCP)
- At the same time limiting the number of half-open SYN link
- Shorten the link Time out SYN half-time
- Turn off unnecessary services
7, the difference between Get and POST
GET and POST are our two common HTTP Method, differences between the two include the following five aspects:
. (1) From a functional perspective, GET is generally used to obtain resources from the server, POST generally used to update the resource on the server;
(2). From the perspective of REST services, GET is idempotent, that is read from the same resource, always get the same data, rather than POST idempotent, because each change to the resource request is not the same ; further, GET will not change the resources on the server, and the server resources POST will change;
Then (3) from the formal point of view the request parameters, the request data is attached to the GET URL, request data is about to be placed in the header of the HTTP request message in order to? URL and transmit the divided data, is connected to between & parameter. In particular, if the data is in English letter / number, is transmitted as; otherwise, it will be encoded as application / x-www-form-urlencoded MIME string (if space is converted to +, if Chinese / other characters, BASE64 encrypted string directly, as obtained:% E4% BD% A0% E5% A5% BD, where XX XX% for the symbols in the ASCII hexadecimal representation); POST request will be submitted data is placed in the body of an HTTP request packet in the request.
(4). In terms of security, safety than the safety of GET POST because GET requests submitted data will appear in clear text on the URL, the request parameters and POST request body were packed into relatively safer .
(5) from the size of the request to see, the GET request is restricted to limit the length of the browser or server URL length, allows for a smaller amount of data transmitted, the POST request is no size limit.
1). GET significance in URL-encoded request
We know that Africa Western character URL will be encoded in a GET request, the purpose of doing so is to avoid ambiguity. See the examples below,
For example "name1 = value1 & name2 = value2" We talk about parsing data from the client to the server-side. First, the character string in ASCII by the computer it is expressed as:
-
6E616D6531 3 D 76616C756531 26 6E616D6532 3 D 76616C756532
-
6E616D6531:name1
-
3 D: =
-
76616C756531:value1
-
26:&
-
6E616D6532:name2
-
3 D: =
-
76616C756532:value2
- 1
- 2
- 3
- 4
- 5
- 6
- 7
- 8
- 1
- 2
- 3
- 4
- 5
- 6
- 7
- 8
After the end of the service after receiving the data may traverse the byte stream byte by byte to eat, when eating this byte 3D, the server will know that a front eat byte key, and then further eat, if you encounter 26, a sub-section 3D from 26 to just eat between is a key on the value, so you can parse out the parameters of the client pass over.
Now consider the question, if our parameter value = contains special characters or & this time how to do? For example, "name1 = value1", which is the value of value1 "va & lu = e1" string, then this becomes the actual "name1 = va & lu = e1" during transmission. In this way, our intention is only one key-value pair, but the server it will resolve into two key-value pairs, thus creating ambiguity.
So, how to solve the above problems caused by the ambiguity of it? The solution is to URL-encode parameters: for example, we ambiguous character of the above URL will be encoded after the results: "name1 = va% 26lu% 3D", so the server will keep up the word in the "%" of as an ordinary byte section, the individual is not using it as parameter value pairs or delimiters. More details about URL encoding, see my blog post "Using URLDecoder and URLEncoder of Chinese character encoding and decoding" is not mentioned here.
8 difference, TCP and UDP,
TCP (Transmission Control Protocol) and UDP (User Datagram Protocol) protocol is a transport layer protocol, distinction between them comprising:
-
TCP is connection-oriented, UDP is connectionless;
-
TCP is a reliable, UDP is not reliable;
-
TCP only supports point to point communication, UDP support one to one, one to many, many-to-many communication modes;
-
TCP is a byte-oriented stream, UDP is a message-oriented;
-
TCP congestion control mechanism; the UDP no congestion control for media communication;
-
TCP header overhead (20 bytes) is larger than the overhead of the UDP header (8 bytes);
9, TCP congestion processing
Computer network bandwidth, switch node and buffer are all resources of the network processor. At a certain time, when the demand for network resources over a portion of the available resources can provide, network performance will deteriorate, this situation is called congestion. Congestion control is to prevent excessive injection data network, this could make a link or a router in the network is not overloaded. Note that, various flow control and congestion control, the former is a global process, while the latter refers to the traffic control point. Congestion control methods are the following four:
1) Slow start: Do not start sending large amounts of data, to detect what level of network congestion, that is to say from small to big gradually increase the size of the congestion window;
2) congestion avoidance: Congestion avoidance algorithm allows the congestion window slow growth, that is, each through a round-trip time RTT put the congestion window cwnd sender plus 1 instead of doubling, so the law of the congestion window linearly slow growth.
