Tells the host where the packet is from and to which upper-layer protocol or application (destination port) it is sent.
32-bit serial number
The number of each byte of a byte stream in a transmission direction during a TCP communication, from the time the TCP connection is established to the time it is broken
32-bit confirmation number
Used as a response to a TCP packet segment sent by the other party
4 bit head length
Identifies how many 32-bit words (4 bytes) this TCP header contains. Because four bits represent a maximum of 15, the TCP header is 60 bytes long.
Sign a URG
URG flag: indicates whether the emergency pointer is valid.
Mark an ACK
ACK flag: Indicates whether the confirmation number is valid. We call the TCP packet segment that carries the ACK flag an acknowledgement packet segment
Sign a PSH
PSH flag: Indicates that the receiving application should immediately read data from the TCP receive buffer to make room for subsequent data to be received.
Sign a RST
RST flag: Asks the peer party to re-establish the connection. We call the TCP packet segment carrying the RST flag the reset packet segment.
Sign a SYN
SYN flag: Indicates that a connection is requested. A TCP packet segment with the SYN flag is called a synchronous packet.
Sign a FIN
FIN flag: Notifies the peer that the local end will close the connection. We call the TCP segment carrying the FIN flag the end segment.
16 bit window size
Is a means of TCP traffic control. Tell the other party how many bytes of data the local TCP receive buffer can hold, so that the other party can control the speed of sending data
16-bit checksum
The packet is filled by the sender. The receiver performs the CRC algorithm on the TCP packet segment to check whether the TCP packet segment is damaged during transmission
16 bit emergency pointer
Is a positive offset. This is added to the value of the ordinal field to indicate the ordinal number of the next byte of the last emergency data
3 Use wireshark to verify what we said
Open the Wireshark and set the capturing network adapter.
parsing
First handshake: When establishing a connection, the client sends a SYN packet with a sequence code to the server for confirmation. Then the client enters the SYN_SEND state for confirmation. (Initiated connection status)
Second handshake: After receiving a SYN packet, the server acknowledges the client’s SYN packet, increments the sequence code by one, and sends its own SYN packet with its own sequence code, namely, SYN+ACK packet. At this time, the server enters the SYN_RECV state. (Connection receiving status)
Third handshake: After receiving the SYN+ACK packet from the server, the client sends the ACK packet to the server and adds 1 to the sequence code of the server. After the packet is sent, the two ends enter the ESTABLISHED state and complete the three-way handshake. After that, the server and the client start data transmission. (Establish connection state)
Let’s talk about the Linux network programming API
Common Linux network programming apis
1 Common apis for Linux network programming
At a minimum, the following API interfaces need to be known. If you can, you can also talk about blocking non-blocking, multiplexing select, poll, epoll, etc.
2 Sticky packages
Suppose we want to send the following two sentences consecutively to the server. (1) i respect you (2) you respect me
Ok, so there’s always a chance that the server will get something like “I respect you respect me” and the server will be confused. What is that? Because we have not signed an agreement on such a structure, we need to subcontract, so how to divide also need to organize a better structure. One common approach is to store the length of the data that needs to be sent in the packet header to ensure acceptance.
Why not two or four handshakes again?
Why not four handshakes? Boyfriend Blue: Honey, can you hear me? In the afternoon, I’m going to the concert of “Landlord’s cat”. Girlfriend: Yes, I can hear you. Can the dog hear me? Boyfriend Blue: Can you hear me, honey? Can you hear me? Girlfriend Small: Huh? Are you Blue Han? I don’t say I can hear, is it necessary for me to say again!! Do you want to go to a concert alone?
Hahaha, that’s four handshakes, one more futile effort. Keep in mind that all it takes is the ability to send and receive.
Why not shake hands twice? Boyfriend Blue: Honey, can you hear me? Girlfriend: I can hear you. Can you hear me? (With the ability to receive and send)
Well, here the boyfriend blue did not accept the ability, the girlfriend said the boyfriend blue may not receive. Follow-up also do not know how to operate! So what could possibly go wrong?
Suppose that cientA is blocked on its first link. As shown in the figure below. At this time, I did not receive any reply from the server, so I tried to send it again. This time, I was connected to the server without being blocked. This is the time to make love, then disconnected the link.
At this time, the client that was blocked just now found that the network condition was very good, so it went to link to the server. The server did not care about the situation. When the server came, I allocated resources to you and replied to you. However, the client thinks you have been lost long ago, so it will not communicate with the server. This is the end, the server allocation of resources allocated in vain, this is a waste of resources on the server side. Is it possible for the server to run out of resources when the network is super poor?
Insert a picture description here
Insert a picture description here
Finally, I’ll talk about tools for analyzing web applications
The mind map of network program debugging tool
Insert a picture description here
Insert a picture description here
2 explain each gadget in detail
tcpdump
A similar tool in Windows is Wireshark, which is implemented using the underlying library Winpcap /libpcap. BPF filtering mechanism is adopted. Let’s look at the implications of the different parameters provided.
