Applied

Representative

Session

DHCP (Port = 67/68)

Transport

Protocol = 0x0059

Protocol = 0x0002

Duct

Duct

Duct

Physical

Duct

Cable,Ethernet twisted pair, fiber optic

Physical Cable, twisted pair, fiber optic

Physical

Cable, twisted pair, fiber optic

Physical

Cable, radio, fiber optic

Protocol = 0xc021, code=04,

Protocol = 0xc021, code=01,

Type = 1, MTU=300

Protocol = 0xc021, code=03,

Type = 1, MTU=200

Protocol = 0xc021, code=01,

Type = 1, MTU=200

Protocol = 0xc021, code=02,

Type = 1, MTU=200

Protocol = 0xc021, code=01,

Protocol = 0xc021, code=02,

Type = 3, Auth.prot=0xc223, Algorithm=5

Protocol = 0xc223, code=01,

Protocol = 0xc223, code=02,

Prot=UDP, code=01,

Name=ABC, Value=W

Auth = 0, Attr = Name, Chall=V

Prot=UDP, code=02,

IP-address=a.b.c.d , Mask,

Prot=UDP, code=05, Data

Protocol = 0x0021, ...

Protocol =0x0021, ...

Protocol = 0xc021, code=05,

1994, DS]. The essence of the authentication procedure is that the NAS sends a random number V to the host, and the host returns another number W, calculated by a previously known function using the name (Name) and password (Password), which are entered by the user into the computer from the Internet card purchased from provider. In other words, W=f(V, Name, Password). It is assumed that an attacker (hacker) is able to intercept the values ​​V, Name and W sent over the network, and he knows the algorithm for calculating the function f. The essence of the formation of W is that the initial elements (bits) random number V are “mixed” in various ways with elements unknown to the attacker Password. The resulting ciphertext is then compressed, such as adding the bytes modulo two. This transformation is called a digest function or hash function, and the result is a digest. The exact procedure for generating the digest is determined by the MD5 algorithm and is described in. The NAS, using the RADIUS protocol, requests the true value of W from the AAA server, sending it the values ​​Name and Challenge=V. The AAA server, based on the values ​​V and Name received from the NAS and the password Password it has in the database, uses the same algorithm to calculate W and send it to the NAS. The NAS compares the two W values ​​received from the host and from the AAA server: if they match, then a message about successful authentication is sent to the host - Success (Code=03).

At the third stage, network parameters are configured using the IPCP protocol (aka PPP IPC, Protocol=0x8021). The host requests network IP addresses from the NAS and the NAS allocates an IP address for the host from the pool (range) (IP-address=a.b.c.d), and

also reports the IP address of the DNS server (IP-address=e.f.g.h). NAS via RADIUS protocol

sends a notification (Code=04) to the AAA server about the start of charging and receives confirmation (Code=05).

At the 4th stage, the user begins a communication session with the Internet via the IP protocol (Protocol = 0x0021).

After the session is completed (step 5), the user sends a connection failure message to the NAS via the LCP protocol (Code=05), the NAS confirms this message (Code=06), sends a notification about the end of charging to the AAA server and receives confirmation from it. All devices are returned to their original state.

QUESTIONS FOR SECTION 1.4

1. Name the composition and purpose of the family of PPP protocols.

Answer. LCP – to negotiate packet exchange parameters, CHAP – to establish user legitimacy, IPCP – to assign an IP address.

2. Does PPP provide error detection and orderly delivery of packets?

Answer. Error detection - yes, orderly delivery - no, this is provided by the TCP protocol.

3. Where is user authentication data stored?

Answer. On the Internet map and on the AAA server.

4. Is it possible to determine the user's IP address in advance before establishing a connection to the NAS server?

Answer: No. After successful authentication, the NAS issues a free IP address from the allocated address range.

5. What methods are used to account for the cost of Internet connections? Answer: Usually there is a subscription fee or a fee for the volume of received

Network protocol stack and TCP hacking

Alexander Antipov

The networking protocol stack, which forms the pipelining and transfer of data between hosts, is designed for the best possible interaction between different network layers. In this article, we will try to describe the movement of data through the layers located in the stack and will try to implement a Linux kernel module that helps us capture and display data passing through the TCP layer. Below is a program showing how to install a new element in file system proc. And most importantly, this program hacks the TCP protocol, monitors all data passing through the tcp layer and displays it in /proc/TCPdata.

Shyamikh, translation by Alexey Antipov

The networking protocol stack, which forms the pipelining and transfer of data between hosts, is designed for the best possible interaction between different network layers. In this article, we will try to describe the movement of data through the layers located in the stack and will try to implement a Linux kernel module that helps us capture and display data passing through the TCP layer. Since a discussion of all types of network connections is beyond the scope of this article, we will focus on TCP/IP connections.