3) Fast retransmit: fast retransmission requirements issued by the recipient immediately receives a disorder of the segment after repeated confirmation (in order to enable the sender to know as soon as possible segment does not reach the other side) and not wait until they send piggybacking data. Fast retransmission algorithm specifies, as long as the sender receive three consecutive duplicate acknowledgments should immediately retransmit the other segments have not yet received, rather than continue to wait for the retransmission timer set time expires.
4) Fast Recovery: fast retransmit and fast recovery algorithm also used in conjunction, when the sender receives three consecutive duplicate acknowledgments, it performs "multiplication down" algorithm, the threshold ssthresh is halved, but not the next perform slow start algorithm: because if network congestion occurs, then it will not receive several duplicate acknowledgments, the sender may not now think network congestion. So then do not execute slow start algorithm, but the size of cwnd is set to ssthresh, and then perform the congestion avoidance algorithm.
10, the process of obtaining input from a URL to a page
. (1) browser queries DNS, obtain the corresponding IP address: The specific process includes browser search their own DNS cache, DNS cache search operation system, read the local Host files and queries to the local DNS servers. For queries to the local DNS server, if the domain name you want to query contained in a locally configured zone resources, the analytical results back to the client to complete the DNS (resolve this authoritative); if the domain name you want to query the local DNS server could not help area resolution, but the server has cached the URL mapping relationship, this is called an IP address mapping, complete domain name resolution (this does not have the authority to resolve). If the local domain name server does not cache the URL mapping relationship, it will initiate a recursive query or iterative queries according to their settings;
. After (2) browser to obtain the corresponding IP address, browser requests to the server to establish a link to initiate three-way handshake;
. (3) TCP / IP link established after, the browser sends an HTTP request to the server;
(4). 服务器接收到这个请求,并根据路径参数映射到特定的请求处理器进行处理,并将处理结果及相应的视图返回给浏览器;
(5). 浏览器解析并渲染视图,若遇到对js文件、css文件及图片等静态资源的引用,则重复上述步骤并向服务器请求这些资源;
(6). 浏览器根据其请求到的资源、数据渲染页面,最终向用户呈现一个完整的页面。
11、Session、Cookie 与 Application
Cookie和Session都是客户端与服务器之间保持状态的解决方案,具体来说,cookie机制采用的是在客户端保持状态的方案,而session机制采用的是在服务器端保持状态的方案。
(1). Cookie及其相关API
