1.OSI network architecture and TCP/IP protocol architecture
OSI network architecture is divided into seven layers:
From bottom to top, it consists of the physical layer, data link layer, network layer, transmission layer, session layer, presentation layer and application layer
The TCP/IP protocol structure is divided into four layers:
From bottom to top, it is divided into network interface layer, Internet layer, transmission layer and application layer
The network interface layer corresponds to the OSI physical layer and data link layer, and the application layer corresponds to the OSI session layer, presentation layer, and application layer.
2.HTTP and HTTPS
Http protocol runs on TCP, plaintext transmission, client and server can not verify each other’s identity; Https is Http with Secure Socket Layer (SSL) shell. SSL runs on TOP of TCP and is Http with encryption and authentication mechanisms added. The differences between the two are as follows:
Port difference: Http and Http use different connection modes and different ports, the former is 80, the latter is 443.
Resource consumption: Compared with HTTP communication, Https communication consumes more CPU and memory resources due to encryption processing.
Overhead: Https communication requires a certificate, which is typically purchased from a certification authority;
The Https encryption mechanism is a mixture of shared key encryption and public key encryption.
HTTP protocol Format
HTTP request protocol partial data
GET /user HTTP/1.1 Host: localhost:8080 Connection: keep-alive upset-insecure -Requests: 1 user-agent: Mozilla / 5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml; Q = 0.9, image/webp image/apng, * / *; Q = 0.8, application/signed – exchange; v=b3 Accept-Encoding: gzip, deflate, br Accept-Language: zh-CN,zh; Q = 0.9
Part 1: Request Lines: Request type, resource path, and HTTP version (first line above)
Part 2: Request Header: Immediately after the request line, additional information that the server needs to use (lines 2 through 8)
Part 3: Blank lines (there must be a newline between the request header and the body)
Part four: Body data, which can be added to any data
Parts iii and IV are not shown in the above document
HTTP response protocol
HTTP/1.1 200 Content-Type: text/ HTML OK
Part 1: Status Line, HTTP Version, Status code, Status information (Line 1)
Part 2: Response header, indicating additional information needed by the server (line 2)
Part 3: Blank Lines (Line 3)
Part 4: Response body (Line 4)
3.TCP and UDP
TCP is a transport layer protocol that provides a reliable connection of data through connection-oriented, end-to-end, and reliable byte stream services.
As a transport layer protocol, UDP does not establish a connection before data transmission, which ensures high data connection reliability and high transmission speed.
4.TCP three-way handshake and four-way wave
First handshake: When establishing a connection, the client sends a SYN packet (seq= X) to the server and enters the SYN_SENT state, waiting for confirmation from the server. SYN: Indicates the Synchronize Sequence number.
Second handshake: After receiving a SYN packet, the server must acknowledge the client’s SYN (ACK = X +1) and send a SYN packet (SEq = Y). In this case, the server enters the SYN_RECV state.
Third handshake: The client receives a SYN+ACK packet from the server and sends an ACK packet (ACK =x+1) to the server. After the packet is sent, the client and the server enter the ESTABLISHED state (TCP connection is successful) to complete the three-way handshake.
First wave: The client process sends a connection release packet and stops sending data. Release the header of the data packet, FIN=1, whose sequence number is SEq = U (equal to the sequence number of the last byte of the previously transmitted data plus 1). At this point, the client enters the fin-WaIT-1 state. According to TCP, FIN packets consume a sequence number even if they do not carry data.
Second wave: After receiving the connection release packet, the server sends an acknowledgement packet with ACK=1, ACK= u+1 and its serial number seq= V. At this time, the server enters close-wait state. The TCP server notifies the higher-level application process that the client is released from the direction of the server. This state is half-closed, that is, the client has no data to send, but if the server sends data, the client still accepts it. This state also lasts for a period of time, i.e. the duration of the close-wait state. After receiving the acknowledgement request from the server, the client enters the fin-WaIT-2 state and waits for the server to send a connection release packet (before receiving the final data from the server).
