Before the order

This blog post is another one on TCP/IP following on from the previous blog on the Web, which illustrated HTTP and HTTPS.

The word information and communication society has become a synonym of modern society. People can use mobile phones and other information terminals to communicate at any time and anywhere, and this environment depends on the network to achieve. Among these networks, the most widely used protocol is TCP/IP.

In order to construct and operate a secure and reassuring network environment, it is imperative to understand TCP/IP. The purpose of this blog is to understand the basic knowledge of TCP/IP and master the basic skills of TCP/IP.

[Figure TCP/IP] fifth revision Hope that through this blog, you can not spend more time to read this book, just need to collect this blog, when you need to look at it.

About the network, “diagram HTTP and HTTPS” and “diagram TCP/IP” these two books are ranked 1,2 positions, take the time to learn the core content of the two books!!

It’s the Spring Festival: Happy New Year to you all, be bold and make a fortune

Network Basics

This module mainly in-depth understanding of TCP/IP necessary basic knowledge: OSI reference model, the nature of network concepts.

1.1 OSI reference model

  • The application layer

Provides services to the application and specifies the details related to communication within the application. Protocols include file transfer, email, and remote login (virtual terminal).

  • The presentation layer

To convert information processed by an application into a format suitable for network transmission, or to convert data from the next layer into a format that the upper layer can process. Therefore, it is mainly responsible for data format conversion.

Specifically, it is to convert the data format inherent to the device into the network standard transmission format. Different devices may interpret the same bit stream differently. Thus, keeping them consistent is the main role of this layer.

  • The session layer

Responsible for establishing and disconnecting communication connections (logical paths through which data flows), as well as data segmentation and other data transmission-related management.

  • The transport layer

Plays the role of reliable transmission. It is processed only on the communication nodes, not on the router.

  • The network layer

Transfer the data to the destination address. The destination address can be an address that multiple networks connect to through a router. This layer is therefore responsible for addressing and routing.

  • Data link layer

Responsible for the communication and transmission of interconnected nodes on the physical plane.

For example, communication between two nodes connected to an Ethernet. The sequence of 0 and 1 is divided into meaningful data frames and sent to the peer end (data frame generation and reception).

  • The physical layer

Responsible for 0, 1 bit flow (0, 1 sequence) and the high voltage, the light between the exchange.

1.2 Examples of OSI participation model communication processing

Seven layers of the communication

The sender transmits data sequentially from layer 7 and 6 to layer 1 from top to bottom, while the receiver transmits data hierarchically from layer 1 and 2 to layer 7 from bottom to top to each upper level. At each layer, the data transmitted at the previous layer can be accompanied by “header” information that is necessary for the current layer’s protocol. Then the receiving end separates the data “head” and “content” of the received data, forwards the data to the upper layer, and finally restores the data of the sending end to its original state.

1.3 Classification of transmission modes

1.3.1 Connection-oriented and connectionless

Data sent over the network can be classified into connection-oriented and connectionless (connection-oriented protocols include Ethernet, IP, and UDP). Connection-oriented protocols include ATM, Frame relay, TCP, etc.)

Oriented to connected type

In connection-oriented mode, before sending data, a communication line needs to be connected between the receiving and receiving hosts (the specific meaning of connection may vary according to different layered protocols). The connection in the data link layer refers to the connection of physical and communication lines. The transport layer is responsible for creating and managing logical connections.

For connectionless type

Therefore, in connectionless communication, there is no need to confirm the existence of the peer. The sender can send data even if the receiver does not exist or cannot receive it.

Connectionless type does not require establishing and disconnecting connections. The sender is free to send data at any time, and the receiver never knows when or where it will receive it. Therefore, in the connectionless case, the receiver needs to constantly confirm whether or not the data has been received.

1.3.2 Circuit switching and packet switching

At present, network communication can be roughly divided into two kinds – circuit switching and packet switching.

Circuit switching

In circuit switching, the switch is mainly responsible for data transfer and processing. Computers are first connected to switches, which are then connected by numerous communication lines. Therefore, when sending data between computers, the communication circuit needs to be established with the target host through the switch. We call connecting a circuit setting up a connection. Once the connection is established, the user can use the circuit until the connection is disconnected.

Packet switching

The computer connected to the communication circuit divides the data to be sent into multiple packets, which are arranged in a certain order and then sent separately. This is packet switching. With packet switching, data can be subdivided so that all computers can send and receive data at the same time, thus increasing the utilization of communication lines. In the process of grouping, the addresses of the sending end and the receiving end have been written at the head of each group. Therefore, even if the same line serves multiple users at the same time, the destination to which the data of each group is sent and the computer with which it communicates can be clearly distinguished.

In packet switching, communication lines are connected by a packet switch (router). Packet switching basically works like this: the sending computer sends packets of data to the router. The router receives the packets, caches them into its own buffer, and then forwards them to the target computer.

1.3.3 Quantitative components of the receiving end

Network communication can also be classified according to the number of target addresses and their subsequent behavior. Such as broadcast, multicast and so on is the product of this classification.

  • unicast

Combined, this means 1 – to – 1 communication. An early example of unicast communication was the fixed telephone.

  • radio

It refers to sending messages from one host to all other hosts connected to it. To send a television signal simultaneously to a nonspecific

Multiple receive objects of.

  • multicast

Multicast, like broadcast, sends messages to multiple receiving hosts. The difference is that multicast is limited to a set of hosts as receivers. The most typical example of multicast communication is videoconferencing, which is a teleconference attended by several groups of people in different locations. In this form, one host sends a message to a specific number of hosts. Video conferences are usually not broadcast. Otherwise, there will be no way of knowing who is attending and where.

  • As a broadcast

Anycast refers to a communication mode in which one of the specified hosts is selected as the receiver. Although this approach is similar to multicast in that it targets a specific set of hosts, it behaves differently from multicast. The multicast communication selects a host that most meets the network condition from the target host group as the target host to send messages. Typically, the selected particular host will return a unicast signal, and the sender will then communicate only with that host.

Basic TCP/IP knowledge

2.1 Definition of TCP/IP

Literally, one might think that TCP/IP refers to both TCP and IP protocols. In real life, these two agreements are sometimes referred to. However, in many cases, it is just a general name of the protocol group that must be used to communicate with IP. Specifically, IP or ICMP, TCP or UDP, TELNET or FTP, and HTTP are all TCP/IP protocols. They are closely related to TCP or IP and are an essential part of the Internet.

The term TCP/IP refers broadly to these protocols, and as a result, TCP/IP is sometimes referred to as the Internet Protocol Suite. .

2.2 TCP/IP and OSI reference model

2.2.1 Hardware [Physical Layer]

At the bottom of TCP/IP is the hardware responsible for data transfer. This hardware is equivalent to physical layer devices such as Ethernet or telephone lines. There has been no unified definition of its content. As long as people use different transmission media on the physical level (such as using network cables or wireless), network bandwidth, reliability, security, delay, etc., will be different, and there is no established index in these aspects. All in all, TCP/IP is a protocol proposed on the premise that interconnected devices can communicate with each other.

2.2.2 Network Interface Layer [Data Link Layer]

Network interface layer (sometimes the network interface layer is combined with the hardware layer and is called the network communication layer.) The data link layer in Ethernet is used for communication, so it belongs to the interface layer. That said, it doesn’t hurt to think of it as the “driver” that makes the NIC work.

Drivers are software that acts as a bridge between the operating system and hardware. Computer peripheral add-ons or expansion cards, not directly into the computer or computer expansion slot can be used immediately, but also need the corresponding driver support. For example, a new NIC needs both hardware and software to be put into use. Therefore, people often need to install some driver software on top of the operating system to use these additional hardware

2.2.3 Internet Layer [Network Layer]

The Internet layer uses the IP protocol, which is equivalent to layer 3 network layer in the OSI model. IP protocol forwards subcontracted data based on IP addresses.

