The Origin of the Internet? 3.1 Physical layer 3.2 Data link layer 3.2.1 Ethernet Ethernet protocol 3.2.1.2 Data frame transmission 3.2.1.3 MAC address 3.2.1.4 unicast 3.2.1.5 broadcast 3.2.2.1 Path MTU 3.2.2.2 Path MTU Discovery Method 3.2.2.3 Traceroute 3.3 Network Layer 3.3.1 IP Protocol: 3.3.3.2 IP packet composition 3.3.3.2 IP partition principle 3.3.3.3 Master IP routing 3.3.4 ARP protocol 3.3.4.1 ARP packet format 3.3.4.2 ARP query principle 3.3.4.3 ARP cache 3.3.5 ICMP protocol 3.4, transport layer 3.4.1 UDP protocol 3.4.2 TCP protocol 3.4.2.1 TCP packet 3.4.2.2 TCP connection control 3.4.2.3 TCP flow control mechanism (four mechanisms = four algorithms) 3.4.2.4 Timeout retransmission mechanism 3.4.3 Why do UDP and TCP have a pseudo header 3.5, application layer 3.5.1 DNS protocol 3.5.2 FTP protocol 3.5.3 HTTP protocol 3.5.3 HTTPS protocol 3.6, Socket 3, network communication implementation 3.1 Four basic elements for each host to realize network communication 3.2 There are two ways to obtain these four elements 3.2.1 Static access 3.2.3 Dynamic access 4. Take the network communication process when the host visits the website as an example 4.1 The whole process is basically divided into the following parts 4.2 It is described in detail below 4.2.1 Resolution of domain name into IP address 4.2.2 TCP connection with destination (three handshakes) 4.2.3 Send and receive data 4.2.4 Disconnect with destination (four waves) 4.2.5 To summarize

First, the origin of the network? The essence of the Internet is a series of network protocols.

One hardware has an operating system, and then the software is installed and you can use it normally. Everyone has their own machine, but they are isolated from each other.

In fact, the principle of communication between two computers is the same as that between two people on the phone. Mandarin is the standard for communication between people in China, but what about communication between people from two countries? The problem is, you can’t ask a person/computer to master all the world’s languages/standards, so you have the world’s standard for communication: English

Conclusion: English has become the unified standard for all the people in the world to communicate. If we regard computers as people distributed all over the world, then the Internet connecting two computers is actually a series of unified standards, these standards are called Internet Protocol, the essence of the Internet is a series of protocols. It’s called the Internet Protocol Suite.

What the Internet Protocol does: The standards that define how computers access the Internet and the communication between computers that access the Internet.

Two, network protocol introduction

Internet protocols are divided into seven layers of OSI or five layers of TCP/IP according to their functions

Hierarchical model -TCP/IP

TCP/IP model also adopts a hierarchical structure, layer to layer is relatively independent but also has a very close cooperation with each other.

The TCP/IP model divides the network into four layers. TCP/IP model does not pay attention to the underlying physical media, but mainly focuses on the logical data flow between terminals. The core of TCP/IP model is the network layer and the transport layer: the network layer solves the logical forwarding problem between the networks, and the transport layer guarantees the reliable transmission between the source end and the destination end. The topmost application layer provides business applications to end users through various protocols.

Each layer runs common physical devices

Data encapsulation

Application data needs to be processed by each layer of TCP/IP before it can be transmitted to the destination through the network. Each layer uses the layer’s ProtocolDataUnit (PDU) to exchange information with each other.

Segment: For example, the PDU obtained by adding TCP header to the upper-level data in the transport layer; Packet: The data segment is passed to the network layer, and the network layer adds the PDU obtained by the IP header. Frame (data Frame) : The packet is transmitted to the data link layer and encapsulates the PDU obtained by the header of the data link layer; Finally, the frames are converted to bits and transmitted over the network medium. This process of passing data down the stack layer by layer and adding headers and tails is called encapsulation.

We will apply the layer, the presentation layer, the session layer and the application layer, from the point of view of TCP/IP five layer protocol to explain the origin and function of each layer, make clear the main protocol of each layer, understand the principle of the whole Internet communication.

