computer network 1 tcp/ip
TRANSCRIPT
I. TCP/IP and Protocols
Felix Lin
Computer Network
Agenda
• Warm Up• IP• ARP/RARP• ICMP• TCP • UDP• Debug Tools• Protocols • RFCs
希望我大學畢業就學會的事• 思考• 問對問題• 國際觀• 吸收新知 (Ex: TED)• 學習模式
那些年我們一起睡的計概
OSI Model DOD Model
Application Layer
Presentation Layer
Session Layer
Transport Layer
Network Layer
Data Link Layer
Physical Layer
Application Layer
Transport Layer
Internet Layer
Network Access Layer
那些年我們一起睡的計概
OSI Model TCP/IP over Ethernet
Application Layer
Presentation Layer
Session Layer
Transport Layer
Network Layer
Data Link Layer
Physical Layer
HTTP, SMTP, FTP, Telnet, …
Type of Data, Encrypt/Decrypt
Ports
TCP/UDP
IP
MAC, LLC, …
Cable, Cat5e, …
Mapping
Ethernet Frame Format
PreambleDestination
MAC Address
Type DATA FCS
Length 8 6 6 2 46-1500 4Source MAC
Address
目標 MAC AddressEx:
00:09:2D:AA:BB:CC,
28-D2-44-16-3C-6F
MAC Address又稱硬體位址 (H/W Address)
或實體位址 (Physical Address)6 Byte ID
OUI(3) + NIC Specific(3)OUI List
來源 MAC AddressEx:
00:09:2D:AA:BB:CC,
28-D2-44-16-3C-6F
Ethernet TypeEtherType
資料類型Ex: 0x0800 = IPv4
0x8100 = VLAN
Ethernet Frame Format
PreambleDestination
MAC Address
Type DATA FCS
Length 8 6 6 2 46-1500 4Source MAC
Address
MAC Address又稱硬體位址 (H/W Address)
或實體位址 (Physical Address)6 Byte ID
OUI(3) + NIC Specific(3)OUI List
資料內容,依據Type 不同而影響內
容。長度不定
Frame Check Sequence使用 CRC32
(Cyclic redundancy check 32bit)
循環冗餘校驗
Agenda
• OSI model• IP• ARP/RARP• ICMP• TCP • UDP• Debug Tools• Protocols • RFCs
Internet Protocol
• 網際網路協議• 將資料切割後封裝為 IP 訊框格式傳送• 非連接性 (Connectionless)• 不可靠性 (Unreliable)• 主要仍以 IPv4 為主流, IPv6 仍在建置• IPv4 RFC791; IPv6 RFC2460
Reversed Address ListRange Description Reference
0.0.0.0/8Current network (only valid as source address)
RFC 5735
10.0.0.0/8172.16.0.0/12192.168.0.0/16
Private network RFC 1918
100.64.0.0/10 Shared Address Space RFC 6598
127.0.0.0/8 Loopback RFC 5735
169.254.0.0/16 Link-local RFC 3927
192.0.0.0/24 IETF Protocol Assignments RFC 5735
224.0.0.0/4 IP multicast RFC 5771
255.255.255.255 Broadcast RFC 919
IPv4 Frame Format
Version IHL ToS/DSCP Total Length
Identification Flags Fragment Offset(13)
Time To Live Protocol Header Checksum
Source IP Address
Destination IP Address
Data
8 16 24 32
0
4
8
12
16
20……
IPv4 Frame Format
Version IHL ToS/DSCP Total Length
4 8 16 32
IP 版本通常為 0x4 (IPv4)
Internet Header Length 表頭長度
通常為 0x1A (20 Byte)
Type of Service / DiffServ Code
Point用以區分封包遞送的
優先權
IP 封包總長度( 不含 Ether
Header)
TOS
0 1 2 3 4 5 6 7
Precedence Type of Service
DSCP
0 1 2 3 4 5 6 7
DS field ECN field
IPv4 Frame Format
Identification Flags Fragment Offset(13)
16 19 32
封包 ID可做為判斷封包先後
順序與重組的依據
旗標Bit0: always 0Bit1: DF(dont
Fragment)Bit2:MF(more Fragment)
封包切割位移一般情況為 0
當大封包被切割後將會被標上序列號碼
IPv4 Frame Format 8 16 32
TTL 存活時間每經過一個 HOP 則減一,為 0 時則丟棄
此封包
協定 (wiki)0x01 ICMP0x02 IGMP0x06 TCP0x11 UDP0x59 OSPF
…
Checksum 16
Time To Live Protocol Header Checksum
IPv4 Frame Format 32
目標 IP 位置Ex: 192.168.1.254
0xC0 0xA8 0x01 0xFE
Source IP Address
Destination IP Address
來源 IP 位置Ex: 192.168.1.9
0xC0 0xA8 0x01 0x09
Routing Schemes
• Unicast• Broadcast• Multicast
IP Segment
• 不須經過路由器或是網關即可到達• 子網域遮罩 (Subnet Mask) 相同• Network ID 相同• Host ID 不同• IP AND Subnet Mask 必相同• IP OR Subnet Mask 必不同
藍老師有交代…何謂相同 Segment?
