Home Техника IP дейтаграма

IP дейтаграма



Introduction

TheprotocolunitofIPprotocolcontroltransmissioniscalledIPdatagram(IPDatagram,IPdatagram,IPpacketorIPpacket).TheIPprotocolshieldsthedifferencesbetweenthevariousphysicalsubnetsofthelowerlayer,andcanprovideIPdatagramsinauniformformattotheupperlayer.TheIPdatagramadoptsthedatagrampackettransmissionmethod,andtheserviceprovidedisaconnectionlessmethod.TheformatoftheIPdatagramcanexplainwhatfunctiontheIPprotocolhas.AnIPv4datagramconsistsofaheaderandadata.Amongthem,thedataisthedatathattheupperlayerneedstotransmit,andtheheaderisthecontrolinformationaddedforthecorrecttransmissionoftheupperlayerdata.Thefirstpartoftheheaderhasafixedlength,atotalof20bytes,whichismandatoryforallIPdatagrams.Behindthefixedpartoftheheaderisanoptionalfieldwithvariablelength.

Структура

Фиксирана част

(1) Версиязаема 4 цифри, отнасящи се до версията на IP протокола. Версията на IP протокола, използвана от двете страни, трябва да бъде една и съща. Широко използваният номер на версия на IP протокол е 4 (тоест IPv4). По отношение на IPv6, все още е в етап на проект.

(2)Headerlengthoccupies4digits,andthelargestdecimalvaluethatcanberepresentedis15.Pleasenotethattheunitofthenumberrepresentedbythisfieldisa32-bitwordlength(a32-bitwordlengthis4bytes).Therefore,whentheIPheaderlengthis1111(thatis,15indecimal),theheaderlengthreaches60byte.WhenthelengthoftheheaderoftheIPpacketisnotanintegermultipleof4bytes,thelastpaddingfieldmustbeusedtofillit.Therefore,thedatapartalwaysstartsatanintegermultipleof4bytes,whichismoreconvenientwhenimplementingtheIPprotocol.Thedisadvantageoftheheaderlengthbeinglimitedto60bytesisthatitmaynotbeenoughsometimes.Butthisisdoneinthehopethatuserswillminimizeoverhead.Themostcommonlyusedheaderlengthis20bytes(thatis,theheaderlengthis0101),andnooptionsareusedatthistime.

(3)DifferentiatedServicesзаема 8 позиции за получаване на по-добри услуги. Това поле се нарича тип услуга в стария стандарт, но всъщност не е било използвано. През 1998 г. IETF преименува това поле на DifferentiatedServices(DS). Това поле работи само при използване на диференцирани услуги.

(4)Обща дължинаОбщата дължина се отнася за дължината на сумата на заглавката и данните в байтове. Полето за обща дължина е 16 бита, така че максималната дължина на датаграмата е 2^16-1=65535 байта.

EachdatalinklayerbelowtheIPlayerhasitsownframeformat,includingthemaximumlengthofthedatafieldintheframeformat,whichiscalledtheMaximumTransferUnit(MTU).Whenadatagramisencapsulatedintoalinklayerframe,thetotallengthofthedatagram(thatis,theheaderplusthedatapart)mustnotexceedtheMTUvalueofthedatalinklayerbelow.

(5)Identification(identification)occupies16digits.TheIPsoftwaremaintainsacounterinthememory.Eachtimeadatagramisgenerated,thecounterisincrementedby1,andthisvalueisassignedtotheidentificationfield.Butthis"identification"isnotasequencenumber,becauseIPisaconnectionlessservice,andthereisnoproblemofsequentialreceptionofdatagrams.WhenadatagrammustbefragmentedbecauseitslengthexceedstheMTUofthenetwork,thevalueofthisidentificationfieldiscopiedtotheidentificationfieldofalldatagrams.Thevalueofthesameidentificationfieldenableseachdatagramafterfragmentationtobefinallyreassembledintotheoriginaldatagramcorrectly.

(6) Флаг(флаг)заема 3 цифри, само 2 цифри имат значение.

●Най-долният бит в полето за флаг е маркиран като MF(MoreFragment).MF=1означава, че зад него има "фрагментирани" дейтаграми.MF=0означава, че това е последният от няколко фрагмента на дейтаграма.

●Този, който е в средата на полето за флаг, е маркиран като DF (Don’t Fragment), което означава „не може да бъде фрагментиран“. Фрагментирането е разрешено само когато DF=0.