The functions of the Internet layer and transport layer in the TCP/IP layer are usually provided by the operating system. Routers, in particular, must be able to forward packets of packets across the internetworking layer.

  • IP

IP is a protocol that sends packets across networks, making them available to the entire Internet. The IP protocol enables data to be sent to the other side of the globe, during which time it identifies the host using the IP address.

IP also implies the functions of the data link layer. Through IP, hosts that communicate with each other can communicate regardless of the underlying data link.

Although IP is also a protocol for packet switching, it does not have a retransmission mechanism. The packet is not retransmitted even if it fails to reach the peer host. Therefore, it is a non-reliable transport protocol.

  •  ICMP

If an IP packet fails to reach the destination ADDRESS of the peer due to an exception, an exception notification needs to be sent to the sender. ICMP was designed for this function. It is also sometimes used to diagnose the health of a network.

  • ARP

A protocol that resolves the physical address (MAC address) from the IP address of a packet.

2.2.4 the transport layer

The transport layer of TCP/IP has two representative protocols. The functionality of this layer itself is similar to that of the transport layer in the OSI reference model.

The transport layer’s primary function is to enable communication between applications. Inside a computer, more than one program is usually running at the same time. To do this, you must distinguish which programs are communicating with which programs. What identifies these applications is the port number.

  • TCP

TCP is a connection-oriented transport layer protocol. It can ensure the communication between hosts on both ends is reachable. TCP correctly handles packet loss and transmission sequence disorder during transmission. In addition, TCP can effectively use bandwidth and alleviate network congestion. However, in order to establish and disconnect, it sometimes requires at least 7 times of sending and receiving packets, resulting in wasted network traffic. In addition, to improve network utilization, TCP defines a variety of complex specifications, which is not conducive to video conferencing (audio and video data amount is set).

  • UDP

UDP is different from TCP in that it is a connectionless transport layer protocol. UDP does not care whether the peer end actually receives the transmitted data. If you need to check whether the peer end has received packet or whether the peer end is connected to the network, you need to implement this in the application.

UDP is commonly used in multimedia fields such as multicast, broadcast communication, and video communication with less packet data.

2.. 2.5 Application Layer [Layer above the Session Layer]

TCP/IP layered, the OSI reference model of the session layer, presentation layer and application layer functions are implemented in the application. Sometimes these functions are implemented by a single program, sometimes by multiple programs. Therefore, a closer look at TCP/IP’s application capabilities reveals that it implements not only the application layer of the OSI model, but also the session and presentation layer.

The architecture of TCP/IP applications overwhelmingly belongs to the client/server model. The program that provides the service is called the server end, and the program that accepts the service is called the client end. In this communication mode, the service provider is pre-deployed to the host, waiting to receive any request that the client may send at any moment.

2.3 TCP/IP Layered model

2.3.1 Datagram header

In each layer, the data to be sent is appended with a header that contains information necessary for the layer, such as the destination address to be sent and protocol-related information. Typically, the information supplied to the protocol is the packet header, and the content to be sent is data.

In each layer, the data to be sent is appended with a header that contains information necessary for the layer, such as the destination address to be sent and protocol-related information. Typically, the information supplied to the protocol is the packet header, and the content to be sent is data.

2.3.2 Sending Data Packets

Suppose a sends an email to B saying, “Good morning”. In terms of TCP/IP communication, E-mail is sent from one computer A to another computer B. Let’s use this example to explain the process of TCP/IP communication.

1). Application management

Start the application program to create an email, fill in the recipient email address, enter the email content “Good morning” by the keyboard, and click the mouse button “Send” to start TCP/IP communication.

First, coding takes place in the application. For example, Japanese E-mail is encoded using ISO-2022-JP or UTF-8. These encodings correspond to the OSI presentation layer functions. After the code conversion, the actual message is not necessarily sent immediately, because some mail software has the ability to send more than one message at a time, or users may click the “receive” button to receive new messages. Such functions as managing when a communication connection is established and when data is sent are, in a broad sense, part of the session layer of the OSI reference model.

The application establishes a TCP connection at the moment the email is sent, and uses this TCP connection to send data. The process is to send the application data to TCP at the next layer, and then do the actual forwarding processing.

2). Processing of TCP module

TCP follows the application’s instructions (this instruction about connections corresponds to the session layer in the OSI reference model). Is responsible for establishing connections, sending data, and disconnecting connections. TCP provides reliable transmission of data sent from the application layer to the peer end.

To implement this function of TCP, a TCP header needs to be attached to the front end of application layer data. The TCP header contains the source port number and target port number (used to identify the application on the sending host and receiving host), serial number (used to identify the part of the sent packet that is data), and Check Sum (used to Check whether the data is read properly). (To determine whether data is corrupted). The packet with the TCP header attached is then sent to the IP.

3).IP module processing

IP combines the TCP header transmitted from TCP and TCP data as its own data, and adds its OWN IP header to the front end of the TCP header. Therefore, the IP header in an IP packet is followed by the TCP header, followed by the application data header and the data itself. The IP header contains the IP address of the receiver and the IP address of the sender. Following the IP header is information to determine whether the data following it is TCP or UDP.

After an IP packet is generated, the route or host that accepts the IP packet is determined by referring to the routing control table. IP packets are then sent to drivers that connect to these routers or host network interfaces to actually send the data.

If you do not know the MAC Address of the receiving end, you can use Address Resolution Protocol to search for the MAC Address. If you know the MAC address of the peer end, you can send the MAC address and IP address to the Ethernet driver for data transmission.

4). Processing of network interface [Ethernet driver]

An IP packet passed from an IP is nothing more than data to an Ethernet driver. Attach an Ethernet header to the data and send it. The Ethernet header contains the MAC address of the receiving end, the MAC address of the sending end, and the protocol that identifies the Ethernet data of the Ethernet type. The Ethernet packets generated based on the above information are transmitted to the receiving end through the physical layer. Frame Check Sequence (FCS) in the sending process is calculated by the hardware and added to the end of the packet. The purpose of setting up FCS is to determine whether packets are corrupted due to noise.

2.3.3 Packets passing through data links

When packets flow, the Ethernet packet head, IP packet head, TCP packet head (or UDP packet head) and the application’s own packet head and data are appended from front to back. An Ethernet packet tail is appended to the end of the packet.

Each packet header contains at least two bits of information: the addresses of the sender and receiver, and the protocol type of the upper layer.

As each protocol layer passes, there must be information that identifies the sender and receiver of the packet. Ethernet uses MAC addresses, IP uses IP addresses, and TCP/UDP uses port numbers to identify hosts at both ends. Even within an application, information like an E-mail address is an address identifier. This address information is appended to the header of each packet as it passes through each layer.

In addition, each layered packet header contains an identifier bit, which identifies the type of protocol at the previous layer. For example, the Ethernet type in the packet header of Ethernet, the protocol type in IP, and the port number of two ports in TCP/UDP all play a role in identifying the protocol type. Even the header message of an application sometimes contains a label that identifies its data type.

2.3.4 Receiving and processing data packets

The packet receiving process is the reverse of the packet sending process.

Data link layer

3.1 Functions of Data Links

The protocol of the data link layer defines the specification of the transmission between devices interconnected by the communication medium. Communication media include twisted pair cable, coaxial cable, optical fiber, radio and infrared media. In addition, data is sometimes transferred between devices via switches, Bridges, Repeaters, and so on.

