Shulou(Shulou.com)05/31 Report--

This article introduces the relevant knowledge of "what is the principle of computer network communication". In the operation of actual cases, many people will encounter such a dilemma. Next, let the editor lead you to learn how to deal with these situations. I hope you can read it carefully and be able to achieve something!

The "principles of computer network communication" that must be learned before becoming a "hacker"

The purpose of "hacker" is to find the target loophole, and then to launch an attack or propose a solution to fix the loophole, and in the process of finding the loophole, you need to master a lot of knowledge. for example, computer principle, computer network, operating system, computer software, programming language, data structure, database technology, cutting-edge technology and so on. Among so many things to learn, you first need to learn "the principle of network communication". Why? Because the principle of network communication is very important, according to his principle, we can judge that many seemingly correct theories are actually communication processes with many loopholes, and many hacker attacks take advantage of these loopholes. Many network security solutions are also used to solve these loopholes.

I. the origin of the Internet?

The essence of the Internet is a series of network protocols.

A hard operating system, and then install the software you can use normally, everyone has their own machine, but isolated from each other.

How can we let everyone play together and have a preliminary network? in fact, the principle of communication between two computers is the same as that between two people on the phone. Putonghua belongs to the standard of communication between people in China. What if it is communication between people from two countries? The problem is that you can't ask a person / computer to master the world's languages / standards, so there is a unified communication standard in the world: English

Conclusion: English has become a unified standard for communication among all people in the world. If computers are regarded as people distributed all over the world, then the internet connecting two computers is actually a series of unified standards, these standards are called Internet protocols, and the essence of the Internet is a series of protocols, which are generally called "Internet protocols" (Internet Protocol Suite).

The function of the Internet protocol: a standard that defines how a computer accesses internet and communicates with a computer that accesses internet.

2. Introduction of network protocols

Internet protocols are divided into seven layers of OSI or five layers of tcp/ IP according to different functions.

Running common physical equipment on each floor

Explanation of five-layer model

We use the application layer, presentation layer and session layer as the application layer to explain the origin and function of each layer from the perspective of tcp/ IP five-layer protocol, and understand the main protocols of each layer, then we understand the principle of the whole Internet communication.

First of all, what the user perceives is only the top application layer, and each layer from top to bottom depends on the next layer, so we start from the bottom layer, so it is better to understand that each layer runs a specific protocol, and gets closer and closer to the user as it goes up. Closer and closer to the hardware

1. Physical layer: as mentioned above, isolated computers must be connected to internet if they want to play together. The implication is that computers must complete networking.

Physical layer function: mainly based on electrical characteristics to send high and low voltage (electrical signal), high voltage corresponding to the number 1, low voltage corresponding to the number 0

2. Data link layer: simple electrical signals 0 and 1 do not make any sense. It is necessary to specify how many bits of electrical signals are grouped and what does each group mean?

Function of the data link layer: defines the grouping of electrical signals

Ethernet protocol:

In the early days, each company had its own grouping method, and later formed a unified standard, that is, the Ethernet protocol ethernet.

Ethernet regulation

A group of electrical signals form a data packet called a frame.

Each data frame is divided into two parts: header head and data data

Head contains: (fixed 18 bytes)

Sender / source address, 6 bytes

Recipient / destination address, 6 bytes

Data type, 6 bytes

Data contains: (minimum 46 bytes, maximum 1500 bytes)

The specific content of the packet

Head length + data length = a minimum of 64 bytes and a maximum of 1518 bytes. If it exceeds the maximum limit, it will be sent in parts.

Mac address:

The origin of the source and destination addresses contained in head: ethernet stipulates that all devices connected to internet must have a network card, and the addresses of the sender and receiver refer to the address of the network card, that is, the mac address.

Mac address: each Nic is fired into the world's only mac address when it leaves the factory. It is 48 bits in length and is usually represented by a 12-bit hexadecimal number (the first six digits are the manufacturer number and the last six digits are the pipeline number).

Broadcast:

With the mac address, two hosts in the same network can communicate (one host obtains the mac address of the other host through the arp protocol) ethernet communicates in the most primitive and broadcast way, that is, computer communication basically depends on roar.

3. Network layer: with ethernet, mac address and broadcast mode, computers in the world can communicate with each other. The problem is that the worldwide Internet is made up of small Lans isolated from each other, so if all communications are broadcast over Ethernet, packets sent by one machine will be received all over the world, which is not only a problem of inefficiency, but also a disaster.