判定以下是否為同一網段A. 192.168.1.9/24 & 192.168.1.254/24B. 10.20.124.96/8 & 10.30.124.96/8C. 192.168.1.2/23 & 192.168.2.7/23D. 192.168.1.129/25 & 192.168.1.200/25E. 192.168.1.1/30 & 192.168.1.3/30F. 10.20.65.40/18 & 10.20.64.50/18G. 10.193.17.23/10 & 10.254.11.33/10H. 192.168.1.9/24 & 192.168.1.254/25
Agenda
• OSI model• IP• ARP/RARP• ICMP• TCP • UDP• Debug Tools• Protocols • RFCs
ARP/RARP
• Address Resolution Protocol– 位址解析協定– 由 ( 他人 ) IP 位址反查硬體位址 (MAC Address)– RFC826
• Reverse Address Resolution Protocol– 反向位址解析協定– 由 ( 自己 ) 硬體位址 (MAC Address) 查詢 IP 位址– RFC903
ARP/RARP Frame Format
Hardware Type Protocol Type
PLEN Operation
Sender H/W Address (0~3)
Sender H/W Address (4~5)
Sender IP Address (2~3)
8 16 24 32
0
4
8
12
16
20
24
HLEN
Sender IP Address (0~1)
Target H/W Address (0~1)
Target H/W Address (2~5)
Target IP Address (0~3)
ARP/RARP Frame Format
Hardware Type Protocol Type
PLEN Operation
Sender H/W Address (0~3)
Sender H/W Address (4~5)
Sender IP Address (2~3)
8 16 24 32
0
4
8
12
16
20
24
HLEN
Sender IP Address (0~1)
Target H/W Address (0~1)
Target H/W Address (2~5)
Target IP Address (0~3)
硬體類型通常為 0x1 (Ethernet)
協定類型通常為 0x0800
(IP)
Hardware Length硬體位址長度
通常為 0x6 (MAC)
Protocol Length協定位址長度
通常為 0x4 (IP)
運作模式0x1 ARP Request
0x2 ARP Reply0x3 RARP Request
0x4 RARP Reply
ARP/RARP Frame Format
Hardware Type Protocol Type
PLEN Operation
Sender H/W Address (0~3)
Sender H/W Address (4~5)
Sender IP Address (2~3)
8 16 24 32
0
4
8
12
16
20
24
HLEN
Sender IP Address (0~1)
Target H/W Address (0~1)
Target H/W Address (2~5)
Target IP Address (0~3)
發送端硬體位址(MAC Address) 發送端 IP 位址
目標硬體位址未知為 0x00
目標 IP 位址
ARP Table
• IP – MAC 對應表• 可分為動態與靜態• 靜態通常自路由表 (Routing Table) 取得• 封包傳遞過程中會將來源的 MAC address 自動
加入 ARP Table ( 動態 ) ,作為 cache• 一段時間過後 (default 10min) 沒用到的 MAC
Address 將自動從 ARP Table 移除• Command– Windows: arp– Linux: arp
ARP Command
Agenda
• OSI model• IP• ARP/RARP• ICMP• TCP • UDP• Debug Tools• Protocols • RFCs
ICMP
• Internet Control Message Protocol• 網路控制訊息協定• 錯誤偵測與回報機制– 偵測遠端主機是否存在。 – 建立及維護路由資料。 – 重導資料傳送路徑。 – 資料流量控制。
• Over IP• RFC792
ICMP Frame Format
Code Checksum
Identifier
8 16 24 32
Type
Sequence Number
Optional Data
ICMP 類別訊息代碼 Checksum 16
