Introduction
TheprotocolunitofIPprotocolcontroltransmissioniscalledIPdatagram(IPDatagram,IPdatagram,IPpacketorIPpacket).TheIPprotocolshieldsthedifferencesbetweenthevariousphysicalsubnetsofthelowerlayer,andcanprovideIPdatagramsinauniformformattotheupperlayer.TheIPdatagramadoptsthedatagrampackettransmissionmethod,andtheserviceprovidedisaconnectionlessmethod.TheformatoftheIPdatagramcanexplainwhatfunctiontheIPprotocolhas.AnIPv4datagramconsistsofaheaderandadata.Amongthem,thedataisthedatathattheupperlayerneedstotransmit,andtheheaderisthecontrolinformationaddedforthecorrecttransmissionoftheupperlayerdata.Thefirstpartoftheheaderhasafixedlength,atotalof20bytes,whichismandatoryforallIPdatagrams.Behindthefixedpartoftheheaderisanoptionalfieldwithvariablelength.
Struktura
Pevná část
(1)Verzezabírá 4 číslice, což odkazuje na verzi protokolu IP. Verze protokolu IP použitá oběma stranami musí být stejná. Široce používané číslo verze protokolu IP je 4 (tedy v případě IPv6. IPv4).
(2)Headerlengthoccupies4digits,andthelargestdecimalvaluethatcanberepresentedis15.Pleasenotethattheunitofthenumberrepresentedbythisfieldisa32-bitwordlength(a32-bitwordlengthis4bytes).Therefore,whentheIPheaderlengthis1111(thatis,15indecimal),theheaderlengthreaches60byte.WhenthelengthoftheheaderoftheIPpacketisnotanintegermultipleof4bytes,thelastpaddingfieldmustbeusedtofillit.Therefore,thedatapartalwaysstartsatanintegermultipleof4bytes,whichismoreconvenientwhenimplementingtheIPprotocol.Thedisadvantageoftheheaderlengthbeinglimitedto60bytesisthatitmaynotbeenoughsometimes.Butthisisdoneinthehopethatuserswillminimizeoverhead.Themostcommonlyusedheaderlengthis20bytes(thatis,theheaderlengthis0101),andnooptionsareusedatthistime.
(3)DifferentiatedServiceszaujímá 8 pozic, aby bylo možné získat lepší služby. Toto pole se ve starém standardu nazývalo typ služby, ale ve skutečnosti se nepoužívalo. V roce 1998 IETF toto pole přejmenovala na DifferentiatedServices (DS).Toto pole funguje pouze při použití odlišných služeb.
(4)Celková délkaCelková délka se vztahuje k délce součtu hlavičky a dat v bajtech. Celková délka pole je 16 bitů, takže maximální délka datagramu je 2^16-1=65535 bajtů.
EachdatalinklayerbelowtheIPlayerhasitsownframeformat,includingthemaximumlengthofthedatafieldintheframeformat,whichiscalledtheMaximumTransferUnit(MTU).Whenadatagramisencapsulatedintoalinklayerframe,thetotallengthofthedatagram(thatis,theheaderplusthedatapart)mustnotexceedtheMTUvalueofthedatalinklayerbelow.
(5)Identification(identification)occupies16digits.TheIPsoftwaremaintainsacounterinthememory.Eachtimeadatagramisgenerated,thecounterisincrementedby1,andthisvalueisassignedtotheidentificationfield.Butthis"identification"isnotasequencenumber,becauseIPisaconnectionlessservice,andthereisnoproblemofsequentialreceptionofdatagrams.WhenadatagrammustbefragmentedbecauseitslengthexceedstheMTUofthenetwork,thevalueofthisidentificationfieldiscopiedtotheidentificationfieldofalldatagrams.Thevalueofthesameidentificationfieldenableseachdatagramafterfragmentationtobefinallyreassembledintotheoriginaldatagramcorrectly.
(6)Vlajka(vlajka)zabírá 3 číslice, tlačítko pouze 2 číslice jsou smysluplné.
●Nejnižší bit v poli vlajky je označen jako MF (MoreFragment). MF=1 znamená, že za sebou jsou "fragmentované" datagramy. MF=0 znamená, že se jedná o většinu několika fragmentů datagramu.
●Jeden bit uprostřed pole vlajky je označen jako DF (Don’tFragment), což znamená „nelze fragmentovat“. Fragmentace je povolena pouze při DF=0.
(7)Chipoffsetzabírá 13 bitů. Odsazení řezu označuje relativní polohu řezu v původní skupině po delší skupině rozdělené na řezy. To je vzhledem k začátku pole uživatelských dat, kde začíná kus. tegermultipleof8bytes (64bitů).