Conclusion: we must find a way to distinguish which computers belong to the same broadcast domain and which are not, if it is broadcast, if not, routing (distributing packets to different broadcast domains / subnets), mac address is indistinguishable, it is only related to the vendor.

Network layer function: introduce a new set of addresses to distinguish different broadcast domains / subnets, that is, network addresses

IP protocol:

The protocol that specifies the network address is called the ip protocol, and the address it defines is called the ip address. The widely used v4 version, ipv4, specifies that the network address is represented by 32 bits in binary.

Range 0.0.0.0-255.255.255.255

An ip address is usually written in four decimal numbers, for example: 172.16.10.1

The ip address is divided into two parts

Network part: identify the subnet

Host section: identify the host

Note: the simple ip address field only identifies the type of ip address, and the subnet of an ip cannot be identified from the network part or the host part.

Example: 172.16.10.1 and 172.16.10.2 cannot be determined to be in the same subnet

Subnet mask

The so-called "subnet mask" is a parameter that represents the characteristics of the subnetwork. It is formally equivalent to the IP address, is also a 32-bit binary number, its network part is all 1, and the host part is all 0. For example, IP address 172.16.10.1, if it is known that the network part is the first 24 bits and the host part is the last 8 bits, then the subnet mask is 11111111.1111111111111111.00000000, which is 255.255.255.0 in decimal.

Knowing the subnet mask, we can determine whether any two IP addresses are on the same subnet. The method is to AND the two IP addresses and the subnet mask respectively (both digits are 1, the result is 1, otherwise it is 0), and then compare the results to see if they are the same. If so, it indicates that they are in the same subnet, otherwise they are not.

For example, it is known that the subnet masks of the IP addresses 172.16.10.1 and 172.16.10.2 are 255.255.255.0. Are they on the same subnet? Both of them and subnet mask perform AND operation respectively.

172.16.10.1:10101100.00010000.00001010.000000001

255255.255.255.0:11111111.11111111.11111111.00000000

The result of AND calculation is: 10101100.00010000.00001010.000000001-> 172.16.10.0

172.16.10.2:10101100.00010000.00001010.000000010

255255.255.255.0:11111111.11111111.11111111.00000000

The result of AND calculation is: 10101100.00010000.00001010.000000001-> 172.16.10.0

The result is 172.16.10.0, so they are on the same subnet.

To sum up, the IP protocol has two main functions, one is to assign IP addresses to each computer, and the other is to determine which addresses are on the same subnet.

Ip packet

The ip packet is also divided into head and data parts. There is no need to define separate fields for the ip packet and put it directly into the data part of the Ethernet packet.

Head: 20 to 60 bytes in length

Data: maximum length is 65515 bytes.

The "data" part of an Ethernet packet is only 1500 bytes long. Therefore, if the IP packet exceeds 1500 bytes, it needs to be split into several Ethernet packets and sent separately.

ARP protocol

The origin of arp protocol: computer communication basically depends on roar, that is, broadcast. All upper packets are encapsulated with Ethernet headers and then sent through Ethernet protocols. When talking about Ethernet protocols, we understand that communication is based on mac broadcasting. When computers send packets, it is easy for computers to get their own mac. How to obtain the mac of the target host needs to be through arp protocol.

Arp protocol function: send data packets by broadcast to obtain the mac address of the target host

How the protocol works: each host ip is known

For example: host 172.16.10.10 Universe 24 accesses 172.16.10.11 Universe 24

3.1 first distinguish your subnet by ip address and subnet mask

3.2 analyze that 172.16.10.10 ip 24 is on the same network as 172.16.10.11 Accord 24 (if it is not the same network, then the target mac in the following table is 172.16.10.1, and the mac of the gateway is obtained through arp)

3.3.The packet will be broadcast in the self-network where the sender is located. After receiving it, all hosts will unpack the packet and find that the destination ip is their own, then respond and return their own mac.

4. Transport layer: the ip of the network layer helps us to find the host network, and the mac of the Ethernet layer helps us find the host, and then everyone uses applications. Qq, Storm Player, and other applications may be opened on your computer at the same time, so we find a specific host through ip and mac. How to identify the application on this host? the answer is the port, which is the number associated with the network card.