Parameter names
meaning
-n
The host is represented by an IP address. Use numbers to represent ports
-i
Specifies the port to listen on. If the value is “-i any”, it indicates all network adapter packets in the residential area
-v
Output more detailed information such as TTL in IP packets
-t
No timestamp is printed
-e
Display Ethernet frame header information
-c
Only a specified number of packets are captured
-x
Displays data packets in hexadecimal format
-X
Output not only the -x result but also the ASCII hexadecimal characters
-s
Set the packet capture length
-w
To direct the output to a file, typically with the pCAP suffix
-r
Read the packet from the file and display it
Now that we know the parameters, let’s look at a few examples
Perform a task
Execute the command
Capture a specific network port packet
tcpdump -i eth0
Capture a specific number of packets (1000)
tcpdump -c 1000 -i eth0
Save the captured package to a file
tcpdump -w a.pcap -i eth0
Read the package in PCAP format
tcpdump -r a.pcap
Added a timestamp to capture packets
tcpdump -n -ttt -i eth0
Specifies the protocol type for capturing packets
tcpdump -i eth0 arp
Capture the specified port
tcpdump -i eth0 post 22
Capture a packet for a specific destination IP +port
tcpdump -i eth0 dst address and port 22
Capture DNS requests and responses
tcpdump -i eth0 -s0 port 53
Matches Http request headers
tcpdump -s 0 -v -n -l
lsof
Lists the file descriptor tools currently open on the system. You can tell which processes are using the descriptor of interest
Again, let’s look at the parameters
parameter
describe
-i
Displays the Sokcet file descriptor
-c
Displays all file descriptors opened by the specified command
-t
Only the process PID with the object file descriptor open is displayed
Same old rules. Just a couple of examples
Perform a task
The command
List all web links
lsof -i
Lists all udp network links
lsof -i udp
Lists who is using a port
lsof -i :3306
Lists who is using a particular TCP port
lsof -i tcp:80
Lists the file information according to the file description scope
lsof -d 2-3
nc
“> < p style =” max-width: 100%; clear: both; I do not know whether you use nc to do something with shell in the infiltration process. It is used to quickly build web links. Used to debug client programs.
parameter
describe
-i
Set the interval at which packets are sent
-l
Run in server mode. The default is client run
-k
Repeatedly accept and process all links on a port
-p
Force the client to use the specified port at runtime
-C
Use the characters CR and LF as terminators
-u
Udp protocol is used. Default TCP
-X
The default soCKs5 protocol is used for communication between the nc client and other proxy servers.
-z
Scan the target machine for a range service
A case in point
Perform a task
Execute the command
Scan machine A for service with port number 30-40
nc -z A 30-40
The port number for connecting to server A is 5000
Netstat is a network statistics tool. It can get all the information on the network interface, routing table information, network interface information and so on. We usually use it in network programming to display TCP connections and state information.
parameter
describe
-n
The host is represented by an IP address
-a
The command output contains the listening socket
-t
Only TCP connections are displayed
-r
Displaying Routing Information
-i
Displays the data traffic of the nic interface
-c
The output is performed every 1s
-o
Displays information about the socket timer
-p
Displays the PID and name of the process to which the socket belongs
Here are some common examples
Perform a task
Execute the command
List all connections
netstat -a
Only TCP or UDP is listed
netstat -at/netstat -au
Lists the connections in the listener
netstat -tnl
Obtain the process name, process number, and user ID
nestat -nlpt
Printing statistics
netstat -s
Netstat continues output
netstat -ct
Prints connections in active state
netstat -atnp | grep ESTA
Check whether the service is Running (NPT)
netstat -aple| grep ntp
vmstat
Vmstat displays information about system processes, memory usage, and CPU usage in real time
parameter
describe
-f
Displays the number of forks performed since the system was started
-s
Display memory-related statistics
-d
Display disk statistics
-p
Displays statistics about a specified disk partition
count
Sampling times.
Take a look at what output fields vmstat has.
Insert a picture description here
Insert a picture description here
The field name
describe
procs
R represents the number of processes waiting to run. B represents the number of processes in an uninterruptible sleep state
memory
SWPD: amount of virtual memory used. Free: indicates the free memory. Buff: Amount of memory used as buffer. Cache: The amount of memory used for caching.
swap
Si: amount of memory exchanged from a disk (/s). So: Amount of memory swapped to the disk (/s).
io
Bi: Blocks /s received from a block device. Bo: Blocks /s sent to a block device.
system
In: Number of interrupts per second, including the clock. Cs: Number of context switches per second.
Note here that if you look at the disk in more detail, there are additional iostat confidence gains that are more detailed
mpstat
It can monitor the usage of each CPU in multi-processor system in real time. Yum install systat yum install systat yum install systat
Insert a picture description here
Insert a picture description here
Then let’s see what each field means.
field
describe
cpu
Indicates which CPU the current information belongs to
%usr
The percentage of CPU elapsed time that a process is running in user space
%nice
The percentage of total CPU elapsed time that a process with a negative nice value runs in user space
%iowait
Ratio of the CPU waiting time to the total CPU running time
%irq
The percentage of total CPU elapsed time spent processing hardware interrupts
%soft
The percentage of CPU elapsed time devoted to processing software interrupts
%steal
A pair of virtual cpus. While the super administrator is processing one virtual CPU, the other waits for it to complete. This wait time is represented as the steal time as a percentage of the total elapsed time
%guest
Ratio of virtual CPU time to total CPU time
%idle
Ratio of system idle time to total CPU running time
Six end
Well, that’s the end of today’s article, if you’ve read this far, tieji! Thank you very much! Pay attention, don’t run away
The article will start with wechat, you can search wechat [I am a programmer xiao Jian] the first time to view.
Later, I will update several frequent interview topics and my summary articles every week. If you feel that you have learned something, you can triple click, like, follow and share.
Creation is not easy, your support and recognition, is the biggest motivation for my creation, we will see you in the next article!
If there are any mistakes in this blog, please comment, thank you very much!