Third wave: After sending the LAST data, the server sends a connection release packet with FIN=1 and ACK = U +1 to the client. The server is probably in the semi-closed state. Assume that the serial number is SEQ = W, then the server enters the last-ACK state and waits for the client’s confirmation.
Fourth wave: After receiving the connection release packet from the server, the client sends ACK=1, ACK= w+1 and its serial number is SEq = U +1. In this case, the client enters the time-wait state. Notice That the TCP connection is not released at this time, and the client can enter the CLOSED state only after 2∗∗MSL (maximum packet segment life) and the corresponding TCB is revoked. The server enters the CLOSED state immediately after receiving an acknowledgement from the client. Similarly, revoking the TCB terminates the TCP connection. As you can see, the server ends the TCP connection earlier than the client.
4.1 Why are there three handshakes when connecting and four waves when closing
After receiving a SYN request packet from the Client, the Server sends a SYN+ACK packet. ACK packets are used for reply, and SYN packets are used for synchronization. However, when the Server receives a FIN packet, the SOCKET may not be closed immediately. Therefore, the Server can only reply with an ACK packet to tell the Client, “I received the FIN packet you sent.” I can send FIN packets only after all packets on the Server are sent. Therefore, THE FIN packets cannot be sent together. Therefore, a four-step handshake is required.
4.2 why does TIME_WAIT state take 2MSL to return to CLOSE?
Although logically, all four packets are sent and we can directly enter the CLOSE state, we must pretend that the network is unreliable and the last ACK may be lost. Therefore, the TIME_WAIT state is used to resend ACK packets that may be lost. The Client sends the last ACK reply, but the ACK may be lost. If the Server does not receive an ACK, it repeatedly sends FIN fragments. Therefore, the Client cannot shut down immediately. It must confirm that the Server received the ACK. The Client enters the TIME_WAIT state after sending an ACK. The Client sets a timer and waits for 2MSL of time. If a FIN is received again within that time, the Client resends the ACK and waits for another 2MSL. The so-called 2MSL is twice the MSL(Maximum Segment Lifetime). MSL refers to the maximum lifetime of a fragment in the network. 2MSL refers to the maximum time required for a send and a reply. If the Client does not receive a FIN again until 2MSL, the Client concludes that the ACK has been successfully received and terminates the TCP connection.
4.3 Why three handshakes instead of two or four
The three-way handshake performs two important functions, both by preparing the parties to send the data (both parties know that they are ready) and by allowing the parties to negotiate the initial serial number, which is sent and confirmed during the handshake.
If the client does not receive the request after the second handshake (that is, the server sends the request to the client), the server considers that the connection has been established and starts to send data. However, the client does not receive the request and considers that the connection has not been established and continues to send the connection information. This leads to a deadlock.
As for why not change it to four times? After three times of connection, both the server and the client can confirm the previous communication condition, but cannot confirm the situation after that. Reliable communication protocol does not exist at all, so it is useless to add another time.
4.4 What Can I Do if the Client Suddenly Fails after a Connection has been established?
TCP also has a keepalive timer, so obviously if the client fails, the server can’t wait forever and waste resources. The server resets this timer every time it receives a request from the client, usually for two hours. If it does not receive any data from the client within two hours, the server sends a probe segment, which is then sent every 75 seconds. If there is no response after 10 probe packets are sent, the server assumes that the client is faulty and closes the connection.
5. What are the common network protocols?
The network layer
IP protocol: Internet protocol
ICMP: Internet control packet protocol
ARP: address resolution protocol
RARP: reverse address resolution protocol
The transport layer
UDP protocol: user datagram protocol
TCP: Transmission control protocol
The application layer
FTP: file transfer protocol
Telenet: indicates the remote login protocol
DNS: domain name resolution protocol
POP3: post office protocol
HTTP: Hypertext transfer protocol
SMTP: simple mail transfer protocol
SNMP: Simple network management protocol
TFTP: simple file transfer protocol
6. Common network attack methods? And preventive measures
6.1 DDoS
DDoS attack
Distributed Denial of Service (DDoS) means that a large number of legitimate Distributed servers send requests to a target, preventing legitimate users from receiving services.
