A brief description of the OSI model and TCP / IP model
OSI seven-layer model
ISO promulgated in 1984, the OSI Reference Model OSI.OSI reference model is an open architecture, which provides the network is divided into seven layers, from bottom to top is
the physical layer, data link layer, network layer, transport layer, session layer, presentation layer, application layer
TCP / IP model
early as four layers, respectively, the network interface layer, network layer, transport layer, application layer
heavily influenced by the OSI model, the physical layer, network interface layer into the data link layer and the
formation of five new models are a physical layer, data link layer, network layer, transport layer, application layer
OSI seven-layer model
ISO promulgated in 1984, the OSI Reference Model OSI.OSI reference model is an open architecture, which provides the network is divided into seven layers, from bottom to top is
the physical layer, data link layer, network layer, transport layer, session layer, presentation layer, application layer
TCP / IP model
early as four layers, respectively, the network interface layer, network layer, transport layer, application layer
heavily influenced by the OSI model, the physical layer, network interface layer into the data link layer and the
formation of five new models are a physical layer, data link layer, network layer, transport layer, application layer
TCP / IP devices and five corresponding PDU (data unit)
transport layer == "segment ==" firewalls, network layer == "packet ==" router,
the data link layer == "data frame ==" switch, a physical layer == "bitstream ==" card
Details of the process of data encapsulation and decapsulation
encapsulation and de-encapsulation of data and presents opening presents similar packaging. The raw data is translated at the application layer of binary coded data arriving at the transport layer is divided
into many small data segments, each data packet encapsulated TCP header arriving at the network layer encapsulation IP header, packaged into packets arriving data link after the path layer
encapsulation MAC header, data in the form of a data frame is present, the physical layer converts the binary data into an electrical signal / digital signal in the form of a bit stream in
the transport network. Data is transmitted from PC1 to PC2, the first layers of the data package, when the transmitted side PC2, PC2 side decapsulates the data, the first
physical layer electrical signal / digital signal into binary data, and link data submitted data path layer, the data link layer, MAC addresses are identified,
the MAC header is removed, data is packed to the network layer, the network layer is then removed IP header, TCP transport layer header removed, the data exchange to the application layer,
application layer binary data re-translated into the original state.
Brief data encapsulation and de-encapsulation
package (5 kinds of view)
(1) data from the PC to upload data to the application layer, the upper layer of the encapsulated data at the transport layer, the TCP header is added, followed by performing encapsulation to add an IP header in the network layer to data link layer encapsulation
its MAC header, this time data complete encapsulation, the encapsulated data to the physical layer, into the bit stream sent out, the process data is encapsulated
packaging process (2) data is data sent by the host to the application layer, the upper layer data is formed sequentially in the transport layer, network layer, data link layer data is added to the upper layer TCP header, the IP header,
MAC header, after completion of the data package for transmission to the physical layer, becomes into a bit stream output, data encapsulation process is complete
(3) by the host application layer data uploading data to form the upper layer data, then the data at the network layer encapsulation header is added tcp, adding an IP header to the network layer, the data link his encapsulation layer
mac head, after completion of the data package for transmission to the physical layer, into the bit stream output
(4) of data sent by the host to the application layer, the upper layer is formed Data sequentially in the transport layer, network layer, data link layer data is added to the upper layer TCP header, the IP header,
MAC header, after completion of the data package for transmission to the physical layer, into an output bitstream,
(5) Data sent by the host to the application layer, the upper layer data is formed sequentially in the transport layer, network layer, data link layer data is added to the upper layer TCP header, the IP header, MAC header,
after completion of the data package for transmission to the physical layer, becomes into a bit stream output
package (5 kinds of view)
(1) data from the PC to upload data to the application layer, the upper layer of the encapsulated data at the transport layer, the TCP header is added, followed by performing encapsulation to add an IP header in the network layer to data link layer encapsulation
its MAC header, this time data complete encapsulation, the encapsulated data to the physical layer, into the bit stream sent out, the process data is encapsulated
packaging process (2) data is data sent by the host to the application layer, the upper layer data is formed sequentially in the transport layer, network layer, data link layer data is added to the upper layer TCP header, the IP header,
MAC header, after completion of the data package for transmission to the physical layer, becomes into a bit stream output, data encapsulation process is complete
(3) by the host application layer data uploading data to form the upper layer data, then the data at the network layer encapsulation header is added tcp, adding an IP header to the network layer, the data link his encapsulation layer
mac head, after completion of the data package for transmission to the physical layer, into the bit stream output
(4) of data sent by the host to the application layer, the upper layer is formed Data sequentially in the transport layer, network layer, data link layer data is added to the upper layer TCP header, the IP header,
