Do you know the IP protocol?

1. Write it at the front

The previous blog , The system of the whole network is generally introduced , There is one left IP agreement , Today we will introduce this IP agreement .

2. Functions of network layer and link layer

Network layer functions

• IP Addressing
• Route selection
• Package
• Fragmentation
• 

Data link layer functions

• Logical link control
• Media access control
• Encapsulate link layer frames
• MAC Addressing
• Error detection and processing
• Define physical layer standards
• 

Thin waist structure ：IP The core position of the network layer

Performance first IP layer

• There is no connection
• Unreliable
• No confirmation
• 

multicast ： Broadcast and multicast

• Global scope
• Within the organization
• Within the site
• Local link layer
• Native scope
• 

Routers and switches

• Routers working in the network layer
  • Devices connected to different networks
• Switches working in the data link layer
  • Devices connected to different hosts under the same network
• 

Network transmission example

3.IPv4 Classified address

Ease of use ：IPv4 A dotted decimal representation of an address

• 32 Bit binary number
• IP address space ：2^32 individual
• 

IP Address distribution agency

• Distributed layer by layer IP Address
• 

When Internet rules are very small , Category information is encoded in IP Address

classification IP Advantages of address

• Simple and clear
• have 3 Levels of flexibility
• Route selection （ Based on network address ） Simple
• 

classification IP The problem of addressing

• Lack of address flexibility in private networks ： There is no address hierarchy under the same network
• 3 Too few class address blocks , Can not be well matched with the real network
• 

4.CIDR No classified address

CIDR Subnet mask

CIDR

• Classless Inter-Domain Routing

Representation

• A.B.C.D/N,N Range [0, 32]

• 

• 

CIDR Example of subnet partition

• 71.94.0.0/15
  • Multi level subnet partition
  • 

208.130.29.33 Addressing history of

• MCI Assigned to 208.128.0.0/11
• MCI take 208.130.28.0/22 Assigned to ARS
• ARS take 208.130.29.0/22 Assigned to Public Servers Use
• www.freesoft.org Used 208.130.29.33 Address
• 

whole 0 Or all 1 The special meaning of

reserve IP Address （RFC1918）

5.IP Address and link address conversion ：ARP And RARP agreement

The link layer MAC Address

• Link layer address MAC（Media Access Control Address）
  • Realize direct transmission between local network devices
• Network layer address IP（Internet Protocol address）
  • Realize the transmission between large networks
• see MAC Address
  • Windows: ipconfig /all
  • Linux：ifconfig

2.5 Layer protocol ARP： from IP Look for the address MAC Address

• Dynamic address resolution protocol ARP（RFC826）
  • Address Resolution Protocol
• Dynamic address resolution ： radio broadcast
• 

2.5 Layer protocol ：ARP

1. Check the local cache

   • Windows: arp –a
   • Linux: arp –nv
   • Mac: arp -nla

2. Request in the form of broadcast

3. Unicast response

   

ARP Message format ：FrameType=0x0806

• Hardware type , Such as 1 Represents Ethernet
• Protocol type , Such as 0x0800 Express IPv4
• Hardware address length , Such as 6
• Protocol address length , Such as 4 Express IPv4
• opcode , Such as 1 To express a request ,2 To answer
• Sender hardware address
• Sender protocol address
• Target hardware address
• Target protocol address
• 

Hardware type and opcode

• Value of hardware type

• 

• Opcode value

• 

2.5 Layer protocol RARP： from MAC Find... In the address IP Address

Dynamic address resolution protocol RARP（RFC903）

• Reverse Address Resolution Protocol
• 

RARP workflow

1. Request in the form of broadcast

2. Unicast response

   

RARP Message format ：FrameType=0x8035

• Hardware type , Such as 1 Represents Ethernet
• Protocol type , Such as 0x0800 Express IPv4
• Hardware address length , Such as 6
• Protocol address length , Such as 4 Express IPv4
• opcode , Such as 3 To express a request ,4 To answer
• Sender hardware address
• Sender protocol address
• Target hardware address
• Target protocol address
• 

ARP cheating （ARP spoofing/poisoning）

6.NAT Address translation and LVS Load balancing

IPv4 There is a shortage of addresses

A few public networks IP VS A large number of hosts

NAT（IP Network Address Translator） The premise of application

• Intranet is mainly used for clients to access the Internet
• Only a few hosts access the Internet at the same time
• There is a router in the internal network that is responsible for accessing the external network

A one-way （ outward ） transformation NAT： Dynamic mapping

NAPT Port mapping ：Network Address Port Translation

two-way （ Inward ）NAT：IP Address static mapping

LVS（Linux Virtual Server）/NAT Working mode

NAT

advantage ：

• Shared public IP Address , Save money
• The public address is not involved when extending the host
• Replace ISP Service provider （ Replace the public network IP Address ）, Does not affect the host address
• Better security , External services cannot actively access intranet services
• Better isolation

shortcoming ：

• Network management is complex
• Performance degradation
• Modify the checksum again
• The client lacks a public network IP Result in loss of function
• Some application layer protocols have limited functions due to the transmission of network layer information