Transport layer function: establish port-to-port communication

Add: the port range is 0-65535 and 0-1023 is occupied by the system

Tcp protocol: reliable transmission, TCP packets have no length limit, can be infinitely long in theory, but in order to ensure the efficiency of the network, the length of TCP packets usually does not exceed the length of IP packets to ensure that a single TCP packet does not have to be segmented.

Udp protocol:

Unreliable transmission, the "header" section has a total of only 8 bytes, with a total length of no more than 65535 bytes, which fits into an IP packet.

Tcp message

Tcp three handshakes and four waves

5. Application layer: users all use application programs and work in the application layer. The Internet is developed, and everyone can develop their own applications. There are a variety of data, so the organization of the data must be well defined.

Application layer function: specifies the data format of the application.

Example: TCP protocol can transfer data to various programs, such as Email, WWW, FTP, and so on. Then, there must be different protocols that specify the format of e-mail, web pages, and FTP data, and these application protocols constitute the "application layer".

6. Socket: we know that if two processes need to communicate, the most basic premise is to be able to uniquely mark a process. In local process communication, we can use PID to uniquely identify a process, but the PID is only unique locally, and there is a high probability of PID conflict between the two processes in the network. At this time, we need to find another path. We know that the ip address of the IP layer can uniquely identify the host. The TCP layer protocol and port number can uniquely identify a process of the host, so we can use ip address + protocol + port number to uniquely identify a process in the network.

Once the processes in the network can be uniquely identified, they can communicate using socket. What is socket? We often translate socket into a socket. Socket is an abstract layer between the application layer and the transport layer. It abstracts the complex operations of the TCP/IP layer into several simple interface provisioning layers that call realized processes to communicate in the network.

Socket originated from UNIX. Under the philosophy of everything in Unix, socket is an implementation of "open-read / write-close" mode. The server and client each maintain a "file". After establishing a connection, they can write content to their own file for each other to read or read, and close the file at the end of the communication.

Third, the realization of network communication

Each host implements the four basic elements of network communication:

Local IP address

Subnet mask

IP address of the gateway

IP address of DNS

There are two ways to obtain these four elements:

1. Static acquisition

That is, manual configuration.

two。 Dynamic acquisition

Get it through dhcp

(1) the front "Ethernet header", which sets the MAC address of the sender (local machine) and the MAC address of the receiver (DHCP server). The former is the MAC address of the local network card, and the latter does not know at this time, so fill in a broadcast address: FF-FF-FF-FF-FF-FF.

(2) following the "IP header", set the IP address of the sender and the IP address of the receiver. At this time, the machine does not know either of them. Therefore, the sender's IP address is set to 0.0.0.0 and the receiver's IP address is set to 255.255.255.255.

(3) the final "UDP header" sets the port of the sender and the port of the receiver. This part is stipulated by the DHCP protocol, the sender is port 68 and the receiver is port 67.

After the packet is constructed, it can be sent out. Ethernet is a broadcast transmission, and every computer on the same subnet receives the packet. Because the receiver's MAC address is FF-FF-FF-FF-FF-FF, you can't tell who it is sent to, so each computer that receives the packet must also analyze the IP address of the packet to determine if it is sent to itself. When you see that the sender's IP address is 0.0.0.0 and the receiver is 255.255.255.255, the DHCP server knows "this packet is for me" and other computers can discard the packet.

Next, the DHCP server reads out the data contents of the packet, assigns the IP address, and sends back a "DHCP response" packet. The structure of the response packet is similar. The MAC address of the Ethernet header is the network card address of both sides, the IP address of the IP header is the IP address of the DHCP server (sender) and 255.255.255.255 (receiver), and the ports of the UDP header are 67 (sender) and 68 (receiver). The IP address assigned to the requester and the specific parameters of the network are included in the Data section.

The new computer receives the response packet and knows its own IP address, subnet mask, gateway address, DNS server, and so on.

4. Give an example of the network communication process in which the host accesses the website

First open the browser, enter URL in the address bar, enter, and the site content appears. This is what we do almost every day, so what exactly is the principle in this process? What is the role of familiar nouns such as HTTP, TCP, DNS and IP at what time? Sort it out as a whole here.