Network protocol stack

Network devices form basic level protocol stack. To communicate with other devices and transmit and receive traffic, they use a data link protocol (usually Ethernet). The interface provided by network device drivers copies packets from the physical medium, performs some error checking, and then places the packets in the network layer. Output interfaces receive packets from the network layer, perform some error checking, and forward them to the physical medium. We will discuss IP (Internet Protocol), which is a standard network layer protocol. The main functions of IP are routing, checking incoming packets to determine whether these packets are directed to a given host or whether they need further forwarding. At the same time, if necessary, packets are defragmented and delivered to transport protocols. Such protocols have a dynamic database of routes for outgoing packets, address and fragment them before sending them to the communication layer.

TCP and UDP are the most commonly used transport layer protocols. UDP provides a framework for addressing packets within a host, while TCP supports more complex connection operations such as lost packet recovery and traffic control.

Moving through the transport layer, we can find the INET layer, which forms an intermediate layer between the transport layer and application sockets. The INET layer supports application-owned sockets. Everything has been accomplished at this level specific operations sockets.

BSD is an abstract data structure containing INET sockets. An application's connection request, reading or writing over a socket, is converted to INET operations using BSD.

General package structure. The data is general structure data called sk_buff. All layers use this data structure. Immediately after data is copied from user space to kernel space, it is placed in sk_buff and moved to various levels. In turn, the level adds its own headers to this structure. Sk_buff contains links to all information about the packet, its socket, device, route, data location, etc.

Linux Networking Features

For the normal network programmer, the network services front end is accessible through the following C library routines.

socket(), bind(), listen(), connect(), accept(), send(), sendto(), recv(), recvfrom(), getsockopt(), and setsockopt().

The socket() function is used to create a new socket. All operations with various protocols occur using sockets. Since the socket() function returns the value of a file descriptor, it can be accessed by standard file operations such as read(), write().

The bind() function is used to bind the created socket to a port. The port, along with the IP address of the network interface, is used to uniquely identify the socket.

The listen() function is used to program the server. After creating a socket and connecting it to a port, the listen() function sets the socket to the listening state. This means that the socket is waiting for connections from other hosts.

When the accept() function is called on the server, a continuous polling of the socket occurs until a connection request is received from another host. Once the connection is established, the server program wakes up and allows the process to process the request from the foreign host. On the client side, the connect() function is used to indicate to the server that the client wants to open a connection on the socket and send a request.

Required Data Structures

This structure is the basis for implementing the BSD socket interface. This structure is installed and initialized using the socket() system call.

sk_buff:

This structure manages individual connection packets coming and going from the host. This causes I/O buffering.

This structure controls various parts sockets, depending on the specific network. It is required for TCP, UDP and RAW sockets.

This structure contains a number of operations that are the same for all protocols.

Sockaddr (sockaddr_in):

This structure is necessary to support different address formats.

Linux kernel modules

Linux kernels are made up of modules. Some parts of the kernel reside in memory permanently (such as the scheduler), and some are loaded when needed. For example, the VFAT file system for reading disks is loaded only when necessary. This feature of the Linux kernel allows the kernel space to take up little space.

So the essential thing is to design your protocol, drivers, and any kind of kernel software as kernel modules and insert them into the kernel from user space. Once inserted, a module becomes unmovable until it is removed from kernel space. You only need to be a privileged user to insert or remove modules. This is the common kernel module notation format.

#define MODULE #include /* ... other required header files ... */ /* * ... module declarations and functions ... */ int init_module() ( /* code kernel will call when installing module */ ) void cleanup_module() ( /* code kernel will call when removing module */)

Project of a hacker module for the TCP protocol.

Our kernel module is very simple, it is virtually placed between the socket operations interface for forwarding TCP packets and the TCP layer. Now all data packets passing through a socket registered with the TCP protocol will be intercepted by our kernel module. This data will be transferred to /proc/TCPdata.

Data structures used

tcp_prot -> Contains pointers to all TCP operations performed

struct msghdr -> Contains data sent by the application, as well as other fields to identify the socket address

Struct msg_iov -> is located in msghdr, it contains pointers to data

Before we start coding, let's understand the significance of the /proc file system. The proc file system is so named because it is located in the /proc directory on most Linux machines. The system is powerful tool frequently used by applications. This is part of the mechanism by which the kernel communicates with user space and vice versa. Although it is designed as a file system with a directory structure and inodes, it is actually a component of registered functions that provide information to important variables.

When a file is created in /proc, it is immediately registered with a set of functions that tell the kernel what to do when opening or writing to the file. Most files are read-only, and only a few are write-only.