In fact, the data link layer and the physical layer are essential for data transmission between devices. As we all know, the computer to binary 0, 1 to express information, but the actual communication media between the processing is the voltage level, light flash out and the strength of the radio signal. It is the responsibility of the physical layer to convert these signals to binary zeros and ones. The data link layer does not process simple sequences of zeros and ones, but aggregates them into blocks called frames, which are then transmitted.

3.2 Data link related technologies

3.2.1 MAC address

MAC addresses are used to identify interconnected nodes in a data link.

The MAC address is 48 bits long. If a NIC is used, the MAC address is usually burned into the ROM. Therefore, the MAC address of any network card is unique in the world.

MAC Addresses are not always unique around the world. In fact, even if the MAC address is the same, as long as the data link is not the same, there will be no problem.

3.2.2 Shared media Network

Shared media network refers to a network in which multiple devices share a communication medium. The earliest Ethernet and FDDI were media sharing networks. In this way, the devices use the same carrier channel for transmitting and receiving. For this reason, half duplex communication is basically adopted, and it is necessary to control the media access.

There are two media access control modes in shared media network: one is contention mode and the other is token passing mode.

  • Contention way

Contention means Contention for access to data transmission, also known as CSMA (Carrier Sense Multiple Access). This approach usually makes each station in the network (nodes are often called “stations” in data links). If multiple stations send frames at the same time, conflicts will occur. This leads to network congestion and performance degradation.

In some Ethernet, another way to improve CSMA, CSMA/CD, is used. CSMA/CD requires each station to check for conflicts in advance and release channels as early as possible in the event of a conflict. Its specific working principle is as follows:

  • If there is no data flow on the carrier channel, any station can send data.

  • Check for possible conflicts. In the event of a conflict, data is aborted (a 32-bit special signal is actually sent that blocks the packet and then stops sending. The receiver determines that the frame is incorrect by the FCS of the frame at the time of the collision and thus discards the frame.) And immediately release the carrier channel.

  • After giving up sending, a random delay of a period of time, and then re – contention medium, re – send the frame.

CSMA/CD specific working principle:

  • Token passing mode

Token transmission is to send a special message called “token” along the token loop, which is a way to control transmission. Only the station with the token can send data. This approach has two characteristics: first, there is no conflict, and second, each station has the opportunity to get a token through an equal loop. Therefore, even network congestion does not cause performance degradation.

3.2.3 Unshared media networks

Unshared media network refers to unshared media and adopts a special transmission control mode for media.

In this way, each station in the network is directly connected to a switch, which is responsible for forwarding data frames. In this mode, the sender and receiver do not share communication media, so full duplex communication is adopted in most cases.

Not only does ATM use this mode of transport control, but it has recently become the mainstream mode of Ethernet. The Ethernet switch is used to build a network so that a one-to-one connection is formed between a computer and a switch port to achieve full-duplex communication. There is no conflict in this one-to-one connection mode of full-duplex communication, so more efficient communication can be achieved without the CSMA/CD mechanism.

3.3 Ethernet

Ethernet is the most famous and widely used data link. Ethernet has become the most compatible and developable data link in the future.

3.3.1 Ethernet Connection Mode

In the early days of Ethernet popularization, multiple terminals used the same coaxial cable shared media connection.

Now, with the improvement of the processing capacity and transmission speed of interconnection devices, Ethernet communication is generally realized by using an exclusive cable between terminals and switches.

3.3.2 Ethernet Classification

Different Ethernet types are derived from different communication cables and speeds.

“10” in 10BASE, “100” in 100BASE, “1000” in 1000BASE, and “10G” in 10GBASE refer to the transmission speed of 10 MBPS, 100 MBPS, 1Gbps, and 10 GBPS, respectively. The “5”, “2”, “T”, “F” and other characters appended to the end represent the transmission medium. Repeaters or concentrators that allow changing transmission media can be connected at the same transmission speed but with different cables. In the case of different transmission speeds, devices that allow varying speeds such as Bridges, switching hubs, or routers must be used.

Transfer speed versus performance values inside the computer: The computer uses binary internally, so the value closest to 1000 is represented by 2 to the power of 10. So we have the following equation.

1K=1024 1M=1024K 1G=1024M 
Copy the code

On Ethernet, clock frequency determines transmission speed. The following equation should not be confused with the above equation.

1K=1000 1M=1000K 1G=1000M
Copy the code

3.3.3 Ethernet Frame Format

An Ethernet frame is preceded by a Preamble, which consists of zeros and ones, indicating the beginning of an Ethernet frame and indicating that the peer network adapter can ensure synchronization with it.

The front end of the Ethernet frame body is the Ethernet header, which is 14 bytes in total. The value contains six bytes of the target MAC address, six bytes of the source MAC address, and two bytes of the upper-layer protocol type.

TCP/IP protocol

As the most important protocol in TCP/IP, IP is mainly responsible for sending packets to the ultimate target computer. Thus, IP enables communication between any two computers in the world.

4.1 IP Basics

4.1.1 Route Control

Routing refers to the ability to send packet data to the final destination address. Even if the network is very complex, routing control can determine the path to the destination address. Once the routing control is abnormal, packet data is likely to be “lost” and unable to reach the destination address. Therefore, a packet can successfully reach the final destination address, all rely on routing control.

Send data to final destination address:

Hop is translated into Chinese as “to Hop”. It refers to an interval in the network. IP packets are forwarded between hops in the network. Therefore, IP routing is also called multi-hop routing. In each interval, the path for packets to be forwarded at the next hop is determined.

Multi-hop routing means that a router or host only specifies the next router or host when forwarding IP packets, instead of specifying all the routes up to the final destination address. Because each interval (hop) will specify the operation of the next hop when forwarding IP packets until the packet reaches the final destination address.

4.1.2 IP is connectionless

IP is connectionless. That is, before sending packets, there is no need to establish a connection with the destination address of the peer end. If the upper layer encounters data that needs to be sent to the IP address, the data is immediately compressed into an IP packet and sent out.

In the case of faces with connections, connections need to be established beforehand. If the peer host is turned off or does not exist, the connection cannot be established. Conversely, an unconnected host cannot send data.

The connectionless case is different. Packets are sent even if the peer host is off or does not exist. Conversely, it is not known when or where a host will receive data. Network monitoring should generally be done so that hosts receive only packets destined for them. If you are not prepared, you may miss some bags that should be collected. Therefore, there may be a lot of redundant communication in a connectionless approach.

To expand: Why connectionless IP?

There are two main reasons: one is to simplify, and the other is to speed up. Connection-oriented processing is more complex than connectionless processing. Even managing each connection itself is quite a chore. In addition, each communication requires a prior connection, which slows down processing. When a connection is required, you can delegate this service to the upper layer. Therefore, IP adopts connectionless approach in order to achieve simplicity and high speed.

4.2 IP Address Basics

4.2.1 An IP address consists of a network identifier and a host identifier

The IP address consists of network IDENTIFIER (network address) and host identifier (host address). [/24 in 192.168.128.10/24 indicates the number of bits from the first to the number of bits belonging to the network identifier.]

Network identity configures different values for each segment of the data link. Network identifiers must ensure that the addresses of each connected segment do not duplicate each other. Hosts connected to the same segment must have the same network address. The Host ID of an IP address cannot appear repeatedly on the same network segment. Therefore, you can set the network address and host address to ensure that the IP address of each host does not overlap in the connected network. That is, the IP address is unique.

4.2.2 IP Address Classification

There are four levels of IP addresses: CLASS A, B, C, and D (and A still-unused class E). . It distinguishes the network and host identities of IP addresses based on the first to fourth bit columns in the IP address.