First of all, what users perceive is only the top layer of application layer, and each layer depends on the next layer from top to bottom, so we start from the bottom layer to better understand that each layer runs a specific protocol, and the higher it goes, the closer it is to the user, and the lower it goes, the closer it is to the hardware

3.1 Physical layer

The computers must be connected to the Internet if they want to play together

Physical layer function: mainly based on electrical characteristics to send high and low voltage (electrical signal), high voltage corresponds to the number 1, low voltage corresponds to the number 0

3.2 Data link layer simple electrical signals 0 and 1 have no meaning, must specify the number of electrical signals in a group, what is the meaning of each group

Function of the data link layer: defines the grouping of electrical signals

The evolution of Ethernet frame formats

In 1980,Intel and Xerox formulated the standard of Ethernet I, and in 1982,Intel and Xerox formulated the standard of Ehternet II In 1985, IEEE introduced the IEEE 802.3 specification. Later, in order to solve the compatibility problem of Ethernetii and 802.3 frame format, it introduced the compromise Ethernet SNAP format

(The early Ethernet I has been completely replaced by other frame formats, so now Ethernet can only see the latter Ethernet frame formats, which are supported by most network devices. For example, Cisco routers can specify different Ethernet frame formats when setting Ethernet interface: ARPA, SAP, SNAP, Novell-ether).

3.2.1.1 Ethernet Protocol Packets must encapsulate header and tail information before being propagated over Ethernet physical media. The encapsulated data packet is called the data frame, and the information encapsulated in the data frame determines how the data is transmitted. There are two formats for data frames transmitted over the Ethernet network, and the choice of which format is determined by the network layer in the TCP/IP protocol cluster.

In the early days, each company had its own way of grouping, and later a unified standard was formed, namely Ethernet protocol

Ethernet stipulates that: a group of electrical signals constitute a data packet, called “frame”, and each data frame is divided into two parts: header HEAD and data

Ethernet_II frame format:

The fields in the frame of Ethernet_II are described as follows:

HEAD contains :(fixed 14 bytes)

Sender/source address, 6 bytes

Receiver/destination address, 6 bytes

The data Type has 2 bytes, and the Type field (Type) identifies the high-level protocol contained in the data field. The frame with type field 0x0800 represents IP protocol frame; The frame with the type field value of 0806 represents the ARP frame.

Data contains :(minimum 46 bytes, maximum 1500 bytes)

The specific content of the packet: HEAD length + DATA length = minimum 64 bytes, maximum 1518 bytes, if the maximum limit is exceeded, the packet will be sent in slices

The FCS cyclic redundancy check field provides an error detection mechanism. The field length is 4 bytes.

3.2.1.2 Data frame transmission

The data link layer transfers frames based on MAC addresses. Ethernet can uniquely identify network devices through MAC address on L2 link and realize the communication between network devices in LAN. MAC addresses are also called physical addresses, and most network card manufacturers burn MAC addresses into the ROM of the network card. The sender uses the receiver’s MAC address as the destination address. After the encapsulation of the Ethernet frame is completed, it will be converted into bitstream through the physical layer and transmitted on the physical medium.

3.2.1.3 MAC address

Ethernet provides that all devices accessing the Internet must have a network card. The address of the sender and the receiver refers to the address of the network card, namely the MAC address.

MAC address: Each network card comes out of the factory with a unique, 48-bit binary address, usually represented by a 12-bit hexadecimal number (the first six digits are the vendor number, the last six are the pipeline number).

For example, the first 24 bits of the MAC address of Huawei’s network products are 0x00E0FC. The last 24-bit serial number is the unique number assigned by the manufacturer to each product, which is assigned by the manufacturer itself (this can be a network card or any other device that requires a MAC address).

3.2.1.4 unicast



Frames on a LAN can be sent in one of three ways. The first is unicast, which means sending from a single source to a single destination. Each host interface is uniquely identified by a MAC address, and in the OUI of the MAC address, the 8th bit of the first byte represents the address type. For the host MAC address, this bit is fixed to 0, indicating that frames with a destination MAC address are sent to a unique destination. In a conflict domain, all hosts can receive unicast frames sent by the source host, but other hosts will drop the received frames if the destination address is inconsistent with the local MAC address. Only the true destination host will receive and process the received frames.

