Understand the significance of the OSI seven-layer model

OSI network model is divided into seven layers, from bottom to top:

  • 1- Physical layer (network adapter without network cable)
  • 2- Data link layer * (ARP (binary) MAC address)
  • 3- Network layer * (IP protocol ARP (binary))
  • 4- Transport Layer * (TCP/UDP (binary))
  • 5 – the session layer
  • 6- Presentation layer (no data compression and security issues)
  • 7- Application Layer * (HTTP FTP protocol (text protocol))

As a software developer, we need to focus on the “four layers” : data link layer, network layer, transmission layer, application layer computer and computer communication are carried out through TCP/IP, TCP/IP is not a protocol, but a protocol family collectively. It includes IP protocol, IMCP protocol, TCP protocol, and we are more familiar with HTTP, FTP protocol and so on. With these, the computer can communicate freely with other computer terminals, just like learning a foreign language.

TCP/IP protocol family layer

  • Data link layer: Handles the nuts and bolts of interaction with physical devices
  • Network layer: Data is transmitted in packets across the network, and the network layer handles the movement of packets across the network
  • Transport layer: Also known as the transport layer, handles the details of end-to-end communication, by which I mean (ports and ports)
  • Application layer: Handles the details of network data interaction with applications

Data link layer

The data link layer serves three purposes:

  • The upper layer is the network layer, which sends and receives IP datagrams for IP modules.
  • Sends ARP requests and receives ARP replies for the ARP module
  • Send RARP for RARP sum up receive RARP reply IP is the network layer protocol, you should be familiar with. ARP, called the Address resolution protocol, converts an IP address into a MAC address. It converts a 32-bit IP address into a 48-bit Ethernet address, sends ARP broadcasts, and obtains the IP address and hardware address of the destination end. RARP is called the inverse Address resolution protocol.

Arp protocol

Arp Packet Format

  • Ethernet head

    • Ethernet destination address
    • Ethernet source address
    • The frame type

  • Arp request/reply

    • Hardware types
    • Protocol type
    • Length of the hardware address
    • Protocol address Length Length
    • operation
    • Ethernet address of the sender
    • IP address of the sender
    • Destination Ethernet address
    • Note the following items about the destination IP address:

  • The timeout period for accessing non-existent host addresses is usually 75 seconds, which is generally the timeout period for TCP connection requests

  • If the ARP reply is not returned, no TCP packet segment is sent. How to capture ARP data

    • Arp -a: Displays the ARP cache
    • Tcpdump -i Network interface ARP: monitors the ARP of a network interface
    • Tcpdump – D: There are many protocols in the data link layer of the network interface that can be monitored, including the most commonly used Ethernet protocol (that is, the network card we use at ordinary times), the less common token ring, FDDI, of course, and the PPP protocol (that is, ADSL broadband), as well as a loopback protocol, which is quite popular in China. Each data link layer protocol has a MTU (Maximum transmission unit) definition. If IP packets are fragmentation, each packet must be smaller than the MTU. Note that the MTU of PPP is not a physical definition. It refers to a logical definition (which I personally think is controlled by a program).

The network layer

The main functions of the network layer are as follows: the network layer identifies IP addresses, sends information to the correct host and processes the behavior of datagrams in the network. The main protocols of the network layer include IP, ARP, RARP, Internet Message protocol ICMP, And Internet group management protocol IGMP.