Now we will start coding

/* tcpdata.c. Below is a program showing how to install a new entry in the proc file system. And most importantly, this program hacks the TCP protocol, monitors all data passing through the tcp layer and displays it in /proc/TCPdata. */ #define MODULE #define __KERNEL__ /*we are doing kernel work*/ #include #include #include /*for registering proc entry*/ #include #include #include #include #include #include #include static struct proc_dir_entry *test_entry ; struct msghdr *msg_moniter; struct iovec *iovec_moniter; static char *tcp="Tcp monitered data"; int (*orginalSend)(struct sock *, struct msghdr *,int); /* show_tcp_stats This function is what the /proc FS will call when anything tries to read /proc/TCPstat you could see last 200 bytes move out of the sockets through tcp connections */ static int show_tcp_stats(char *buf,char **start ,off_t offset,int len,int unused) ( len += sprintf(buf+len,"%s\n",tcp); return len; ) /* This is a handler function that captures tcp sendmsg requests */ int moniter_tcp(struct sock *sk, struct msghdr *msg,int len) ( int size; char *temp; printk("I am dangerously monitoring your tcp data \n"); msg_moniter=(struct msghdr *)kmalloc(sizeof(struct msghdr), GFP_KERNEL); memcpy(msg_moniter,msg,sizeof(struct msghdr)); iovec_moniter=msg_moniter->msg_iov; printk("sizeof TCPdat is %d \n ",size); (sizeiov_base):strcpy(tcp,"Tcp monitered data"); kfree(msg_moniter); return len; ) /* init_module This function installs the module; it simply registers the new directory in /proc and creates a pointer. */ int init_module() ( test_entry=create_proc_entry("TCPdata",S_IRUGO,NULL); test_entry->read_proc=show_tcp_stats; originalSend=tcp_prot.sendmsg; /* printk("the address of send send mes is %x \n" ,tcp_prot.sendmsg); printk("the address of hack mes is %x \n",originalSend); */ tcp_prot.sendmsg=moniter_tcp; /* printk("the address of send send mes after hacking %x \n" ,tcp_prot.sendmsg); printk("the address of send send mes after hacking %x \n",moniter_tcp); */ return 0; ) /* init_module */ /* cleanup_module This function deletes the module; It removes the directory entry registration from /proc FS */ void cleanup_module() ( /* put the pointer back to tcp"s original message sender */ tcp_prot.sendmsg=orginalSend; /* unregister the function from the proc FS */ remove_proc_entry( "TCPdata",NULL); ) /* cleanup_module */ MODULE_AUTHOR("shyamjithe.c.s "); /*macros*/ MODULE_DESCRIPTION("moniter tcp data");

This program has been tested on the 2.4 kernel, so you can compile it using:

Gcc -O6 -Wall -c tcpdata.c -I /usr/src/linux-2.4.20-8/include/ this will produce tcpdata.o now insmod tcpdata.o open some tcp applications cat /proc/TCPdata to remove the module use rmmod tcpdata Now, in order to understand this code, I will give some explanations. The whole program is just a clever way to use function pointers. But you need to be careful when using your own handlers, because incorrect function pointer placement can cause the system to hang. As stated, this is the minimum way to crack TCP. You can form new level above the TCP layer like this, which will interfere with all types of jobs done by TCP. The same can be done with UDP.

Conclusion

The most important takeaway from the above program is that it is not always necessary to change the kernel source code when we do any protocol-related modification. It is an object-oriented implementation of the Linux kernel that allows us to manipulate data objects within the kernel.

Protocol stacks

A protocol stack is a hierarchically organized set of network protocols at various levels, sufficient to organize and ensure the interaction of nodes in the network. Currently, networks use a large number of communication protocol stacks. The most popular stacks are: TCP/IP, IPX/SPX, NetBIOS/SMB, Novell NetWare, DECnet, XNS, SNA and OSI. All of these stacks, except SNA, at the lower levels - physical and data link - use the same well-standardized protocols Ethemet, Token Ring, FDDI and some others, which allow the same equipment to be used in all networks. But at the upper levels, all stacks operate according to their own protocols. These protocols often do not follow the layering recommended by the OSI model. In particular, the functions of the session and presentation layers are typically combined with the application layer. This discrepancy is due to the fact that the OSI model appeared as a result of a generalization of already existing and actually used stacks, and not vice versa.

All protocols included in the stack were developed by one manufacturer, that is, they are able to work as quickly and efficiently as possible.