Cookie实际上是一小段的文本信息。客户端请求服务器,如果服务器需要记录该用户状态,就使用response向客户端浏览器颁发一个Cookie,而客户端浏览器会把Cookie保存起来。当浏览器再请求该网站时,浏览器把请求的网址连同该Cookie一同提交给服务器,服务器检查该Cookie,以此来辨认用户状态。服务器还可以根据需要修改Cookie的内容。
(2). Session及其相关API
同样地,会话状态也可以保存在服务器端。客户端请求服务器,如果服务器记录该用户状态,就获取Session来保存状态,这时,如果服务器已经为此客户端创建过session,服务器就按照sessionid把这个session检索出来使用;如果客户端请求不包含sessionid,则为此客户端创建一个session并且生成一个与此session相关联的sessionid,并将这个sessionid在本次响应中返回给客户端保存。保存这个sessionid的方式可以采用 cookie机制 ,这样在交互过程中浏览器可以自动的按照规则把这个标识发挥给服务器;若浏览器禁用Cookie的话,可以通过 URL重写机制 将sessionid传回服务器。
(3). Session 与 Cookie 的对比
-
实现机制:Session的实现常常依赖于Cookie机制,通过Cookie机制回传SessionID;
-
大小限制:Cookie有大小限制并且浏览器对每个站点也有cookie的个数限制,Session没有大小限制,理论上只与服务器的内存大小有关;
-
安全性:Cookie存在安全隐患,通过拦截或本地文件找得到cookie后可以进行攻击,而Session由于保存在服务器端,相对更加安全;
-
服务器资源消耗:Session是保存在服务器端上会存在一段时间才会消失,如果session过多会增加服务器的压力。
Application(ServletContext):与一个Web应用程序相对应,为应用程序提供了一个全局的状态,所有客户都可以使用该状态。
(4). Application
Application(Java Web中的ServletContext):与一个Web应用程序相对应,为应用程序提供了一个全局的状态,所有客户都可以使用该状态。
12、SQL 注入
SQL注入就是通过把SQL命令插入到Web表单提交或输入域名或页面请求的查询字符串,最终达到欺骗服务器执行恶意的SQL命令。
1). SQL注入攻击的总体思路
(1). 寻找到SQL注入的位置
(2). 判断服务器类型和后台数据库类型
(3). 针对不通的服务器和数据库特点进行SQL注入攻击
2). SQL注入攻击实例
比如,在一个登录界面,要求输入用户名和密码,可以这样输入实现免帐号登录:
-
用户名: ‘ or 1 = 1 --
-
密 码:
- 1
- 2
- 1
- 2
用户一旦点击登录,如若没有做特殊处理,那么这个非法用户就很得意的登陆进去了。这是为什么呢?下面我们分析一下:从理论上说,后台认证程序中会有如下的SQL语句:String sql = “select * from user_table where username=’ “+userName+” ’ and password=’ “+password+” ‘”; 因此,当输入了上面的用户名和密码,上面的SQL语句变成:SELECT * FROM user_table WHERE username=’’or 1 = 1 – and password=’’。分析上述SQL语句我们知道,
username=‘ or 1=1 这个语句一定会成功;然后后面加两个-,这意味着注释,它将后面的语句注释,让他们不起作用。这样,上述语句永远都能正确执行,用户轻易骗过系统,获取合法身份。
3). 应对方法
(1). 参数绑定
使用预编译手段,绑定参数是最好的防SQL注入的方法。目前许多的ORM框架及JDBC等都实现了SQL预编译和参数绑定功能,攻击者的恶意SQL会被当做SQL的参数而不是SQL命令被执行。在mybatis的mapper文件中,对于传递的参数我们一般是使用#和$来获取参数值。当使用#时,变量是占位符,就是一般我们使用javajdbc的PrepareStatement时的占位符,所有可以防止sql注入;当使用$时,变量就是直接追加在sql中,一般会有sql注入问题。
(2). 使用正则表达式过滤传入的参数
13、 XSS 攻击
XSS是一种经常出现在web应用中的计算机安全漏洞,与SQL注入一起成为web中最主流的攻击方式。XSS是指恶意攻击者利用网站没有对用户提交数据进行转义处理或者过滤不足的缺点,进而添加一些脚本代码嵌入到web页面中去,使别的用户访问都会执行相应的嵌入代码,从而盗取用户资料、利用用户身份进行某种动作或者对访问者进行病毒侵害的一种攻击方式。
1). XSS攻击的危害
-
盗取各类用户帐号,如机器登录帐号、用户网银帐号、各类管理员帐号
-
控制企业数据,包括读取、篡改、添加、删除企业敏感数据的能力
-
盗窃企业重要的具有商业价值的资料
-
非法转账
-
强制发送电子邮件
-
网站挂马
-
控制受害者机器向其它网站发起攻击
2). 原因解析
主要原因:过于信任客户端提交的数据!
解决办法:不信任任何客户端提交的数据,只要是客户端提交的数据就应该先进行相应的过滤处理然后方可进行下一步的操作。
进一步分析细节:客户端提交的数据本来就是应用所需要的,但是恶意攻击者利用网站对客户端提交数据的信任,在数据中插入一些符号以及javascript代码,那么这些数据将会成为应用代码中的一部分了,那么攻击者就可以肆无忌惮地展开攻击啦,因此我们绝不可以信任任何客户端提交的数据!!!
3). XSS 攻击分类
(1). 反射性XSS攻击 (非持久性XSS攻击)
漏洞产生的原因是攻击者注入的数据反映在响应中。一个典型的非持久性XSS攻击包含一个带XSS攻击向量的链接(即每次攻击需要用户的点击),例如,正常发送消息:
http://www.test.com/message.php?send=Hello,World!- 1
- 1
接收者将会接收信息并显示Hello,World;但是,非正常发送消息:
http://www.test.com/message.php?send=<script>alert(‘foolish!’)</script>!- 1
- 1
接收者接收消息显示的时候将会弹出警告窗口!
