Shulou(Shulou.com)05/31 Report--

This article will explain in detail how to analyze the network layer packets and data of TCP and IP. The content of the article is of high quality, so the editor shares it for you as a reference. I hope you will have a certain understanding of the relevant knowledge after reading this article.

Network layer related packets and data of TCP/IP

1) the encapsulation of IP packets: IPv4 has 32 bits and IPv6 has 128 bits. The maximum IP packet can be 65535bytes. Its structure is as follows:

Those who need additional explanation are:

Type of service: it is mainly divided into PPP, indicating the priority of this IP packet, which is rarely used at present; D, if 0 means general delay (delay), if 1 means low delay; T, if 0 means general transmission volume, if 1 means high transmission volume; R, if 0 means general reliability, if 1 means high reliability; UU: retention has not been used; taken together, the format is PPPDTRUU.

Flag: the format is DM, where D, if 0 means it can be segmented, if 1 means it cannot be segmented; M, if 0 means the IP is the last segment, and if 1 means not the last segment.

Segment offset: indicates the current position of this IP segment in the original IP packet. Small IP segments can be combined at the receiver end through TotalLength,Identification,Flags and Fragment Offset.

Time to Live: range 0-255. when an IP packet passes through a router, the TTL is reduced by one, and when the TTL is 0, the packet is discarded.

Protocol code: the meaning of each code is: 1gimp (InternetMessage Control); 2gmpg (Internet Group Management Protocol); 3gpg (Gateway-to-GatewayProtocol); 4pr (IP in IP encapsulation); 6pr (Transmission Control Protocol); 8g g p (ExteriorGateway Protocol); 17m UDP (Use Data Program).

Header check code: used to check the error check code of this IP header.

Destination address: destination IP address

Other parameters: additional options, including security handling mechanisms, routing records, timestamps, strict and loose source routing, etc.

Make-up project: because the content of Options is not necessarily big, but every data of IP must be 32bits, so if the data of Options is less than 32bits, there will be padding to make up.

2) composition and classification of IP addresses:

IP consists of network number and host number.

Same network domain (network segment): within the same physical network segment, the IP of the host has the same network number and independent host number. IP with host numbers all 0 and all 1 (broadcast address) is not available. If the hosts in the same network segment set the same domain IP range (non-repeatable), they can directly broadcast the network online in the area network through the function of CSMA/CD (that is, they can directly transfer data from the network card to the network card). Within the same physical network segment, if the two hosts are set to different IP segments, it is impossible to broadcast online because of the different broadcast addresses. At this point, you need to communicate through the router (router) in order to connect the two domains together.

IP rating: the entire IP is divided into five levels, as shown in the following figure:

Class D: generally used as a special function of multicast only (most commonly used in the network restore of a large number of computers).

Category E: keep unused network segments.

3) types and acquisition methods of IP

IP type: public IP, IP planned by InterNIC, this kind of IP can be connected to Internet; private (reserved) IP: IP that cannot be connected to Internet, is mainly used for online planning of hosts in the local area network.

Private IP classification: class A, 10.0.0.0percent 10.255.255.255.255, class B, 172.16.0.0percent 172.31.255.255, 192.168.0.0percent 192.168.255.255

Automatically obtain network parameters: in the local area network, there will be a host specially responsible for managing the network parameters of all computers. When other hosts start the network, they will actively request IP parameters from the service. If the relevant network parameters are obtained, the host will be able to set the network parameters given to you by all the servers themselves, so as to connect to Internet.

4) Netmask, subnet and CIDR (Classless Interdomain Routing)

Netmask: the IP address where the network number is all 1 and the host number is all 0.

Network: the first IP address of this network segment, that is, the network number is the network number, while the host number is all 0

Domain representation: Network and Netmask are often used to represent a domain. 192.168.0.0Universe 255.255.255.0 or 192.168.0.0Universe 24 (where 24 means the network number occupies 24 digits)

Classless inter-domain routing (classless inter-domain routing): borrowing network numbers as host numbers so that multiple domains can be written into one. This way of breaking the original IP representation is called classless inter-domain routing (which reduces routing information, thereby improving performance).

5) the concept of routing: when a host sends data to another host, the host looks at its own routing information and compares it with the destination address of the data. If the destination IP is found, it is sent to the specified machine, otherwise it is transmitted to the default gateway and then transmitted. Repeat this process until the data reaches its destination.

6) route [- n]: observe the instructions and parameters of the routing table

A)-n: displays the hostname as IP.

B) data display interpretation

The meaning of Destination:Network

Gateway: default gateway. 0.0.0.0 means no additional IP is required.

Genmask:Netmask

Flags: flag, U, indicates that the route is available; G, indicates that the network needs to be delivered via Gateway; H: represents that the line is routed as a host, not an entire network

Iface: the interface (interface) is the network card code.

7) ARP (Address Resolution Protocol, Network address Resolution Protocol), RARP (Revers ARP, reverse address Resolution Protocol).

8) arp [- nd]; arp-s hostname (IP) Hardware_address: get the data corresponding to IP/MAC in the local ARP table. Parameters:

A)-n: displayed in the form of host IP

B)-d: delete the hardware_address of hostname from the ARP table.

C)-s: set the MAC of an IP or hostname to ARP table (used to create a static ARP).

9) ICMP (Internet Control Message Protocol, Internet message Control Protocol): is an error detection and reporting mechanism, the most important function is to ensure the online status and correctness of our network. ICMP is also one of the important packets in the network layer, but this packet does not exist independently, but is included in the IP packet, that is to say, ICMP also transmits data through IP packets. Categories of ICMP that are more common in ICMP:

0:Echo Reply, which represents a response message

3:Destination Unreachable, indicating that the destination is unreachable

4:Source Quench (such aliases can be used to stop the sender from sending messages when the load of the router is too high)

5:Redirect, (used to redirect routing path information)

8:Echo Request, request response message

11:Time Exceeded for a Datagram, when a data packet causes a timeout in some routing phenomena, such an alias can tell the source that the packet has been ignored

12:Parameter Problem on a Datagram, when an ICMP packet repeats a previous error, replies the source host with a message about the parameter error.

13:Timestamp Request, which requires the other party to send a time message to calculate the routing time difference to meet the requirements of the synchronization protocol.

14:Timestamp Replay, this message is purely used in response to TImestamp Request

15:Information Request, before the application of the RARP protocol, this message is used to obtain network information at boot time.

16:Information Replay to respond to Information Request messages

17:Address Mask Request, this message is used to query subnet mask configuration information.

18:Address Mask Reply, in response to subnet mask query messages.

The ping and trcaceroute instructions can confirm and report the status of the network host through ICMP packets.

On how to analyze TCP and IP network layer-related packets and data sharing here, I hope the above content can be of some help to you, can learn more knowledge. If you think the article is good, you can share it for more people to see.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.