The network layer is a large part of OSI and is involved in almost all network request libraries.

I. Network Layer (Network)

Network layer Packet (IP Packet: Packet) consists of header and data.

Data: Most often segments of data passed down from the transport layer.

Version 1.1 (Version)

It contains four bits (0B0100: IPv4, 0B0110: IPv6).

1.2. Length of head (Header Length)

The length of the IP header is 4 bits, indicating how many 32-bit words (4 bytes) there are in the IP header. The maximum length of the IP header is 60 bytes, since 4 bits represent a maximum of 15.

Minimum value: 0b0101(5 * 4 = 20)

Max. : 0b1111(15 * 4 = 60)

The first fixed part is 20 bytes, there’s a variable part, but a lot of times it’s 20 bytes. Since the maximum is 60 bytes, the variable portion is 40 bytes.

1.3. Differentiation of Services (Differentiated Services Field)

It occupies 8 bits and can be used to improve network QoS.

Includes three priority fields, one reserved field, and four TOS fields. The 4-bit TOS represent the minimum delay, maximum throughput, maximum reliability, and minimum cost respectively. At most one of them can be set to 1.

For example, when the client sends data to the server, the router identifies the priority of the differentiated service (for example, the priority value of differentiated service is 3) and allows the data to pass through preferentially.

1.4. Total Length (Total Length)

16. Indicates the length of the entire IP datagram, in bytes. The sum of the length of the header + data. The maximum value is 65535 (2^16-1) bytes.

However, due to the MTU limit (frame data cannot exceed 1500 bytes), packets whose length exceeds the MTU are fragmented and transmitted. Therefore, the actual transmitted IP packet length is far from the maximum. Therefore, large IP packets are divided into fragments, and each piece has its own network layer header (IP header).

Flags, flags, and slice offsets describe how sharding is done.

1.5. Marking (Identification)

The 16-bit ID of the packet. Its initial value is randomly generated by the system and increases by 1 each time a packet is sent. This value is copied to each shard during sharding, so that the identities of all shards of the same packet are the same.

1.6. (Flags)

Of three.

  • 1 a (Reserved Bit) :
  • Second,Don’t Fragment) : indicates whether to forbid sharding. 1 indicates that sharding is prohibited, and 0 indicates that sharding is allowed
  • Third,More Fragments) : are there more slices? 1 means not the last one, 0 means the last one. If you want to shard, all but the last shard must be set to 1.

1.7. Slice offset (Fragment Offset)

13. Is the offset of the shard relative to the beginning of the original IP datagram (only the data portion). The actual offset is obtained by shifting the value three bits to the left. So, except for the last shard, the length of the data portion of the shard must be an integer multiple of 8 (slice offset times 8: byte offset).

Why are we moving three places to the left?

Each fragment except the last must contain a multiple of 8 bytes of data. Because the fragment offset is encoded by 13 bits, it ranges from 0 to 8191 8-byte units. However, because “total length” also takes into account IP headers, the “fragment offset” maximum limit is actually 8189 units, not 8191 units. The total length is encoded as 16 bits, which means it is limited to 65535 bytes. Then, because the IP header is at least 20 bytes, the payload is limited to a maximum of 65535 bytes -20 bytes = 65515 bytes. If the 65515 bytes are divided by 8 bytes, the result may be 8189 at most, so the fragment offset is limited to 8189 at most.

1.8. Survival time (Time to Live)

About eight. If you set the maximum number of routers through which data can pass (the TTL value varies with operating systems), each router reduces the TTL by 1 before forwarding the packet. If the packet still does not reach the destination host after the TTL value is reduced to 0, the router discards the packet and sends an ICMP error message (the destination is unreachable). The main function is to prevent an infinite loop (route A hops route B, route B hops route A, data keeps going back and forth, if there is no TTL will generate an infinite loop).

By observing the TTL after the ping command is run, you can guess the operating system of the other party and how many routers pass through it.

1.9. The protocol (Protocol)

It is used to distinguish upper-layer protocols and indicate which protocols are used for encapsulated data.

1.10. Header inspection and (Header Checksum)

It is filled by the sender to check whether there is an error in the header. The receiver uses CRC algorithm to check whether the IP datagram header is damaged during transmission (only the header is checked, regardless of the data part).

1.11. Source AND Destination IP Addresses (Source Address, Destination Address)

Each takes 4 bytes. Used to specify the sender and receiver.

1.12. Several related uses of ping

  • ping -h: Check the use of ping (Windows:ping /?)
  • Ping IP address -l Indicates the packet size: Sends packets of a specified size
  • Ping IP address -f: Indicates that network layer fragmentation is not allowed
  • Ping IP address -i TTL: Sets the TTL value
  • throughtracert,pathpingCommand to track which routers packets pass through

If the Mac system uses ping to set the network layer for the first time, a message may be displayed indicating that the permission is insufficient and sudo authorization is required.

For more articles in this series, please pay attention to wechat official account [1024 Planet].