TCP/IP Protocol
1. 局域网上运行 HTTP 的两台主机
2. TCP/IP 协议族中不同层次的协议
3. 五类互联网地址
4. 数据进入协议栈时的封装过程
5. IEEE 802.2/802.3 (RFC 1042) 和以太网的封装格式 (RFC 894)
5.1. SLIP 报文的封装
5.2. PPP 数据帧的格式
6. 环回接口处理 IP 数据报的过程
7. IP 数据报格式及首部各字段
8. 用于以太网的 ARP/RARP 请求或应答分组格式
9. ICMP 报文封装在 IP 数据报内部
9.1. ICMP 地址掩码请求和应答报文
9.2. ICMP 不可达差错
10. IP 层工作流程
11. RIP 路由信息协议
12. 单播, 多播, 广播
-
单播
$ ip a s 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 scope host lo valid_lft forever preferred_lft forever inet6 ::1/128 scope host valid_lft forever preferred_lft forever 2: ens32: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000 link/ether 00:0c:29:8c:df:3f brd ff:ff:ff:ff:ff:ff inet 192.168.91.128/24 brd 192.168.91.255 scope global dynamic ens32 valid_lft 1489sec preferred_lft 1489sec inet6 fe80::20c:29ff:fe8c:df3f/64 scope link valid_lft forever preferred_lft forever $ /sbin/arp Address HWtype HWaddress Flags Mask Iface 192.168.91.254 ether 00:50:56:ed:bf:01 C ens32 192.168.91.2 ether 00:50:56:ee:e2:ae C ens32 192.168.91.1 ether 00:50:56:c0:00:08 C ens32 $ ip ro s default via 192.168.91.2 dev ens32 192.168.91.0/24 dev ens32 proto kernel scope link src 192.168.91.128$ ping -c 1 192.168.91.2 PING 192.168.91.2 (192.168.91.2) 56(84) bytes of data. 64 bytes from 192.168.91.2: icmp_seq=1 ttl=128 time=0.367 ms --- 192.168.91.2 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.367/0.367/0.367/0.000 ms18:26:04.627111 00:0c:29:8c:df:3f > 00:50:56:ee:e2:ae, ethertype IPv4 (0x0800), length 98: (tos 0x0, ttl 64, id 40409, offset 0, flags [DF], proto ICMP (1), length 84) 192.168.91.128 > 192.168.91.2: ICMP echo request, id 3129, seq 1, length 64 18:26:04.627456 00:50:56:ee:e2:ae > 00:0c:29:8c:df:3f, ethertype IPv4 (0x0800), length 98: (tos 0x0, ttl 128, id 12349, offset 0, flags [none], proto ICMP (1), length 84) 192.168.91.2 > 192.168.91.128: ICMP echo reply, id 3129, seq 1, length 64 -
广播
$ ip -4 a s ens32 2: ens32: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000 inet 192.168.91.128/24 brd 192.168.91.255 scope global ens32 valid_lft forever preferred_lft forever $ ping -c 4 -b 255.255.255.255 WARNING: pinging broadcast address PING 255.255.255.255 (255.255.255.255) 56(84) bytes of data. 64 bytes from 192.168.91.137: icmp_seq=1 ttl=64 time=0.253 ms 64 bytes from 192.168.91.2: icmp_seq=1 ttl=128 time=0.268 ms (DUP!) 64 bytes from 192.168.91.2: icmp_seq=2 ttl=128 time=0.237 ms 64 bytes from 192.168.91.137: icmp_seq=2 ttl=64 time=0.511 ms (DUP!) 64 bytes from 192.168.91.2: icmp_seq=3 ttl=128 time=0.305 ms 64 bytes from 192.168.91.137: icmp_seq=3 ttl=64 time=0.473 ms (DUP!) 64 bytes from 192.168.91.2: icmp_seq=4 ttl=128 time=0.323 ms --- 255.255.255.255 ping statistics --- 4 packets transmitted, 4 received, +3 duplicates, 0% packet loss, time 20ms rtt min/avg/max/mdev = 0.237/0.338/0.511/0.103 ms$ ip -4 a s ens32 2: ens32: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000 inet 192.168.91.128/24 brd 192.168.91.255 scope global ens32 valid_lft forever preferred_lft forever $ tcpdump -envv icmp tcpdump: listening on ens32, link-type EN10MB (Ethernet), capture size 262144 bytes 15:53:11.351131 00:0c:29:8c:df:3f > ff:ff:ff:ff:ff:ff, ethertype IPv4 (0x0800), length 98: (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto ICMP (1), length 84) 192.168.91.128 > 255.255.255.255: ICMP echo request, id 2421, seq 1, length 64 15:53:11.351348 00:50:56:f9:5e:df > 00:0c:29:8c:df:49, ethertype IPv4 (0x0800), length 98: (tos 0x0, ttl 128, id 2253, offset 0, flags [none], proto ICMP (1), length 84) 192.168.91.2 > 192.168.91.128: ICMP echo reply, id 2421, seq 1, length 64 15:53:11.351349 00:0c:29:85:26:07 > 00:0c:29:8c:df:3f, ethertype IPv4 (0x0800), length 98: (tos 0x0, ttl 64, id 49829, offset 0, flags [none], proto ICMP (1), length 84) 192.168.91.137 > 192.168.91.128: ICMP echo reply, id 2421, seq 1, length 64 15:53:12.362377 00:0c:29:8c:df:3f > ff:ff:ff:ff:ff:ff, ethertype IPv4 (0x0800), length 98: (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto ICMP (1), length 84) 192.168.91.128 > 255.255.255.255: ICMP echo request, id 2421, seq 2, length 64 15:53:12.362573 00:50:56:f9:5e:df > 00:0c:29:8c:df:3f, ethertype IPv4 (0x0800), length 98: (tos 0x0, ttl 128, id 2254, offset 0, flags [none], proto ICMP (1), length 84) 192.168.91.2 > 192.168.91.128: ICMP echo reply, id 2421, seq 2, length 64 15:53:12.362847 00:0c:29:85:26:07 > 00:0c:29:8c:df:3f, ethertype IPv4 (0x0800), length 98: (tos 0x0, ttl 64, id 49979, offset 0, flags [none], proto ICMP (1), length 84) 192.168.91.137 > 192.168.91.128: ICMP echo reply, id 2421, seq 2, length 64 15:53:13.364595 00:0c:29:8c:df:3f > ff:ff:ff:ff:ff:ff, ethertype IPv4 (0x0800), length 98: (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto ICMP (1), length 84) 192.168.91.128 > 255.255.255.255: ICMP echo request, id 2421, seq 3, length 64 15:53:13.364863 00:50:56:f9:5e:df > 00:0c:29:8c:df:3f, ethertype IPv4 (0x0800), length 98: (tos 0x0, ttl 128, id 2255, offset 0, flags [none], proto ICMP (1), length 84) 192.168.91.2 > 192.168.91.128: ICMP echo reply, id 2421, seq 3, length 64 15:53:13.365031 00:0c:29:85:26:07 > 00:0c:29:8c:df:3f, ethertype IPv4 (0x0800), length 98: (tos 0x0, ttl 64, id 50166, offset 0, flags [none], proto ICMP (1), length 84) 192.168.91.137 > 192.168.91.128: ICMP echo reply, id 2421, seq 3, length 64 15:53:14.368610 00:0c:29:8c:df:3f > ff:ff:ff:ff:ff:ff, ethertype IPv4 (0x0800), length 98: (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto ICMP (1), length 84) 192.168.91.128 > 255.255.255.255: ICMP echo request, id 2421, seq 4, length 64 15:53:14.368894 00:50:56:f9:5e:df > 00:0c:29:8c:df:3f, ethertype IPv4 (0x0800), length 98: (tos 0x0, ttl 128, id 2256, offset 0, flags [none], proto ICMP (1), length 84) 192.168.91.2 > 192.168.91.128: ICMP echo reply, id 2421, seq 4, length 64 15:53:14.369077 00:0c:29:85:26:07 > 00:0c:29:8c:df:3f, ethertype IPv4 (0x0800), length 98: (tos 0x0, ttl 64, id 50192, offset 0, flags [none], proto ICMP (1), length 84) 192.168.91.137 > 192.168.91.128: ICMP echo reply, id 2421, seq 4, length 64$ ip -4 a show ens32 2: ens32: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000 inet 192.168.91.137/24 brd 192.168.91.255 scope global dynamic ens32 valid_lft 1279sec preferred_lft 1279sec $ sysctl net.ipv4.icmp_echo_ignore_broadcasts=0 net.ipv4.icmp_echo_ignore_broadcasts = 0 $ tcpdump -envv icmp tcpdump: listening on ens32, link-type EN10MB (Ethernet), capture size 262144 bytes 15:53:11.354403 00:0c:29:8c:df:3f > ff:ff:ff:ff:ff:ff, ethertype IPv4 (0x0800), length 98: (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto ICMP (1), length 84) 192.168.91.128 > 255.255.255.255: ICMP echo request, id 2421, seq 1, length 64 15:53:11.354451 00:0c:29:85:26:07 > 00:0c:29:8c:df:3f, ethertype IPv4 (0x0800), length 98: (tos 0x0, ttl 64, id 49829, offset 0, flags [none], proto ICMP (1), length 84) 192.168.91.137 > 192.168.91.128: ICMP echo reply, id 2421, seq 1, length 64 15:53:11.354483 00:50:56:f9:5e:df > 00:0c:29:8c:df:49, ethertype IPv4 (0x0800), length 98: (tos 0x0, ttl 128, id 2253, offset 0, flags [none], proto ICMP (1), length 84) 192.168.91.2 > 192.168.91.128: ICMP echo reply, id 2421, seq 1, length 64 15:53:12.365702 00:0c:29:8c:df:3f > ff:ff:ff:ff:ff:ff, ethertype IPv4 (0x0800), length 98: (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto ICMP (1), length 84) 192.168.91.128 > 255.255.255.255: ICMP echo request, id 2421, seq 2, length 64 15:53:12.365797 00:0c:29:85:26:07 > 00:0c:29:8c:df:3f, ethertype IPv4 (0x0800), length 98: (tos 0x0, ttl 64, id 49979, offset 0, flags [none], proto ICMP (1), length 84) 192.168.91.137 > 192.168.91.128: ICMP echo reply, id 2421, seq 2, length 64 15:53:12.365854 00:50:56:f9:5e:df > 00:0c:29:8c:df:3f, ethertype IPv4 (0x0800), length 98: (tos 0x0, ttl 128, id 2254, offset 0, flags [none], proto ICMP (1), length 84) 192.168.91.2 > 192.168.91.128: ICMP echo reply, id 2421, seq 2, length 64 15:53:13.367964 00:0c:29:8c:df:3f > ff:ff:ff:ff:ff:ff, ethertype IPv4 (0x0800), length 98: (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto ICMP (1), length 84) 192.168.91.128 > 255.255.255.255: ICMP echo request, id 2421, seq 3, length 64 15:53:13.368029 00:0c:29:85:26:07 > 00:0c:29:8c:df:3f, ethertype IPv4 (0x0800), length 98: (tos 0x0, ttl 64, id 50166, offset 0, flags [none], proto ICMP (1), length 84) 192.168.91.137 > 192.168.91.128: ICMP echo reply, id 2421, seq 3, length 64 15:53:13.368116 00:50:56:f9:5e:df > 00:0c:29:8c:df:3f, ethertype IPv4 (0x0800), length 98: (tos 0x0, ttl 128, id 2255, offset 0, flags [none], proto ICMP (1), length 84) 192.168.91.2 > 192.168.91.128: ICMP echo reply, id 2421, seq 3, length 64 15:53:14.371990 00:0c:29:8c:df:3f > ff:ff:ff:ff:ff:ff, ethertype IPv4 (0x0800), length 98: (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto ICMP (1), length 84) 192.168.91.128 > 255.255.255.255: ICMP echo request, id 2421, seq 4, length 64 15:53:14.372047 00:0c:29:85:26:07 > 00:0c:29:8c:df:3f, ethertype IPv4 (0x0800), length 98: (tos 0x0, ttl 64, id 50192, offset 0, flags [none], proto ICMP (1), length 84) 192.168.91.137 > 192.168.91.128: ICMP echo reply, id 2421, seq 4, length 64 15:53:14.372121 00:50:56:f9:5e:df > 00:0c:29:8c:df:3f, ethertype IPv4 (0x0800), length 98: (tos 0x0, ttl 128, id 2256, offset 0, flags [none], proto ICMP (1), length 84) 192.168.91.2 > 192.168.91.128: ICMP echo reply, id 2421, seq 4, length 64 -
组播
$ ping -W 1 -c 1 224.0.0.251 PING 224.0.0.251 (224.0.0.251) 56(84) bytes of data. --- 224.0.0.251 ping statistics --- 1 packets transmitted, 0 received, 100% packet loss, time 0ms18:16:41.207147 00:0c:29:8c:df:3f > 01:00:5e:00:00:fb, ethertype IPv4 (0x0800), length 98: (tos 0x0, ttl 1, id 0, offset 0, flags [DF], proto ICMP (1), length 84) 192.168.91.128 > 224.0.0.251: ICMP echo request, id 3060, seq 1, length 64
12.1. IGMP: Internet 组管理协议
13. UDP: 用户数据报协议
14. TCP: 传输控制协议
14.1. TCP 的状态变迁图
14.2. TCP 正常连接建立和终止所对应的状态
14.3. TCP 同时打开期间报文段的交换
14.4. TCP 同时关闭期间报文段的交换
14.5. RST 复位报文段
-
到不存在的端口的连接请求
$ telnet 10.200.40.55 80 Trying 10.200.40.55... telnet: Unable to connect to remote host: Connection refused00:00:00.000000 IP 192.168.66.128.33132 > 10.200.40.55.80: Flags [S], seq 4228554322, win 29200, options [mss 1460,sackOK,TS val 1130179 ecr 0,nop,wscale 7], length 0 00:00:01.009552 IP 192.168.66.128.33132 > 10.200.40.55.80: Flags [S], seq 4228554322, win 29200, options [mss 1460,sackOK,TS val 1130432 ecr 0,nop,wscale 7], length 0 00:00:00.078680 IP 10.200.40.55.80 > 192.168.66.128.33132: Flags [R.], seq 970664811, ack 4228554323, win 64240, length 0 -
异常终止一个连接
$ telnet 192.168.171.1 9000 Trying 192.168.171.1... Connected to 192.168.171.1. Escape character is '^]'. Connection closed by foreign host.00:00:00.000000 IP 192.168.66.128.37852 > 192.168.171.1.9000: Flags [S], seq 2189393428, win 29200, options [mss 1460,sackOK,TS val 1446368 ecr 0,nop,wscale 7], length 0 00:00:00.000557 IP 192.168.171.1.9000 > 192.168.66.128.37852: Flags [S.], seq 1865883214, ack 2189393429, win 64240, options [mss 1460], length 0 00:00:00.000067 IP 192.168.66.128.37852 > 192.168.171.1.9000: Flags [.], ack 1, win 29200, length 0 00:00:00.019830 IP 192.168.171.1.9000 > 192.168.66.128.37852: Flags [P.], seq 1:20481, ack 1, win 64240, length 20480 00:00:00.000152 IP 192.168.66.128.37852 > 192.168.171.1.9000: Flags [.], ack 20481, win 64240, length 0 00:00:00.000139 IP 192.168.171.1.9000 > 192.168.66.128.37852: Flags [R.], seq 20481, ack 1, win 64240, length 0 00:00:00.000056 IP 192.168.171.1.9000 > 192.168.66.128.37852: Flags [R], seq 1865903695, win 32767, length 0 -