  • IP protocol and IP datagrams
    • IP is the core of TCP/IP. All TCP, UDP, IMCP, and IGCP data are transmitted in IP format. The IP protocol is used to connect multiple packet-switched networks. It transmits what are called packets between source and destination addresses and provides reassembly of data sizes to suit packet size requirements of different networks. It is important to note that IP is not a reliable protocol, that is, the IP protocol does not provide a mechanism for handling data after it is not delivered — > this is thought to be what the upper-layer protocols: TCP or UDP do. This makes the difference between TCP being a reliable protocol and UDP not so reliable.
    • The IP datagram format is as follows:

  • Protocol composition (fields in a strictly agreed order) :

    • Version: 4 bits
    • First length: 4 digits. Note that it refers to a decimal number represented by 4 digitsThe number of four bytes, 154. The maximum length of the header is 60 bytes
    • Service type: 8-bit. Most implementations do not support it
    • Total length: 16 bits, so the maximum IP packet is 65536
    • Identifier: a 16-bit identifier that uniquely identifies each datagram sent by the host
    • 3 bit flag +13 bit slice offset: ignore for now
    • Lifetime: 8 bits, the maximum number of routes a datagram can pass through
    • Upper layer protocol: 8 bits. What is the upper layer protocol corresponding to the IP packet
    • Header checksum: 16 bits to ensure correct TRANSMISSION of IP packets
    • Source IP address: 32-bit
    • Destination IP address: 32-bit

  • Routing:

    • The purpose of each IP packet transmitted on the network is to find the host address of the destination IP and finally reach the host. So each node through which an IP packet passes acts as a relay station, a route. So the operation of IP datagrams being routed by nodes is called routing.
    • The common routing mechanism is as follows: 1. The destination host is directly connected to the source host or on a shared network, and the route directly reaches the destination host 2. By default, it is forwarded to the router on the network and processed by the router in a unified manner

  • Routing matching algorithm:

    • If an entry with the same destination IP address exists in the routing table, the route is directly sent to the next hop
    • If an entry with the same network number as the destination IP address exists in the routing table, the route is sent to the next hop specified by the entry
    • If none of the above conditions is true, find the default entry and send it to the next hop specified by the entry
    • The host or network unreachable error is returned

  • Common commands:

    • Ifconfig: Displays the network interface
    • Netstat -rn: displays the routing table
    • Nststat -in: displays interface information. IP address: An IP address consists of a network id (including a subnet ID) and a host ID. The host ID of a network address is all zeros.

  • IP address classification:

    • Class A addresses start with 0, and the first byte is the network number. The IP addresses range from 0.0.0.0 to 127.255.255.255.
    • A class B address starts with 10. The first two bytes are the network number. The address range is 128.0.0.0 to 191.255.255.255.
    • A class C address starts with 110 and the first three bytes are the network number. The IP address ranges from 192.0.0.0 to 223.255.255.255.
    • A Class D address starts with 1110 and ranges from 224.0.0.0 to 239.255.255.255. A Class D address is a multicast address (one-to-many communication).
    • A Class E address starts with 1111 and ranges from 240.0.0.0 to 255.255.255.255. A Class E address is reserved for future use. Note: Only A,B and C have network numbers and host numbers. Class D addresses and class E addresses do not have network numbers and host numbers.

  • 255.255.255.255

This IP address refers to a restricted broadcast address. The difference between a restricted broadcast address and a common broadcast address (direct broadcast address) is that a restricted broadcast address can only be used on the local network. A router does not forward packets destined for the restricted broadcast address. A general broadcast address can be broadcast locally or across network segments. For example, after a broadcast packet is sent to host 192.168.1.1/30, another network segment 192.168.1.5/30 also receives the packet. If a restricted broadcast datagram is sent, it cannot be received. Note: Regular broadcast addresses (direct broadcast addresses) can pass through some routers (not all routers, of course), while restricted broadcast addresses cannot pass through routers.

  • 0.0.0.0

It is often used to find its own IP address. For example, in OUR RARP, BOOTP and DHCP protocols, if a diskless machine with an unknown IP address wants to know its own IP address, it takes 255.255.255.255 as the destination address. Sends packets of IP requests to servers that are locally scoped (specifically, scoped by individual routers).

  • Loopback address

127.0.0.0/8 is used as the loopback address. The loopback address represents the local address and is often used for testing the local device, with 127.0.0.1 being the most common.