3.2.1.5 radio

With the MAC address, the two hosts in the same network can communicate (one host through the ARP protocol to obtain the MAC address of another host) Ethernet uses the most original way, broadcast way to communicate, that is, computer communication basically by roar



The second method of transmission is broadcast, which means that frames are sent from a single source to all hosts on the shared Ethernet network. The destination MAC address of the broadcast frame is FF:FF:FF:FF:FF:FF :FF:FF:FF:FF:FF :FF:FF:FF:FF:FF. All hosts that receive the broadcast frame will receive and process the frame.

Broadcast mode will generate a large amount of traffic, resulting in low bandwidth utilization, thereby affecting the performance of the entire network.

Broadcast is usually used when all hosts in the network need to be able to receive and process the same information.

3.2.1.6 Multicast The third way of sending is multicast, which is more efficient than broadcast. Multicast forwarding can be understood as a selective broadcast in which the host listens for a specific multicast address and receives and processes a frame whose destination MAC address is that multicast MAC address.

Multicast MAC addresses and unicast MAC addresses are distinguished by the eighth bit in the first byte. The eighth bit of a multicast MAC address is 1, while the eighth bit of a unicast MAC address is 0.

Multicast is usually used when a group of hosts (but not all hosts) on the network are required to receive the same information, and other hosts are not affected.

3.2.1.7 Summary How do network devices determine the upper-layer protocol of Ethernet data frames?

The Ethernet frame contains a Type field that indicates to which upper-level protocol processing the data in the frame should be sent. For example, the Type value for IP is 0x0800, and the Type value for ARP is 0x0806.

What does the terminal device do when it receives a data frame?

The host checks the destination MAC address in the frame header, and if the destination MAC address is not the native MAC address, or the multicast or broadcast MAC address that the native listens on, the host discard the received frame. If the destination MAC address is the native MAC address, the frame is received, the frame check sequence (FCS) field is examined and compared with the locally calculated value to determine whether the frame integrity has been maintained during transmission. If the check passes, the header and tail are stripped, and the Type field in the header is used to determine which upper-level protocol to send the data to for further processing.

Ethernet II is more suitable for transmitting large amounts of data than IEEE 802.3SAP and SNAP, but the lack of control over the data link layer is not conducive to the transmission of data requiring strict transmission control. In practice, Ethernet packets in most applications are Ethernet II frames (HTTP/ TELNET /FTP/SMTP/PO P3, etc.), while BPDU between switches is IEEE802.3SAP frames. The VLAN Trunk Protocol 802.1q and Cisco CDP use IEEE802.3 SNAP frame.

MTU is the Maximum Transmission Unit. It is the maximum packet size (in bytes) that can pass through a layer of a communication protocol.

3.2.2.1 Path MTU Path MTU is the minimum value of the maximum transmission unit for all IP hops along the “path” from the source address to the destination address in an Internet transmission path. Or, to put it another way, the maximum number of transmission units that can cross this “path” without sharding.

3.2.2.2 Path MTU Discovery Method This is a technique to determine the maximum transmission unit in the path between two IP hosts in order to avoid IP sharding. First source address to a datagram of DF position, sent in a gradual increase in the size of the datagram grouping any need to shard – path of equipment the datagram will be discarded and returns the datagram is too large “ICMP response to the source address – so that the source host is” learning “to could be through this path without fragmentation of the largest maximum transmission unit.

Traceroute Traceroute is an important tool for detecting the routing between the host and the destination host. Here’s how it works: After receiving the IP of the destination host, it first sends a UDP packet with TTL=1 to the destination host (three 40-byte packets are sent each time, including the source address, the destination address and the time label of the packet). After the first router that passes through receives the packet, the TTL will be automatically reduced by 1, and after the TTL becomes 0. The router throws the packet away and simultaneously generates an unreachable ICMP datagram for the host. After receiving this datagram, the host sends a UDP datagram with TTL=2 to the destination host, and then stimulates the second router to send an ICMP datagram to the host. And so on until the destination host. This way, traceroute gets all the router IP.

Traceroute extracts the IP address of the device sending the ICMP TTL expiration message and does domain name resolution. Each time, Traceroute prints out a list of data, including the domain name and IP address of the routing device it passes through, and how long each round trip of the three packets took.