7.IP Routing Protocol

How to transmit IP message ？

• Direct transmission
• Local network indirect transmission
  • Internal routing protocol RIP OSPF
• Public network indirect transmission
  • External routing protocol BGP

Routing table routing table

RIP Internal routing protocol

Routing Information Protocol

• characteristic
  • Determine the route based on hops
  • UDP The protocol notifies neighboring routers of the routing table
• problem
  • Hop metric
  • Slow convergence
  • Route selection loop
  • 

OSPF Internal routing protocol

Open Shortest Path First

Multilevel topology ： Each router in the peer topology has the same data information （LSDB）

• Use it directly IP agreement （ Agreement No 0x06 by TCP,0x11 by UDP, and 0x59 by OSPF） Passing routing information
• 

OSPF Shortest path tree

• Only routers that reach the network have overhead
  • There is no overhead for the network to reach the router
• RC The shortest path tree of
• 

RC Construct the shortest path tree

1. first stage ：RC Direct equipment

   • N2：3
   • N3：6
   • RB：5

2. Level second ： interval 1 Skip equipment

   • after N2 To RA：3
   • after N3 To RD：6

3. Level third ： interval 2 Skip equipment

   • after N2、RA To N1：5
   • after N3、RD To N4：10

   

BGP：Border Gateway Protocol

• Routing protocol between networks

• Store information between networks RIB

  • Routing Information Base
  • TCP Protocol transfer RIB Information

• E(External)BGP

  • External peer transport uses

• I(Internal)BGP

  • Internal peer transport uses

  

Route tracking tool

• Windows: tracert
• Linux/Mac: traceroute
• 

8.MTU And IP Message fragmentation

IP Message format

• IHL： Head length , Unit character

• TL： Total length , Unit byte

• Id： Slice identification

• Flags： Slice control

  • DF by 1： Inseparable
  • MF by 1： Middle slice

• FO： Intra slice offset , Company 8 byte

• TTL： Router hop lifetime

• Protocol： Bearer protocol

• HC： The checksum

  

MTU（Maximum Transmission Unit） Fragmentation

• MTU Maximum transmission unit （ RFC791 ：>=576 byte ）
• ping command
  • -f： Set up DF Sign bit is 1
  • -l： Specify the length of data in the payload
• 

Common networks MTU

Multiple slices may occur

IP Slice example

• Slice main body
  • The source host
  • Router
• Reorganize the subject
  • Destination host
• 

9.IP Assistant to the agreement ：ICMP agreement

ICMP：Internet Control Message Protocol

• RFC792
• IP assistant
  • Inform of errors
  • Transmit information
• 

ICMP Form of agreement

Carried in IP above

Component fields

• type
• subtypes
• The checksum
• 

ICMPv4 Message type

Error message

• 3： Destination unreachable
• 4： There's congestion , Ask the sender to reduce the rate
• 5： Tell the host a better network path
• 11： Path exceeds TTL Limit
• 12： Other questions

Message

• 0： Response in connectivity test
• 8： Request in connectivity test
• 9： Routers announce their capabilities
• 10： Router notification request
• 13： Timestamp request
• 14： Timestamp response
• 17： Mask request
• 18： Mask reply
• 30：Traceroute

Destination unreachable message ：Type=3

Common subtypes Code

• 0： The network is not accessible
• 1： The host is not reachable
• 2： The agreement is not reachable
• 3： Port unreachable
• 4： It should be divided into pieces but DF by 1
• 10： Communication to a specific host is not allowed
• 13： Management is prohibited
• 

Echo And Echo Reply message

ping Connectivity test

TTL Transfinite ：Type=11

traceroute/tracert

10. Multicast and IGMP agreement

Broadcast and multicast

Broadcast address

• Ethernet address ： ff:ff:ff:ff:ff:ff
• IP Address
• 

Multicast IP Address

Reserved multicast address

• 224.0.0.1： All system groups within the subnet

• 224.0.0.2： All router groups in the subnet

• 224.0.1.1： be used for NTP Synchronous system clock

• 224.0.0.9： be used for RIP-2 agreement

• 

• 

Multicast Ethernet address

• Ethernet address ：01:00:5e:00:00:00 To 01:00:5e:7f:ff:ff
• low 23 position ： mapping IP Multicast address to Ethernet address
  • 224.0.0.22: 11100000 00000000 00000000 00010110
  • 01:00:5e:00:00:16: 0000001 00000000 01011110 00000000 00000000 00010110
• 

IGMP（Internet Group Management Protocol） agreement

Type type

• 0x11 Membership Query [RFC3376]
• 0x22 Version 3 Membership Report [RFC3376]
• 0x12 Version 1 Membership Report [RFC-1112]
• 0x16 Version 2 Membership Report [RFC-2236]
• 0x17 Version 2 Leave Group [RFC-2236]