  • Class A, B, and C private addresses

    • Private addresses are also called private addresses. They are not used globally but have local meaning.
    • Class A Private address: 10.0.0.0/8 the value ranges from 10.0.0.0 to 10.255.255.255
    • Class B private address: 172.16.0.0/12. The value ranges from 172.16.0.0 to 172.31.255.255
    • Class C Private address: 192.168.0.0/16. The value ranges from 192.168.0.0 to 192.168.255.255

  • Subnet mask An IP address is defined as a network number + a host number. But now all hosts require subnet addressing, that is, subdividing the host number into subnet number + host number. The final IP address becomes the network number, subnet number, and host number.

A subnet mask is a 32-bit address used to distinguish whether two IP addresses belong to the same subnet. If the two IP addresses are the same as their subnet masks, they belong to the same subnet. The subnet mask consists of 1 and 0, and 1 and 0 are consecutive. On the left is the network bit, represented by the binary number “1”; On the right is the host bit, represented by the binary number “0”. The purpose is to let the mask and IP address when doing the bitwise and operation with 0 to cover the original host number, without changing the original period of digital network, and it’s easy to determine if digits from 0 subnet number of the host (host 2 digits minus 2, because the host to 1 indicates that the network broadcast address, all 0 “when the network is the network number, these are the two special address). Only a subnet mask can be used to identify the relationship between a host subnet and other subnets, so that the network can work properly.

Default subnet mask 255.0.0.0 Class A Default subnet mask 255.0.0.0 A subnet can hold A maximum of 16.77 million computers. Class B Default subnet mask 255.255.0.0 A subnet can hold A maximum of 60,000 computers The default subnet mask of class C is 255.255.255.0. A subnet can hold a maximum of 254 computers

  • IP protocol -IP fragment
    • The IP address is fragmented based on the flag field and slice offset. The 16-bit IP address is copied to each fragment
    • There are three flags: the first is reserved field, default is 0; The second bit is 1 when IP fragmentation is not performed, and 0 when IP fragmentation is required. The last bit is 1 except for the last fragment
    • 13-bit slice offset: Indicates the starting position of the original packet
    • Note: When IP fragmentation occurs, only one piece of data is lost and the entire IP datagram needs to be retransmitted. When the first datagram of a given datagram arrives, the timer starts and all datagram pieces are discarded. Therefore, THE IP protocol is not reliable

The transport layer

  • The network layer protocol provides only point-to-point connections, while the transport layer protocol provides an end-to-end service, namely communication between application processes. Network layer protocols provide unreliable, connectionless and hard delivery services. Therefore, if the upper layer protocols require high reliability, they need to ensure reliability at the transport layer. The transport layer includes TCP and UDP.
  • TCP (Transmission control Protocol) is a reliable and connection-oriented protocol. It allows error-free information transfer between two hosts on a network. TCP also controls traffic to prevent congestion caused by fast transmission.
  • UDP is the user datagram protocol. It transmits data in connectionless mode. That is, the sender does not care whether the data reaches the target host or whether the data is wrong. The host receiving the data does not tell the sender whether it has received the data. Its reliability is guaranteed by upper-layer protocols.
  • The two protocols have their own advantages and disadvantages for data transmission in different network environments. Connection-oriented TCP has low efficiency but high reliability. It is suitable for the environment with poor network links or high reliability requirements. UDP is disconnected and unreliable, but it is efficient because it does not transmit much information unrelated to the data itself. It is often used in real-time services and error-insensitive applications. In this way, different protocols can be selected under different occasions and requirements to achieve the desired communication goals. I’ll take a closer look at TCP.

TCP protocol format

  • TCP is a connection-oriented reliable protocol, which provides a series of methods and means to achieve reliable data transmission.
  • First, TCP data segments are numbered to ensure the correct order of data. TCP data segments are encapsulated in IP packets for transmission. IP packets may pass through different paths. Therefore, IP packets may be out of order when they arrive, and the TCP data segments may be out of order. To solve this problem, TCP numbers data segments. The received data is resorted and sent to the application layer in the correct order
  • Second, the TCP receiver must have the function of discarding duplicate IP packets.
  • Again, TCP provides traffic control.