  • Class A address

A Class A IP address starts with 0. Bits 1 through 8 are its network identity. In decimal notation, 0.0.0.0 to 127.0.0.0 are class A network addresses. The last 24 bits of A class A address correspond to the host identifier. Therefore, a network segment can contain a maximum of 16,777,214 host addresses.

  • A class B address

A Class B IP address is an address whose first two digits are 10. Bits 1 through 16 are its network identity. In decimal notation, 128.0.0.1 to 191.255.0.0 are class B network addresses. The last 16 bits of a class B address correspond to the host identifier. Therefore, a network segment can contain a maximum of 65,534 host addresses.

  • Class C address

A Class C IP address is an address whose first three digits are 110. Bits 1 through 24 are its network identity. In decimal notation, 192.168.0.0 to 239.255.255.0 are class C network addresses. The last eight bits of a class C address correspond to the host identifier. Therefore, a network segment can contain a maximum of 254 host addresses.

  • The class D address

A Class D IP address is an address whose first four digits are 1110. Bits 1 through 32 are its network identity. In decimal notation, 224.0.0.0 to 239.255.255.255 are network addresses of class D. Class D addresses have no host identity and are often used for multicast.

4.2.3 Broadcast Address

Broadcast addresses are used to send packets between hosts connected to each other on the same link. Set all the host addresses in the IP address to 1 to become a broadcast address.

4.2.4 Subnet Mask

Once an IP address determines its classification, it also determines its network identity and host identity. For example, the first 8 bits of class A address (7 bits excluding the first “0”), the first 16 bits of Class B address (14 bits excluding the first “10”), and the first 24 bits of class C address (21 bits excluding the first “110”) are their network identifiers respectively.

4.3 IPv6

IPv6 [IP Version 6] is a standardized Internet protocol to fundamentally solve the problem of IPv4 address exhaustion. An IPv4 address contains four 8-bit bytes, that is, 32 bits. The length of an IPv6 address is four times that of an IPv4 address, namely 128 bits, usually written as eight 16-bit bytes.

The characteristics of IPv6

IPv6 makes all of these functions necessary, reducing the burden on administrators:

  • IP address expansion and routing control table aggregation

IP addresses still fit into the layered architecture of the Internet. Allocate IP addresses that match the address structure to avoid routing table expansion.

  • Performance improvement

The header length is fixed [40 bytes], and the header check code is no longer used. Simplify the head structure and reduce the load of the router. The router no longer performs fragment processing [Path MTU indicates that only the sending host performs fragment processing]

  • Support plug and play function

You can automatically assign IP addresses even if there is no DHCP server.

  • Authentication and encryption are enabled

Network security functions for forged IP addresses and line eavesdropping prevention (IPsec).

4.4 the IPv4 first

The IP header contains all the necessary information for IP protocol packet sending control.

  • Version 【Version】

The value consists of 4 bits, indicating the version number of the IP header. The version number of IPv4 is 4, so the value in this field is also 4.

  • The length of the first

The value consists of 4 bits, indicating the size of the IP header, in 4 bytes (32 bits). For IP packets with no options, the header length is set to 5. That is, when there are no options, the length of the IP header is 20 bytes.

  • Distinguish between service

It consists of 8 bits to indicate the quality of service.

  • DSCP segment and ECN segment

  • Total Length (Total Length)

Represents the total number of bytes in the IP header combined with the data part. The field is 16 bits long. Therefore, the maximum length of an IP packet is 65535 (=216) bytes.

  • logo

It consists of 16 bits and is used for sharding. The id values for the same fragment are the same, but the values for different fragments are different. Generally, its value increases with each IP packet sent. In addition, even if the IDS are the same, they are considered to be different shards if the destination address, source address, or protocol are different.

  • 【Flag】

The value consists of 3 bits, which indicates the information about packet fragmentation. Please refer to the following table for the specific meanings of each digit.

  • Slice offset

It consists of 13 bits and identifies the position of each segment to be sharded relative to the original data. The value for the first shard is 0. It consists of 3 bits, which indicates the information about packet fragmentation. The FO field takes up 13 bits, so a maximum of 8192 relative positions can be represented. The unit is 8 bytes, so it can represent the position of the original data 8×8192=65536 bytes.

  • TTL Time To live

Consisting of eight bits, it was originally meant to record, in seconds, how long the current packet should live on the network. However, in practice it refers to how many routers can be transferred. Each time it passes through a router, the TTL is reduced by 1 until it reaches 0 and the packet is discarded.

  • 【Header Checksum】 

Consisting of 16 bits (2 bytes), also known as the IP header checksum. This field validates only the header of the datagram, not the data portion. It is mainly used to ensure that IP datagrams are not corrupted. Checksum calculation process, first of all, the check and all the position is set to 0, and then based on the unit 16 bits IP header, and 1 complement 【 1 complement of integer arithmetic used in computer usually 2 complement way. But in the checksum calculation using 1 complement operation method. The advantage is that can even produce carry back to the first bit, It prevents missing information and can be used with two zeros. Computes the sum of all 16-bit words. Finally, the 1 complement of the resulting sum is assigned to the head checksum field.

  • Source address

The value consists of 32 bits (4 bytes), indicating the IP address of the sender.

  • The target address

The value consists of 32 bits (4 bytes) and represents the IP address of the receiver.

  • optional

The length is variable and is usually used only for experimental or diagnostic purposes.

  • fill

Also called fillings. If the options are available, the header length may not be a multiple of 32 bits. To do this, adjust to a multiple of 32 bits by populating the field with 0.

  • data

Store data. The IP header of the upper-layer protocol is also processed as data.

4.5 IPv6 header Format

In order to reduce the burden on the router, IPv6 omits the header checksum field. Because TCP and UDP use false headers for checksum calculation, it can verify whether the IP address or protocol is correct. Therefore, reliable transport can be provided at the TCP or UDP layer even if it cannot be provided at the IP layer. Therefore, the router does not need to calculate the checksum, which improves packet forwarding efficiency.

To make it easier for computers with 64-bit cpus to process, IPv6’s headers and options are made up of 8 bytes.

  • version

Like IPv4, it consists of 4 bits. IPv6 has a version number of 6, so the value in this field is “6”.

  • Traffic classes

The Type Of Service (TOS) field equivalent to IPv4 also consists Of 8 bits. The plan was to remove this field from IPv6 because TOS had little success in IPv4 and failed to become a productive technology. However, this field has been retained for future research.

  • Flow label

Consists of 20 bits, ready for quality of service control.

  • Payload Length

The payload is the data part of the package. The Total Length (TL) of IPv4 indicates all the lengths including the header. In IPv6, however, the Playload Length does not include the header, only the Length of the data part. Since the IPv6 optionality refers to the data connected to the IPv6 header, the Playload Length is the Length of all the optionable data.

  • Next head

Equivalent to an IPv4 protocol field. It consists of 8 bits. The upper layer protocol of IP is usually TCP or UDP. However, in the case of an IPv6 extension header, this field indicates the protocol type of the first extension header.

  • Hop count limit

It consists of 8 bits. This value is the same as TTL in IPv4. The name was changed to “Hop Limit” to emphasize the concept of “number of routers that can pass.” Each time the data passes through the router, it is reduced by 1, and when it reaches 0, the data is discarded.

  • Source address

It consists of 128 bits (8 16-bit bytes). Indicates the IP address of the sender.

  • The target address

It consists of 128 bits (8 16-bit bytes). Indicates the IP address of the receiver.

IP protocol related technologies

5.1 the DNS

Instead of using an IP address to access a website, we use a string of Roman characters and dots. Common users do not use IP addresses when using TCP/IP for communication. This can be done with the support of the Domain Name System. DNS can automatically convert that string to a specific IP address. This DNS works not only for IPv4, but also for IPv6.

