TCP protocol

TCP belongs to the transport layer

The transmission layer controls the error of data to ensure the integrity and accuracy of transmitted data

Applications communicate with each other through ports bound to them

TCP is a port-based communication protocol

The port number ranges from 0 to 65535. The maximum number of 16-bit ports is all 1s.

In IP, each packet is numbered, whereas in TCP, each byte of data is numbered sequentially to keep the data accurate

The serial number is the start field number of the current data segment

For example, the data segment contains 100 bytes. The start byte is 201, the serial number is 201, and the confirmation number is 301

Data offset is not equal to slice offset, and the concept is different

For Apache, the default port for IIS is 80, and the default port for FTP server is 21

 

TCP three-way handshake

The first SYN=1,seq=x is a connection request packet with no data. If host B is not open, it will send an RST packet to break the TCP handshake

When ACK=1, it is used to confirm that the ACK number sent by the other party is valid and the ACK number determines the SEQ number. Therefore, ACK packets add one to the number sent by the other party to confirm that they received the SEQ packet from the other party

 

TCP waved four times

In the semi-closed state, USER B can still send data to user A. User A cannot send data back

TCP Retransmission: indicates the Retransmission of packets due to timeout

Td is the effective time for sending packets, which has a low time utilization rate on the channel

RTT is the average time to wait for a packet to return

Ta is the processing time after the acknowledgement packet is received

Sliding Window Protocol, belonging toTCP protocolAn application for traffic control during network data transmission to avoid congestion. This protocol allows the sender to send multiple packets of data before stopping and waiting for confirmation. Because the sender does not have to stop for confirmation every time a packet is sent. Therefore, the protocol can speed up data transmission and improve network throughput.

Automatic Repeat reQuest (ARQ) protocol means that the sender maintains a sending window of a certain size, and all groups in the sending window can be sent out continuously without waiting for the confirmation of the other party. So the utilization of the channel goes up. The sender slides the send window forward one group position each time it receives an acknowledgement.

Type A: sends all five packets and sends the packets after confirming receipt. If 1 does not acknowledge sending to the destination port, but 2, 3, 4, and 5 acknowledge receiving, timeout retransmission will resend all five packets

Type B: If 1 does not receive the confirmation message, it will timeout retransmission and the sending window waits for timeout retransmission before continuing to move

The TCP Dup is a notification packet that indicates that the sending host sends an error packet. The serial number of the response packet is different from the confirmation number of the request packet

TCP Fast Retransmission: Fast Retransmission of data packets

RST=1,ACK=1 indicates that the data packet is received, but requires disconnection and reconnection

TCP ZeroWindow: The receiving window is 0, indicating that messages cannot be received

This is often followed by TCP Window Update: open Windows, gradually expanding the number of Windows

TCP keep-alive: keeps the window open to enable the secondary connection transmission

Analyze HTTP flows: Right-click HTTP packets and trace HTTP flows

You can see that the GET mode is passed to the server to request access to the URL of the website

GET and HOST can form a complete domain name

UDP Protocol Analysis

DNS protocol

A local DNS server is similar to an ARP cache table. Find the top-level domain name of.com in the root domain, the level-1 domain name of.baidu.com, and the server corresponding to WWW in.baidu.com. The SERVER IP address is the corresponding domain name

The system queries the IP address of the domain name in the Host file C:\Windows\System32\drivers\etc on the local SERVER before querying the domain name

Detailed interpretation of the flag bit:

Client perspective: a request packet, a server IP return packet

Queries: requests (this packet requests the IP address of wireshark.org to the DNS server)

Answers: An answer to the request (returns the IP address of the site)

 

Server Angle:

After receiving the request packet from the client — the IP address corresponding to the domain name is not found on the local server, sending the request packet to another DNS server — receiving the reply packet from another server — returning the reply packet to the client

DHCP protocol

Switch principles and Routing

(loT Iot penetration) Advanced penetration:

Router attacks: The same switch can be divided into vlans. Data on each VLAN cannot communicate with each other. Cross-vlan attacks involve router attacks

Printer penetration

LAN: The same LAN

The MAC address aging time is different for each switch

A MAC address table is different from an ARP cache table. The MAC address table refers to the outbound port of the MAC address (remember the outbound port of the destination MAC address), while the ARP cache table refers to the IP address and MAC address (resolve the MAC address of the destination IP address).

When a MAC address is changed, the SYSTEM automatically broadcasts the MAC address to the local network segment, and both the ARP cache table and MAC address table are updated

A switch is a device at the data link layer. It has only the MAC address table but cannot resolve IP addresses. A Layer-3 switch can resolve IP addresses as MAC addresses only when it has the ARP cache table

On the console of the switch or router, you can use enable to set the rights

Line console 0 enters the console port mode, which only applies to the console port

The Console port is a typical configuration interface. Use the Console cable to directly connect to the serial port of the PC, and use the terminal emulator (usually the HyperTerminal provided by Windows) to configure the router locally.

A switch that supports network management usually has a Console port, which is used to configure and manage the switch. Connecting to and configuring the switch through the Console port is a must for configuring and managing the switch.

Practice here

Fastethernet is a port, each host is connected to a different port, and it is open with no shutdown when in use

Route Addressing Principle Overview:

How do I send the packet from host A to host B?