An important point in the operation of network equipment, in particular a network adapter, is the binding of protocols. It allows you to use different protocol stacks when servicing one network adapter. For example, you can use TCP/IP and IPX/SPX stacks simultaneously. If suddenly an error occurs when trying to establish a connection with the recipient using the first stack, then a switch to using the protocol from the next stack will automatically occur. An important point in this case is the binding order, since it clearly affects the use of one or another protocol from different stacks.

Regardless of how much network adapters installed on a computer, binding can be carried out either “one to several” or “several to one”, that is, one protocol stack can be tied to several adapters at once or several stacks to one adapter.

NetWare is a network operating system and a set of network protocols that are used in this system to interact with client computers connected to the network. The system's network protocols are based on the XNS protocol stack. NetWare currently supports TCP/IP and IPX/SPX protocols. Novell NetWare was popular in the 80s and 90s due to its greater efficiency compared to operating systems general purpose. This is now an outdated technology.

The XNS (Xerox Network Services Internet Transport Protocol) protocol stack was developed by Xerox for transmitting data over Ethernet networks. Contains 5 levels.

Level 1 - transmission medium - implements the functions of the physical and data link layers in the OSI model:

* manages data exchange between the device and the network;

* routes data between devices on the same network.

Layer 2 - internetwork - corresponds to the network layer in the OSI model:

* manages data exchange between devices located on different networks (provides datagram service in terms of the IEEE model);

* describes the way data flows through the network.

Layer 3 - transport - corresponds to the transport layer in the OSI model:

* provides end-to-end communication between the data source and destination.

Level 4 - control - corresponds to the session and representative levels in the OSI model:

* controls the presentation of data;

* manages control over device resources.

Level 5 - application - corresponds to the highest levels in the OSI model:

* provides data processing functions for application tasks.

Stack TCP protocols/IP (Transmission Control Protocol/Internet Protocol) is the most common and functional today. It works in local networks of any size. This stack is the main stack in global network Internet. Stack support was implemented in computers running the UNIX operating system. As a result, the popularity of the TCP/IP protocol has increased. The TCP/IP protocol stack includes quite a lot of protocols operating at different levels, but it got its name thanks to two protocols - TCP and IP.

TCP (Transmission Control Protocol) is a transport protocol designed to control data transmission in networks using the TCP/IP protocol stack. IP (Internet Protocol) is a network layer protocol designed to deliver data over a composite network using one of the transport protocols, such as TCP or UDP.

The lower level of the TCP/IP stack uses standard data transfer protocols, which makes it possible to use it in networks using any network technology and on computers with any operating system.

The TCP/IP protocol was originally developed for use in global networks, which is why it is extremely flexible. In particular, thanks to the ability to fragment packets, data, despite the quality of the communication channel, in any case reaches the addressee. In addition, thanks to the presence of the IP protocol, data transfer between dissimilar network segments becomes possible.

The disadvantage of the TCP/IP protocol is the complexity of network administration. Thus, for the normal functioning of the network, additional servers are required, for example DNS, DHCP, etc., maintaining the operation of which takes most of the time system administrator. Limoncelli T., Hogan K., Cheylap S. - System and network administration. 2nd ed. 2009 944с

The IPX/SPX (Internetwork Packet Exchange/Sequenced Packet Exchange) protocol stack is developed and owned by Novell. It was developed for the needs operating system Novell NetWare, which until recently occupied one of the leading positions among server operating systems.

The IPX and SPX protocols operate at the network and transport layers of the ISO/OSI model, respectively, and therefore complement each other perfectly.

The IPX protocol can transmit data using datagrams using network routing information. However, in order to transmit data along the found route, a connection must first be established between the sender and the recipient. This is what the SPX protocol or any other transport protocol that works in tandem with IPX does.

Unfortunately, the IPX/SPX protocol stack is initially designed to serve small networks, so its use in large networks is ineffective: excessive use of broadcasting on low-speed communication lines is unacceptable.

At the physical and data link layers, the OSI stack supports the Ethernet, Token Ring, FDDI protocols, as well as the LLC, X.25 and ISDN protocols, that is, it uses all the popular lower-layer protocols developed outside the stack, like most other stacks. The network layer includes the relatively rarely used Connectionoriented Network Protocol (CONP) and Connectionless Network Protocol (CLNP). The routing protocols of the OSI stack are ES-IS (End System -- Intermediate System) between end and intermediate systems and IS-IS (Intermediate System -- Intermediate System) between intermediate systems. The transport layer of the OSI stack hides the differences between connection-oriented and connectionless network services so that users receive the desired quality of service regardless of the underlying network layer. To achieve this, the transport layer requires the user to specify the desired quality of service. Application layer services provide file transfer, terminal emulation, directory services, and mail. Of these, the most popular are directory service (X.500 standard), electronic mail (X.400), virtual terminal protocol (VTP), file transfer, access and management (FTAM) protocol, forwarding and job management protocol (JTM).