(2). 持久性XSS攻击 (留言板场景)
XSS攻击向量(一般指XSS攻击代码)存储在网站数据库,当一个页面被用户打开的时候执行。也就是说,每当用户使用浏览器打开指定页面时,脚本便执行。与非持久性XSS攻击相比,持久性XSS攻击危害性更大。从名字就可以了解到,持久性XSS攻击就是将攻击代码存入数据库中,然后客户端打开时就执行这些攻击代码。
例如,留言板表单中的表单域:
<input type=“text” name=“content” value=“这里是用户填写的数据”>- 1
- 1
正常操作流程是:用户是提交相应留言信息 —— 将数据存储到数据库 —— 其他用户访问留言板,应用去数据并显示;而非正常操作流程是攻击者在value填写:
<script>alert(‘foolish!’);</script> <!--或者html其他标签(破坏样式。。。)、一段攻击型代码-->- 1
- 1
并将数据提交、存储到数据库中;当其他用户取出数据显示的时候,将会执行这些攻击性代码。
4). 修复漏洞方针
漏洞产生的根本原因是 太相信用户提交的数据,对用户所提交的数据过滤不足所导致的,因此解决方案也应该从这个方面入手,具体方案包括:
-
将重要的cookie标记为http only, 这样的话Javascript 中的document.cookie语句就不能
获取到cookie了(如果在cookie中设置了HttpOnly属性,那么通过js脚本将无法读取到cookie信息,这样能有效的防止XSS攻击); -
表单数据规定值的类型,例如:年龄应为只能为int、name只能为字母数字组合。。。。
-
对数据进行Html Encode 处理
-
过滤或移除特殊的Html标签,例如: <script>, <iframe> , < for <, > for>, " for
-
过滤JavaScript 事件的标签,例如 “οnclick=”, “onfocus” 等等。
需要注意的是,在有些应用中是允许html标签出现的,甚至是javascript代码出现。因此,我们在过滤数据的时候需要仔细分析哪些数据是有特殊要求(例如输出需要html代码、javascript代码拼接、或者此表单直接允许使用等等),然后区别处理!
14、OSI网络体系结构与TCP/IP协议模型
为了更好地了解计算机网络体系结构,笔者以两篇博客的篇幅来介绍这个计算机网络中最为重要的知识点,具体见《计算机网络体系结构综述(上)》 和 《计算机网络体系结构综述(下)》。下面只做简要的总结。
在《计算机网络体系结构综述(下)》一文中,我们知道TCP/IP与OSI最大的不同在于:OSI是一个理论上的网络通信模型,而TCP/IP则是实际上的网络通信标准。但是,它们的初衷是一样的,都是为了使得两台计算机能够像两个知心朋友那样能够互相准确理解对方的意思并做出优雅的回应。现在,我们对OSI七层模型的各层进行简要的介绍:
1). 物理层
参考模型的最低层,也是OSI模型的第一层,实现了相邻计算机节点之间比特流的透明传送,并尽可能地屏蔽掉具体传输介质和物理设备的差异,使其上层(数据链路层)不必关心网络的具体传输介质。
2). 数据链路层(data link layer)
接收来自物理层的位流形式的数据,并封装成帧,传送到上一层;同样,也将来自上层的数据帧,拆装为位流形式的数据转发到物理层。这一层在物理层提供的比特流的基础上,通过差错控制、流量控制方法,使有差错的物理线路变为无差错的数据链路,即提供可靠的通过物理介质传输数据的方法。
3). 网络层
将网络地址翻译成对应的物理地址,并通过路由选择算法为分组通过通信子网选择最适当的路径。
4). 传输层(transport layer)
在源端与目的端之间提供可靠的透明数据传输,使上层服务用户不必关系通信子网的实现细节。在协议栈中,传输层位于网络层之上,传输层协议为不同主机上运行的进程提供逻辑通信,而网络层协议为不同主机提供逻辑通信,如下图所示。
实际上,网络层可以看作是传输层的一部分,其为传输层提供服务。但对于终端系统而言,网络层对它们而言是透明的,它们知道传输层的存在,也就是说,在逻辑上它们认为是传输层为它们提供了端对端的通信,这也是分层思想的妙处。
5). 会话层(Session Layer)
会话层是OSI模型的第五层,是用户应用程序和网络之间的接口,负责在网络中的两节点之间建立、维持和终止通信。