The MAC address table of a switch uses one IP address as an interface, and the routing table of a router uses one network segment as an interface

Routing table, which records information to different network segments

Sends and to the default route if no result is matched

· Route A, address 192.168.1.1

· Subnet mask 255.255.255.0

· Typical computer B, address: 192.168.1.129

· If the destination address is outside the network segment 192.168.1.1/24, for example, 114.114.114.114, the destination MAC address of the link layer frame is the gateway MAC address (BC :d1:…). , the destination IP address of the network layer is still 114.114.114.114.

During the use of gateway communication in the latter case, a few things probably happened

1. According to the routing table query, 114.114.114.114 uses 192.168.1.1 as the gateway to communicate. The interface is eth0. This is why it is said that “a gateway is a route”.

2. 通过 ARP 表查询得到,192.168.1.1 的 MAC 地址为 bc:d1:…

3. Send the preceding link layer frames to eth0

 

You do not need a router or gateway to communicate on your own subnet.

The gateway is used to communicate with other subnets (network to network).

If 114.114.114.114 does not find the corresponding MAC address in the routing table, it puts it in the default route 0.0.0.0 and sends it to the external router through the gateway 192.168.1.1. It finds the corresponding IP address in the routing table of the external router on the same network segment and then finds the corresponding MAC address in the ARP cache table. If no, the device broadcasts ARP packets, and finally finds the corresponding port in the MAC address table and sends the packets

Gateway is a router

Gateway: indicates the gateway, also called the next-hop router. When sending IP packets, the gateway defines the next-hop server to which the packets are sent for a specific network destination address. If you want to communicate with the outside world, you must pass through the gateway handle, you only need to throw the packet to the gateway, the gateway is responsible for the communication between you and the outside world. In a LAN, no routing is required.

Interface: defines the network interface used by the local computer to send packets to a specific network destination address. (that is, the egress IP of the local router to the destination)



Note: The gateway must be on the same subnet as the interface (except the default gateway). Otherwise, other routing entries need to be invoked when using this route entry, which may lead to route deadlocks.

This routing table is only the routing table of host A. There are routing tables on both the router and host B. How do you route them and we’ll talk about that in the next lecture, and we’ll talk about ports as well

For host A, the interface is the network interface that host A uses to send packets, so it is its own IP address

For example, when configuring a router, different interfaces on the same router have different IP addresses, and the gateway is the IP address of R2, not the interface.

For this R2 router, its interfaces are 202.100.10.2 and 202.100.20.1, and its IP is the gateway

*This section describes how to configure vlans(Configured in GNS3)

Vlans are divided into different Lans under the switch for the layer 2 network, that is, the switch

During the VLAN configuration process, right-click the switch and configrua the VLAN

Vlans are equivalent to two Lans. Two network segments cannot PING each other without routing and forwarding

A VLAN is a pair of ports

The VLAN is usually configured using the command line, but the GNS3 environment is not configured enough

*The ACL configuration(GNS3)

Example: Forbid R1 from accessing R3

Configure R1 and R3:

202.100.10.2 is the next-hop address

Configuration Description: Enter global configuration mode. Enter the IP address of interface 0/0 bound to R1 and R2

Exit the 0/0 NIC. Configure default routes for interfaces whose next hops are R2 and R1. Exit the global configuration mode

R2 configuration:

Route 2 has two interfaces to connect to the outside world. Therefore, configure the IP address and subnet mask of the interface twice

You do not need to configure the next hop address

After the configuration, R1 and R3 can PING through each other. Basic Settings are complete. Configure acLs as follows

Write error, need to enter global configuration mode to create ACL entry

In this example, data 202.100.10.1 (R1) is not received. However, THE PING of R1 in R3 fails. The PING command sends an ICMP packet, and the response packet is sent from R1 to R2

An ACL table is a table of a router and is similar to the Iptables filtering rules of an operating system

Network address translation NAT

The static NAT table translates the NAT internal IP address into an external IP address and then sends the IP address to the destination IP address. The external IP address of each internal IP address is different. When receiving a response packet, the corresponding external IP address can be sent to a specified machine

Only one extranet IP address is required. The Intranet IP address and port temporarily generate a mapping table with the extranet IP address and port. Take the table of this diagram

Understanding can

Commands for configuring standard ACLs Standard ACLs are filtered by source IP addresses in IP packets, and acLs numbered from 1 to 99 are created. A standard ACL occupies few router resources and is the most basic and simple ACL format. It is widely used and often used in situations requiring a low level of control.

To configure a standard ACL, run the following command in global configuration mode:

Router(config)#access-list access-list-number {remark  | permit | deny} protocol source source-wildcard [log]

Parameter Description:

parameter Parameter meaning
access-list-number Standard ACL numbers, ranging from 0 to 99, or 1300 to 1999
remark Add remarks to improve the legibility of ACLs
permit Access is allowed when conditions match
deny Access denied when conditions match
protocol Specify the protocol type, eg: IP,TCP,UDP,ICMP, etc
source  The network address or host address that sends packets
source-wildcard Wildcard mask, corresponding to the source address
log Log messages are generated for packets that meet the criteria and sent to the console

Second, after configuring a standard ACL, you can use the IP access-group command in interface mode to associate it with a specific interface:

Router(config-if)#ip access-group access-list-number  {in | out}

parameter Parameter meaning
ip access-group Standard ACL numbers, ranging from 0 to 99, or 1300 to 1999
access-list-number Standard ACL numbers, ranging from 0 to 99, or 1300 to 1999
in The in parameter restricts incoming connections between a particular device and an address in the access list
out The out parameter restricts outgoing connections between a particular device and addresses in the access list