The implementation of various functions of TCP protocol depends on its header data structure. The TCP header contains a lot of important information about TCP data segments. The following describes the TCP header data structure in detail.

  • The 16 bits from 0 to 15 are the source port numbers. It is the port number corresponding to the sender process of the TCP data segment. This port number is a random number generated by the sender process, which uniquely identifies a process of the sender.
  • The 16 bits from 0 to 15 are the source port numbers. It is the port number corresponding to the sender process of the TCP data segment. This port number is a random number generated by the sender process, which uniquely identifies a process of the sender.
  • The second line is the 32-bit serial number, which provides a number in the range 0 to 2^32-1. After receiving data from the application program, TCP divides the data into different data segments based on the actual transmission capability. TCP uses this number to mark data segments. When the data arrives at the destination, the receiver rearranges the data according to this number to ensure data correctness.
  • Line 4 is divided into four sections.
    • Part 1 is the 4-bit header length, which can be used to determine the byte length of the header data structure. Generally, the TCP header is 20 bytes, but you can use this field when you want to expand the length of the header. For example, set all four bits to 1 to obtain the maximum length of the TCP header, 60. The maximum number of 4-bits is 1111, which in decimal form is L5, indicating that the head length is L5. Each row is 32 bits, or 4 bytes long, so the header length is 15 x 4=60
    • Part 2 has six reserved bits.
    • The third part is the six control bits. These six bits are very important. TCP connections, transmissions, and disconnections are directed by these six control bits
      • URG: The significant bit of the emergency pointer. It is used in conjunction with the 16-bit emergency pointer in line 5. When URG=1, TCP determines the position of the last byte of the emergency data based on the 16-bit emergency pointer. In this way, the receiver can prioritize accuracy and speed
      • ACK: The acknowledgement sequence number field is valid only when ACK=1. When ACK=0, the confirmation number is invalid.
      • PSH: When the flag bit is 1, the receiver is required to send the data segment to the application layer as soon as possible. The flag bit is used to speed up the processing of special data.
      • RST: indicates that the TCP connection is re-established when the value is 1.
      • SYN: indicates the sequence number of synchronization. TCP sets this position to 1 when it needs to establish a connection.
      • FIN: indicates the bit where the sender completes sending tasks. When TCP completes data transmission and needs to be disconnected, the position is set to 1 by the party proposing the disconnection.
    • Part 4 is the window size 1 6, it shows that the local can receive data segments, the number of the size of this value is variable, when network open this window value larger to speed up the transmission speed, when the network is not stable reduce this value can guarantee the reliable transmission of network data, TCP flow control mechanism is to rely on the change of the size of the window
  • The 16-bit checksum in line 5 is used for error control. When sending a TCP data segment, the sender calculates the checksum of all bytes of the TCP data segment. The checksum is computed again when the destination is reached. If the two checksums are the same, the data is basically correct. Otherwise, the data is considered corrupted and discarded by the receiving end
    • The 16-bit emergency pointer in line 5 is used with URG and is valid when URG=1. Used to indicate the position of the last byte of emergency data.
  • Line 6 is optional, only valid if the 4-bit header length is greater than 20, in which case more information is appended to the TCP header.
  • The seventh line is data, which is a part of the data segmented from the application layer and is the object of TCP protocol service. Before transmission, the TCP protocol assigns a sequence number to this part of the data, indicating the position of this part of the data in the overall data.

TCP is a connection-oriented service, that is, before data communication, the sender and receiver establish a connection. After the data is sent, the two parties disconnect. A TCP connection requires not only a port but also an IP address to identify the host to communicate with. Therefore, the sender IP address plus the sender port number in the IP header forms the sender of the connection. The IP address of the destination and the port number of the receiver determine the receiver of the connection. This uniquely identifies a TCP connection.

