History of Computer Networks
1. In the beginning, there was a dedicated computer at the center of a computer network that provided a remote online system. (Just like routers connected to hit CS, famine, one computer for the host, other auxiliary machine) 2. But it’s not safe. If the central machine is destroyed, it’s completely disabled. Therefore, ARPANET was proposed, where multiple hosts are interconnected through communication lines. At this time, a hundred schools of thought were competing, and there were many agreements and rules. The products of the two companies cannot communicate. At this time, ISO put forward the specification: open standardized architecture, OSI was born 4. Modern Internet
Computer Network Architecture (top priority)
OSI is divided into 7 layers, names have to be memorized! But OSI, in theory, in practice, is mostly TCP/IP model
TCP/IP model
The TCP/IP model is actually a TCP/IP protocol family, which has many protocols, dozens or hundreds of them.
The important protocols at each level
The process of transmitting data
At the sending end, the data is encapsulated layer by layer (the necessary data of the layer is encapsulated to the head). Each layer will pack its own work + data into a new package and pass it to the lower layer.
The receiver will unpack each layer layer by layer.
The reason for this design is the principle of single responsibility, where each layer only does what it is responsible for.
The term
Each layer has its own terminology. Data is usually referred to as a package.
Slice: Sends one slice (2046 bytes) of data each time. For example, if you want to send a 1 MB video, the 1 MB video is divided into 1000 pieces at the IP layer and then transmitted to the receiver one piece at a time. TCP combines the pieces into 1 MB videos according to the number of each piece.
TCP, UDP
TCP and UDP are transport layer protocols in the TCP/IP model.
TCP: provides a connection-oriented and reliable flow protocol. Features: connection-oriented, reliability, RTT and RTO, data sorting, flow control, full duplex. In other words, the two hosts that use TCP to communicate must first go through a process of establishing a connection, and only after the connection is established can data be transmitted. In the process of transmission, the “affirmative confirmation with retransmission” technology is adopted to realize the reliability of transmission. TCP also uses a method called “sliding Windows” for traffic control, and closes the connection after sending. So TCP is much more reliable than UDP.
UDP protocol: Connectionless communication protocol UDP sends data directly, regardless of whether the other party is receiving or can receive it, and does not require the confirmation of the recipient. It is an unreliable transmission and may cause packet loss. In practical applications, it requires programming verification.
General TCP with more, because reliable, security. UDP is not used to ensure that the data can be transmitted, such as video, audio, QQ. It’s nothing to lose a few frames of data.
Address and port number
Check the MAC address /IP address of the PC. CMD command is ipconfig /all
MAC address – Physical address – Physical layer/link layer physical address, physical address of each hardware, BIOS burned on the hardware. There are 48 MAC addresses. The first 24 bits are assigned to each vendor by IEEE, and the last 24 bits are determined by each vendor. This avoids Mac duplication, which can only be the last 24 bits, the vendor’s own problem. (This problem I have encountered, when the camera, by the user reaction to see someone else’s home screen. Then I checked and found that the camera manufacturer made two Macs.)
IP address-Logical Address-Network Layer IP address is the full name of the Internet protocol address. Its original meaning is to configure a unique logical address for each network and each host on the Internet, which is distinguished from physical addresses. Therefore, IP addresses are used to identify interconnected hosts and routers on TCP/IP networks. IP addresses are logical, flexible, not restricted by hardware, and easy to remember.
IPv4 and IPv6 IPv4:32-bit, 4 bytes. Xxx.xxx.xxx.XXX (0-255) so there are 2^8*2^8*2^8*2^8 *2^8 about 4.3 billion. IPv6:128 bits. Three representation methods: risk hexadecimal representation, 0 – bit compressed representation, embedded IPv4 address representation. X:X:X:X:X:X:X:X :X:X (each X ranges from 0 to FFFF) if 0, you can omit ::::
Port number – which process in the computer is used again – transport layer There is also an address equivalent at the transport layer, which is the port number. Port numbers are used to identify different applications that communicate on the same computer. Therefore, it is also called the program address
0 to 1023 (well-known port number) are used for protocols and systems, and cannot be used. 1024 to 49151 (Official registration) The program can register these port numbers by itself. 49152 to 65535 If the port number is not registered, the system will automatically assign the port number
Communication process
TCP,
Three-way handshake
The essence of the three-way handshake is that both the client and the server have their own Code bits, and each has to tell the other what their Code is and confirm that the other has received it.
