Shulou(Shulou.com)06/02 Report--

Functions of the network layer

Defines the logical address given to the IP protocol

Connect different media types

Choose the best path for data to pass through the network

1format of IP packet

Version: this field contains the version number of IP, 4bit. The current version of IP is 4 (i.e. IPv4). This version was formed in the early 1980s and now uses IPv4 in both local area networks and wide area networks. At present, the biggest problem facing IPv4 is the lack of IP address space. IPv6 to be used is the next version of IP, but it can not solve the problem of lack of IP addresses.

Header length (Header Length): this field is used to indicate the IP packet header length, 4bit. The IP packet header is as short as 20 bytes, but its length is variable, depending on the length of the option field.

Priority and type of service (Priority & Type of Service): this field is used to indicate the priority and type of service of the packet, 8bit. By dividing a certain priority in the packet, it is used to achieve the requirements of QoS (quality of Service).

Total length (Total Length): this field indicates the length of the entire IP packet, 16bit. The maximum length is 65,535 bytes, including packet headers and data.

Identifier (Identification): this field is used to represent the identifier of the IP packet, 16bit. When IP shards the upper data, it assigns a set of numbers to all the shards, and then puts these numbers into the identifier field to ensure that the shards will not be reorganized incorrectly. The identifier field is used to mark a packet so that the receiving node can reorganize the fragmented packet.

Flag (Flags): flag field, 3bit. Logos and fragments are used to convey information. For example, the current packet cannot be sliced (when the packet is sent from one Ethernet to another), or when a packet is sliced to indicate whether the last shard has been sent out in a series of shards.

Segment offset (Fragment Offset): this field is used to indicate the segment offset, 13bit. The information contained in the segment offset refers to how to reconnect the fragments in a fragment sequence.

TTL (Time to Live): this field is used to indicate the life cycle of an IP packet, 8bit. This field contains information that prevents a packet from being forwarded through the network indefinitely. The meaning of the TTL value is the maximum turnaround time that a packet can experience in the network before it is abandoned. Each router through which the packet passes checks the value in this field, and when the value of TTL is 0, the packet is discarded. TTL corresponds to the number of packets passing through the router. Each time a packet passes through a router, the TTL subtracts 1.

Protocol number (Protocol): protocol field, 8bit. This field is used to indicate which protocol is encapsulated in the IP packet, whether it is TCP or UDP,TCP. The protocol number of UDP is 6 and the protocol number is 17.

First checksum (Header Checksum): this field is used to indicate the checksum, 16bit. A checksum is a 16-bit error detection field. The destination host and each gateway in the network recalculate the checksum of the header, just as the source machine does. If the data has not been changed, the two calculations should be the same.

Source IP address (Source IP Address): this field is used to indicate the source address of the packet, 32bit. This is a network address, which refers to the network address of the device that sent the packet.

Destination IP address (Destination IP Address): this field is used to indicate the destination address of the packet, 32bit. This is also a network address, but refers to the network address of the receiving node.

Optional (Options): the option field is of variable length according to the actual situation, and there are several options that can be used with IP. For example, you can enter the time when the packet was created, and so on. After the option, there is the upper data.

2Jet ICMP protocol

The full name of ICMP Protocol (Internet Control Message Protocol) is "Internet Control message Protocol". It is mainly used to send control messages in IP network and provide feedback on various problems that may occur in the communication environment. Through these feedback messages, administrators can judge the problems that have occurred, and then take appropriate measures to solve them.

ICMP is an "error detection and feedback mechanism" that is encapsulated by IP packets to send error and control messages. The purpose is to enable administrators to grasp the connectivity of the network. When the router receives a packet that cannot be sent to the final destination, the router sends an ICMP host unreachable message to the source host.

Encapsulation of ICMP protocol

In the network, the use of ICMP protocol is realized by various commands. Let's take the ping command as an example to introduce the use of the ping command and the information returned. The basic format of the ping command is as follows.

C:\ > ping [- t] [- l bytes] [- a] [- I] IP_Address

If the target host cannot be accessed, it may be that the correct gateway is not configured.

The return message of ICMP is "host not found", which means that DNS cannot resolve.

The return message is "request timeout", indicating that the returned reply message was not received within the specified time. It could be caused by the firewall.

Ping-t: ping all the time

Ping-a: returns to display the host name of the other party

Ping-l: the size of the packet sent

3sparing ARP protocol

In the local area network, the switch communicates through the MAC address. In order to obtain the MAC address of the destination host, it is necessary to use the ARP protocol to resolve the destination IP address to the destination MAC address. Therefore, the basic function of ARP (Address Resolution Protocol, address Resolution Protocol) is to resolve a known IP address to a MAC address so that it can communicate through the MAC address on the switch.

ARP related commands

ARP*** and deception principle

The ARP***:*** host sends a false MAC address of the host to the gateway, and also sends a false gateway MAC address to the host.

ARP spoofing: * the host impersonates the MAC address of the target host to the gateway and the MAC address of the gateway to the target host

ARP deceives the host

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.