Shulou(Shulou.com)06/02 Report--

Combing the knowledge points, there are two main transport layer protocols of TCP/IP protocol family.

TCP (Transmission Control Protocol) Transmission Control Protocol

UDP (User Datagram Protocol) user Datagram Protocol TCP is a connection-oriented and reliable process-to-process communication protocol TCP provides full-duplex service, that is, data can be transmitted in both directions at the same time for TCP message segments.

TCP groups several bytes into a packet, called Segment.

The length of the header of TCP message segment is 20,60 bytes.

TCP message segment is encapsulated in IP Datagram

Field meaning

Serial number: number each byte so that the receiver can reorganize correctly

Confirmation number: used to confirm the information of the sender

1. Tell the sender that all the data before the confirmation number has been received.

two。 The next data sequence number to be sent

Window size: used to indicate the number of segments that can be received locally. The window size is variable and represents the amount of data of the receiver (in bytes) for flow control.

SYN: synchronizes sequence number bits. Set this value to 1 when TCP needs to establish a connection.

ACK: confirm the sequence number bit, which is used to confirm the sender data when the bit is 1

FIN: set this location to 1 when TCP is disconnected

Port numbers: differentiating application

Source port number: the process that represents the sender

Destination port number: the process that represents the recipient

UDP protocol

Connectionless, unreliable transport protocol

The commonly used UDP port number and its functions with a small amount of expense

Port protocol specification

69 TFTP simple File transfer Protocol

111RPC remote procedure call

123 NTP Network time Protocol Network layer implements point-to-point communication transport layer to implement end-to-end communication (process-to-process) inverse mask: use 255.255.255.255 minus positive mask

The 0 in the anti-mask represents strict censorship

The 1 = in the inverse mask means to ignore the ACL about the standard

(1)。 Create and apply close to the target

(2)。 There is a rule at the end of the list that rejects all.

(3)。 The newly added rule is added to the end of the list

(4) Delete a rule = delete all summaries: standard ACL cannot arbitrarily edit important flag bits during a three-way handshake.

(1) syn=1,ACK=0

(2) syn=1,ACK=1

(3) syn=0,ACK=1TCP half-shutdown: because TCP is a full-duplex service

The header format of the UDP message

Source port number (16) destination port number (16)

UDP length (16) UDP checksum (16)

UDP length: used to indicate the total length of the UDP and add data to the header

Checksum: used for error checking of UDP data. It is the only reliable mechanism provided by the UDP protocol.

Access control list (ACL)

Read the header information of layer 3 and layer 4

Filter packets according to predefined rules in the direction in which access control lists are applied to the interface

Out: packets that have been processed by the router and are leaving the router interface

Incoming: packets that have arrived at the router interface will be processed by the router for standard access control lists

Filter packets based on source IP address

The access control list number of the standard access control list is 1x99 extended access control list

Filter packets based on source IP address, destination IP address, specified protocol, port, and flag

The access control list number of the extended access control list is 1000199 named access control list

Named access control lists allow the use of common TCP port numbers and their functions in standard and extended access control lists with names instead of table numbers

Create ACL

Router (config) # access-list access-list-number {permit | deny} source [source-wildcard] Delete ACL

Router (config) # no access-list access-list-number implied reject statement

Router (config) # access-list 1 deny 0.0.0.0 255.255.255.255 apply ACL to the interface

Router (config-if) # ip access-group access-list-number {in | out}

Cancel the application of ACL on the interface

Router (config-if) # no ip access-group access-list-number {in | out}

Check to see if there is ACL

Router# sh ip int f0/0

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.