(7)Chipoffsetзаема 13 бита.Отместването на среза показва относителното положение на фрагмента в оригиналната група след нарязването на по-дългата група.Това е спрямо началото на полето с потребителски данни, откъдето започва частта.Компетът от чипове използва 8 байта като единица за отместване.Това означава, че с изключение на последния фрагмент дължината от всеки фрагмент трябва да бъде цяло число, множество от 8 байта (64 бита).

(8)TimetoLiveoccupies8digits.ThecommonlyusedEnglishabbreviationforthetimetolivefieldisTTL(TimeToLive),whichindicatesthelifetimeofthedatagraminthenetwork.Thisfieldissetbythesourceofthedatagram.ItspurposeistopreventundeliverabledatagramsfromgoingaroundtheInternetindefinitely,thusconsumingnetworkresourcesinvain.TheoriginaldesignusessecondsastheunitofTTL.Everytimeitpassesthrougharouter,theTTLissubtractedfromtheperiodoftimethedatagramisconsumedbytherouter.Ifthetimeconsumedbythedatagramontherouterislessthan1second,theTTLvalueisreducedby1.WhentheTTLvalueis0,thedatagramisdiscarded.Later,thefunctionoftheTTLfieldwaschangedto"hoplimit"(butthenameremainsunchanged).TherouterreducestheTTLvalueby1beforeforwardingthedatagram.IftheTTLvalueisreducedtozero,thedatagramisdiscardedandnolongerforwarded.Therefore,theunitofTTLisnolongerinseconds,butinhops.ThemeaningofTTListospecifyatmosthowmanyroutersadatagramcanpassthroughinthenetwork.Obviously,themaximumnumberofroutersthatadatagrampassesonthenetworkis255.IftheinitialvalueofTTLissetto1,itmeansthatthedatagramcanonlybetransmittedinthelocalareanetwork.

(9)Protocoloccupies8bits,andtheprotocolfieldindicateswhichprotocolisusedforthedatacarriedinthisdatagram,sothattheIPlayerofthedestinationhostknowsthatthedatapartshouldbeuploadedWhichprocesstohandover.

(10)Първата контролна сумазаема 16 места. Това поле проверява само заглавната част на дейтаграмата, но не включва частта с данни. Това е така, защото всеки път, когато даннаграмата премине през маршрутизатор, външната страна трябва да изчисли контролната сума на заглавката (някои полета, например оживени, флагове, отместване на срезове и т.н., могат да се променят). частта за данни може да намали натоварването на изчисленията.

(11)Изходният адресзаема 32 бита.

(12)Адресът на местоназначениезаема 32 бита.

Variablepart

ThevariablepartoftheIPheaderisanoptionalfield.Theoptionfieldisusedtosupporttroubleshooting,measurement,andsecuritymeasures,andthecontentisveryrich.Thelengthofthisfieldisvariable,rangingfrom1byteto40bytes,dependingontheselecteditem.Someoptionitemsonlyrequire1byte,anditonlyincludes1byteofoptioncode.Buttherearesomeoptionsthatrequiremultiplebytes.Theseoptionsarespliced​​onebyonewithoutaseparatorinthemiddle.Finally,apaddingfieldofall0sisusedtofillinanintegermultipleof4bytes.

AddingthevariablepartoftheheaderistoincreasethefunctionoftheIPdatagram,butitalsomakesthelengthoftheheaderoftheIPdatagramvariable.Thisincreasestheoverheadforeachroutertoprocessdatagrams.Infact,theseoptionsarerarelyused.ThenewIPversionIPv6makestheheaderlengthoftheIPdatagramfixed.Theseoptionsaredefinedasfollows:

(1) Ограничения за сигурност и обработка (използвани във военната област)

IP дейтаграма

(2) Запишете пътя (leteachrouterwritedownitsIPaddress)

(3)TimeStamp(LeteachrouterwritedowntheIPaddressandlocaltimeofeachrouterthattheIPdatagrampassesthrough)

(4)RelaxLooseSourceRoute(посочете поредица от IP адреси, които трябва да бъдат предадени за катаграми)

(5)StrictSourceRoute(подобно на loosesourceroute,но се изисква да се прехвърлятсамо тези посочени адреси,не други адреси)

Theseoptionsarerarelyused,andnotallhostsandrouterssupporttheseoptions.