检测半打开连接
$ telnet 192.168.66.131 22 Trying 192.168.66.131... Connected to 192.168.66.131. Escape character is '^]'. SSH-2.0-OpenSSH_4.3 ONE PIECE Connection closed by foreign host.00:00:00.000000 IP 192.168.66.128.40868 > 192.168.66.131.22: Flags [S], seq 556956684, win 29200, options [mss 1460,sackOK,TS val 1594879 ecr 0,nop,wscale 7], length 0 00:00:00.000326 IP 192.168.66.131.22 > 192.168.66.128.40868: Flags [S.], seq 1715689874, ack 556956685, win 5792, options [mss 1460,sackOK,TS val 4294894064 ecr 1594879,nop,wscale 7], length 0 00:00:00.000049 IP 192.168.66.128.40868 > 192.168.66.131.22: Flags [.], ack 1, win 229, options [nop,nop,TS val 1594879 ecr 4294894064], length 0 00:00:00.011370 IP 192.168.66.131.22 > 192.168.66.128.40868: Flags [P.], seq 1:21, ack 1, win 46, options [nop,nop,TS val 4294894075 ecr 1594879], length 20 00:00:00.000076 IP 192.168.66.128.40868 > 192.168.66.131.22: Flags [.], ack 21, win 229, options [nop,nop,TS val 1594882 ecr 4294894075], length 0 00:03:12.727548 IP 192.168.66.128.40868 > 192.168.66.131.22: Flags [P.], seq 1:12, ack 21, win 229, options [nop,nop,TS val 1643064 ecr 4294894075], length 11 00:00:00.002127 IP 192.168.66.131.22 > 192.168.66.128.40868: Flags [R], seq 1715689895, win 0, length 0 -
主机不可达的连接请求(超时)
$ telnet www.google.com 80 Trying 75.126.135.131... telnet: Unable to connect to remote host: Connection refused00:00:00.000000 IP 192.168.66.128.50448 > 192.168.66.2.53: 5183+ A? www.google.com. (32) 00:00:00.000093 IP 192.168.66.128.50448 > 192.168.66.2.53: 21632+ AAAA? www.google.com. (32) 00:00:00.004174 IP 192.168.66.2.53 > 192.168.66.128.50448: 5183 1/0/0 A 75.126.135.131 (48) 00:00:00.000047 IP 192.168.66.2.53 > 192.168.66.128.50448: 21632 0/0/0 (32) 00:00:00.000239 IP 192.168.66.128.41516 > 75.126.135.131.80: Flags [S], seq 3229948700, win 29200, options [mss 1460,sackOK,TS val 1721759 ecr 0,nop,wscale 7], length 0 00:00:01.026997 IP 192.168.66.128.41516 > 75.126.135.131.80: Flags [S], seq 3229948700, win 29200, options [mss 1460,sackOK,TS val 1722016 ecr 0,nop,wscale 7], length 0 00:00:02.015519 IP 192.168.66.128.41516 > 75.126.135.131.80: Flags [S], seq 3229948700, win 29200, options [mss 1460,sackOK,TS val 1722520 ecr 0,nop,wscale 7], length 0 00:00:04.256726 IP 192.168.66.128.41516 > 75.126.135.131.80: Flags [S], seq 3229948700, win 29200, options [mss 1460,sackOK,TS val 1723584 ecr 0,nop,wscale 7], length 0 00:00:08.192206 IP 192.168.66.128.41516 > 75.126.135.131.80: Flags [S], seq 3229948700, win 29200, options [mss 1460,sackOK,TS val 1725632 ecr 0,nop,wscale 7], length 0 00:00:05.510774 IP 75.126.135.131.80 > 192.168.66.128.41516: Flags [R.], seq 1891069686, ack 3229948701, win 64240, length 0