3.3. Network layer

Ethernet, a MAC address, the broadcast way of sending, computer can communicate with each other in the world, the problem is the world of Internet is made up of one of the isolated small local area network (LAN), so if all communication using Ethernet broadcast mode, then a machine to send bag will receive all over the world, It’s not just inefficiency, it’s a disaster

Conclusion: A way must be found to distinguish which computers belong to the same broadcast domain and which do not. If they do, they are broadcast and if they do not, they are routed (sending packets to different broadcast domains/subnets). MAC addresses cannot be distinguished, it is vendor dependent.

Network layer functionality: a new set of addresses is introduced to distinguish different broadcast domains/subnets. This set of addresses is called network addresses

3.3.1 IP protocol: The protocol that stipulates the network address is called IP protocol, and the address defined by it is called IP address. The widely used version of V4 is IPv4, which stipulates that the network address is represented by 32-bit binary system, with a range of 0.0.0.0 to 255.255.255.255.255. An IP address is usually written as a four-segment decimal number, for example: 172.16.10.1

The IP address is divided into two parts:

Note: The pure IP address section only identifies the type of IP address. Neither the network section nor the host section can identify the subnet where an IP is located

Example: 172.16.10.1 and 172.16.10.2 are not certain that they are in the same subnet

3.3.2 Subnet Mask A subnet mask is a parameter that represents the characteristics of a subnetwork. Formally equivalent to an IP address, it is also a 32-bit binary number with all 1’s for the network part and all 0’s for the host part. 172.16.10.1, for example, IP address, if known network part is the first 24 bits, the host part is eight, after the subnet mask is 11111111.11111111.11111111.00000000, written in a decimal is 255.255.255.0.

By knowing the subnet mask, we can determine whether any two IP addresses are on the same subnetwork. The method is to take two IP addresses AND the subnet mask, respectively (if both digits are 1, the result is 1, otherwise it is 0), AND then compare the results to see if they are the same, if they are, they are in the same subnetwork, otherwise they are not.

For example, if the IP address 172.16.10.1 and 172.16.10.2 have a subnet mask of 255.255.255.0, are they on the same subnetwork? AND respectively with the subnet mask,

To summarize, there are two main functions of the IP protocol: one is to assign IP addresses to each computer, and the other is to determine which addresses are on the same subnetwork.

IP packet is also divided into head part and data part. There is no need to define a separate field for IP packet, and it is directly put into the data part of Ethernet packet

Head: length from 20 to 60 bytes data: maximum of 65,515 bytes. The “data” part of an Ethernet packet, on the other hand, is only 1,500 bytes long. Therefore, if the IP packet exceeds 1500 bytes, it needs to be split into several Ethernet packets and sent separately.

Master IP head format such as 16-bit sharding mark, DF non-sharding mark, MF more sharding mark ↓ 13-bit slice offset, 8-bit TTL, 16-bit head check and so on

3.3.3.2 Principle of IP sharding How to avoid IP sharding (restrict IP sharding at the application layer or transport layer), determine the order of IP sharding, and how to confirm that all sharding has arrived at the client side

3.3.3.3 Master IP routing 3.3.4 ARP protocol Computer communication basic on roar, radio, all of the bag at the end of the upper to the etheric WangTou encapsulation, and then sent via Ethernet protocol, referring to the Ethernet protocol, we learned that communication is based on the MAC broadcast mode, computer is in the contract, it is easy to obtain its own MAC, how to obtain the target host MAC, You need to use the ARP protocol

ARP protocol function: broadcast way to send packets, get the target host MAC address

The protocol works: Each host IP is known

3.3.4.2 ARP query principle 3.3.4.3 ARP cache 3.3.5 ICMP protocol Master ICMP protocol message format and two categories of messages: query + error, two kinds of query messages + five kinds of error messages

3.4, transport layer, network layer IP to help us to distinguish the subnet, Ethernet MAC layer to help us find the host, and then everyone is using the application, your computer may be at the same time open qq, storm video, such as multiple applications, then we found a through the IP and MAC specific host, how to identify the application on the host, The answer is ports, which are the numbers the application is associated with the network card.

Transport layer function: establishes port – to – port communication

Added: Port ranges 0-65535 and 0-1023 are system occupancy ports

3.4.1 UDP protocol master UDP protocol: including features + the first part of each field

Unreliable transmission, the “header” part is only 8 bytes in total, and the total length is not more than 65,535 bytes, which fits into an IP packet.