InternetIPprotocol

IPprotocoloverview.TheInternetProtocolorInternetProtocol(IP)isadata-orientedprotocolusedinthemessageexchangenetwork.Itisastandardprotocolfornetworklayercommunication.Itisresponsibleforprovidingbasicdatapackettransmissionfunctions,sothateverydatapacketisAbletoreachthedestinationhost,butdoesnotcheckwhetheritisreceivedcorrectly.TherearefourprotocolsusedinconjunctionwiththeIPprotocol:AddressResolutionProtocolARP,ReverseAddressResolutionProtocolRARP,InternetControlMessageProtocolICMP,andInternetGroupManagementProtocolIGMP.

ThetransmissionofIPdatagramsinavirtualinterconnectionnetwork.Forexample,asourcehostintheInternetwantstosendanIPdatagramtothedestinationhost.Accordingtotheconceptofpacket-switchedstoreandforward,thesourcehostmustfirstlookupitsownroutingtabletoseeifthedestinationhostisonthenetwork.Ifitis,youdonotneedtogothroughanyroutersbutdirectlydeliver,andthetaskiscompleted.Ifnot,youmustsendtheIPdatagramtoarouterA.Afterlookingupitsownroutingtable,AknowsthatitshouldforwardthedatagramtorouterBforindirectdelivery.Inthisway,itkeepsforwarding.Finally,routerCknowsthatitisconnectedtothesamenetworkasthedestinationhostanddoesnotneedtouseotherroutersforforwarding,soitdeliversthedatagramdirectlytothedestinationhost.Thevariousnetworkscanbeheterogeneous.

IPaddress.TheIPaddressistoassignauniqueidentificationworldwideforeachnetworkconnection(networkcard).ThesourceIPaddressandthesinkIPaddressinthemessageheaderrespectivelyindicatetheIPlogicaladdressesofthesourcehostandthedestinationhost.TheIPaddresshasalengthof32bitsandiscomposedofanetworknumberandahostnumber.CommonlyusedIPaddressesincludeclassA,classB,andclassCaddresses,androuterswilladdressthemaccordingtotheIPaddress.TheInternetgenerallyadoptstheIPprotocol.TheIPprotocolrunninginthenetworkisIPv4;IPv6isasubsequentversionofIPv4.TheInternetisslowlyrunningoutofIPaddresses,andtheemergenceofIPv6hassolvedthisproblem.Comparedwiththe32-bitaddressofIPv4,IPv6hasa128-bitaddressspacethatcanprovidemuchmoreaddressesthantheformer.

IPlayerforwardspackets.IntheTCP/IPsystem,routingreferstotheprocessofselectingapathfortransmittingIPdatapacketsinthenetwork.Arouterisanetworkdevicethatundertakesroutingtasks.Theinformationusedfordecision-makingandroutingiscalledIProutinginformation.TherouterusestheIProutinginformationtoperformIPforwardingonthetransmittedIPdatapackets.

Инспекция на заглавката на IP данни

Принцип

TheIPdatagramheaderischeckedandverifiedtoensureitscorrectness.ThesenderdividestheheaderoftheIPdatagramintomultiple16-bitsmalldatablocksinorder.Theinitialvalueoftheheaderchecksumfieldissetto0,andthe16-bitsmalldatablocksaresummedwith1’scomplementalgorithm,andfinallyComplementtheresultagaintogetthefirstchecksum.Thecalculatedheaderchecksumisfilledbackintotheheaderchecksumfieldofthedatagram,encapsulatedintoaframe,andsenttothenexthopdeviceleadingtothesink.

Asthereceiver,thenext-hopdevicedividestheheaderofthereceivedIPdatagramintomultiple16-bitsmalldatablocks,andcalculatesthe16-bitsmalldatablockwith1’scomplementalgorithm.And,finally,theresultiscomplemented.Iftheresultis0,thecorrectnessoftheheaderofthedatagramisverified.Whenthesenderuses1'scomplementtocalculatethesum,thefirstchecksumfieldissettoO,whichmeansthatitdidnotparticipateinthecalculation.Thechecksumafterthecomplementisexactlytheoppositeoftheoriginalchecksum.Whenthereceiveruses1’scomplementtocalculatethesum,sincethenewheaderchecksumfieldhasbeenadded,thesumshouldbe0xffffiftheheaderhasnotchanged.Therefore,theresultofthecomplementshouldbe0x0000.

