Review of the previous period

First of all, let’s answer the question raised by the author last time. Do hubs, switches and routers also get viruses when they transmit computer viruses over the network? Not so fast, but let’s understand how computer viruses work. We need to understand that a computer virus is a malicious computer program. So it needs: 1. The underlying operating system to execute 2. The complete program 3. Trigger conditions switch and other devices have the first element, but do not meet the second element, because they are responsible for the transmission of data packets in the network, so can not form a complete program, therefore, computer viruses can not run poison them.

All right, let’s make a summary of what we’ve shared.

We’ve learned that network communication is about exchanging packets of data. A sends A packet to B, who receives it and replies with A packet, thus realizing the communication between the two computers. The structure of the packet is basically as follows:

To send this package, you need to know two addresses:

1. MAC address of the peer party 2Copy the code

With these two addresses, the packet can be delivered exactly to the recipient. If two computers are not in the same subnetwork, they cannot know the MAC address of the other computer and must forward the MAC address through the gateway.

No. 1
4.
4.



The gateway is A
The gateway is A
Routing protocol
4.
Subnet B
The gateway B
The gateway B
4 computer

To send the packet to gateway A, Number 1 must know the MAC address of gateway A. Therefore, the destination address of the packet is actually divided into two cases:

scenario Packet address
Same subnetwork MAC address and IP address of the peer party
Different subnetworks MAC address of the gateway and IP address of the peer

The user perspective of the Web

  • Static IP address

You buy a new MAC, plug it in, and boot it up.

Usually we have to do some setup. Sometimes, your administrator (or ISP) will tell you the following four parameters that you can plug into the operating system to enable your computer to connect to the Internet: 1. IP address of the local server 2. Subnet mask 3. Gateway IP address 4

The following figure shows the Settings window of Windows system.

All four parameters are indispensable. Since they are given, each time the computer is powered on, it will be assigned the same IP address, so this situation is called static IP address Internet access.

However, this setup is professional and intimidating to the average user, and if one computer’s IP address stays the same, other computers cannot use it, which is not flexible enough. For these two reasons, most users use dynamic IP addresses to access the Internet.

  • dynamicIPaddress

The so-called dynamic IP address refers to the computer boot, will be automatically assigned to an IP address, no manual setting. It uses a protocol called DHCP.

This protocol provides that in each sub-network, there is a computer responsible for managing all the IP addresses of the network. This computer is called a DHCP server. When a new computer joins a network, it must send a DHCP request packet to the DHCP server to apply for an IP address and related network parameters.

As mentioned above, if two computers are on the same subnetwork, they must know each other’s MAC and IP addresses before they can send packets. However, the new computer does not know these two addresses, how to send packets?

The DHCP protocol makes some clever rules.

  • DHCPagreement

First, it’s an application-layer protocol, built on top of UDP, so the entire packet looks like this:

1. In the first Ethernet header, set the MAC addresses of the sender (local host) and the receiver (DHCP server). FF-FF-FF-FF-FF-FF

2. In the IP header, set the SENDER IP address and receiver IP address. At this point, the machine does not know about either. Then, the IP address of the sender is set to 0.0.0.0 and that of the receiver is set to 255.255.255.255.

3. In the final UDP header, set the port number of the sender and the port number of the receiver. This part is specified by DHCP. The sender is port 68, and the receiver is port 67.

Once the packet is constructed, it can be sent out. Ethernet is broadcast sending, and each computer in the same subnetwork receives this packet. Because the MAC address of the recipient is ff-ff-ff-ff-ff, there is no telling who it is addressed to, so each computer that receives the packet must also analyze the IP address of the packet to determine if it is addressed to itself. When the IP address of the sender is 0.0.0.0, the IP address of the receiver is 255.255.255.255. The DHCP server then knows that the packet was destined for me, and other computers can discard the packet.