(8)TimetoLiveoccupies8digits.ThecommonlyusedEnglishabbreviationforthetimetolivefieldisTTL(TimeToLive),whichindicatesthelifetimeofthedatagraminthenetwork.Thisfieldissetbythesourceofthedatagram.ItspurposeistopreventundeliverabledatagramsfromgoingaroundtheInternetindefinitely,thusconsumingnetworkresourcesinvain.TheoriginaldesignusessecondsastheunitofTTL.Everytimeitpassesthrougharouter,theTTLissubtractedfromtheperiodoftimethedatagramisconsumedbytherouter.Ifthetimeconsumedbythedatagramontherouterislessthan1second,theTTLvalueisreducedby1.WhentheTTLvalueis0,thedatagramisdiscarded.Later,thefunctionoftheTTLfieldwaschangedto"hoplimit"(butthenameremainsunchanged).TherouterreducestheTTLvalueby1beforeforwardingthedatagram.IftheTTLvalueisreducedtozero,thedatagramisdiscardedandnolongerforwarded.Therefore,theunitofTTLisnolongerinseconds,butinhops.ThemeaningofTTListospecifyatmosthowmanyroutersadatagramcanpassthroughinthenetwork.Obviously,themaximumnumberofroutersthatadatagrampassesonthenetworkis255.IftheinitialvalueofTTLissetto1,itmeansthatthedatagramcanonlybetransmittedinthelocalareanetwork.
(9)Protocoloccupies8bits,andtheprotocolfieldindicateswhichprotocolisusedforthedatacarriedinthisdatagram,sothattheIPlayerofthedestinationhostknowsthatthedatapartshouldbeuploadedWhichprocesstohandover.
(10)První kontrolní součetzaujímá 16 míst.Toto pole kontroluje pouze záhlaví datagramu, ale nezahrnuje datovou část.To proto, že pokaždé, když datový gram prochází přesměrem, vypočítává kontrolní součet záhlaví (některá pole, jako např. čas, nesmí být povoleny, příznaky, datová část). zatížení výpočtu.
(11)Zdrojová adresazabírá 32 bitů.
(12)Cílová adresazabírá 32 bitů.
Variablepart
ThevariablepartoftheIPheaderisanoptionalfield.Theoptionfieldisusedtosupporttroubleshooting,measurement,andsecuritymeasures,andthecontentisveryrich.Thelengthofthisfieldisvariable,rangingfrom1byteto40bytes,dependingontheselecteditem.Someoptionitemsonlyrequire1byte,anditonlyincludes1byteofoptioncode.Buttherearesomeoptionsthatrequiremultiplebytes.Theseoptionsaresplicedonebyonewithoutaseparatorinthemiddle.Finally,apaddingfieldofall0sisusedtofillinanintegermultipleof4bytes.
AddingthevariablepartoftheheaderistoincreasethefunctionoftheIPdatagram,butitalsomakesthelengthoftheheaderoftheIPdatagramvariable.Thisincreasestheoverheadforeachroutertoprocessdatagrams.Infact,theseoptionsarerarelyused.ThenewIPversionIPv6makestheheaderlengthoftheIPdatagramfixed.Theseoptionsaredefinedasfollows:
(1)Omezení zabezpečení a zpracování (používá se ve vojenské oblasti)
(2)Zaznamenejte cestu (nechte router zapsat jeho IP adresu)
(3)TimeStamp(LeteachrouterwritedowntheIPaddressandlocaltimeofeachrouterthattheIPdatagrampassesthrough)
(4)Uvolněte se LooseSourceRoute (určete řadu IP adres, které musí být předány pro datagramy)
(5)StrictSourceRoute(podobně jakouvolněnácestazdroje,Alejepožadováno pouze pro tyto určené adresy,ne pro jiné adresy)
Theseoptionsarerarelyused,andnotallhostsandrouterssupporttheseoptions.
InternetIPprotocol
IPprotocoloverview.TheInternetProtocolorInternetProtocol(IP)isadata-orientedprotocolusedinthemessageexchangenetwork.Itisastandardprotocolfornetworklayercommunication.Itisresponsibleforprovidingbasicdatapackettransmissionfunctions,sothateverydatapacketisAbletoreachthedestinationhost,butdoesnotcheckwhetheritisreceivedcorrectly.TherearefourprotocolsusedinconjunctionwiththeIPprotocol:AddressResolutionProtocolARP,ReverseAddressResolutionProtocolRARP,InternetControlMessageProtocolICMP,andInternetGroupManagementProtocolIGMP.