A fairly popular protocol stack developed by IBM and Microsoft, respectively, aimed at use in the products of these companies. Like TCP/IP, standard protocols such as Ethernet, Token Ring and others operate at the physical and data link levels of the NetBIOS/SMB stack, which makes it possible to use it in conjunction with any active network equipment. At the upper levels, the NetBIOS (Network Basic Input/Output System) and SMB (Server Message Block) protocols operate.

The NetBIOS protocol was developed in the mid-80s of the last century, but was soon replaced by the more functional NetBEUI (NetBIOS Extended User Interface) protocol, which allows for very efficient information exchange in networks consisting of no more than 200 computers.

To exchange data between computers, logical names are used, which are assigned dynamically to computers when they are connected to the network. In this case, the name table is distributed to each computer on the network. It also supports working with group names, which allows you to transfer data to several recipients at once.

The main advantages of the NetBEUI protocol are speed and very low resource requirements. If you need to organize fast data exchange in a small network consisting of a single segment, there is no better protocol for this. In addition, for message delivery, the established connection is not mandatory requirement: In the case of no connection, the protocol uses the datagram method, where the message is equipped with the address of the recipient and the sender and “goes on the road”, moving from one computer to another.

However, NetBEUI also has a significant drawback: it is completely devoid of the concept of packet routing, so its use in complex composite networks does not make sense. Pyatibratov A.P., Gudyno L.P., Kirichenko A.A. Computers, networks and telecommunication systems Moscow 2009. 292s

As for the SMB (Server Message Block) protocol, it is used to organize network operation at the three highest levels - session, presentation and application levels. It is when using it that access to files, printers and other network resources becomes possible. This protocol was improved several times (three versions were released), which made it possible to use it even in such modern operating systems as Microsoft Vista and Windows 7. The SMB protocol is universal and can work in tandem with almost any transport protocol, such as TCP/IP and SPX.

The DECnet (Digital Equipment Corporation net) protocol stack contains 7 layers. Despite the difference in terminology, the DECnet layers are very similar to the OSI model layers. DECnet implements the DNA (Digital Network Architecture) concept of network architecture, developed by DEC, according to which heterogeneous computing systems (computers of different classes), operating under different operating systems, can be combined into geographically distributed information and computing networks.

IBM's SNA (System Network Architecture) protocol is designed for remote communication with large computers and contains 7 levels. SNA is based on the host machine concept and provides remote terminal access to IBM mainframes. The main distinguishing feature of SNA is the ability of each terminal to access any application program of the host computer. The system network architecture is implemented on the basis of a virtual telecommunication access method (VTAM) in the host computer. VTAM manages all communications links and terminals, with each terminal having access to all application programs.

Protocol stack is a hierarchically organized set of network protocols sufficient to organize the interaction of nodes in the network. The protocols operate simultaneously on the network, which means that the work of the protocols must be organized so that there are no conflicts or unfinished operations. Therefore, the protocol stack is divided into hierarchically constructed levels, each of which performs a specific task - preparing, receiving, transmitting data and subsequent actions with it.

The number of layers in the stack varies according to the specific protocol stack. Lower-layer protocols are often implemented by a combination of software and hardware, while higher-layer protocols are typically implemented in software.

There are a sufficient number of protocol stacks that are widely used in networks. The most popular protocol stacks are: OSI International Organization for Standardization, TCP/IP, used on the Internet and in many networks based on the UNIX operating system, IPX/SPX from Novell, NetBIOS/SMB, developed by Microsoft and IBM, DECnet from Digital Equipment Corporation, SNA from IBM and some others.

Encyclopedic YouTube

1 / 3

Basics of data networks. OSI model and TCP IP protocol stack. Ethernet Basics.

Protocol stack

Informatics. Network technologies: OSI protocol stack. Foxford Online Learning Center

Subtitles

Standard communication protocol stacks

OSI

It is important to distinguish OSI model And OSI protocol stack. While the OSI model is a conceptual framework for interoperability open systems, The OSI stack is a set of specific protocols.