4.1 the whole process is basically divided into the following parts:

1. Domain name is resolved to IP address

2. TCP connection with the destination host (three-way handshake)

3. Send and receive data

4. Disconnect the TCP connection from the destination host (four waves)

4.2 detailed instructions are given below.

4.2.1 Domain names are resolved to IP addresses

What is domain name resolution first of all?

We enter all the easy-to-remember English domain names such as "www.baidu.com" and "www.qq.com" in the browser address bar, but can you find these letters directly to the entire network line to find the destination host? Cannot be found, because the location of each host in the network is identified by IP, IP is the location of the host in the network, and the domain name is only for the convenience of the user's memory, which requires the browser to recognize the domain name and convert it into the corresponding IP address.

So the browser will have a DNS cache, which records the corresponding relationship between some domain names and IP, so that the browser can quickly find the IP it needs. However, it is impossible for this DNS cache to store all the domain names-IP addresses, and the IP address sometimes changes, so when it is not found in the DNS cache, it is necessary to request domain name resolution from the DNS server first. The DNS server we often hear plays an important role in domain name resolution.

It is worth mentioning that DNS domain name resolution uses the UDP protocol.

The whole process of domain name resolution is as follows:

1. The browser sends a DNS request to the native DNS module, and the DNS module generates relevant DNS messages.

2. The DNS module transmits the generated DNS message to the UDP protocol unit of the transport layer.

3. The UDP protocol unit encapsulates the data into a UDP Datagram, which is passed to the IP protocol unit of the network layer.

4. The IP protocol unit encapsulates the data into an IP packet, and the destination IP address is the IP address of the DNS server.

5. The encapsulated IP packet will be delivered to the protocol unit of the data link layer for transmission.

6. Query the relevant data in the ARP cache when sending. If not, send an ARP broadcast (including the IP address to be queried, the host that receives the broadcast checks its own IP, and the qualified host sends the ARP packet with its own MAC address to the host of the ARP broadcast) request, waiting for the ARP response.

7. After receiving the ARP response, write the information corresponding to the IP address and the next-hop MAC address of the route to the ARP cache table

8. After writing to the cache, the destination MAC address is populated with the address of the routing next hop and forwarded as a data frame

9. Forwarding may be carried out multiple times

10. DNS requests to reach the data link layer protocol unit of the DNS server

11. The data link layer protocol unit of the DNS server parses the data frame and passes the internal IP packet to the network layer IP protocol unit.

12. The IP protocol unit of the DNS server parses the IP packet and passes the internal UDP Datagram to the UDP protocol unit of the transport layer

13. The UDP protocol unit of the DNS server parses the received UDP Datagram and passes the internal DNS message to the DNS service unit

14. The DNS service unit resolves the domain name to the corresponding IP address and generates an DNS response message.

15. DNS response message-> UDP- > IP- > MAC- > my host

16. My host receives the data frame and changes the data frame-> IP- > UDP- > browser

17. Write the domain name resolution result to the DNS cache table in the form of domain name and IP address.

The concept of ARP is mentioned. Similar to DNS, translating domain names into IP,ARP translates IP into MAC addresses. After we know IP, we need to find the host more specifically through the MAC address of the host. Similarly, there is an ARP cache, which stores some correspondence between IP and MAC addresses. If it cannot be found in the cache, it broadcasts to find the MAC address, and the host that receives the broadcast checks whether its IP is the IP to be looked up, and returns its own MAC address if so.

If you do development, you will often come into contact with the concept of port, then what is port? This refers to the ports in the TCP/IP protocol, with port numbers ranging from 0 to 65535, such as port 80 for web browsing services, port 21 for FTP services, and so on, all of which have fixed port numbers that cannot be used by other services to transmit data after being occupied.

4.2.2 TCP connection to the destination host (three-way handshake)

After getting the IP address corresponding to the domain name, it means that the data can be sent to the destination host. It is only then that we begin to establish a connection with the three-way handshake that we often talk about.

HTTP requests are transmitted using TCP, which ensures reliable and orderly transmission, while TCP is a connected transmission, that is, before transmitting data, a connection between my host and the destination host will be established, and then the data can be transferred, and then disconnected after the transmission is completed. This is TCP's three-way handshake and four waves, roughly as shown in the figure below:

The specific process of establishing a connection with a three-way handshake is described as follows. The transmission process of the data packet is similar to that of requesting the DNS server above, so it is simply expressed:

1. Send a TCP connection request message to the destination host

2. The SYN flag bit in the TCP message is set to 1, which indicates the connection request

3. The TCP message passes through IP (DNS)-> MAC (ARP)-> Gateway-> destination host

4. The destination host receives the data frame and responds to the request reply message through the IP- > TCP,TCP protocol unit.