The DNS query

So what is the mechanism for DNS queries, also called queries? In the figure, the computer in kusa.co.jp domain wants to access the website www.ietf.org. The DNS query flow is shown in the figure.

In order to investigate IP addresses, the resolver calls the DNS server. Perform query processing. The DNS server that receives the query first does a lookup in its own database. Returns if there is an IP address for the domain name. If no, the DNS server queries the root DNS server at the next layer. Therefore, as shown in the figure, the tree is traversed sequentially from the root until the specified DNS server is found, and the DNS server returns the desired data. Parsers and DNS servers temporarily store the latest information in a cache (the duration of the cache can be set on the domain name service that provides the information). This reduces the performance cost per query.

5.2 the ARP

Once the IP address is determined, IP datagrams can be sent to this destination address. However, at the underlying data link layer, it is necessary to know the MAC address of each IP address for actual communication.

5.2.1 ARP profile

Address Resolution Protocol (ARP) is a Protocol used to solve Address problems. Using the target IP address as a cue, it is used to locate the MAC address corresponding to the next network device that should receive data subcontracting. If the destination hosts are not on the same link, you can use ARP to search for the MAC address of the next-hop router. However, ARP is only applicable to IPv4, not IPv6. In IPv6, ICMPv6 can be used instead of ARP to send neighbor exploration messages

5.2.2 ARP Working mechanism

So how does ARP know the MAC address? To put it simply, ARP determines MAC addresses by means of two types of packets: ARP request and ARP response.

Assume that host A sends IP packets to host B on the same link. The IP address of host A is 172.20.1.1 and the IP address of host B is 172.20.1.1

The address is 172.20.1.2. They do not know each other’s MAC addresses.

To obtain the MAC address of host B, host A broadcasts an ARP request packet. This package contains the IP address of the host whose MAC address you want to know. In other words, the ARP request packet contains host B’s IP address 172.20.1.2. Since broadcast packets can be received by all hosts or routers on the same link, ARP request packets are resolved by all hosts and routers on the same link. If the destination IP address in the ARP request packet is the same as its own IP address, the node inserts its MAC address into the ARP response packet and returns it to host A.

5.2.3 requires RARP

RARP Reverse Address Resolution Protocol (RARP) is a Protocol that reverses ARP to locate IP addresses from MAC addresses.

5.3 the DHCP

5.3.1 DHCP plug and play

Therefore, in order to achieve automatic IP address setting and unified management IP address allocation, DHCP [Dynamic Host Configuration Protocol] came into being. With DHCP, computers can communicate TCP/IP as long as they are connected to the network. In other words, DHCP makes it possible to plug and use a physical device as long as it is physically connected. DHCP can be used not only in IPv4 but also in IPv6.

5.3.2 Working mechanism of DHCP

Before using DHCP, you must first set up a DHCP server (often routers in this network segment are used as DHCP servers). Then set the IP address to be assigned by DHCP to the server. In addition, set the corresponding subnet mask, route control information, and DNS server address on the server.

TCP and UDP【 key points 💖💖】

6.1 Functions of the Transport Layer

Before using DHCP, you must first set up a DHCP server (often routers in this network segment are used as DHCP servers). Then set the IP address to be assigned by DHCP to the server. In addition, set the corresponding subnet mask, route control information, and DNS server address on the server.

6.1.1 Communication processing

Most of TCP/IP application protocols run as clients/servers. Client [having the meaning of client. In a computer network, the party that provides and uses a service] is similar to client, the originator of a request. The server [in a computer network] means the program or computer that provides the service] is the processing end of the request. In addition, as a server, it is necessary to start the program in advance, ready to receive requests from the client. Otherwise, even if there is a client, please send over, but also unable to do the corresponding processing.

6.1.2 Two Transport Layer protocols: TCP and UDP

  • TCP

TCP is a connection-oriented, reliable streaming protocol. A stream is an uninterrupted data structure, which you can think of as the flow of water in a drainage pipe. When an application uses TCP to send messages, the order is guaranteed, but it is still like a data stream without any interval being sent to the receiver

TCP implements sequence control or retransmission control to provide reliable transmission. It also has many functions such as “flow control” and “congestion control” to improve network utilization.

  • UDP

UDP is an unreliable datagram protocol. It’s going to hand over the subtlety to the upper application. In the case of UDP, while you can ensure the size of a message sent, you can’t guarantee that it will arrive. As a result, the application sometimes performs retransmission processing as needed.

6.2 the port number

6.2.1 Identifying applications based on port numbers

You can run more than one program simultaneously on a single computer. For example, Web browsers that accept WWW services, email clients, SSH clients for remote login, and so on can run simultaneously. It is these port numbers that the transport layer protocol uses to identify the application that is communicating in the native machine and transfer data accurately.

6.2.2 How do I Determine the port Number

In actual communication, the port number must be determined in advance. There are two ways to determine the port number:

  • Standard specifies the port number

This method is also called static method. It means that each application has its own designated port number. But that doesn’t mean you can use just any port number. Each port number has its own purpose

  • Sequential assignment method

The second method is also called sequential (or dynamic) allocation. In this case, the server must determine the listening port number, but the receiving client does not need to determine the port number. In this way, the client application does not have to set the port number itself at all, leaving it to the operating system to assign it. The operating system can assign non-conflicting port numbers to each application. For example, each time a new port number is required, one is added to the number previously assigned. This allows the operating system to manage port numbers dynamically. According to this dynamic port number allocation mechanism, even if multiple TCP connections are initiated by the same client program, the five digits that identify these communication connections are not all the same. The dynamically allocated port number ranges from 49,152 to 65535.

6.3 the UDP

UDP stands for User Datagram Protocol. UDP does not provide complex control mechanisms and uses IP to provide connectionless communication services. And it is a mechanism for sending data from an application to the network as it is received.

Even in the case of network congestion, UDP cannot perform traffic control to avoid network congestion. In addition, UDP is not responsible for retransmission even if a packet is lost during transmission. There is no function to correct even when the arrival order of packets is out of order. If these details are needed, they have to be handled by udP-enabled applications.

UDP is a bit like what the user says and hears, but requires the user to take into account the upper-layer protocol type and develop the application accordingly. Thus, it could also be said that UDP follows “the instructions of those users who make the program.”

Because UDP is connectionless, it can send data at any time. In addition, UDP itself is simple and efficient, so it is often used in the following aspects:

  • Communication with a small amount of packets (DNS, SNMP, etc.)

  • Video, audio and other multimedia communication (instant messaging)

  • Restricted to application communication on a specific network such as a LAN

  • Broadcast communications (broadcast, multicast)

6.4 the TCP

TCP is quite different from UDP. It fully realizes various control functions in data transmission, including retransmission control in packet loss and sequence control in subcontracting out of order. None of this is available in UDP. In addition, as a connection-oriented protocol, TCP will only send data when it confirms the existence of the communication peer, so as to control the waste of communication traffic.

6.4.1 Features and purpose of TCP

TCP achieves reliable transmission through checksum, sequence number, acknowledgement, retransmission control, connection management and window control.

6.4.2 Improve reliability by serial number and confirmation reply

In TCP, when data from the sender reaches the receiving host, the receiving host returns a notification that the message has been received. The message is called ACK (Positive ACknowLEd-INTERFACES).

TCP implements reliable data transmission through affirmative ACK. After sending data, the sender waits for the peer to confirm the reply. If there is an acknowledgement reply, data has been successfully delivered to the peer end. Otherwise, the possibility of data loss is high.

If no acknowledgement is received within a certain period of time, the sender considers that the data is lost and resends the data. In this way, even if packet loss occurs, data can still reach the peer end and reliable transmission can be achieved.