Unlike other protocol stacks, the OSI stack fully conforms to the OSI model, including protocol specifications for all seven interoperability layers defined in this model:

• On physical And link levels The OSI stack supports the Ethernet, Token Ring, FDDI protocols, as well as the LLC, X.25 and ISDN protocols, that is, it uses all the popular lower-layer protocols developed outside the stack, like most other stacks.
• Network layer includes the relatively rarely used Connection-oriented Network Protocol (CONP) and Connectionless Network Protocol (CLNP). As the names suggest, the first one is connection-oriented, the second one is connectionless. The more popular OSI stack routing protocols are ES-IS (End System - Intermediate System) between end and intermediate systems and IS-IS (Intermediate System - Intermediate System) between intermediate systems.
• Transport layer The OSI stack, in accordance with the functions defined for it in the OSI model, hides the differences between connection-oriented and connectionless network services so that users receive the required quality of service regardless of the underlying network layer. To provide this, the transport layer requires the user to specify the desired amount of service.
• Services application level provide file transfer, terminal emulation, directory services, and mail. Of these, the most popular are directory service (X.500 standard), electronic mail (X.400 standard), virtual terminal protocol (VTP), file transfer, access and management (FTAM) protocol, forwarding and job management protocol (JTM).

TCP/IP

The TCP/IP protocol stack is a set of network protocols on which the Internet is based. Typically, in the TCP/IP stack, the upper 3 layers (application, presentation and session) of the OSI model are combined into one - application. Since such a stack does not provide a unified data transfer protocol, the functions of determining the data type are transferred to the application.

TCP/IP stack layers:

1. Data Link Layer describes how data packets are transmitted through physical layer, including encoding (that is, special sequences of bits that determine the beginning and end of a data packet).
2. Network layer originally designed to transfer data from one (sub)network to another. Examples of such a protocol are X.25 and IPC on the ARPANET. With the development of the concept of a global network, the level was introduced additional features for transmission from any network to any network, regardless of lower-level protocols, as well as the ability to request data from a remote party.
3. Protocols transport layer can solve the problem of unguaranteed message delivery (“did the message reach the addressee?”), as well as guarantee the correct sequence of data arrival.
4. On application level Most network applications work. These programs have their own communication protocols, such as HTTP for WWW, FTP (file transfer), SMTP (email), SSH ( secure connection with a remote machine), DNS (converting symbolic names to IP addresses) and many others.

There is disagreement about how to fit the TCP/IP model into the OSI model because the layers in these models are not the same. A simplified interpretation of the TCP/IP stack can be represented as follows:

This article will cover the basics of the TCP/IP model. For better understanding, the main protocols and services are described. The main thing is to take your time and try to understand each thing step by step. They are all interconnected and without understanding one, it will be difficult to understand the other. The information contained here is very superficial, so this article can easily be called “a TCP/IP protocol stack for dummies.” However, many things here are not as difficult to understand as they might seem at first glance.

TCP/IP

The TCP/IP stack is a network model for data transmission on a network; it determines the order in which devices interact. Data enters the data link layer and is processed in turn by each layer above. The stack is represented as an abstraction that explains the principles of processing and receiving data.

The TCP/IP network protocol stack has 4 levels:

1. Channel (Link).
2. Network (Internet).
3. Transport.
4. Application.

Application layer

The application layer provides the ability to interact between the application and other layers of the protocol stack, analyzes and converts incoming information into a format suitable for software. Is closest to the user and interacts with him directly.

• HTTP;
• SMTP;

Each protocol defines its own order and principles for working with data.

HTTP (HyperText Transfer Protocol) is designed for data transfer. It sends, for example, documents in HTML format that serve as the basis of a web page. In a simplified way, the work scheme is presented as “client - server”. The client sends a request, the server accepts it, processes it properly and returns the final result.

Serves as a standard for transferring files over the network. The client sends a request for a certain file, the server searches for this file in its database and, if found successfully, sends it as a response.

Used for transmission email. The SMTP operation includes three sequential steps:

1. Determining the sender's address. This is necessary to return letters.
2. Recipient definition. This step can be repeated a number of times when specifying multiple recipients.
3. Determining message content and sending. Data about the type of message is transmitted as service information. If the server confirms its readiness to accept the packet, then the transaction itself is completed.

Header

The header contains service data. It is important to understand that they are intended only for a specific level. This means that as soon as the packet is sent to the recipient, it will be processed there according to the same model, but in reverse order. The embedded header will carry special information that can only be processed in a certain way.

For example, a header nested at the transport layer can only be processed by the transport layer on the other side. Others will simply ignore it.

Transport layer

At the transport layer, the received information is processed as a single unit, regardless of the content. Received messages are divided into segments, a header is added to them, and the whole thing is sent downstream.

Data transfer protocols:

The most common protocol. It is responsible for guaranteed data transfer. When sending packages, they are controlled checksum, transaction process. This means that the information will arrive “safe and sound” regardless of the conditions.

UDP (User Datagram Protocol) is the second most popular protocol. It is also responsible for data transfer. Its distinctive feature lies in its simplicity. The packets are simply sent without creating any special connection.

TCP or UDP?

Each of these protocols has its own scope. It is logically determined by the characteristics of the work.