0
4
8
List of Type and Code
Type Code Description0 - Echo Reply 0 echo 響應 ( 被程序 ping使用 )
3 - 目的地不可到達
0 目標網路不可達1 目標主機不可達2 目標協議不可達3 目標埠不可達
4 - Source Quench 0 Source quench (congestion control)
8 - Echo Request 0 Echo 請求13 - Timestamp 0 時間戳14 - Timestamp Reply 0 時間戳響應30 - Traceroute 0 信息請求
Agenda
• OSI model• IP• ARP/RARP• ICMP• TCP • UDP• Debug Tools• Protocols • RFCs
TCP
• Transmission Control Protocol• 傳輸控制協定• 連接性 (connection)• 可靠性 (reliable)• 三向交握 (three-way handshake)• 封包可為非連續• Over IP TCP/IP• RFC793
TCP Frame Format
Destination Port
Data Offset
Control Flags (9) Window Size
Checksum 16
Options
4 8 16 32
0
4
8
12
16
20……
Source Port
Sequence Number
Acknowledgment Number
Reserved
Urgent Point
Control Flags
• Finish this session – 結束封包• Sync sequence number – 連線建立封包• Reset connection – 連線重置封包• Push function – 此封包須立即傳送• Acknowledgement – 回應封包• Urgent – 緊急封包• ECN(Explicit Congestion Notification, 明確擁塞通知 )
Echo – RFC3168• CWR(Congestion Window Reduced) – RFC3168• NS(ECN-nonce concealment protection) – RFC3540
NS
CWR
ECE
URG
ACK
PSH
RST
SYN
FIN
List of TCP Port
Port Description20 FTP data transfer
21 FTP control
22 SSH (Secure Shell)
23 Telnet
25 SMTP(Simple Mail Transfer Protocol)
53 DNS (Domain Name System)
67 DHCP (Dynamic Host Configuration Protocol) Server
68 DHCP (Dynamic Host Configuration Protocol) Client
80 HTTP (Hypertext Transfer Protocol)
110 POP3 (Post Office Protocol v3)
3389 Microsoft Terminal Server(RDP) wiki
Three-way Handshake
Client
ServerSYN,
Sequence=x
SYN+ACK, sequence=y,
Acknowledgment=x+1
ACK, sequence=x+1, Acknowledgment=y+1
Session Timeline
Status DescriptionStatus Description
CLOSED 連線未開啟LISTEN Server 端開啟連線,等待 SYN
SYN-SENT 已傳送 SYN ,等待 ACK
SYN-RCVD 已傳送 SYN+ACK ,等待 ACK
ESTABLISHED 已建立連線,進行資料傳輸。FIN-WAIT-1 已傳送第一個 FIN ,等待 ACK
FIN-WAIT-2 已接收第一個 FIN ,等待 ACK
CLOSE-WAIT 已接收第一個 FIN 且回傳 ACK ,等待應用程式關閉。TIME-WAIT 已接收第二個 FIN 且回傳 ACK ,等待 2MSL 時間到。LAST-ACK 已傳送第二個 ACK ,等待 ACK 。CLOSING 雙方同時關閉。
Status Transition Diagram
Netstat
Sliding Window
1 2 3 4 5
1 2 3 4 5
6 7
6 7
1 2 3 4 5 6 7
8
8
8
1 2 3 4 5 6 7 8
Send 3 Packets
Send 2 Packets
Receive 2 ACKs
Send 2 Packets,Receive 2 ACKs
Sliding Window(Cont.)