Значение

IPdatagramsdonotverifytheirdataareaduringtransmission.Therearetworeasonsforthis:

TheIPprotocolisapoint-to-pointprotocol.Ifeverypointinthetransmissionprocesschecksthedata,itwillinevitablyincreasethecost,whichisinconsistentwiththeIP"bestefforttransmission"idea.Leavethereliabilitytoahigherleveltosolve,whichcannotonlyensurethereliabilityofthedata,butalsogetgreaterflexibilityandefficiency.BecausetheuppertransportlayeroftheIPlayerisanend-to-endprotocol,thecostofend-to-endverificationismuchsmallerthanthatofpoint-to-pointverification,especiallywhenthecommunicationlineisbetter.Inaddition,theupperlayerprotocolcanchoosewhethertoperformverificationaccordingtotherequirementsfordatareliability,andevenconsiderusingdifferentverificationmethods,whichbringsgreatflexibilitytothesystem.

ThenwhydoestheIPprotocolprovideaverificationfunctionfortheIPdatagramheader?Ontheonehand,theIPheaderbelongstothecontentoftheIPlayerprotocolandcannotbeprocessedbytheupperlayerprotocol.Ontheotherhand,somefieldsintheIPheaderareconstantlychangingduringthepoint-to-pointtransmissionprocessandcanonlybereformedateachintermediatepoint.Verifythedataandcompletetheverificationbetweenadjacentpoints.

IPpacketmonitoringtechnologyforlocalareanetwork

WiththerapiddevelopmentofcomputerInternettechnology,thenetworkhaspenetratedintopeople’slivesandhasaverycloseconnectionwithourlives.Partofourlives.Hackersattackournetworkthroughcomplexandchangeablenetworkattacks,invadingourInternet,andcausingourInternettohaveaconsiderablesecuritythreat.Theycaninterceptthedatapacketsbeingtransmittedinthelocalareanetworkandthenanalyzethedatapackets.,Toobtainaseriesofdata,resultinginallourpersonalinformationandprivacyexposed,andevencausedincalculablelosstoourpersonalproperty.IfyouuseIPpacketmonitoringtechnology,youcanobtainhackerintrusioninformationintime,andpreventhackersfromintrudinginadvancetopreventhackersfromtakingadvantageofitandprotectourinformationsecurity.Networkmonitoringisaveryimportanttechnologytoprotectinformationsecurity.Itcandiscoversecurityproblemsinthenetworkintime,whichisbeneficialtomaintainingthesecurityofthecomputerInternetnetwork.

ThestructureoftheLANIPdatapacketThestructureoftheLANIPdatapacketismainlycomposedofthreeparts,whichinclude"destinationIPaddress","sourceIPaddress"and"data",amongwhich"sourceIPaddress""Isusedtoindicatewherethedatapacketissentfrom;the"destinationIPaddress"isusedtodeclarewherethedatapacketwillbesent;the"data"partcontainsthedetailedandspecificdatainthedatapacketinformation.ThestructureoftheLANIPdatapacketisverysimilartothee-mailboxusedinourdailylife,anditispreciselybecauseofthisstructurethatitcancommunicatenormallyinacomputernetworkbasedontheTCP/IPprotocol.

Networkmonitoringisactuallyatechnologythatusesacomputer'snetworkinterfacetoobtaindatafromothercomputers.Thistechnologycanmonitorthecurrentnetworktrafficandillegallystealconfidentialfileinformationtransmittedonthenetwork.Thebasicprincipleoflocalareanetworkmonitoringisthatwhendataistransmittedinthelocalareanetworkenvironment,thedatapacketcontainingthephysicaladdressissenttoeachhostthroughthelocalareanetwork.Whenthedatapacketreachesthehostnetworkcard,undernormalcircumstances,thenetworkcardwillcheckReturnwhetherthephysicaladdressofthedatapacketisthesameasthephysicaladdressorbroadcastaddressofthemachine,ifitisthesame,itwillbehandedovertotheIPlayerforprocessing,andifitisnotthesame,thedatapacketwillbediscarded.Whenthenetworkcardofahostisinpromiscuousmode,alldatapacketsarrivingatthecomputerwillbehandedovertotheIPlayerforprocessing.Evenifthephysicaladdressofthedatapacketisdifferentfromthephysicaladdressofthemachine,itwillnottransferthedata.Thepacketisdropped.Therefore,inalocalareanetworkenvironment,alldatapacketstransmittedonthesamerootnetworkwirewillbereceived,andthenthroughtheanalysisandcrackingofthereceiveddata,thedatathattheuserwantscanbeobtained.