Failure to receive an acknowledgement does not necessarily mean that data is lost. It is also possible that the data has already been received by the other party, but the acknowledgement returned was lost en route. In this case, the sender considers that the data has not reached the destination because it does not receive an acknowledgement and resends the data.

In addition, there may be other reasons for the delay in the arrival of the acknowledgement, and it is not uncommon for the acknowledgement to arrive after the source host has retransmitted the data. In this case, the source sending host only resends data according to the mechanism. But for target consoles, it’s a disaster. It gets the same data over and over again. In order to provide reliable transmission to upper-layer applications, duplicate packets must be discarded. To do this, a mechanism must be introduced that can recognize whether data has been received and whether it needs to be received.

These functions of acknowledgement processing, retransmission control and repeat control can be realized by serial numbers. The serial number is the sequential number assigned to each byte of the sent data. The initial value of the serial number is not 0, but is generated by a random number after the connection is established. The subsequent calculation is to add one to each byte. The receiving end queries the serial number and the length of the received data in the TCP header and sends back the serial number to be received in the next step as a confirmation reply. In this way, with serial numbers and acknowledgements, TCP allows reliable transmission.

6.4.3 How can I determine the retransmission timeout

The retransmission timeout is the specific amount of time that you wait for a confirmation reply to arrive before retransmitting data. If no acknowledgement is received within the specified time, the sender resends the data. How do you determine the length of the retransmission timeout?

Ideally, find a minimum time within which the confirmation reply is guaranteed to return. However, this time varies depending on the network environment through which the packet is transmitted. For example, the time is relatively short in high-speed LANS and should be longer over long distances. Even within the same network, the length of time varies according to how congested the network is at different times.

TCP requires high performance communication regardless of network environment and must maintain this feature regardless of changes in network congestion. To do this, it calculates the Round Trip Time (RTT) and its deviation (RTT Time fluctuation, sometimes called jitter) for each packet sent. The amount of time it takes to exceed the time when the round-trip time is weighted with the deviation is slightly greater than the sum.

There is a reason that the calculation of retransmission timeout takes into account both round-trip time and deviation. As shown in Figure 6, a large swing can occur depending on the round-trip time of the network environment, which occurs because the segments of packets arrive over different lines. The purpose of TCP/IP is to control even in this environment and try not to waste network traffic.

On BSD Unix and Windows systems, timeouts are controlled in units of 0.5 seconds, so the resend timeout is an integer multiple of 0.5 seconds. However, since the original packet does not yet know the round-trip time, its retransmission timeout is typically set to about 6 seconds.

If no acknowledgement is received after the data is retransmitted, the data is sent again. In this case, the waiting time for confirmation will increase by two times and four times exponentially.

In addition, the data will not be retransmitted indefinitely and repeatedly. If no acknowledgement is returned after a certain number of retransmissions, the system determines that the network or the peer host is abnormal and forcibly closes the connection. Notify the application of abnormal communication and forcibly terminate.

6.4.4 Connection Management

TCP provides connection-oriented communication transport. Connection-oriented refers to the preparation work between the two ends of the communication before the data communication begins.

UDP is a connectionless communication protocol. Therefore, UDP packets are directly sent without checking whether the peer end can communicate with each other. TCP, on the other hand, sends a SYN packet across the TCP header as a request to establish a connection, waiting for confirmation. (In TCP, the client that sends the first SYN packet is called the client, and the server that receives the packet is called the server.) . If the peer end sends an acknowledgement, data communication can be performed. If the peer’s acknowledgement reply does not arrive, no data communication takes place. In addition, disconnection processing (FIN packet) occurs at the end of communication.

TCP connections can be managed using fields in the TCP header that are used for control. The normal process of establishing and disconnecting a TCP connection requires at least 7 packets to be sent back and forth.

6.4.5 TCP sends data in segments

When establishing a TCP connection, you can also determine the unit of data packets to be sent. We can also call this “MSS: Maximum Segment Size”. Ideally, the maximum message length is exactly the maximum length of data in the IP that will not be sharded.

When TCP transmits a large amount of data, the data is divided into MSS size and sent. Retransmission is also done in MSS units. The MSS is calculated between hosts in a three-way handshake. When the hosts at both ends send a request to establish a connection, they write the MSS option in the TCP header to tell each other the size of MSS that their interfaces can accommodate.

6.4.6 Use window control to improve speed

The UNIT of TCP is 1 segment, and each segment is acknowledged. There is a drawback to this method of transmission. That is, the longer the round trip time of the packet, the lower the communication performance.

To solve this problem, TCP introduced the concept of Windows. It can control the degradation of network performance even in the case of long round trips. The forwarding time will be greatly shortened when the acknowledgement is made in larger units instead of each segment. That is, the sending host does not have to wait for an acknowledgement after sending a segment, but continues to send.

The window size is the maximum value at which data can continue to be sent without waiting for a confirmation reply. The window size is 4 segments.

This mechanism enables the use of a large number of buffers, which represent places to temporarily store incoming and outgoing data. A space opened up in computer memory, usually through the simultaneous acknowledgment of multiple segments.

The highlighted part of the sent data is the window mentioned earlier. Data in this window can be sent even if no acknowledgement is received. In addition, the data that can be seen from this window is lost in transmission, so the sender can receive the confirmation reply, which also needs to be retransmitted. For this reason, the sending host must keep this data in the buffer until the acknowledgement reply is returned.

The part outside the sliding window includes the data that has not been sent and the data that has been confirmed to have been received by the peer end. When the data is sent and the acknowledgement is received as expected, the data can be cleared from the cache without being resent.

Upon receipt of an acknowledgement, slide the window to the position of the serial number in the acknowledgement acknowledgement. This allows multiple segments to be sent sequentially simultaneously to improve communication performance. This mechanism is also known as sliding window control.

6.4.7 Window Control and Retransmission Control

What if a segment is missing when using window controls?

First, let’s consider the case where the confirmation reply does not return. In this case, the data has reached the peer end and does not need to be retransmitted. However, when window controls are not used, data that does not receive an acknowledgement is retransmitted. With window controls, some confirmation replies do not need to be resent even if they are lost.

When a packet segment is lost, the sender always receives an acknowledgement with the number 1001. This acknowledgement reminds the sender that “I want to receive data starting from 1001”. Therefore, in the case of a large window and packet segment loss, the acknowledgement with the same serial number will be repeatedly returned. If the sending host receives the same acknowledgement for three consecutive times (the reason why it receives the acknowledgement for three consecutive times instead of two times is that the retransmission mechanism will not be triggered even if the serial number of the data segment is changed twice), it will resend the corresponding data. This mechanism is more efficient than the time-out management mentioned earlier and is also known as high-speed replay control.

6.4.8 flow control

The sender sends data according to its actual situation. However, the receiver may receive an unrelated packet and may spend some time processing other problems. So it takes some time to do other processing for this packet, and even fails to receive any data under heavy load. As a result, if the receiver drops the data it is supposed to receive, the retransmission mechanism will be triggered, resulting in unnecessary waste of network traffic.

To prevent this from happening, TCP provides a mechanism for the sender to control the amount of data sent based on the actual ability of the receiver. This is called flow control. The way it works is that the receiving host notifies the sending host of how much data it can receive, and the sending host sends data up to this limit. This size limit is called the window size.

In the TCP header, there is a special field for notifying the window size. The receiving host notifies the sender of the size of the buffer it can receive in this segment. The larger the value of this field is, the higher the network throughput is.

However, when the buffer on the receiving end is faced with data overflow, the value of the window size is also set to a smaller value to notify the sender, thus controlling the amount of data to be sent. That is, the sending host controls the amount of data to be sent according to the instructions of the receiving host. This forms a complete TCP flow control.