5. The SYN and ACK flags in the message are set to 1 to indicate the reply of the connection request.

6. The TCP message passes through IP (DNS)-> MAC (ARP)-> Gateway-> my host

7. My host receives the data frame and responds to the request confirmation message through the IP- > TCP,TCP protocol unit.

8. The TCP message passes through IP (DNS)-> MAC (ARP)-> Gateway-> destination host

9. The destination host receives the data frame and completes the connection through IP- > TCP.

The process of three handshakes is to go back and forth, confirm each other, and establish a connection. Any error or timeout of any message in this process will be retransmitted.

4.2.3 sending and receiving data

As mentioned above, data can be transmitted only after a connection has been established. In fact, there are many ways to transmit data, such as segmentation, grouping, time-sharing, and so on. The transmission process of a packet is as follows. Take the GET method request of HTTP as an example:

1. The browser sends a GET method message to the domain name

2. The GET method message passes through TCP- > IP (DNS)-> MAC (ARP)-> gateway-> destination host.

3. The destination host receives the data frame and responds to the HTML data encapsulated in HTTP protocol format through IP- > TCP- > HTTP,HTTP protocol unit.

4. The HTML data goes through TCP- > IP (DNS)-> MAC (ARP)-> Gateway-> my host

5. My host receives the data frame and displays the HTML content in the form of web page through IP- > TCP- > HTTP- > browser.

Other HTTP methods are similar when transmitting data, but carry different contents.

4.2.4 disconnect the TCP from the destination host (four waves)

After the data transmission is completed, you need to disconnect. Unlike when you set up, you need to disconnect one more time and wave your hand four times. As for why, we will talk about it after watching the process.

Look at the picture to understand the process:

The process is as follows:

1. The browser sends a TCP connection termination request message to the destination host and enters the FIN WAIT state.

2. The FIN flag of the message is set to 1 to indicate the termination of the request.

3. The TCP termination request message goes through IP (DNS)-> MAC (ARP)-> Gateway-> destination host.

4. The destination host receives the data frame and responds to the end reply message through the IP- > TCP,TCP protocol unit.

5. At present, it is just a response, because the destination host may still have data to transmit and is in no hurry to disconnect.

6. The ACK flag in the message is set to 1 to indicate receipt of the termination request.

7. After all the destination data has been sent, send a TCP connection termination request message to my host.

8. The FIN flag of the message is set to 1 to indicate the termination of the request.

9. TCP end request message through IP (DNS)-> MAC (ARP)-> Gateway-> my host

10. My host receives the data frame, responds to the end reply message through IP- > TCP,TCP protocol unit, and enters the TIME WAIT state at this time, because it does not believe that the network is reliable. If the destination host does not receive it, it can resend it.

11. The FIN flag bit in the message is set to 1 to indicate the end of the reply.

12. The TCP echo message passes IP (DNS)-> MAC (ARP)-> Gateway-> destination host

13. The destination host closes the connection

14. After waiting for TIME WAIT, I did not receive a reply, indicating that the destination has been shut down normally, and my host has also closed the connection.

The process here starts with my host initiating the termination request, which can actually be initiated by the destination host, so the process will be the opposite, but the details are similar.

The FIN_WAIT status is to wait for the confirmation message when initiating the request, while the TIME_WAIT status is to send the confirmation message after receiving the termination request and wait to see if it needs to be retransmitted.

Now why do you need to wave four times when you disconnect? Because when establishing a connection, the destination host can directly send SYN (synchronization) + ACK (reply) messages. When disconnected, the destination host may still have data to send after receiving the FIN, which may not necessarily be disconnected directly, so send a reply first to inform my host that it has received the request, wait for confirmation that all the data has been sent, then send FIN, and wait for my host to reply at the same time, the FIN and ACK here cannot be sent together, so it needs four times.

This is the end of the content of "what is the principle of computer network communication". Thank you for your reading. If you want to know more about the industry, you can follow the website, the editor will output more high-quality practical articles for you!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.