1. Introduction to Computer networks
1.1. What is a computer network?
The use of communication lines will be geographically dispersed, independent function of the computer system and communication equipment according to different forms of connection, to complete the function of the network software and protocol to achieve resource sharing and information transfer system
1.2. What are the major networks
- Local area network (LAN)
- Metropolitan area network
- wan
An overview of the development of computer networks
- Birth stage, a single computer – centered remote on-line system
- ARPANET hosts are decentralized through communication lines
- Open standardized architecture, OSI was born ISO OSI reference model development system interconnection reference model IEEE TCP/IP model
- The Internet Internet
2, TCP/IP details
2.1. Computer network architecture
2.2. TCP/IP protocol family
TCP/IP Transmission control protocol/Internet Interconnection protocol is the most basic protocol of the Internet. It is the basis of the Internet and consists of IP protocol at the network layer and TCP protocol at the transport layer. The protocol uses a four-tier hierarchy. However, in many cases, it is the general name of the protocol group that must be used when using IP to communicate
| TCP/IP conceptual layer model | function | TCP/IP protocol family |
|---|---|---|
| The application layer | File transfer, E-mail, file services, virtual terminals | SNMP, TFTP, HTTP, FTP, SMTP, DNS, Telnet |
| The application layer | Data formatting, code conversion, data encryption | No agreement |
| The application layer | To release or establish a connection with another contact | No agreement |
| The transport layer | Provide an end-to-end interface | TCP UDP |
| The network layer | Select a route for the packet | IP, ICMP, RIP, OSPF, BGP, IGMP |
| The link layer | Transport address frame and error detection function | SLIP, CSLIP, PPP, ARP, RARP, MTU |
| The link layer | The transmission of data over physical media as binary data | ISO2110, IEEE802, IEEE802.2 |
TCP connection-oriented reliable streaming protocol UDP connection-oriented communication protocol eg: UDT HTTP3 DNS Video and audio
2.3 Data in network transmission
- Package omnipotence term
- Frames are used to represent units of packets in the data link layer
- A slice is a unit of data in IP
- Segments represent information in the TCP data stream
- A message is a unit of data in an application protocol
2.4 Addresses and port numbers in Network Communication
- MAC address, the unique address of the network device, the address written to the device cannot be changed, at the physical layer, link layer
- IP address: Network or host on the Internet assigned a unique logical address that can be changed, communication subnets divided,
- Port number: Used to identify different applications that communicate on the same computer. Also known as program address, 80 443 8080
2.5 basic FEATURES of TCP (Transmission Control Protocol
- After the connection-oriented communication is complete, the connection needs to be removed, end-to-end
The connection is virtual. If the three-way handshake packet is normal, a physical link is established: Fixed telephone TCP network transmission lines are not fixed, the reason for this design is decentralized, in case a network node fails to complete the communication, because the line is not fixed, so the order of the pieces received by the data receiver is not fixed, so there will be the following data sorting features
- Reliability Timeout retransmission and acknowledgement ensure reliable communication
- RTT (round-trip Time) and RTO (Retransmission Timeout)
Based on the round trip delay, the timeout period for retransmission timeout is recalculated
- Data sorting
IP layer sharding will sequence the packets, the data receiver will sort the slices,
- Flow control (sliding window)
It is possible that the two peer ends of the communication have different data processing capabilities, and the data receiving speed may be slower than the data sending speed. Therefore, the TCP reply message tells the peer how many bytes I can receive
- Full duplex
Communication Two peer ends can send or receive messages to each other at the same time
2.6 TCP three-way handshake