0x22 Membership Report： Status change notification

Group Record Format

Record Type type

• current state
  • 1: MODE_IS_INCLUDE
  • 2: MODE_IS_EXCLUDE
• Filter mode change （ If you follow INCLUDE Yi Wei EXCLUDE）
  • 3: CHANGE_TO_INCLUDE
  • 4: CHANGE_TO_EXCLUDE
• Source address list changes （ The filtering mode also determines the status ）
  • 5: ALLOW_NEW_SOURCES
  • 6: BLOCK_OLD_SOURCES
• 

11. Supporting the interconnection of all things IPv6 Address

IPv6 Purpose

• Larger address space ：128 Bit length
• Better address space management
• Eliminated NAT And other addressing technologies
• Easier IP Configuration Management
• Excellent road selection design
• Better multicast support
• Security
• mobility

IPv6 The masked hexadecimal representation of an address

• The first zero is removed
• Zero compression
  • FF00:4501:0:0:0:0:0:32
    • FF00:4501::32
  • 805B:2D9D:DC28:0:0:FC57:0:0
    • 805B:2D9D:DC28::FC57:0:0
    • 805B:2D9D:DC28:0:0:FC57::
  • Loopback address 0:0:0:0:0:0:0:1
    • ::1

IPv6 Address distribution

Multicast under different scopes

Scope ID

• 14： Global scope

• 8： Organization scope

• 5： Field point scope

• 2： Local link scope

• 1： Native scope

• 

• 

Network address and host address

Global routing prefix ：48

• It can be arbitrarily divided into multiple levels

subnet ID：16

• It can be arbitrarily divided into multiple levels

Interface ID：64

• Direct mapping MAC Address

IEEE802 48 position MAC Address mapping host address （EUI-64）

• take OUI( Organization unique logo ) Left 24 The bit

• middle 16 Bit set to FFFE

• Set up OUI The first 7 Position as 1 Global representation

  

12.IPv6 Message and fragment

IP Head

IPv6 Main header format

• Version
• Traffic Class
  • TOS
• Flow Label：QOS control
• Payload Length
  • Total Length
• Next Header
• HopLimit
  • TTL
• Delete field
  • IHL
  • Identification, Flags, Fragment Offset
  • Header Checksum

IPv6 Message format

• 40 Byte main header
• Optional extension header
• data
• 

IPv6 Head chain

Fragment expansion header

• Fragment Offset
  • Company 8 byte
• MoreFragments
  • 0 It means the last fragment
  • 1 Means not the last fragment
• identification
  • Expand IPv4 Same head to 4 byte

IPv6 The fragmentation of

• Indivisible part
  • Main head
• Partially extended header
  • Divisible part
• data
  • Partially extended header

13. from wireshark Find rules in message statistics

collocation “ Display filter ” Use

Statistical method

• Overall message distribution ： Capture file attributes and packet length distribution
• Endpoint statistics and session statistics
• Protocol hierarchical statistics
• HTTP/HTTP2 And other application layer protocols
• TCP Protocol connection statistics
• IO Flow statistics and data flow statistics

Overall message distribution

Capture file properties

• when： When to grab the bag
• where： Which one? IP The interface is capturing packets
• how： Capture what the filter is ？
• how much： How many messages ？ How many bytes ？ How fast ？

Message length distribution ： Information transmission efficiency

• Distribution of messages of various lengths

Protocol hierarchical statistics （ With display filter ）

• Number of groups / Percentage of bytes （ Same layer ）
• Absolute number of groups / Number of bytes
• rate （ The bit / second ）
• Protocol message statistics
  • end “ grouping ”
  • End byte
  • End rate

Endpoint statistics / Conversation Statistics

• OSI Statistics at different levels
  • Data link layer （ Resolve the name ：MAC/IP/PORT）
    • Communication parties / Single endpoint 、 Number of groups 、 Number of bytes 、 Message direction 、 rate 、 The duration of the
  • The network layer
  • Transport layer
    • UDP/TCP, Port Statistics
• Quickly apply filters and shading rules

HTTP/HTTP2 Statistics

• HTTP
  • Grouping statistics ： Request method and response code statistics
  • request ： be based on Host and URI Statistics
  • Load balancing ： be based on IP And Host Statistics
  • Request sequence ： Request the same Domain Under the URI Statistics
• HTTP2
  • Frame type statistics

TCP Connection information statistics

• be based on TCP Connection characteristic statistics , Switchable direction
  • RTT Time
  • throughput
  • Window size
  • Serial number

IO Charts and data flow statistics

• IO Chart
  • Draw different colors 、 All kinds of （ Broken line 、 Square 、 spot ） chart
  • Take time for X Axis （ Selectable time interval ）
  • The message information under the filter can be set as Y Axis
  • Number of messages 、 Number of bytes 、 Statistical function
• Data flow
  • Optionally based on display filters , Display the data flow between each end

expert system

• Error： error message , Include Wireshark Parsing failure information
• Warning： Abnormal warning information
  • RST Reset off 、TCP The window closed 、TCP Out of sequence message, etc
• Note： Abnormal communication message in normal communication
  • TCP repeat ACK、TCP Retransmission message 、Keepalive、TLS Reuse key 、 Zero window probe, etc
• Chat： Basic information of communication

14. At the end

This blog mainly introduces IP agreement , So far, the whole network protocol has been introduced .