When the receiving end receives the data segment starting from 3001, its buffer is full and it has to temporarily stop receiving data. After that, the communication can continue only after receiving notification of the update of the send window. If update notifications from this window are lost in transit, communication may not continue. To avoid this problem, from time to time the sender sends a data segment called window probe that contains only one byte to get the latest window size information.

6.4.9 Congestion Control

With TCP window control, sending and receiving hosts can continuously send a large number of packets, even if they no longer send an acknowledgement reply in a single data segment. However, other problems can arise if large amounts of data are sent at the beginning of communication.

Generally speaking, computer networks live in a shared environment. Therefore, there is also the possibility of network congestion due to communication between other hosts. If a large amount of data is suddenly sent during network congestion, it is very likely to cause the entire network to break down.

To prevent this problem, TCP controls the amount of data to be sent at the beginning of communication through a value derived from an algorithm called slow start.

First, in order to adjust the amount of data to be sent at the sending end, a concept called “congestion window” is defined. Therefore, in the slow start, the size of the congestion window is set to 1 data segment (1MSS) (if the slow start starts from 1MSS immediately after the connection is established, it will take a long time to improve the communication throughput through satellite communication and other means. For this reason, the initial value for slow start is sometimes set to a value greater than 1MSS. Specifically, the maximum value of MSS is 4MSS when the value is less than 1095 bytes, 4390 bytes when the value is less than 2190 bytes, and greater than 2MSS when the value exceeds 2190 bytes. The standard MSS value for Ethernet is 1460 bytes, so the initial value for slow start is 4380 bytes [3MSS]. Data is sent, and each subsequent acknowledgement (ACK) is received, the value of the congestion window increases by 1. When sending packets, the size of the congestion window is compared to the size of the receiving host notification window, and the smaller value is sent.

If a timeout mechanism is used for retransmission, the initial value of the congestion window can be set to 1 before slow start correction. With the above mechanisms, the network congestion caused by continuous sending of packets at the beginning of communication can be effectively reduced and the occurrence of network congestion can be avoided. However, with each round trip of the packet, the congestion window will also increase by 1, 2, 4 and other exponential functions, resulting in the surge of congestion and even the occurrence of network congestion. To prevent this, the concept of a slow start threshold was introduced. As long as the value of the congestion window exceeds this threshold, the congestion window is allowed to be enlarged only at the following scale on each confirmed reply:

The larger the congestion window, the greater the number of confirmations. But with each acknowledgement, the increase dwindles to less than the number of bytes smaller than a data segment. Therefore, the size of the congestion window tends to rise in a straight line.

TCP does not set a slow start threshold (the same as the maximum value of the window) when communication starts. Instead, it is set to half the size of the congestion window when timeout resends.

High-speed retransmissions triggered by repeated acknowledgement responses are handled somewhat differently than timeout retransmissions. Because the former requires at least three acknowledgement reply data segments to arrive at the host of the other party, the network congestion is lighter than the latter.

In the case of high-speed retransmission control by repeated acknowledgements, the slow start threshold is set to half the size of the window at that time (strictly speaking, it is set to half the amount of data that was actually sent but did not receive the acknowledgements). . Then set the window size to this slow start threshold +3 data segments.

With such a control, TCP’s congestion window changes as shown in Figure 6.21. As the size of the window directly affects the throughput of data being forwarded, generally, the larger the window, the higher the throughput will be.

When TCP traffic starts, network throughput increases gradually, but decreases rapidly as congestion occurs. Then it will enter the process of slowly increasing throughput again. So the throughput characteristics of TCP seem to be gradually occupying network bandwidth.

6.5 Format of the UDP header

The data portion is the header of UDP. The UDP header consists of the source port number, destination port number, packet length, and checksum.

  • The source port number

Indicates the sending port number. The field length is 16 bits. This field is optional, and sometimes the source port number may not be set. The value of this field is set to 0 when there is no source port number. Can be used in communication that does not require a return

  • Destination port number

Indicates the receiving port. The field length is 16 bits.

  • Packet length

This field stores the sum of the length of the UDP header and the data length

  • The checksum

Checksums are designed to provide reliable UDP headers and data. Append to UDP dummy headers and UDP datagrams when calculating checksums. Increase the length 16 times by adding a “0” to the last digit. In this case, set the checksum field of the UDP header to 0. And then to the complement of 16 bits for unit 1 (usually in computer is commonly used in computing the integer 2’s complement form. And in check and was used in the calculation of the complement form of 1, because even if there is an overflow will return to the first bit, don’t cause loss of information. And under this form 0 can have two kinds of representation, So use the advantage of 0 representing two different meanings, and write the resulting complement of 1 to the checksum field.

6.6 TCP header Format

The TCP header is much more complex than the UDP header.

  • The source port number

Indicates the sending port number. The field length is 16 bits.

  • Destination port number

Indicates the receiving port number. The field length is 16 bits.

  • The serial number

The field is 32 bits long. The serial number (sometimes called serial number) refers to the location from which data is sent. Each time data is sent, the size of the data byte is incremented.

The serial number does not start with 0 or 1, but with a random number generated by the computer as its initial value when the connection is established and passed to the receiving host via a SYN packet. The number of bytes forwarded is then added to the initial value to indicate the location of the data. In addition, SYN packets and FIN packets sent during connection establishment and disconnection do not carry data, but they also add the corresponding serial number as a byte.

  • Confirm answer number

The confirmation number field contains 32 characters. Is the serial number of the data that should be received next time. In fact, it refers to the data received up to the time when the confirmation reply number minus one has been received. After receiving this acknowledgement, the sender can assume that all data prior to this sequence number has been received normally.

  • Data migration

This field indicates the bit in the TCP packet from which the data portion transmitted by TCP should be calculated. It can also be regarded as the length of the TCP header. The field is 4 bits long in 4 bytes (that is, 32 bits). Without the option field, the TCP header is 20 bytes long, so the data offset field can be set to 5. Conversely, if the value of this field is 5, it indicates that the TCP header is from the beginning of the TCP packet to 20 bytes, and the rest is TCP data.

  • keep

This field is intended for later expansion and has a length of 4 bits. The value is generally set to 0, but even if the received packet is not 0 in this field, the packet will not be discarded.

  • Control bits

The field length is 8 bits, and each bit is CWR, ECE, URG, ACK, PSH, RST, SYN, and FIN from left to right. These control flags are also called control bits. When they have a value of 1.

  • CWR

The CWR flag and the ECE flag after it are used for the ECN field in the IP header. When the ECE flag is 1, the peer is notified that the congestion window has been reduced.

  • ECE

The ECE flag indicates ECN-Echo. If the value is set to 1, the communication party is notified that the network from the peer party is congested. ECE in the TCP header is set to 1 when ECN in the IP header of the received packet is 1.

  • URG

If the bit is 1, it indicates that there is data in the packet that needs urgent processing.

  • ACK

When the bit is 1, the acknowledgement field becomes valid. TCP specifies that this bit must be set to 1 in addition to the SYN packets that were initially used to establish the connection.

  • PSH

If the bit is 1, the data received must be immediately transmitted to the upper-layer application protocol. When PSH is 0, caching is performed first instead of immediate transmission.

  • RST

If this bit is 1, it indicates that the TCP connection is abnormal and must be forcibly disconnected. For example, an unused port cannot communicate even if it sends a connection request. You can return a package with RST set to 1. In addition, if the host restarts due to program downtime or power cut, all connection information will be initialized, so the original TCP communication will not continue. In this case, if the communicating party sends an RST packet set to 1, the communication is forced to disconnect.