The main advantage of UDP is its transmission speed. TCP is a complex protocol with many checks, while UDP appears to be more simplified and therefore faster.

The disadvantage lies in the simplicity. Due to the lack of checks, data integrity is not guaranteed. Thus, the information is simply sent, and all checks and similar manipulations remain with the application.

UDP is used, for example, to watch videos. For a video file, the loss of a small number of segments is not critical, while loading speed is the most important factor.

However, if you need to send passwords or details bank card, then the need to use TCP is obvious. Losing even the smallest piece of data can have catastrophic consequences. Speed ​​in this case is not as important as safety.

Network layer

The network layer forms packets from the received information and adds a header. The most important part of the data is the IP and MAC addresses of the senders and recipients.

IP address (Internet Protocol address) - the logical address of the device. Contains information about the device's location on the network. Example entry: .

MAC address (Media Access Control address) - the physical address of the device. Used for identification. Assigned to network equipment at the manufacturing stage. Presented as a six-byte number. For example: .

The network layer is responsible for:

• Determination of delivery routes.
• Transferring packets between networks.
• Assignment of unique addresses.

Routers are network layer devices. They pave the way between the computer and the server based on the received data.

The most popular protocol at this level is IP.

IP (Internet Protocol) is an Internet protocol designed for addressing on the network. Used to build routes along which packets are exchanged. Does not have any means of checking and confirming integrity. To provide delivery guarantees, TCP is used, which uses IP as its transport protocol. Understanding the principles of this transaction explains much of the basis of how the TCP/IP protocol stack works.

Types of IP addresses

There are two types of IP addresses used in networks:

1. Public.
2. Private.

Public (Public) are used on the Internet. The main rule is absolute uniqueness. An example of their use is routers, each of which has its own IP address for interacting with the Internet. This address is called public.

Private (Private) are not used on the Internet. In the global network, such addresses are not unique. Example - local network. Each device is assigned a unique IP address within a given network.

Interaction with the Internet is carried out through a router, which, as mentioned above, has its own public IP address. Thus, all computers connected to the router appear on the Internet under the name of one public IP address.

IPv4

The most common version of the Internet protocol. Predates IPv6. The recording format is four eight-bit numbers separated by dots. The subnet mask is indicated through the fraction sign. The address length is 32 bits. In the vast majority of cases, when we talk about an IP address, we mean IPv4.

Recording format: .

IPv6

This version is intended to solve problems with the previous version. The address length is 128 bits.

The main problem that IPv6 solves is the exhaustion of IPv4 addresses. The prerequisites began to appear already in the early 80s. Despite the fact that this problem entered an acute stage already in 2007-2009, the implementation of IPv6 is very slowly gaining momentum.

The main advantage of IPv6 is a faster Internet connection. This is because this version of the protocol does not require address translation. Simple routing is performed. This is less expensive and, therefore, access to Internet resources is provided faster than in IPv4.

Example entry: .

There are three types of IPv6 addresses:

1. Unicast.
2. Anycast.
3. Multicast.

Unicast is a type of IPv6 unicast. When sent, the packet reaches only the interface located at the corresponding address.

Anycast refers to IPv6 multicast addresses. The sent packet will go to the nearest network interface. Only used by routers.

Multicast are multicast. This means that the sent packet will reach all interfaces that are in the multicast group. Unlike broadcast, which is “broadcast to everyone,” multicast broadcasts only to a specific group.

Subnet mask

The subnet mask determines the subnet and host number from the IP address.

For example, an IP address has a mask. In this case, the recording format will look like this. The number "24" is the number of bits in the mask. Eight bits equal one octet, which can also be called a byte.

In more detail, the subnet mask can be represented in binary system calculations in this way: . It has four octets and the entry consists of "1" and "0". If we add up the number of units, we get a total of “24”. Fortunately, counting by one is not necessary, because there are 8 values ​​in one octet. We see that three of them are filled with ones, add them up and get “24”.

If we talk specifically about the subnet mask, then in binary representation it has either ones or zeros in one octet. In this case, the sequence is such that the bytes with ones come first, and only then with zeros.

Let's look at a small example. There is an IP address and a subnet mask. We count and write down: . Now we match the mask with the IP address. Those mask octets in which all values ​​are equal to one (255) leave their corresponding octets in the IP address unchanged. If the value is zeros (0), then the octets in the IP address also become zeros. Thus, in the value of the subnet address we get .

Subnet and host

The subnet is responsible for the logical separation. Essentially, these are devices that use the same local network. Determined by a range of IP addresses.

Host is the address of the network interface ( network card). Determined from the IP address using a mask. For example: . Since the first three octets are the subnet, this leaves . This is the host number.