The DHCP server then reads the packet, assigns an IP address, and sends back a DHCP response packet. The structure of the response packet is similar. The MAC address of the Ethernet header is the network adapter address of both parties, the IP address of the IP header is the IP address of the DHCP server (sender) and 255.255.255.255 (receiver), and the ports of the UDP header are 67 (sender) and 68 (receiver). The IP address assigned to the requestor and the specific parameters of the local network are contained in the Data section.

The new computer receives the response packet and knows its IP address, subnet mask, gateway address, DNS server, and so on.

  • One example: visiting a web page

    1. The machine parameters

    Let’s assume that after the steps in the previous section, the user has set his network parameters:

    1.1 LOCAL IP Address 192.168.1.100 1.2 Subnet mask 255.255.255.0 1.3 Gateway IP address 192.168.1.1 1.4 DNS IP address 8.8.8.8

Then we opened Chrome, wanted to visit Google, and typed in the address bar: www.google.com. [No scientific Internet students will open Baidu]

This means that Chrome sends a packet of web requests to Google.

  1. DNS protocol

As we know, to send a packet, you must know the IP address of the other party. But, for now, we only know the website www.google.com, not its IP address.

The DNS protocol can help us convert this url into an IP address. Given that the DNS server is 8.8.8.8, we send a DNS packet (port 53) to this address.

The DNS server then responds, telling us that Google’s IP address is 172.194.72.105. So we know each other’s IP addresses.

  1. Subnet mask

Next, we need to determine whether the IP address is in the same subnetwork, using the subnet mask.

Given that the subnet mask is 255.255.255.0, the local computer performs a binary AND operation on its IP address 192.168.1.100 (both digits are 1, the result is 1; otherwise, the result is 0), AND the calculation result is 192.168.1.0. Then perform an AND operation on Google’s IP address 172.194.72.105. The result is 172.194.72.0. These two results are not equal, so the conclusion is that Google and native are not on the same subnetwork.

Therefore, if we want to send a packet to Google, we must forward it through gateway 192.168.1.1, that is, the MAC address of the recipient will be the MAC address of the gateway.

  1. Application layer protocol

The HTTP protocol is used for browsing the web, and its entire packet structure looks like this:

GET / HTTP/1.1
Host: www.google.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1) Accept: text/html,application/xhtml+xml,application/xml; q=0.9; Accept-Encoding: gzip,deflate,sdch Accept-Language: zh-CN,zh; q=0.8
Accept-Charset: GBK,utf-8; q=0.7
Copy the code

We assume that this section is 4960 bytes long and will be embedded in the TCP packet.

  1. TCP protocol

TCP packets require ports to be set. The default HTTP port for the receiver (Google) is 80, and the port for the sender (native) is a randomly generated integer between 1024 and 65535, assumed to be 51775.

The TCP packet header is 20 bytes long, and the total length becomes 4980 bytes if the HTTP embedded packet is included.

  1. TCP/IP protocol

TCP packets are then embedded into IP packets. IP packets need to be set to both IP addresses, which are known as 192.168.1.100 for sender (local) and 172.194.72.105 for receiver (Google).

The header length of the IP packet is 20 bytes, and the total length of the EMBEDDED TCP packet becomes 5000 bytes.

  1. Ethernet protocol

Finally, IP packets embed Ethernet packets. For Ethernet packets, you need to set the MAC addresses of both parties. The sender is the MAC address of the local network adapter, and the receiver is the MAC address of the gateway 192.168.1.1 (obtained through ARP).

The data portion of an Ethernet packet, with a maximum length of 1500 bytes, compared to the current IP packet length of 5000 bytes. Therefore, IP packets must be split into four packets. Because each packet has its own IP header (20 bytes), the length of IP packets for the four packets is 1500, 1500, 1500, 560, respectively.

  1. Server-side response

Through multiple gateways, Google server 172.194.72.105 received the four Ethernet packets.

According to the IP header number, Google pieced together the four packets, took out the complete TCP packet, then read the HTTP request inside, then made the HTTP response, and sent back using TCP.

After receiving the HTTP response, the machine can display the web page and complete a network communication.

Willing to share and exchange various technologies, personal public account [Mindev], and Knowledge planet [Geek World].