1 2 3 4 5
1 2 3 4 5
6 7
6 7
1 2 3 4 5 6 7
8
8
8
1 2 3 4 5 6 7 8
Send 3 Packets
Send 2 PacketsReceive 2 ACKs
Send 2 PacketsReceive 2 ACKsSend 2 Packets,Receive 1 ACKs
9
9
9
9
Agenda
• OSI model• IP• ARP/RARP• ICMP• TCP • UDP• Debug Tools• Protocols • RFCs
UDP
• User Datagram Protocol• 用戶數據包協定• 非連接性 (connectionless)• 不可靠性 (unreliable)• 封包必須為連續• 通常用於具時效性封包 (stream, trap)• 易於通過 NAT• RFC768
UDP Frame Format
Destination Port
Checksum 16
16 32
0
4
Source Port
Length
List of UDP Port
Port Description
53 Domain Name System (DNS)
67 Dynamic Host Configuration Protocol DHCP (Server)
68 Dynamic Host Configuration Protocol DHCP (Client)
69 Trivial File Transfer Protocol (TFTP)
123 Network Time Protocol (NTP)
161 Simple Network Management Protocol (SNMP)
162 Simple Network Management Protocol Trap (SNMP Trap)
514 Syslog
520 Routing Information Protocol (RIP) wiki
Agenda
• OSI model• IP• ARP/RARP• ICMP• TCP • UDP• Debug Tools• Protocols • RFCs
Debug Tools
• Ping• Traceroute• Wireshark/sniffer
Ping(Windows)
Ping(Unix/Linux)
Trace Route (Windows)
Trace Route (Unix/Linux)
Wireshark
Agenda
• OSI model• IP• ARP/RARP• ICMP• TCP • UDP• Debug Tools• Protocols• RFCs
Protocols
• DHCP• DNS• HTTP• FTP/TFTP• TELNET/SSH
DHCP
• Dynamic Host Configuration Protocol• 動態主機設定協定• 管理與分配區域網路內裝置的 IP• 具有網管之區域網路皆使用 DHCP• 由 BOOTP(Bootstrap Protocol) 轉變而來• RFC2131
DHCP Frame Format
HLEN
CHADDR (Client Hardware Address)
8 16 24 32
0
4
8
12
16
20
24…48
OP
XID
CIADDR (Client IP Address)
HTYPE HOPS
YIADDR (Your IP Address)
GIADDR (Gateway IP Address)
CHADDR (Client Hardware Address) …
…
options
DHCP Sessions
Client
ServerDHCP DISCOVER
DHCP OFFER
DHCP REQUEST
DHCP ACK
DNS
• Domain Name Server• 網域名稱系統• TCP port 80• 主要用以紀錄名稱與 IP 位址的對應• DNS Server 若失效將造成網路無法外連• RFC1034
HTTP
• Hypertext Transfer Protocol• 超文字傳輸協議• TCP port 80• HTTP/1.1
– OPTIONS, HEAD, GET, POST, PUT, DELETE, TRACE, CONNECT
• Status Code – 1xx Message, 2xx Success, 3xx Redirection, 4xx Request Error, 5xx Server Error– 200 OK– 400 Bed Request– 401 Unauthorized– 404 Not Found– 502 Bad Gateway
FTP/TFTP
• File Transfer Protocol/Trivial File Transfer Protocol
• 文件傳輸協議 /小型文件傳輸協議• 提供檔案傳輸、共享• TCP port 21,20/UDP port 69• 可靠性、非加密• RFC 959/2347
TELNET/SSH
• 虛擬裝端機連線• 文字導向互動式操作介面 , CLI• Terminal/Console/BBS• TCP Port 23/22• Telnet 未加密 /SSH 有加密• RFC 139, 854, 2941, … / 4250, 4251,
…
Agenda
• OSI model• IP• ARP/RARP• ICMP• TCP • UDP• Debug Tools• Protocols• RFCs
RFC
• Request For Comments (徵求意見書 )• 由 IETF(Internet Engineering Task
Force) 組織發行• 成為標準前的草案• 以序列數字編號,如 RFC791, RFC1213• Open and free
Reference
• TCP/IP Protocol Suite, 3/e, Behrouz Forouzan, 全華 (*)• TCP/IP 最佳入門實用書 , 蕭文龍 , 碁峯 (*)• TCP/IP Illustrated, Vol. 1, Vol. 2, Vol.3 W. Richard
Stevens• 區域網路與高速網路 , 黃能富 , 維科 (*)• 最新網路概論 , 施銘威研究室 , 旗標• Study area -
http://www.study-area.org/network/networkfr1.htm• 鳥哥 - http://linux.vbird.org/• Wiki - http://
en.wikipedia.org/wiki/Transmission_Control_Protocol• RFC - http://www.faqs.org/rfcs/