The range of host addresses is from 0 to 255. The host numbered “0” is, in fact, the address of the subnet itself. And the host number “255” is a broadcaster.

Addressing

There are three types of addresses used for addressing in the TCP/IP protocol stack:

1. Local.
2. Network.
3. Domain names.

MAC addresses are called local. They are used for addressing in local network technologies such as Ethernet. In the context of TCP/IP, the word "local" means that they operate only within a subnet.

The network address in the TCP/IP protocol stack is the IP address. When sending a file, the recipient's address is read from its header. With its help, the router learns the host number and subnet and, based on this information, creates a route to the end node.

Domain names are human-readable addresses for websites on the Internet. Web servers on the Internet are accessible via a public IP address. It is successfully processed by computers, but it seems too inconvenient for people. To avoid such complications, domain names are used, which consist of areas called “domains”. They are arranged in a strict hierarchy, from top level to bottom.

A top-level domain represents specific information. Generic (.org, .net) are not limited by any strict boundaries. The opposite situation is with local ones (.us, .ru). They are usually localized.

Domains lower levels- that's everything else. It can be any size and contain any number of values.

For example, "www.test.quiz.sg" is a correct domain name, where "sg" is a local first (top) level domain, "quiz.sg" is a second level domain, "test.quiz.sg" is a third level domain . Domain names may also be called DNS names.

Establishes a correspondence between domain names and public IP address. When you type a domain name into your browser, DNS will detect the corresponding IP address and report it to the device. The device will process this and return it as a web page.

Data Link Layer

At the link layer, the relationship between the device and the physical transmission medium is determined and a header is added. Responsible for encoding data and preparing frames for transmission over the physical medium. Network switches operate at this level.

The most common protocols:

1. Ethernet.
2. WLAN.

Ethernet is the most common wired LAN technology.

WLAN - local area network based wireless technologies. Devices interact without physical cable connections. An example of the most common method is Wi-Fi.

Configuring TCP/IP to use a static IPv4 address

A static IPv4 address is assigned directly in the device settings or automatically when connecting to the network and is permanent.

To configure the TCP/IP protocol stack to use a permanent IPv4 address, enter the ipconfig/all command into the console and find the following data.

Configuring TCP/IP to use a dynamic IPv4 address

A dynamic IPv4 address is used for a while, rented out, and then changed. Assigned to the device automatically when connected to the network.

To configure the TCP/IP protocol stack to use a non-persistent IP address, you need to go to the properties of the desired connection, open the IPv4 properties and check the boxes as indicated.

Data transfer methods

Data is transmitted through the physical medium in three ways:

• Simplex.
• Half-duplex.
• Full Duplex.

Simplex is a one-way communication. Transmission is carried out by only one device, while the other only receives the signal. We can say that information is transmitted in only one direction.

Examples of simplex communication:

• Television broadcasting.
• Signal from GPS satellites.

Half-duplex is two-way communication. However, only one node can transmit a signal at a time. With this type of communication, two devices cannot use the same channel at the same time. A complete one may be physically impossible or lead to collisions. It is said that they conflict over the transmission medium. This mode is used when using coaxial cable.

An example of half-duplex communication is communication via walkie-talkie on one frequency.

Full Duplex - full two-way communication. Devices can simultaneously broadcast a signal and receive. They do not conflict over the transmission medium. This mode is used when using Fast Ethernet technology and a twisted pair connection.

An example of duplex communication is telephone communication via mobile network.

TCP/IP vs OSI

The OSI model defines the principles of data transmission. The layers of the TCP/IP protocol stack directly correspond to this model. Unlike the four-layer TCP/IP, it has 7 layers:

1. Physical.
2. Channel (Data Link).
3. Network.
4. Transport.
5. Session.
6. Presentation.
7. Application.

There is no need to delve too deeply into this model at this time, but at least a superficial understanding is necessary.

The application layer in the TCP/IP model corresponds to the top three OSI layers. They all work with applications, so you can clearly see the logic of this combination. This generalized structure of the TCP/IP protocol stack makes the abstraction easier to understand.

The transport layer remains unchanged. Performs the same functions.

The network layer is also unchanged. Performs exactly the same tasks.

The data link layer in TCP/IP corresponds to the last two OSI layers. The data link layer establishes protocols for transmitting data across the physical medium.

Physical represents the actual physical connection - electrical signals, connectors, etc. In the TCP/IP protocol stack, it was decided to combine these two layers into one, since they both deal with the physical medium.

Related articles

Review of the free version of AdwCleaner AdwCleaner: what is it

How to turn your Android device into a wireless gamepad

Wireless router Asus RT-N11P How to connect a new router asus rt n11p