RouterIPdatapackettrafficstatistics

Arouterisadevicethatconnectsmultiplenetworksandnetworksegments.Itcandecodeandre-encodeinformationfromdifferentnetworksandnetworksegments.,Sothatthenetworkscanbeconnectedtoeachother,theroutercanchoosethemosteffectiveandsimplestpathtoconnecttoothernetworksaccordingtothedestinationaddressofthedatapacket,andthenformalargernetwork,sothatthenetworkcanbemaximized.ResourceSharing.Itisthethroatthroughwhichtrafficdataentersandexits.AllnetworktrafficfromtheLANtotheInternetmustpassthroughtherouter.Therefore,therouterplaystheroleofdatacollection.Therearealsomanywaystocollectnetworktrafficdatathroughrouters,suchastheshowIPaccountcommand,SNMPprotocol,andTelnetprograms.BecausethemainfunctionoftherouteristohelpIPdatapacketstochoosethecorrectrouteandreachthedestinationaddressmorequicklyintime,therefore,weusuallydonotuseitsownrecordingfunctiontoobtainnetworktrafficstatistics,otherwiseitwillgreatlyreducetherouter’sSelectfunction.WegenerallyusethemethodofSNMPprotocolandTelnetprogramtoobtainthetrafficstatisticsofdatapacketsfromtherouter.

Therearemanywaystocountnetworkdatatraffic.Eachmethodhasitsadvantagesanddisadvantages.Thestatisticalmethodofnetworkdatatrafficthroughroutershasthefollowingcharacteristics:

Точна статистика за трафика на данни

Becausetherouteristhethroatoftheflowdata,itisanimportantdevicetorealizetheinterconnectionbetweennetworks,andthecommunicationbetweenthenetworksmustbeconvertedbytherouterTobedone.Thetaskoftherouteristoselectthecorrespondingrouteaccordingtothedestinationaddressofthedatapacket,andthenconnectwithothernetworks.Therefore,theroutercanaccuratelyreflectthenetworkdatatrafficexceptforinandout.

Направете така, че сървърът за таксуване да не е ограничен по местоположение

Theultimatepurposeofstatisticsandmonitoringofnetworkdatatrafficistochargeforit,duetovariousThelimitationofthestatisticalmethoditselfmakestheaccountingservermustbeplacedintheaccountingnetworksegment.Asaresult,asmanybillingserversareneededastherearebillingnetworksegments,whichgreatlyincreasestheworkload.Andifyouusearouter,youwillgettwicetheresultwithhalftheeffort.Aslongasthebillingservercanaccesstherouterwherethenetworksegmentislocated,onebillingservercancompletethedatacollectionofallnetworktraffic.AsforwherethebillingserverislocatedThebillingnetworksegmentisnotimportant.Moreover,therouterusedinthisbillingdoesnotneedtobetoocomplicated,nordoesitneedtoaddotherhardware,soitissimplertoimplementthanotherbillingmethods.

Съгласуваност с функциите за управление на друга мрежа

TheInternetusesthestandardnetworkmanagementprotocolSNMP,androutersalsomainlyusetheLoftheSNMPprotocol.Orderthestatisticsandmonitoringofnetworkdatatraffic.Thisensuresconsistencywithothernetworkmanagementfunctionsindatacollectionmethods.

Недостатъци

Ontheonehand,themainfunctionoftherouteristorealizetheroutingofdata,tohelpthedatapacketchoosethefastestpath,sothatitcantransferthedataassoonaspossible.Sendtothedestinationaddress.However,theuseofrouterstocollectstatisticsonnetworkdatatrafficwilltakeupadditionalmemoryandCPUoverheadoftherouter.Especiallyfornetworkswithrelativelylargecommunicationtraffic,thecontradictionwillbemoreprominent.Seriously,itwillcausethechargingbuffertooverflow,causethelossofincomingandoutgoingtrafficdata,andultimatelyaffectthenetworkspeed.Ontheotherhand,therouterperformstrafficaccountingforIPaddresses,soitdoesnotsupporttrafficaccountingforusers,norcanitpreventpeoplefromembezzlingIPaddresses,soitwillalsoaffectthestatisticsandmonitoringofnetworkdatatraffic.

This article is from the network, does not represent the position of this station. Please indicate the origin of reprint
TOP