3.4.2 TCP protocol reliable transmission, TCP packet has no length limit, theoretically can be infinite long, but in order to ensure the efficiency of the network, usually the length of TCP packet will not exceed the length of IP packet, to ensure that a single TCP packet does not need to be divided.

3.4.2.1 TCP

Mastering TCP protocol: features ten first fields + reliable mechanism factory

3.4.2.2 TCP connection control

Five situations: three handshakes, four waves, simultaneous opening, simultaneous closing, and half-closing

3.4.2.3 TCP flow control mechanism (four mechanisms = four algorithms) Sliding window, slow start, congestion avoidance, fast retransmission, fast recovery

3.4.2.4 Timeout retransmission mechanism Various timers

3.4.3 Why do UDP and TCP have pseudo heads 3.5 Application layer users are using applications, all work in the application layer, the Internet is developed, everyone can develop their own applications, a variety of data, we must stipulate the form of data organization

Application layer functionality: Specifies the data format of the application.

E.g. The TCP protocol can transfer data for all kinds of programs, such as Email, WWW, FTP, and so on. Then, there must be different protocols governing the format of E-mail, web pages, FTP data, and these application protocols constitute the “application layer”.

3.5.1 DNS protocol master the DNS protocol namespace, DNS pointer query (reverse search or reverse unnear) basic principles, DNS cache

3.5.2 FTP protocol two connections: control connection + data connection; Two operating modes: PASV + PORT; Various FTP instructions and response codes; FTP breakpoint continuation, anonymous FTP;

1. Message format: request message, response message, various fields of request header, and various fields of response header

  1. The HTTP status code

3.5.3 HTTPS protocol:

3.6, Socket We know that if two processes need to communicate with each other, the most basic premise can be uniquely marked a process, in the local process communication we can use PID to uniquely mark a process. But only in the PID, the only local, two processes of network PID conflict odds is very big, diameter at this time we need to find something else to do it, we know the IP address of the IP layer can only mark the host, and the TCP layer protocol and port number identifying the host can be the only one process, so that we can use the IP address + port number + agreement only a process identified in the network.

Once the processes in the network can be uniquely identified, they can communicate using sockets. What is a socket? Socket is an abstraction layer between the application layer and the transport layer. It abstracts the complex operations of TCP/IP layer into several simple interfaces for the application layer to call the implemented process to communicate in the network.

Socket originated in UNIX, under UNIX everything file philosophy thoughts, the socket is a kind of “on – read/write – off” the realization of the model, the server and client respectively to maintain a “file”, after open a connection is established, can be read to write content for their file each other or read each other’s content, at the end of the communication to close the file.

3. 1 Four basic elements for each host to realize network communication: the IP address of the native machine, the IP address of the subnet mask, the IP address of the gateway, and the IP address of the DNS. 3.2 There are two ways to obtain the four elements

3.2.3 Dynamic acquisition is obtained by DHCP

The first “Ethernet header” sets the MAC address of the sender (the machine) and the MAC address of the receiver (the DHCP server). The former is the MAC address of the native network card, the latter is not known at this time, so fill in a broadcast address: FF-FF-FF-FF-FF-FF -FF. The following “IP Header “sets the IP address of the sender and the IP address of the receiver. At this point, the machine does not know about either. Thus, the IP address of the sender is set to 0.0.0.0 and the IP address of the receiver is set to 255.255.255. The final “UDP header “sets the port of the sender and the port of the receiver. This part is stipulated by DHCP protocol, the sender is port 68, the receiver is port 67. Once the packet has been constructed, it can be sent out. Ethernet is broadcast, and every computer on the same subnetwork receives the packet. Since the receiver’s MAC address is ff-ff-ff-ff-ff-ff, it’s impossible to tell who it’s meant for, so each computer that receives the packet must also analyze the IP address of the packet to determine if it’s meant for it. When it sees that the sender’s IP address is 0.0.0.0 and the receiver is 255.255.255.255, the DHCP server knows “this packet is for me” and other computers can discard the packet.

Next, the DHCP server reads the data contents of the packet, assigns an IP address, and sends back a “DHCP response “packet. The structure of the response packet is similar, the MAC address of the Ethernet header is the network card address of both parties, the IP address of the IP header is the IP address of the DHCP server (sender) and 255.255.255.255 (receiver), and the ports of the UDP header are 67 (sender) and 68 (receiver). The IP address assigned to the requester and the specific parameters of the network are contained in the Data section.