In TCP/IP, TCP is based on IP. IP protocol is a protocol corresponding to the network layer, it is an unreliable protocol. The reliability of TCP provides a reliable environment for IP, so that IP can ignore the reliability of transmission and focus on the functions of the network layer. This was the original intention of the protocol layering. TCP is considered a streaming transport layer service. It means that the TCP sender receives a stream of characters from the application, extracts the appropriate length from the stream to create a data segment, and then sends it to the network. The TCP receiver receives the data segment, extracts the data from it, sorts it if it does not arrive in sequence, and delivers it as a character stream to the receiver application. This completes the transmission of data.

TCP three-way handshake breaks four times

1. TCP three-way handshake

TCP establishes connections using port numbers for application correspondence. IP addresses and port numbers are used when a computer connects and communicates with other computers. Each side of the connection consists of an IP address and a port number. For example, when the Internet Explorer is used to access the Internet, the IP address can be obtained by parsing the entered URL, and there is an implied port number 80. This forms the server side of the connection. Similarly, the connected client will have its own IP address and port number. On the computer, you can run the netstat-n command to view the existing connection processes. The TCP connection establishment process is called the three-way handshake. The connection process is shown below:

  • The first handshake is when the client initiates a connection request by sending a data segment containing the SYN flag bit to the server. With this data segment, the client tells the server two things: I want to establish a connection with you, and also tells the server which serial number to use as the start of the data segment when transferring data.
  • The second handshake is the server’s corresponding client with a data segment with an ACK and SYN flag bits. It also serves two purposes: sending an ACK to notify the client that I have received a data segment; Notifies the client of the sequence number from which to start marking the data segment.
  • The third handshake is when the client sends another data segment to confirm receipt of the server’s data segment, and then the actual data transfer can begin.
  • All three handshakes are complete and data transfer will begin.

The three-way handshake has the following features:

  • There is no application layer data.
  • The SYN flag bit is set to 1 only when TCP establishes a connection.
  • The SYN flag bit is set to 0 after the handshake is complete.

2. TCP is disconnected for four times

TCP establishes a connection three times and terminates a connection four times. This is caused by TCP half-close. What is TCP half-closed?

Because a TCP connection is full-duplex (that is, data can be transmitted in both directions at the same time), each direction must be closed separately when it is closed. This one – way closing is called half – closing. This is done by sending a FIN to notify the other party that it is terminating the connection in this direction after one party has completed its data transmission. When one end receives a FIN, it must notify the application layer that the TCP connection has terminated traffic in that direction. Sending FIN is usually the result of an application layer shutdown.

TCP disconnection takes four steps, but the last two steps are similar to the first two, except that the two parties who close the connection switch roles

  • The client sets the FIN control bit to 1 and requests to stop the TCP connection.
  • After receiving the FIN, the server responds to confirm that the TCP connection in this direction will be closed.
  • The server then requests the shutdown in the opposite direction and sets the FIN to 1.
  • The client responds to the shutdown proposed by the server, and the two-way shutdown ends.

After a total of four steps, the TCP full-duplex bidirectional connection is normally closed.

  • In the data transmission phase, the client sends the data segment with serial number 100 to the server, and the server sends the confirmation data segment with serial number 300 and confirmation number 10L after receiving it. At this point, the client and server have completed data transmission.
  • The client disconnects from the server and sends the data segment with the SERIAL number 101 to the server. The FIN flag is set to 1. At the same time, the client confirms the data segment sent from the previous server with the confirmation number 301 and sets the ACK number to 1.
  • After receiving the disconnection request, the server sends the acknowledgement data segment with serial number 301 and acknowledgement number 102 to perform a passive shutdown. At this point, the client – server half shutdown is complete.
  • Then the server sends a disconnection request with the serial number 301 and FIN set to 1 to the client to disconnect the connection from the server to the client.
  • The client receives the FIN, responds with an acknowledgement sequence with an acknowledgement number of 302, and performs a passive shutdown. At this point, TCP disconnection is complete.