  • SYN

Used to establish a connection. A SYN value of 1 indicates that the SYN wishes to establish a connection and initialize the serial number in the Synchronize field.

  • FIN

If the bit is 1, it indicates that no more data will be sent in the future and you want to disconnect the connection. When the communication ends, the hosts of both parties can exchange the TCP segment with FIN position 1 with each other. After each host confirms the reply to the FIN packet of the other host, the connection can be disconnected. However, the host does not have to reply to a FIN packet immediately after receiving a TCP segment with FIN set to 1. Instead, the host can wait until all data in the buffer is automatically deleted because it has been successfully sent.

  • The window size

The field is 16 bits long. Used to indicate the size of data that can be received starting from the position indicated by the acknowledgement number in the same TCP header. TCP does not allow you to send data larger than the size shown here. However, if the window is 0, window probes can be sent to see the latest window size. But this data must be 1 byte.

  • The checksum

The CHECKsum of TCP is similar to that of UDP, except that the checksum of TCP cannot be disabled.

  • Pointer to an emergency

The field is 16 bits long. This parameter is valid only when the URG control bit is 1. The value of this field represents a pointer to the emergency data in this paragraph. To be accurate, emergency data starts at the beginning of the data section and ends at the location indicated by the emergency pointer. Therefore, it can also be said that the emergency pointer indicates the position of the end of the emergency data in the message segment. How to handle emergency data is an application problem. Generally used in the case of temporary interruption of communication, or interrupted communication. For example, when you click the stop button in Web Explorer or type Ctrl + C using TELNET, you will get a package with URG 1. In addition, the emergency pointer is also used as a flag to indicate fragmentation of data flow.

  • options

The option field is used to improve TCP transport performance. The maximum length is 40 bytes because it is controlled by data offset [header length].

Application protocol and network security

This module introduces layer 5, Layer 6, and layer 7 upper half protocols in the OSI reference model.

8.1 Remote Login

Remote login is a result of applying the host-terminal relationship to a computer network to implement a TSS environment. In TSS, there is usually a main machine with a lot of processing power, surrounded by multiple terminal machines with less processing power. These terminals are connected to the mainframe by special lines. Similarly, applications that perform computing from one’s own local computer to the other end of the network are called remote logins. After logging in remotely to a general-purpose computer or UNIX workstation, you can not only use the applications on those hosts directly, but also set the parameters on those computers. TELNET and SSH are used for remote login.

8.1.1 TELNET

TELNET uses a TCP connection to send text commands to and execute them on the host. The local user seems to be directly connected to the Shell inside the remote host. The Shell is a user interface provided by the operating system to the user to facilitate the use of various functions in the system. It can interpret the user’s input from the keyboard or mouse. Sh, CSH, bash in UNIX fall into the same category as Expolorer in Windows and Finder in MAC OS.

8.1.2 SSH

SSH is an encrypted remote login system. When you log in to TELNET, you do not need to enter the password to send the message, which may cause the risk of communication eavesdropping and illegal intrusion. SSH can be used to encrypt communication content. Even if the messages were intercepted, it would not be possible to decipher the passwords sent, the specific commands given, and the results returned from the commands.

SSH also includes a number of very convenient features:

  • Stronger authentication mechanisms can be used.

  • Can forward files [UNIX can use SCP, SFTP and other commands]

  • Port forwarding can be used [can be displayed through X Window System serial port]

Port forwarding is a mechanism that forwards messages received on a specific port number to a specific IP address and port number. Because the content connected through SSH is encrypted, information security is ensured and more flexible communication is provided.

8.2 File Transfer

FTP is the protocol used to transfer files between two connected computers.

Summary of the working mechanism of FTP

What mechanism does FTP use to realize file transfer? It uses two TCP connections: one for control and the other for data transfer.

The TCP connection for control is mainly used in the control part of FTP. For example, you can verify the login user name and password, set the name of the sent file, and set the sending mode. With this connection, you can send requests and receive replies via an ASCII string. Data cannot be sent on this connection; it requires a dedicated TCP connection.

The CONNECTION for FTP control uses port TCP21. When files GET (RETR), PUT (STOR), and LIST (LIST) are performed on port TCP21, a TCP connection is established for data transfer. It is on this new connection that data is transferred and the list of files is transferred. When the data transfer is complete, the transmission connection is also disconnected, and the command or reply processing continues on the control connection.

Typically, TCP connections for data transmission are set up in the opposite direction to connections for control. Therefore, when NAT is used to connect to an external FTP server, the TCP connection used for data transmission cannot be directly established. In this case, you must use the PASV command to change the direction of establishing the connection.

Control connections remain connected until the user asks to be disconnected. However, most FTP servers will forcibly disconnect users who have not entered any new commands for a long time.

TCP connections for data transfer typically use port 20. However, you can change it to another value using the PORT command. Recently, for the sake of security, it is common to assign random numbers in the port numbers used for data transmission.

8.3 Email

E-mail, as the name suggests, is the postal service on the Internet. Through E-mail, people can send written text, digital photos, data calculated from various reports and other information that can be stored by computers.

E-mail can be sent from any two sides of the Internet around the world. If you don’t have email, you can’t receive the latest email messages while traveling. E-mail can also provide mail group services. It refers to the ability to send messages simultaneously to all users in a mail group. Email groups are now widely used for workplace or school announcements, and for people in different countries to discuss common topics. For these advantages, E-mail has become a widely used service.

How email works

The Protocol that provides email services is called Simple Mail Transfer Protocol (SMTP). SMTP uses TCP protocol in its transport layer in order to send mails efficiently.

In the early days of E-mail, a TCP connection was established between the sender host and the receiver host for mail transmission. After the sender writes the email, the content is saved on the hard disk of the sender host. Then, a TCP connection is established with the peer host to send the mail to the hard disk of the peer host. When the sending is complete, delete the message from the local hard disk. If the peer computer does not receive the mail due to unplugged, the sender sends the mail again after a certain period of time.

This method is very effective in improving the reliability of E-mail transmission. But as Internet applications become more complex, this system won’t work. For example, when the user’s computer turns off and on, E-mail can be sent and received only when both the sender and receiver are plugged in and started. Because Japan is in the 9pm east zone, there is a time difference between Japan and the US. Day in Japan is equivalent to night in the United States. If everyone turned on their phones only during the day, there would be no mail between Japan and the United States. Since the Internet is a network that connects everyone in the world to communicate, this time difference has to be taken into account.

8.4 the WWW

The World Wide Web (WWW, World Wide Web) is a system for presenting information on the Internet in the form of hypertext. Also called the Web. The client software that can display WWW information is called a Web Browser (Web Browser, sometimes shortened to Browser). . Popular Web browsers include Microsoft’s Internet Explorer, Mozilla’s Firefox, Google’s Chrome, Opera software’s Opera, and Apple’s Safari.

8.5 HTTP

HTTP processing begins when the user enters the URI of the Web page to be accessed in the browser’s address bar. HTTP uses port 80 by default. Its working mechanism is that the client first establishes a TCP connection to port 80 of the server, and then replies and sends data packets on this TCP connection.

conclusion

This blog is mainly about the content of TCP/IP, you can refer to its sister, should have a very clear understanding of network knowledge, for these common sense is often encountered in the interview and the bottom, suggest you collect, in case of need.

Thank you for your

  1. You can read its companion, HTTP and HTTPS.

  2. If you find this post helpful: Give it a thumbs up and make it available to as many people as possible, and I’ll keep you updated.

  3. Share your thoughts with me in the comments section, and record your thought process in the comments section.

  4. If you feel good, you can also check out my other articles on iOS underlying, Flutter and applets (thanks for digg’s encouragement and support 🌹🌹🌹).