The newly added machine receives this response packet and knows its IP address, subnet mask, gateway address, DNS server, and so on.

Four, for example, the host visit the website network communication process, first open the browser, enter the URL in the address bar, enter, appear website content. This is something we do almost every day, so what’s going on? HTTP, TCP, DNS, IP — all familiar terms — when and what do they do? So let’s go over the whole thing here.

4.1 The whole process is basically divided into the following parts: domain name resolution into IP address; TCP connection with the destination host (three handshakes); Sending and receiving data; Disconnect the TCP connection from the destination host (four waves); 4.2.1 Domain name resolution into IP address What is domain name resolution first?

What we type in the browser address bar are English domain names like “www.baidu.com” and “red” that are easy to remember, but can you find these letters directly by handing them over to the whole network to find the destination host? Unable to find, because the location of each host in the network is identified by IP, IP is the location of the host in the network, the domain name is just for the convenience of users to remember, which requires the browser to identify the domain name and convert it to the corresponding IP address.

So the browser has a DNS cache, which records some domain names and IP addresses, so the browser can quickly find the IP it needs. However, the DNS cache is not possible to store all the domain name -IP addresses, and IP addresses will sometimes change, so when not found in the DNS cache, it is necessary to first request the DNS server for domain name resolution, we often hear that the DNS server is a great role is to do domain name resolution.

It is worth mentioning that DNS domain name resolution with UDP protocol.

The whole process of domain name resolution is as follows:

The browser sends DNS request to the native DNS module, and the DNS module generates the relevant DNS message. The DNS module transmits the generated DNS message to the UDP protocol unit of the transport layer. The UDP protocol unit encapsulates the data into UDP datagram and transmits it to the IP protocol unit of network layer. The IP protocol unit encapsulates the data into IP packets, whose destination IP address is the IP address of the DNS server. The encapsulated IP packet will be transmitted to the protocol unit of the data link layer for sending. If not, it will send an ARP broadcast request (containing the IP address to be queried, the host receiving the broadcast will check its IP, and the qualified host will send the ARP packet containing its MAC address to the ARP broadcast host), waiting for ARP response; After receiving the ARP response, the IP address and the corresponding information of the routing next-hop MAC address are written into the ARP cache table. After writing to the cache, the destination MAC address is filled with the address of the next hop of routing and forwarded in the form of data frame. The forwarding may be repeated; DNS request reaches DNS server data link layer protocol unit; The data link layer protocol unit of DNS server parses the data frame and transmits the internal IP packets to the network layer IP protocol unit. The IP protocol unit of the DNS server parses the IP packet and passes the internal UDP datagram to the UDP protocol unit of the transport layer. The UDP protocol unit of the DNS server parses the received UDP datagram and transmits the internal DNS message to the DNS service unit. The DNS service unit resolves the domain name into the corresponding IP address and generates the DNS response message. DNS response message -> udp-> ip-> mac-> My host; My host receives the data frame, will the data frame ->IP->UDP-> browser; The result of domain name resolution is written into the DNS cache table in the form of domain name and IP address. It mentioned a concept of ARP, similar to DNS to translate domain name into IP, ARP is to translate IP into MAC address, we know the IP, we need to use the host MAC address to find the host in a more specific way. There is also an ARP cache, which stores a number of IP and MAC address correspondence, if not found in the cache, will be broadcast to find the MAC address, the host received the broadcast will check their own IP to find the IP address, if it is returned to their MAC address.

Ports: If you’re doing development, you often come across the concept of ports, but what is a port? The port numbers range from 0 to 65535. For example, port 80 is used for web browsing, port 21 is used for FTP services, etc. There are some fixed port numbers that cannot be used by other services to transmit data.

4.2.2 TCP connection with the destination host (three handshakes) After the IP address corresponding to the domain name is obtained, the data can be sent to the destination host. At this time, the connection is established by three handshakes as we often say.

