1. application layer, (protocol http)?
2. Transport layer (TCP)
3.? Network layer (ip)
4. Link layer (network cable, etc. )
? Answer: 3g 4g 5g-corresponding-> link layer
The 1. frame is used to represent the data packet unit in the data link layer.
2. Chips are data units in ip.
3. The data segment represents the information in the Tcp data stream.
4. Message refers to the data unit in the application protocol.
(process)
User A sends a message, for example, I am Android:
Give it to Tcp layer (transport layer) for packaging and attach Tcp header. ? I am Android (Tcp header)
Give it to the ip layer (network layer) for packaging. Attach ip packet header. ? I am Android (Tcp header) (ip header)
Give it to the data link layer and attach the Ethernet packet header. I am Android (Tcp header) (ip header) (Ethernet header)
And then hand it over to the physical layer for relevant transmission:
User b receives the message:
Untie layer by layer:
The data link layer opens the Ethernet header:? I am Android (Tcp header) (ip header)
Ip layer (network layer) I am Android (Tcp header)
Tcp layer (transport layer)? I'm Andrew?
Upper reception. ? I am a robot.
The purpose of this design is to follow the principle of single responsibility.
? TCP is a reliable connection-oriented protocol. Before sending and receiving data, it is necessary to establish a reliable connection with the other party, including three-way handshake's connection and four waves of disconnection. UDP is a connectionless communication protocol. Before data transmission, the source and the terminal do not establish a connection. The sender throws the data out of the network as soon as possible, and the receiver reads the message segment from the message queue.
The function of IP address is mainly addressing. (ip address (network layer): Assign a logical address to a network or host to distinguish mac addresses. Change it at will. The Mac address (data link) cannot be changed)
For example:
The company has two buildings?
Building A: There is a communication subnet.
Building B has a communication subnet.
There are two routers connecting A (communication subnet) and B (communication subnet) to the LAN.
A has its own subnet, which consists of multiple computers. ? B is also the subnet of your own computer.
Now there is an A machine in Building A (ip address:192.168.1.2).
There is a machine B in Building B (ip address:192.167.1.2).
A sends data to machine b:
The packet arrived at the router, and the current packet was not in my subnet, so I went to find out which subnet was 192+067. -and send to the corresponding router.
How did it know it was 192.5438+067.438+0.2?
In our subnet, every computer should be stored in the router and tell other machines what my ip address and mac address are. Then send it to the corresponding computer. The router sends a copy to each computer, but the network card will judge whether the mac address of the packet is the same as the mac address of the computer, and discard it directly if it is different.
So this leads to the network attack of network sniffing:
In the same subnet. Don't let the network card receive data, and catch all the data obtained in advance.
Standard port number: 0 ~ 1023? 1024~49 15 1
The server program sets the port number.
Clients. The operating system will assign it a 49 152-65535.
Therefore, we can identify communication by source ip address, destination ip address, protocol number, source port number and destination port number.
Here we focus on TCP:
Features:
Connection-oriented,
Reliability,
RTT (round trip time) and RTO (retransmission timeout).
Data classification
flow control
full duplex
? Suppose the application layer has a string of messages to be sent through the network for circulation (transport layer, network layer, etc.). ). What if users send a lot of data? How to ensure that the data sent by users will not be lost? This huge data will be split here, and the ip layer will be split into pieces. Generally speaking, Ethernet can receive 1046 bytes, slice them according to 1046 bytes, and then transmit them to the opposite end. In this case, the problem arises. I used to be a huge data, but now I send it out and cut it into many pieces. If I lose a few blocks in the middle, TCP proposes retransmission timeout and acknowledgement mechanism to ensure data integrity. If the peer does not receive the message from the other party, it will not wait forever, but resend it after a certain time, so how to determine this time? RTT mechanism, that is, round-trip delay mechanism, will be introduced in the design of operating system. A data packet is sent from my side to the other side, and then the reply from the other side is received. This time is the round-trip delay. The operating system will recalculate its internal RTO for the latest round-trip delay. This retransmission timeout is not fixed.
Data sorting: after being broken into pieces, the other party needs to know the order to form a complete data packet, so the network protocol will sort it at this end. So as to facilitate complete assembly at the opposite end.
Flow control (sliding window): My communication partners have different data processing capabilities. The sender only sends data, and the other party may need to process it after receiving it, so the data that may be received is not as fast as that sent by your sender. So there is also a mechanism that will tell the other party how much data I received in response to a message or sending a message at a time.
Full duplex: At two opposite ends of communication, the receiver and the server can send or receive data from the opposite end at the same time.
Client (connection):
1. firstly, send a SYN message to the server (SYN = 1 seq = 234 12). Client Status: Synchronous Send
2. The server will reply to the client after receiving the message (SYN = 1. ACK = 1,ACK? = 234 13 seq = 6478) server status: RCVD
3. After receiving the message, the client checks: Is the ACK 1? Is the ack 234 13? , the client confirms that the server has received my message SYN = 1 seq = 234 12. Response server
4. The client replies to the server with ACK = 1 and ACK = 6479. Customer Status: Established
5. After the server receives the message from the client. Server Status: Established
Tcp is connection-oriented, so both parties need to confirm the establishment of the connection (maintaining the serial number).
SYN flooding attack: sending a large number of attack messages that forge the original address through the port where the network is located, causing the half-open connection queue of the server to be full, thus preventing other users from accessing.
Principle: The attacker's client uses a forged ip address to send a request to the server (the first handshake, the server's response message will never be sent to the real client, the server is waiting for the client's three-way handshake (never), and the server consumes resources while waiting for this semi-open connection. If there are thousands of such connections, the host resources will be exhausted, thus achieving the purpose of attack.
Solution:
1. Invalid connection monitoring version.
2. Delay TCB allocation method
Step 3: Firewall
The client sends a shutdown request for the first time, fin =1seq = 98745->; Client: Fin_wait_ 1
Client response: ack =1ack = 98756-> close _ wait?
The client receives a request from the server-"Client? Fin _ Wait _2
The server sends the message fin =1seq = 76432-"close".
Client receives server's request -> time _ waiting reply ACk = 1? ack = 76433?
Server-> shutdown
Client Time _ Wait for a period of time? :2 * MSL-& gt; Client shutdown
Because Tcp is a dual job (client and server can send and receive requests from each other), both parties need to confirm the closing and connection.
MSL: the longest lifetime (the longest survival time RFC is defined as 2 minutes and 30 seconds for the system); TIME_WAITING is actually 1-4 min.
The server sends a message-"The client should reply. The network was lost and the server sent it again.
Port conflict:
A: port A:8080?
B: Port 8080.
If A closes immediately, B has applied, but the server is still sending it, but it hasn't been received yet. B got it.
wireshark? tcpdump。