First time: the client sends its flag bit to the server. Second time: the server receives the flag bit sent by the client and replies with the value +1. The server then sends its flag bit to the client for the third time: the client says I have received it.
Why three-way handshake TCP is connection-facing, so both parties need to confirm the connection.
Three-way handshake vulnerability -SYN flood Attack The client makes a large number of first handshake connections to the server, and the server replies and waits for the reply from the client. But the client doesn’t reply, wasting the server’s resources. The server is waiting there.
Invalid connection monitor release delay TCB allocation method firewall: Filter first if the connection is valid (the other party’S IP is real) and then give the server to process.
Four times to wave
The first time: the client and the server are actively closed. FIN=1 (Finish) seQ request is generated to close the connection. Second time: The server gets the request and says I got it. Reply ACK=1, seq=seq+1 Third time: The server initiates a CLOSE request with FIN=1, the seQ value of the server, and enters CLOSE (the server is in the closing state) fourth time: the client replies that I received ACK=1, seq=seq+1. And enter the TIME_WAITING state. This is the client is not closed, wait a maximum of 2*MSL (maximum message connection time, 2 minutes, generally 30 seconds) after closing. When the time was up, it CLOSED itself. After receiving the reply from the client, the server itself closes CLOSED.
- Why do you need to wave four times instead of shaking hands 2.3 times at the same time?
Because it is a full-duplex job (that is, the client and the server can send and receive requests to each other), the first time the client says I am not sending messages anymore. The server said I got it. The third time the server says, “I’m not sending any messages anymore.”
- Why is time-wait state required
1. Terminate the TCP connection reliably. Cannot ensure that the server received the final reply from the server (fourth wave). So just in case, wait for you, and if it doesn’t sound for a while, I’m turning it off. 2. The delayed TCP packet is discarded in sufficient time.
Packet capture tool – Wireshark
Wireshark official website: www.wireshark.org/
Open the list of captured packages:
That’s a lot of packets caught in a second, so you need a filter. There are two types of filters: capture filter and display filter.
The filter code is an expression: primitive + primitive +… Primitive = (determiner + < id number >) such as: the host 192.168.1.0 (capture the host address that 192.168.1.0) 8080 (port 8080) TCP port (capture TCP) if you want to multiple combination can && | | connection! Udp and IP addr = = 101.89.18.167
Open myAQL, and then capture and filter TCP packets. The first three packets are three-way handshake packets.
First: SYN packet
Second: SYN + ACK packet
Third: ACK packet
HTTP
HTTP protocol (Hypertext Transfer Protocol).
The URI and URL
The name of the Web server resource and the address used to describe the resource on a network
Schema: HTTP/HTTPS/FTp. host: IP address or domain name of the Web server Port: server port, which is 80 by default. Path: resource access path Query-string: query parameter
Methods: the GET/PUT/DELETE/POST/HEAD
A complete HTTP request
1. First perform DNS domain name resolution (local browser cache, operating system cache, or DNS server). http://www.baidu.com, find the IP address in the local cache, find the IP address in the operating system cache, find the IP address in the DNS server) 2.
3. The client initiates an HTTP request
4. The server responds to the HTTP request.
5. The client parses the HTML code and requests resources in the HTML code
6. Client render display content
7, close the TCP connection (http1.0 when each access is 1-7, will change than the connection. TCP connections will not be closed after HTTP1.0, after 1-6. Repeat steps 3-6. Http2.0 has IO multiplexing.)
DNS hijacking and HTTP hijacking
DNS hijacking When the domain name http://www.baidu.com is entered, the system searches for the IP address of the DNS server. In this case, if the DNS server returns a fake IP address through some techniques, so that it is connected to another web page, this is DNS hijacking. Example: when there is no Internet charge, it will jump to the recharge page. This is DNS hijacking done by the carrier. Still have input url, jump to advertisement page, Trojan page and so on. Solution: Redirect
HTTP hijacking refers to the process of HTTP request and HTTP response. When the request is connected to another website, the HTML file of the response is modified (such as inserting a section of JS and DOM code). Example: When visiting Github, a js advertisement is inserted into the HTML in response to the pop-up “I am a dregs, my brother will cut me” app store, carrier, click the HTTP connection, jump to their own app store. Solution: use HTTPS. HTTPS encrypts the packets transmitted by the client and server. (HTTPS resource consumption increases because of encryption and decryption.) The app store encrypts the URL. Prevent other app stores and carriers from jumping to his store.