Shulou(Shulou.com)06/01 Report--

OSI seven-layer model and TCP/IP four-layer model

IP address classification

Learn about common network-related protocols

TCP three handshakes and four waves

Network-related debugging commands

Tcpdump and tshark grab bags in actual combat.

OSI seven-layer model

Application layer

Presentation layer

Session layer

Transport layer firewall

Network layer 3 switches and routers

Data link layer 2 switch and network card

Physical layer hub

TCP/IP four-layer model

Application layer http protocol ftp protocol

Transport layer tcp udp packet network

Network layer router

Network interface layer

IP address classification

To put it simply, IP addresses are divided into five categories, and the common addresses are A, B, and C.

Class An address: the range from 0 to 127 is reserved and represents all IP addresses (0.0.0.0), while 127 is also reserved and is used to test loop backports. So the range of available class An addresses is actually between 1 and 126.

Class B address: range from 128 to 191, such as 172.168.1.1, the first and second segment numbers are network numbers, and the remaining 2 segments are local computer numbers. Distinguish by subnet mask: 255.255.0.0

Class C address: range from 192-223, distinguished by subnet mask: 255.255.255.0

Class D address: range from 224 to 239, used in Multicast. A multicast address is used to address a group of computers at a time. It identifies a group of computers that share the same protocol.

Private IP

A: 10.0.0.0 ~ 10.255.255.255

B: 172.16.0.0 ~ 172.31.255.255

C: 192.168.0.0 ~ 192.168.255.255

Loop return is always available in up state

TCP/IP protocol

TCP/IP protocol is a suite of protocols. It includes a lot of agreements.

For example

Hypertext transfer Protocol (Http): the basic protocol of the World wide Web

File transfer (TFTP simple File transfer Protocol)

Remote login (Telnet)

Network Management (SNMP simple Network Management Protocol)

TCP (ransmission Control Protocol) transmission control protocol, is a connection-oriented protocol

UDP (User Data Protocol) user Datagram protocol, connectionless protocol

IP (Internet Protocol)

Internet Control Information Protocol (ICMP)

ARP (address Resolution Protocol)

RARP (reverse address Resolution Protocol)

The difference between TCP and UDP

1. Connection-based and connectionless

two。 Requirements for system resources (more TCP, less UDP)

The structure of 3.UDP program is simple.

4. Stream mode and Datagram mode

5.TCP guarantees data correctness, UDP may lose packets, TCP guarantees data order, UDP does not.

TCP three-way handshake

Purpose: to establish a connection

= = client=server=

TCP connection status establishment process TCP connection status

= LISTEN

SYN_SENT-syn seq=a- > SYN_RCVD

ESTABLISHEDESTABLISHED (connected successfully)

TCP waved four times.

The state of four waves

Function: close the connection

-clent--server-

FIN_WAIT-fin seq=a- > CLOSE_WAIT

FIN_WAIT2 / etc/hostname

NETWORKING=yes # activate the network and start the network service when you boot

Note: if NETWORKING=no, even if network is set to boot, it will not boot.

HOSTNAME=localhost.localdomain

Hostnamectl set-hostname apenglinux.cn (modify hostname)

Configure the correspondence between ip and hostname (domain name)

Vim / etc/hosts

127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4

:: 1 localhost localhost.localdomain localhost6 localhost6.localdomain6

The resolution order of local domain names is determined by the following file.

[root@apenglinux ~] # vim / etc/nsswitch.conf # check the following

# hosts: db files nisplus nis dns

Hosts: files dns myhostname

Profile for port number and service

# vim / etc/services # this file allows you to view the service names corresponding to commonly used ports

View routing tabl

[root@apenglinux ~] # netstat-rn or route-n

Kernel IP routing table

Destination Gateway Genmask Flags MSS Window irtt Iface

0.0.0.0 192.168.1.1 0.0.0.0 UG 0 0 0 ens33

0.0.0.0 192.168.25.2 0.0.0.0 UG 0 0 0 ens37

192.168.1.0 0.0.0.0 255.255.255.0 U 0 0 0 ens33

192.168.25.2 0.0.0.0 255.255.255.255 UH 0 0 0 ens37

192.168.25.100 0.0.0.0 255.255.255.255 UH 00 0 ens37

192.168.122.0 0.0.0.0 255.255.255.0 U 0 0 0 virbr0

Add and delete route entries

Root@apenglinux ~] # route add-net 192.168.3.0 Universe 24 dev ens37

[root@apenglinux] # route del-net 192.168.3.0 Universe 24

View network connection status

[root@apenglinux ~] # netstat-antup

-a,-- all

-n,-- numeric don't resolv names

-p,-- programs

-t # display tcp connection

-u # shows udp connection

The general format of the ping command is

-c number # stop after sending a specified number of packets

-I seconds # set an interval of a few seconds to send a network packet to a machine. The default value is once a second.

-I specify which port to exit from

View network card traffic

[root@apenglinux mnt] # rpm-ivh Packages/iptraf-ng-1.1.4-6.el7.x86_64.rpm

[root@localhost ~] # iptraf-ng

The arping command tests for IP address conflicts

Return 1 to indicate that the address is already in use

Returning 0 indicates that the address is not in use

-D # copy address detection mode

-f # quit when you get a reply

-I # use the specified Ethernet device

-number of packets sent by c

Tcpdump command (grab package)

Tcpdump port 22-c 3-n-S

Port # Port number

C # grab some bags

-n # non-parsing port number is protocol number

-S # print TCP sequence numbers

If the SSHD service is enabled on host A, there should not be any client hosts to connect to the SSHD service of host A. This is to grab the bag more clearly.

Host B execution

Yum install telnet-y # install telnet

Telnet 192.168.1.64 22 # connects to port 22 of host A

Execute on host A

[root@apenglinux mnt] # tcpdump-n-c 3-S port 22-I ens33

Tshark command (grab package)

[root@apenglinux mnt] # yum install wireshark-y

Tshark-w filename-I ens33

-w # writes the data of the captured package to a file filename

-I # specify the name of the interface to grab the packet

Tshark-r filename

-r # specify the package file to read

-V # parse the package as much as possible

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.