ThetransmissionofIPdatagramsinavirtualinterconnectionnetwork.Forexample,asourcehostintheInternetwantstosendanIPdatagramtothedestinationhost.Accordingtotheconceptofpacket-switchedstoreandforward,thesourcehostmustfirstlookupitsownroutingtabletoseeifthedestinationhostisonthenetwork.Ifitis,youdonotneedtogothroughanyroutersbutdirectlydeliver,andthetaskiscompleted.Ifnot,youmustsendtheIPdatagramtoarouterA.Afterlookingupitsownroutingtable,AknowsthatitshouldforwardthedatagramtorouterBforindirectdelivery.Inthisway,itkeepsforwarding.Finally,routerCknowsthatitisconnectedtothesamenetworkasthedestinationhostanddoesnotneedtouseotherroutersforforwarding,soitdeliversthedatagramdirectlytothedestinationhost.Thevariousnetworkscanbeheterogeneous.
IPaddress.TheIPaddressistoassignauniqueidentificationworldwideforeachnetworkconnection(networkcard).ThesourceIPaddressandthesinkIPaddressinthemessageheaderrespectivelyindicatetheIPlogicaladdressesofthesourcehostandthedestinationhost.TheIPaddresshasalengthof32bitsandiscomposedofanetworknumberandahostnumber.CommonlyusedIPaddressesincludeclassA,classB,andclassCaddresses,androuterswilladdressthemaccordingtotheIPaddress.TheInternetgenerallyadoptstheIPprotocol.TheIPprotocolrunninginthenetworkisIPv4;IPv6isasubsequentversionofIPv4.TheInternetisslowlyrunningoutofIPaddresses,andtheemergenceofIPv6hassolvedthisproblem.Comparedwiththe32-bitaddressofIPv4,IPv6hasa128-bitaddressspacethatcanprovidemuchmoreaddressesthantheformer.
IPlayerforwardspackets.IntheTCP/IPsystem,routingreferstotheprocessofselectingapathfortransmittingIPdatapacketsinthenetwork.Arouterisanetworkdevicethatundertakesroutingtasks.Theinformationusedfordecision-makingandroutingiscalledIProutinginformation.TherouterusestheIProutinginformationtoperformIPforwardingonthetransmittedIPdatapackets.
Inspekce záhlaví IP datagramu
Princip
TheIPdatagramheaderischeckedandverifiedtoensureitscorrectness.ThesenderdividestheheaderoftheIPdatagramintomultiple16-bitsmalldatablocksinorder.Theinitialvalueoftheheaderchecksumfieldissetto0,andthe16-bitsmalldatablocksaresummedwith1’scomplementalgorithm,andfinallyComplementtheresultagaintogetthefirstchecksum.Thecalculatedheaderchecksumisfilledbackintotheheaderchecksumfieldofthedatagram,encapsulatedintoaframe,andsenttothenexthopdeviceleadingtothesink.
Asthereceiver,thenext-hopdevicedividestheheaderofthereceivedIPdatagramintomultiple16-bitsmalldatablocks,andcalculatesthe16-bitsmalldatablockwith1’scomplementalgorithm.And,finally,theresultiscomplemented.Iftheresultis0,thecorrectnessoftheheaderofthedatagramisverified.Whenthesenderuses1'scomplementtocalculatethesum,thefirstchecksumfieldissettoO,whichmeansthatitdidnotparticipateinthecalculation.Thechecksumafterthecomplementisexactlytheoppositeoftheoriginalchecksum.Whenthereceiveruses1’scomplementtocalculatethesum,sincethenewheaderchecksumfieldhasbeenadded,thesumshouldbe0xffffiftheheaderhasnotchanged.Therefore,theresultofthecomplementshouldbe0x0000.
Význam
IPdatagramsdonotverifytheirdataareaduringtransmission.Therearetworeasonsforthis:
TheIPprotocolisapoint-to-pointprotocol.Ifeverypointinthetransmissionprocesschecksthedata,itwillinevitablyincreasethecost,whichisinconsistentwiththeIP"bestefforttransmission"idea.Leavethereliabilitytoahigherleveltosolve,whichcannotonlyensurethereliabilityofthedata,butalsogetgreaterflexibilityandefficiency.BecausetheuppertransportlayeroftheIPlayerisanend-to-endprotocol,thecostofend-to-endverificationismuchsmallerthanthatofpoint-to-pointverification,especiallywhenthecommunicationlineisbetter.Inaddition,theupperlayerprotocolcanchoosewhethertoperformverificationaccordingtotherequirementsfordatareliability,andevenconsiderusingdifferentverificationmethods,whichbringsgreatflexibilitytothesystem.