6). 表示层(Presentation Layer):数据的编码,压缩和解压缩,数据的加密和解密
表示层是OSI模型的第六层,它对来自应用层的命令和数据进行解释,以确保一个系统的应用层所发送的信息可以被另一个系统的应用层读取。
7). 应用层(Application layer):为用户的应用进程提供网络通信服务
15、TCP和UDP分别对应的常见应用层协议
1). TCP对应的应用层协议
-
FTP:定义了文件传输协议,使用21端口。常说某某计算机开了FTP服务便是启动了文件传输服务。下载文件,上传主页,都要用到FTP服务。
-
Telnet:它是一种用于远程登陆的端口,用户可以以自己的身份远程连接到计算机上,通过这种端口可以提供一种基于DOS模式下的通信服务。如以前的BBS是-纯字符界面的,支持BBS的服务器将23端口打开,对外提供服务。
-
SMTP:定义了简单邮件传送协议,现在很多邮件服务器都用的是这个协议,用于发送邮件。如常见的免费邮件服务中用的就是这个邮件服务端口,所以在电子邮件设置-中常看到有这么SMTP端口设置这个栏,服务器开放的是25号端口。
-
POP3:它是和SMTP对应,POP3用于接收邮件。通常情况下,POP3协议所用的是110端口。也是说,只要你有相应的使用POP3协议的程序(例如Fo-xmail或Outlook),就可以不以Web方式登陆进邮箱界面,直接用邮件程序就可以收到邮件(如是163邮箱就没有必要先进入网易网站,再进入自己的邮-箱来收信)。
-
HTTP:从Web服务器传输超文本到本地浏览器的传送协议。
2). UDP对应的应用层协议
-
DNS:用于域名解析服务,将域名地址转换为IP地址。DNS用的是53号端口。
-
SNMP:简单网络管理协议,使用161号端口,是用来管理网络设备的。由于网络设备很多,无连接的服务就体现出其优势。
-
TFTP(Trival File Transfer Protocal):简单文件传输协议,该协议在熟知端口69上使用UDP服务。
3). 图示
16、网络层的ARP协议工作原理
网络层的ARP协议完成了IP地址与物理地址的映射。首先,每台主机都会在自己的ARP缓冲区中建立一个ARP列表,以表示IP地址和MAC地址的对应关系。当源主机需要将一个数据包要发送到目的主机时,会首先检查自己ARP列表中是否存在该IP地址对应的MAC地址:如果有,就直接将数据包发送到这个MAC地址;如果没有,就向本地网段发起一个ARP请求的广播包,查询此目的主机对应的MAC地址。此ARP请求数据包里包括源主机的IP地址、硬件地址、以及目的主机的IP地址。网络中所有的主机收到这个ARP请求后,会检查数据包中的目的IP是否和自己的IP地址一致。如果不相同就忽略此数据包;如果相同,该主机首先将发送端的MAC地址和IP地址添加到自己的ARP列表中,如果ARP表中已经存在该IP的信息,则将其覆盖,然后给源主机发送一个ARP响应数据包,告诉对方自己是它需要查找的MAC地址;源主机收到这个ARP响应数据包后,将得到的目的主机的IP地址和MAC地址添加到自己的ARP列表中,并利用此信息开始数据的传输。如果源主机一直没有收到ARP响应数据包,表示ARP查询失败。
17、IP地址的分类
IP地址是指互联网协议地址,是IP协议提供的一种统一的地址格式,它为互联网上的每一个网络和每一台主机分配一个逻辑地址,以此来屏蔽物理地址的差异。IP地址编址方案将IP地址空间划分为A、B、C、D、E五类,其中A、B、C是基本类,D、E类作为多播和保留使用,为特殊地址。
每个IP地址包括两个标识码(ID),即网络ID和主机ID。同一个物理网络上的所有主机都使用同一个网络ID,网络上的一个主机(包括网络上工作站,服务器和路由器等)有一个主机ID与其对应。A~E类地址的特点如下:
-
A类地址:以0开头,第一个字节范围:0~127;
-
B类地址:以10开头,第一个字节范围:128~191;
-
C类地址:以110开头,第一个字节范围:192~223;
-
D类地址:以1110开头,第一个字节范围为224~239;
-
E类地址:以1111开头,保留地址
1). A类地址:1字节的网络地址 + 3字节主机地址,网络地址的最高位必须是“0”
一个A类IP地址是指, 在IP地址的四段号码中,第一段号码为网络号码,剩下的三段号码为本地计算机的号码。如果用二进制表示IP地址的话,A类IP地址就由1字节的网络地址和3字节主机地址组成,网络地址的最高位必须是“0”。A类IP地址中网络的标识长度为8位,主机标识的长度为24位,A类网络地址数量较少,有126个网络,每个网络可以容纳主机数达1600多万台。