MAC header, after completion of the data package for transmission to the physical layer, into an output bitstream,
(5) Data sent by the host to the application layer, the upper layer data is formed sequentially in the transport layer, network layer, data link layer data is added to the upper layer TCP header, the IP header, MAC header,
after completion of the data package for transmission to the physical layer, becomes into a bit stream output
Decapsulating:
After receiving the data at the physical layer bit stream, the data link layer decapsulates, mac remove the head, the head sequentially removes the IP network layer, the transport layer, TCP header, to the application layer into
an upper layer data, deblocking is completed, the read information to the host
After receiving the data at the physical layer bit stream, the data link layer decapsulates, mac remove the head, the head sequentially removes the IP network layer, the transport layer, TCP header, to the application layer into
an upper layer data, deblocking is completed, the read information to the host
TCP / IP five representative apparatus and the corresponding effect
of the most representative device acting
physical layer cable, the card receives the digital signal, the binary data bit stream into each other (digital signal / electrical)
data link layer switch responsible for the physical seek address, resolve the MAC address (data frame)
network layer router ip address resolve responsible logical addressing, routing achieved (data packets) between the different network
transport layer protocol port defined hardware firewall, the port identification number (data segment)
applications layer host resolution data, reading the identification. Original information translated into binary data, or to convert the binary data into the original information. Network services to the end user interface (raw data)
of the most representative device acting
physical layer cable, the card receives the digital signal, the binary data bit stream into each other (digital signal / electrical)
data link layer switch responsible for the physical seek address, resolve the MAC address (data frame)
network layer router ip address resolve responsible logical addressing, routing achieved (data packets) between the different network
transport layer protocol port defined hardware firewall, the port identification number (data segment)
applications layer host resolution data, reading the identification. Original information translated into binary data, or to convert the binary data into the original information. Network services to the end user interface (raw data)
No agreement on behalf of each layer and the
application layer [pop3 = accept mail (110) dns = DNS (53) smtp = Mail Transfer Protocol (25)
the TFTP = Trivial File Transfer (69) ftp = file transfer protocol (20/21) http = hypertext link (80)
ntp = network time protocol (123) snmp = sNMP (161)]
[Transporting layer 6 tcp = Transmission Control Protocol (20-60Byte) 17 udp = User Datagram Protocol (8Byte)]
[Arp = network layer address resolution protocol icmp = = Internet Control Protocol IGMP Internet Group Management Protocol RARP Reverse Address Resolution] =
Data Link Layer
Physical Layer
Data Link Layer
Physical Layer
= Gateway connected to the network port
TTL = lifecycle
Full duplex (bidirectional transmission) able to take the same time can send
a half-duplex connection can both send the same time can not send or receive not only made to close
the simplex only send or receives data only send
Source port number (16 bits) Destination Port (16 bits)
sequence number (32)
an acknowledgment number (32-bit)
header length (4) reserved bit (6) urg emergency bit ack acknowledgment psh urgency rst 'syn request fin end port ( 16)
placeholder
checksum (16) urgent pointer (16)
TCP is a connection-oriented Reliable process to process communication protocol to provide full-duplex service can transmit data at the same time
UDP is a connectionless. That does not guarantee the reliability of the transport layer protocol does not care about the sender to send data whether the data has reached the wrong target host
UDP header format simple data transfer can be achieved with minimal overhead
UDP is a connectionless. That does not guarantee the reliability of the transport layer protocol does not care about the sender to send data whether the data has reached the wrong target host
UDP header format simple data transfer can be achieved with minimal overhead
TCP / UDP distinction
tcp reliable and secure transmission of a slow (= confirm whether the three-way handshake connection) bytes large (20 to 60)
the UDP an unreliable transport insecure fast (direct transmission) little endian (8)
23 Telnet
111 rpc
In your own words describe TCP three-way handshake, why is the three-way handshake?
A host accessing the server B, A host does not know the ip address of the server B, and B enter the domain name server by DNS domain name resolution server B to resolve ip address. A host server B obtained ip address. A host server B establishes
a virtual connection TCP, began three-way handshake. A host issues a SYN packet, SYN placeholder is set to 1, the other five to 0. SYN = 1 A formulation host seq = x, expect = x + 1. Handshake is completed first. After receiving the information server B determines
a given transmission A normal capacity. A host server B to release SYN + ACK packet, the SYN ACK placeholder bits are set to 1, the other 4 bits of 0. SYN = 1, ACK = 1 . Reply ack = x = 1 seq = y expect = y + 1, A host B receives the determination
server receives the transmission capacity were normal. A host issues the final ACK packet, ack = y + 1, this time seq = x + 1 B A host server determines normal reception. The two sides establish a connection.
Three-way handshake reason, TCP is a connection-oriented connection, a connection is required before the official send data to determine both the sending and receiving capabilities are normal, at least three-way handshake.
Why is disconnected from the fourth wave?
