Network Security Internet Technology Development Database Servers Mobile Phone Android Software Apple Software Computer Software News IT Information

In addition to Weibo, there is also WeChat

Please pay attention

WeChat public account

Shulou

Using TCP/IP reference Model to analyze the process of data Transmission

2025-01-18 Update From: SLTechnology News&Howtos shulou NAV: SLTechnology News&Howtos > Network Security >

Share

Shulou(Shulou.com)06/01 Report--

This article is reproduced from: http://blog.sina.com.cn/s/blog_5ec353710101i892.html has done a little tidying up.

The TCP/IP reference model is a very basic and important basic framework. This document uses a simple example to analyze the basic process of packet flow combined with the reference model.

The network environment is very simple. As shown in the following figure, let's analyze how the whole data communication process occurs when PC accesses Web Server's WEB service. In order to simplify the description (we temporarily ignore the working details of DNS, ARP, frame check, and so on), we only consider the macro level.

The TCP/IP reference model is used to analyze the data transmission process:

1)。 When PC accesses Web Server's WEB service, it actually accesses Web Server's HTTP service. For people, this process is to enter the "IP address" or "domain name" of Web Server in the browser of PC. At the application level of PC, this behavior will trigger the local HTTP process to generate some data, which we call DATA, which is the payload of HTTP.

2)。 The ultimate task of data communication is to help PC transfer the payload of this HTTP to the HTTP process on Web Server.

This is a seemingly simple task, but in fact, this data has to climb over mountains. The application layer of PC transfers the payload of the HTTP to the "transport layer" (we ignore the TCP three-way handshake and so on). The "transport layer" will encapsulate a header for the data from the "application layer". HTTP is a TCP-based application, so what is pressed here is the header of TCP.

In this header, there is the destination port number 80, which will tell the peer what service I want to access when the data arrives at Web Server. Of course, in order to ensure that this data can be transmitted reliably, there are other important contents in the TCP header, which will not be discussed here.

3)。 Well, the load of HTTP is encapsulated in the head of TCP, and in order for this data to be transmitted in the IP network, we also need an "envelope", so the data goes to the "network layer" of PC.

In this layer, the data is encapsulated with an IP header. In the IP header, the source and destination IP addresses are written. The source IP address is the IP:192.168.1.1 of PC, and the destination IP address is the IP:192.168.2.1 of Web Server.

Another important field in the IP packet header is the protocol number, where the value written is 6, which corresponds to the protocol encapsulated behind the IP header, that is, TCP. Well, with the IP header as an envelope, our data can be passed from source to destination in the IP network.

4)。 However, it is not enough to have envelopes, at least, we have to carry the letter link by link, instead of crossing directly from the source to the destination. It is not a Chinese time travel drama, so what should we do?

We also need a header of the 'data link layer', because this is the Ethernet environment and the Ethernet link, so the data from the upper layer is encapsulated with an Ethernet frame header, which is to enable PC to transmit this data to the gateway R1 (port F0max 0 of the same link).

Since the gateway address set by PC is 192.168.1.254, which is the IP address of R1's F0max 0 port, when accessing the IP of Web Server 192.168.2.1, which is a non-local network, PC has to turn to its gateway. Therefore, at the data link level, PC transfers the data to the gateway. It writes the source MAC', that is, its own MAC:00DD.F800.0001, in the encapsulated Ethernet header. At the same time, write 'destination MAC'', that is, the MAC:000.AAAA.0001 of router R1's F0amp0 port. Of course, if the PC does not have the MAC corresponding to the gateway IP at the moment, it will send an ARP message to request.

There is also an important field in the Ethernet frame header, which is the type field. The type field is used to describe what message is encapsulated behind the Ethernet frame header. The value written here is 0x0800, indicating that there is an IP message behind it.

5)。 After a lot of effort, layers of materials, finally, this data is finally ready for transmission, from PC to R1 on the same link, and a little closer to the destination, of course, in the process of data transmission, it is impossible to be as artistic as we pictured, it should be some electrified information, such as 1010101 god horse, forget it, anyway, this thing is transmitted to R1.

6)。 R1 F0Uniq0 received this thing, first restore it to a 'data frame', check the frame header, and find that the destination MAC' address is the MAC address of its F0Unipp0 port. I was so happy that I thought it was a love letter written to me, so I checked the type field and found that it was 0800. I knew that the upper layer was encapsulated with an IP packet, which stripped off the Ethernet frame header and handed over the IP message to the IP protocol stack for processing.