TCP is a connected transmission, that is, before the transmission of data, the connection between my host and the destination host will be established, and then the data can be transmitted. After the transmission is completed, there will be disconnection. This is TCP’s three handshakes and four waves, as shown in the picture below:

The specific process of establishing the connection by three handshakes is described as follows. The transmission process of the data packet is similar to the process of requesting the DNS server above, which is simply expressed:

Send TCP connection request message to the destination host; The SYN flag bit in the TCP packet is set to 1, indicating the connection request; The TCP message through IP (DNS) ->MAC (ARP) -> gateway -> host; The destination host receives the data frame, and responds to the request reply message through IP->TCP, TCP protocol unit; In this paper, SYN and ACK flags are set to 1, indicating the connection request reply; The TCP message via IP (DNS) ->MAC (ARP) -> Gateway -> My Host; My host receives the data frame, and through IP->TCP, the TCP protocol unit responds to the request to confirm the packet; The TCP message through IP (DNS) ->MAC (ARP) -> gateway -> host; The destination host receives the data frame, and the connection is established through IP->TCP. The process of three handshakes is to go back and forth, confirm each other, and establish a connection. During this process, any message error or timeout must be retransmitted.

As mentioned above, only after the connection is established can the data be transmitted. In fact, there are many ways to transmit data, such as segmenting, grouping, time sharing and so on. The transmission process of a packet is as follows, taking the HTTP GET method request as an example:

The browser sends a GET method message to the domain name. The GET method message through TCP->IP (DNS) ->MAC (ARP) -> gateway -> host; The destination host receives the data frame, and through IP->TCP->HTTP, the HTTP protocol unit will respond to the HTML data encapsulated in the HTTP protocol format. The HTML data via TCP->IP (DNS) ->MAC (ARP) -> Gateway -> My Host; My host receives the data frame through the IP->TCP->HTTP-> browser, which displays the HTML content as a web page. The other HTTP methods are similar in the way they transfer data, except for the content they carry.

4.2.4 Disconnect the TCP connection from the destination host (four waves) After the completion of data transmission, the connection needs to be disconnected. Different from the establishment, disconnect needs one more time and there are four waves. As for why, we will talk about it after watching the process.

Look at the picture to understand the process:

The process is as follows:

The browser sends TCP connection ending request message to the destination host, and then enters FIN WAIT state. The FIN flag bit of the paper is set to 1, indicating the end of the request; TCP end request message through IP (DNS) ->MAC (ARP) -> gateway -> host; The destination host receives the data frame and responds to the reply message through IP->TCP. At present, it is just responding, because the destination host may still have data to transmit, so there is no hurry to disconnect. In this paper, the ACK flag bit is set to 1, indicating that an end request is received. After sending all the data to the destination, send a TCP connection ending request message to my host; The FIN flag bit of the paper is set to 1, indicating the end of the request; TCP Ending Request Message via IP (DNS) ->MAC (ARP) -> Gateway -> My Host; My host receives the data frame and passes through IP->TCP. TCP protocol unit responds to the end of the reply message. At this TIME, it enters the TIME WAIT state, because it does not believe that the network is reliable. In this paper, the FIN flag is set to 1, indicating the end of the response; The TCP response message via IP (DNS) ->MAC (ARP) -> Gateway -> host; The destination host closes the connection; I have not received a reply from the TIME WAIT. I have not received a reply from the TIME WAIT. I have not received a reply from the TIME WAIT. The process here starts with my host initiating the termination request, or it could have been initiated by the destination host, so the process would be reversed, but the details are similar.

The FIN_WAIT state waits for confirmation when the request is initiated, while the TIME_WAIT state waits to see if it needs to be resent after the confirmation message is sent after the termination request is received.

Now why do you need four waves to disconnect? This is because the destination host can send SYN (synchronous) +ACK (reply) messages directly when establishing the connection. When disconnected, destination host may have data to send, after receipt of the FIN is not necessarily directly disconnect, so first send a reply, tell me the host receives the request, such as confirm that all data is sent out, and then send the FIN, waiting for my host response at the same time, the FIN and an ACK can’t send together, so I need four times.

4.2.5 To summarize, the above is the whole process of network communication when the host visits the website, which can be summarized as:

First of all, find the IP through the domain name, and request the DNS server if it is not in the cache. After getting IP, three handshakes are made to the destination host to establish TCP connection. HTTP access after the establishment of the connection, transmission and access to the web content; After transmission, disconnect the TCP connection with the destination by waving the hand four times.