Common attack modes are as follows:
The client sends a request link packet to the server
The server sends an acknowledgement packet to the client
The client does not send an acknowledgement packet to the server, and the server waits for an acknowledgement from the client
DDoS prevention
Limit the number of SYN half-links open at the same time
Shorten the Time out for SYN half-links
Shut down unnecessary services
6.2 SQL injection
SQL injection
Instead of submitting standard data to a text box or other data entry field, an attacker enters SQL statements to trick an application into displaying or manipulating its data.
SQL injection precautions
Do not use dynamic SQL
Do not keep sensitive data in plain text.
Restrict database permissions and privileges
Avoid displaying database errors directly to the user
Using a Web Application Firewall (WAF) for Web applications that access the database
Periodically test Web applications that interact with the database
Update the database to the latest available patches
6.3 XSS attacks
XSS attacks
XSS, or Cross Site Scripting, is a common vulnerability in Web applications. Attackers destroy vulnerable websites or Web applications and inject malicious code. When the page loads, the code executes a malicious script on the user’s browser.
XSS prevention
Web page user input place, the input data escape, filtering processing. When you output pages in the background, you also need to escape and filter the output (because attackers can write malicious scripts to the database in other ways).
The front end verifies where THE HTML tag attributes and CSS attributes are assigned values
6.4 CSRF attacks
CSRF attacks
Cross-site request forgery is an attack method to trick a user into performing an unintended action on a currently logged Web application.
CSRF prevention
Check the Referer field
The HTTP header has a Referer field that identifies the address from which the request came. When handling sensitive data requests, the Referer field should generally be in the same domain as the requested address. As an example of the bank operation mentioned above, the address of the Referer field should usually be the address of the web page where the transfer button is located, which should also be located under www.examplebank.com. In the case of a CSRF attack, the Referer field will be the address containing the malicious URL, not under www.examplebank.com, and the server will recognize the malicious access.
Adding a Verification Token
The essence of CSRF is that the attacker deceives the user to access the address set by himself. Therefore, if the user’s browser is required to provide data that is not stored in cookies and cannot be forged by the attacker as verification when accessing sensitive data, the attacker cannot run CSRF attacks any more. This data is usually a data item on the form. The server generates and appends it to the form as a pseudo-random number. When a client submits a request through the form, the pseudorandom number is also submitted for verification. In normal access, the client browser can correctly obtain and return the pseudorandom number, but in the spoofing attack transmitted through CSRF, the attacker has no way to know the value of the pseudorandom number in advance, and the server will reject the suspicious request because the verification token value is empty or wrong.
7.TCP sticky packets
TCP is a connection-oriented, stream-oriented reliable protocol. In order to send multiple packets to the receiving end more effectively, the sender uses optimization method (Nagle algorithm) to merge the data with smaller intervals and small data volume into a large data block and then seal packets. In this way, the receiving end, it is difficult to distinguish, there will be the so-called sticky package problem.
Causes of sticky bags:
(1) The sending end needs to wait for the buffer to be full before sending out, resulting in sticky packets (sending data interval is very short, the data is very small, together, resulting in sticky packets)
(2) The receiver does not receive the buffer packet in time, resulting in multiple packets receiving (the client sends a piece of data, but the server only receives a small part, and the server takes the last data from the buffer again next time, resulting in sticky packets)
Sticky package solution:
(1) Send with fixed length
When data is sent, the design of fixed length is adopted. No matter how big the data packet is, it is divided into fixed length for sending. The disadvantage of this method is that the length of the last packet is often filled with Spaces, and the receiver may not be able to identify the invalid part.
(2) Set the tail mark
A special mark is added at the end of a packet, and when the receiver reads this mark, it indicates that the packet is finished. The disadvantage of this method is that it is difficult to find a proper answer to what kind of data to take as the marker bit.
(3) Add markers in the header to indicate the packet length
Mark a length in the header, read the length before receiving data, so that you do not have to worry about packet loss.