7)。 Next is the work of the 'network layer' of R1. He received the IP packet passed from the lower layer, checked the destination IP address of the IP packet, and found that the destination was 192.168.2.1. God damn it, it was not for me but for someone else, so there was no way. R1 took this address to look it up in its own map-routing table, and found a destination 192.168.2.0and24 network, and the exit was its own FA1/0 port. The next hop address is 192.168.12.2, which is R2.

8)。 It is found that the destination IP address of the packet is not its own R1, and the path to send the data to the destination is given to 192.168.12.2, which is closer to the destination. In order to compare the data to 192.168.12.2, which is also on the link, the data has to be re-encapsulated on the Ethernet frame header. This time, the source MAC' in the frame header is filled in the MAC address of the FA1/0 port of R1. And the destination MAC' is the MAC address of R2 'F0max 0 port:

9)。 The data is passed to R2 by R1:

10)。 After R2 receives this data, it first reverts to the data frame, and then looks at the frame header, and finds that the destination MAC' is its own MAC. It is also very happy to throw the data frame to the upper layer IP protocol for processing:

11)。 The result is the same. As soon as he looks at the 'destination IP' address' in the head of IP, the eraser class is not for himself, anyway, it's not for himself:

12)。 So look up the routing table and find that the destination IP' address 192.168.2.1 is an IP address in the network 192.168.2.0 and 24, which is directly connected to your FA1/0 port. It's easy to do, because it's someone on your doorstep. So it encapsulates the data in the Ethernet frame header, 'the source MAC' is the MAC address of its own FA1/0 port, and the destination MAC' is the MAC of Web Server. If there is no corresponding MAC of 192.168.2.1 of Web Server, similarly, send an ARP message to request:

13)。 The data is on its way and is passed to Web Server:

14)。 When we talk about macro analysis, we say that it has become micro. After receiving this data frame, Web Server looks at the frame header and says, 'destination MAC' is your own network card MAC, and the type field is 0800:

15)。 So the frame header is taken apart and the'IP message'in it is handed over to the IP protocol to be processed.

Then the IP protocol analyzes the IP packet, looks at the destination IP' address in the header, and finds that it is his network card IP that is not running. It is also found that the protocol number in the IP header is 6, indicating that the IP header contains a TCP message:

16)。 Knowing that a TCP message is wrapped behind the IP header, it strips off the IP header, takes out the TCP packet inside, and finds that the "destination port number" in the TCP header is 80, which is a port number well known to well-known:

17)。 The service corresponding to the port number 80 is HTTP. PC found that its port 80 happened to be open, and the HTTP service was working, so he took off the TCP head, revealing the payload inside. The little girl finally came out again and was finally handed over to the HTTP service.

In this way, a piece of data is eventually passed to the destination application. Of course, we still omitted a lot of details in the process. It is worth noting that the process of data communication is two-way, so PC sends data to Web Server, and in order to make the service interaction work normally, the data will return, so there is actually a data return process that we will no longer analyze here, and the principle is more or less the same.

On the problem of MAC address and IP address changing or not in the process of transmission

Original link: http://nanjingfm.blog.51cto.com/2121842/1179368

We may have noticed that during the transmission of the above packet, the MAC address has changed, but the IP address has not changed. Why?

In fact, the MAC address does not change during the transmission of the same broadcast domain and will change when it crosses the broadcast domain, while the IP address does not change during transmission (except for NAT).

First of all, we need to know that MAC addresses are used to communicate between devices on the same physical or logical layer 2 network, while layer 3 addresses (IP addresses) can communicate between multiple network devices.

If the MAC address is valid in the same broadcast domain, the MAC address must be changed if you go to another broadcast domain (network segment); the MAC address of the data frame in the same broadcast domain will not change, because all switches should know the MAC address of all hosts in that broadcast domain (if not, it will be learned through passive broadcast). Now that I know all the MAC addresses, when my switch receives the data frame, take a look at the destination MAC address, then check the MAC address table and leave it out of the corresponding interface.

The IP address is valid in the whole network, and the whole Internet network is equivalent to a big map. If you also know how to get all the IP addresses, the source IP' and destination IP' will not change during the transmission. When the router receives the packet, it checks the destination IP' address of the packet, then looks up the routing table (routing forwarding table), and chooses the appropriate interface to send it.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.

Views: 0

*The comments in the above article only represent the author's personal views and do not represent the views and positions of this website. If you have more insights, please feel free to contribute and share.

Share To

Network Security

Wechat

© 2024 shulou.com SLNews company. All rights reserved.

12
Report