A类IP地址的地址范围1.0.0.0到127.255.255.255(二进制表示为:00000001 00000000 00000000 00000000 - 01111110 11111111 11111111 11111111),最后一个是广播地址。A类IP地址的子网掩码为255.0.0.0,每个网络支持的最大主机数为256的3次方-2=16777214台。
2). B类地址: 2字节的网络地址 + 2字节主机地址,网络地址的最高位必须是“10”
一个B类IP地址是指,在IP地址的四段号码中,前两段号码为网络号码。如果用二进制表示IP地址的话,B类IP地址就由2字节的网络地址和2字节主机地址组成,网络地址的最高位必须是“10”。B类IP地址中网络的标识长度为16位,主机标识的长度为16位,B类网络地址适用于中等规模的网络,有16384个网络,每个网络所能容纳的计算机数为6万多台。
B类IP地址地址范围128.0.0.0-191.255.255.255(二进制表示为:10000000 00000000 00000000 00000000—-10111111 11111111 11111111 11111111),最后一个是广播地址。B类IP地址的子网掩码为255.255.0.0,每个网络支持的最大主机数为256的2次方-2=65534台。
3). C类地址: 3字节的网络地址 + 1字节主机地址,网络地址的最高位必须是“110”
一个C类IP地址是指,在IP地址的四段号码中,前三段号码为网络号码,剩下的一段号码为本地计算机的号码。如果用二进制表示IP地址的话,C类IP地址就由3字节的网络地址和1字节主机地址组成,网络地址的最高位必须是“110”。C类IP地址中网络的标识长度为24位,主机标识的长度为8位,C类网络地址数量较多,有209万余个网络。适用于小规模的局域网络,每个网络最多只能包含254台计算机。
C类IP地址范围192.0.0.0-223.255.255.255(二进制表示为: 11000000 00000000 00000000 00000000 - 11011111 11111111 11111111 11111111)。C类IP地址的子网掩码为255.255.255.0,每个网络支持的最大主机数为256-2=254台。
4). D类地址:多播地址,用于1对多通信,最高位必须是“1110”
D类IP地址在历史上被叫做多播地址(multicast address),即组播地址。在以太网中,多播地址命名了一组应该在这个网络中应用接收到一个分组的站点。多播地址的最高位必须是“1110”,范围从224.0.0.0到239.255.255.255。
5). E类地址:为保留地址,最高位必须是“1111”
18、IP地址与物理地址
物理地址是数据链路层和物理层使用的地址,IP地址是网络层和以上各层使用的地址,是一种逻辑地址,其中ARP协议用于IP地址与物理地址的对应。
21、 常见状态码及原因短语
HTTP请求结构: 请求方式 + 请求URI + 协议及其版本
HTTP响应结构: 状态码 + 原因短语 + 协议及其版本
- 1×× : 请求处理中,请求已被接受,正在处理
- 2×× : 请求成功,请求被成功处理
200 OK
- 3 ××: redirection, to fulfill the request must be processed further
301: permanently transported
302: temporary transfer
304: cached
- 4 ××: client error, the request is not legitimate
400: Bad Request, request syntax question
403: deny the request
404: Access client page does not exist
- 5 ××: server-side error, the server can not handle legitimate requests
500: Internal Server Error
503: Service Unavailable, wait