1, when the host A and the transmission data confirmation Ends know B has finished receiving, want to close the port to send data (or send the acknowledgment signal may, of course), the host will send FIN B.
2, FIN A host B receives the transmitted, acknowledged receipt, sends ACK reply.
3, but it is still possible to send data B, do not want to close the mouth of the meaning of the data, the FIN and ACK is not transmitted simultaneously, but wait until the data is sent over B, FIN will be sent to the host A.
4, A receives the FIN sent to B, B to know also transmitted over the data, ACK reply, A after waiting 2MSL, B did not receive any message came to know their B has received the ACK, A is closed link, B also closed links.
1. The switch configuration system has several modes
switch> -switch # -switch (config) # - switch (config-if) #
User Mode - privileged mode - Global Mode - Interface Mode
switch> -switch # -switch (config) # - switch (config-if) #
User Mode - privileged mode - Global Mode - Interface Mode
2. How to switch between a mode
switch> enable privileged mode
switch # config temined global mode
switch (config) #interface fasterther 0/1 interface mode
switch> enable privileged mode
switch # config temined global mode
switch (config) #interface fasterther 0/1 interface mode
3. Use your own words ARP spoofing attacks and ARP
ARP spoofing pc1 and pc2 communication pc3 tell pc2 pc1Mac is pc3 of Mac pc3 tell pc1 pc2 for Mac is a Mac pc3
ARP spoofing does not make the network but can not communicate by impersonating other hosts the traffic is forwarded through the host's arrival attacker
ARP attack the main purpose of the network can not communicate
when pc1 out network communication using software simulation pc 1 gateway when pc1 with external network communication can not connect to the network
if you want to pc1 pc1 unable to connect to the Internet only need to send false ARP reply
when an ARP entry is updated after receiving the false pc1 ARP reply
will be sent to a false pc1 Mac address when transmitting data communication fails
ARP spoofing pc1 and pc2 communication pc3 tell pc2 pc1Mac is pc3 of Mac pc3 tell pc1 pc2 for Mac is a Mac pc3
ARP spoofing does not make the network but can not communicate by impersonating other hosts the traffic is forwarded through the host's arrival attacker
ARP attack the main purpose of the network can not communicate
when pc1 out network communication using software simulation pc 1 gateway when pc1 with external network communication can not connect to the network
if you want to pc1 pc1 unable to connect to the Internet only need to send false ARP reply
when an ARP entry is updated after receiving the false pc1 ARP reply
will be sent to a false pc1 Mac address when transmitting data communication fails
4. DESCRIPTION ARP workflow
host POST ARP cache table if the direct real data exists in the package
, if not found in the ARP cache table corresponding relationship between ip and Mac case an ARP request sent ARP work in the form of a broadcast
when the destination host receives the ARP request after doing ARP reply ARP request source host receives encapsulated data recording target Mac address
Mac recorded in different host LAN gateway router interface
host POST ARP cache table if the direct real data exists in the package
, if not found in the ARP cache table corresponding relationship between ip and Mac case an ARP request sent ARP work in the form of a broadcast
when the destination host receives the ARP request after doing ARP reply ARP request source host receives encapsulated data recording target Mac address
Mac recorded in different host LAN gateway router interface
5. Please describe the router works
routing table routing forwarding
routing table routing forwarding
6. The router forwards the routing workflow
to identify ip header (the original target ip ip)
target segment by setting the netmask (subnet mask) to calculate
the routing table direct routes static routes
if relevant route record straight forward, if not do static routing configuration
to identify ip header (the original target ip ip)
target segment by setting the netmask (subnet mask) to calculate
the routing table direct routes static routes
if relevant route record straight forward, if not do static routing configuration
If the two hosts of ping nowhere, how to troubleshoot (troubleshooting ideas)
1. Check the physical layer (check the network cable is intact, cable interfaces intact, switch and router interfaces, switches, if burned, the routing table, direct routes and static route there is a problem,
to see whether the host gateway configuration errors, whether ip address has been tampered with)
2. Check the firewall (firewall maybe prevent icmp protocol)
3.B host is down
4. throughout the route way, there mac address conflict
1. Check the physical layer (check the network cable is intact, cable interfaces intact, switch and router interfaces, switches, if burned, the routing table, direct routes and static route there is a problem,
to see whether the host gateway configuration errors, whether ip address has been tampered with)
2. Check the firewall (firewall maybe prevent icmp protocol)
3.B host is down
4. throughout the route way, there mac address conflict
IP address is the Internet Protocol address. IP address is a uniform address format of the IP protocol provides, assign it a logical address for each network on the Internet and each host
in order to mask the differences in the physical address. 4 32-bit IP address segment, decimal.
in order to mask the differences in the physical address. 4 32-bit IP address segment, decimal.