The client calls connect to establish a connection with the server. Seq: The client sends a SYN=1, SEQ =234112 packet to the server. The client enters the SYN_SENT state and waits for the server to reply. The server sends a reply packet: SYN=1, ACK=1, ACK= 23412+1. Seq =6478 tells the client with a lowercase ACK that I received your SYN packet. Now I send you a reply. The server goes into SYN_RCVD and the client receives the reply packet and checks if ack is equal to 1. After the check succeeds, the client responds to the server with ACK=1, ACK= 6478+1, and the client enters the ESTABLISHED state. The server receives the ACK packet from the client. The server enters ESTABLISHED, and data can be transmitted
Why three handshakes? TCP is connect-facing, so both parties need to confirm the establishment of the connection and confirm the sending and receiving capability of both parties. Because the SEQ sequence number is used to ensure the data sequence during data transmission, the SEQ of both parties must be confirmed. Exactly three handshakes is the minimum number of times to confirm the SEQ of both parties
To disconnect a TCP connection, the client and server need to send a total of four packets to confirm the disconnection. Procedure: First wave: the client sends a shutdown request second wave: the server responds to the shutdown request third wave: the server sends a shutdown request Fourth wave: the client sends a shutdown confirmation request
The client automatically closes the packet and calls the close method to send the FIN=1 SEQ =98745 packet to the server. The client enters the FIN_WAIT_1 state, indicating that the client no longer sends data to the server, but can receive data from the server. The server sends ACK=1 ACK= 98745+1 to the client. The server enters the CLOSE_WAIT state. The client enters the FIN_WAIT2 state after receiving the reply packet. After the server sends data to the client, it sends a packet to the client. The server enters the CLOSE state after the client receives the FIN packet from the server, the client enters the TIME_WAITING state, and the client sends the ACK packet with ACK=1, ACK= 76432+1. After the client receives the reply packet, the server enters the CLOSED state. The server is completely CLOSED and no longer sends or receives information. The client needs to hold TIME_WAITING for 2*MSL and then enter the CLOSED state. Max Segment life (Max segment life: 2 minutes defined in the RFC document, 30 seconds in most operating systems) Actual TIME — WAITING 1-4 minutes
Why do you need four waves? TCP is in full duplex (that is, the client and server can send and receive requests to each other). Therefore, both parties need to confirm the closure of the connection. Why is TIME_WAIT state required? The last reply packet of the client may be lost during network transmission. Therefore, the client must perform a retransmission to ensure reliable termination of TCP/IP and sufficient time for the late TCP packet to be identified and discarded
3. WireShark TCPDump
Packet capture tool Capture filter display filter BPF syntax expression: DST Host 192.168.0.10&& TCP port 80 The destination host address of the captured data is 192.168.0.10. The protocol is yes. The TCP port number is 80 DST host 192.168.0.10, TCP port 80 Two primitives use && to connect
DST (DIR qualifier to specify the transmission direction) host (Type qualifier to specify the meaning of the following digit) TCP (protocol qualifier) port(Type qualifier) 80
BPF can also limit the number of packets at a certain location TCP[13]&4=4 captures all packets where the fourth bit of the thirteenth byte of the packet is equal to four
Show filters! Udp and ip.addr=101.89.18.167 // Displays non-UDP packets whose IP address is 101.89.18.167
WireShark: TCP three – way handshake
Source IP address: 192.168.1.60 IP address of the client that initiates the HTTP request.
Destination IP address: 192.168.1.226 Indicates the IP address of the HTTP server
Destination IP address: 192.168.1.60 Source IP address: 192.168.1.226 Destination IP address of the CLIENT that initiates the HTTP request
Third packet resolution Source IP address: 192.168.1.60 IP address of the client that initiates the HTTP request; destination IP address: 192.168.1.226 IP address of the HTTP server
4, a complete HTTP request process
- DNS domain name resolution (local browser cache, operating system cache, or DNS server)
- The three-way handshake establishes a TCP connection
- The client initiates an HTTP request
- The server responds to the HTTP request
- The client parses the HTML code and requests resources in the HTML code
- The client renders the display
- Disabling a TCP Connection
A 1.0 connection cannot be multiplexed with 2.0IO multiplexing. A TCP connection can make multiple HTTP requests