ThenwhydoestheIPprotocolprovideaverificationfunctionfortheIPdatagramheader?Ontheonehand,theIPheaderbelongstothecontentoftheIPlayerprotocolandcannotbeprocessedbytheupperlayerprotocol.Ontheotherhand,somefieldsintheIPheaderareconstantlychangingduringthepoint-to-pointtransmissionprocessandcanonlybereformedateachintermediatepoint.Verifythedataandcompletetheverificationbetweenadjacentpoints.
IPpacketmonitoringtechnologyforlocalareanetwork
WiththerapiddevelopmentofcomputerInternettechnology,thenetworkhaspenetratedintopeople’slivesandhasaverycloseconnectionwithourlives.Partofourlives.Hackersattackournetworkthroughcomplexandchangeablenetworkattacks,invadingourInternet,andcausingourInternettohaveaconsiderablesecuritythreat.Theycaninterceptthedatapacketsbeingtransmittedinthelocalareanetworkandthenanalyzethedatapackets.,Toobtainaseriesofdata,resultinginallourpersonalinformationandprivacyexposed,andevencausedincalculablelosstoourpersonalproperty.IfyouuseIPpacketmonitoringtechnology,youcanobtainhackerintrusioninformationintime,andpreventhackersfromintrudinginadvancetopreventhackersfromtakingadvantageofitandprotectourinformationsecurity.Networkmonitoringisaveryimportanttechnologytoprotectinformationsecurity.Itcandiscoversecurityproblemsinthenetworkintime,whichisbeneficialtomaintainingthesecurityofthecomputerInternetnetwork.
ThestructureoftheLANIPdatapacketThestructureoftheLANIPdatapacketismainlycomposedofthreeparts,whichinclude"destinationIPaddress","sourceIPaddress"and"data",amongwhich"sourceIPaddress""Isusedtoindicatewherethedatapacketissentfrom;the"destinationIPaddress"isusedtodeclarewherethedatapacketwillbesent;the"data"partcontainsthedetailedandspecificdatainthedatapacketinformation.ThestructureoftheLANIPdatapacketisverysimilartothee-mailboxusedinourdailylife,anditispreciselybecauseofthisstructurethatitcancommunicatenormallyinacomputernetworkbasedontheTCP/IPprotocol.
Networkmonitoringisactuallyatechnologythatusesacomputer'snetworkinterfacetoobtaindatafromothercomputers.Thistechnologycanmonitorthecurrentnetworktrafficandillegallystealconfidentialfileinformationtransmittedonthenetwork.Thebasicprincipleoflocalareanetworkmonitoringisthatwhendataistransmittedinthelocalareanetworkenvironment,thedatapacketcontainingthephysicaladdressissenttoeachhostthroughthelocalareanetwork.Whenthedatapacketreachesthehostnetworkcard,undernormalcircumstances,thenetworkcardwillcheckReturnwhetherthephysicaladdressofthedatapacketisthesameasthephysicaladdressorbroadcastaddressofthemachine,ifitisthesame,itwillbehandedovertotheIPlayerforprocessing,andifitisnotthesame,thedatapacketwillbediscarded.Whenthenetworkcardofahostisinpromiscuousmode,alldatapacketsarrivingatthecomputerwillbehandedovertotheIPlayerforprocessing.Evenifthephysicaladdressofthedatapacketisdifferentfromthephysicaladdressofthemachine,itwillnottransferthedata.Thepacketisdropped.Therefore,inalocalareanetworkenvironment,alldatapacketstransmittedonthesamerootnetworkwirewillbereceived,andthenthroughtheanalysisandcrackingofthereceiveddata,thedatathattheuserwantscanbeobtained.
RouterIPdatapackettrafficstatistics
Arouterisadevicethatconnectsmultiplenetworksandnetworksegments.Itcandecodeandre-encodeinformationfromdifferentnetworksandnetworksegments.,Sothatthenetworkscanbeconnectedtoeachother,theroutercanchoosethemosteffectiveandsimplestpathtoconnecttoothernetworksaccordingtothedestinationaddressofthedatapacket,andthenformalargernetwork,sothatthenetworkcanbemaximized.ResourceSharing.Itisthethroatthroughwhichtrafficdataentersandexits.AllnetworktrafficfromtheLANtotheInternetmustpassthroughtherouter.Therefore,therouterplaystheroleofdatacollection.Therearealsomanywaystocollectnetworktrafficdatathroughrouters,suchastheshowIPaccountcommand,SNMPprotocol,andTelnetprograms.BecausethemainfunctionoftherouteristohelpIPdatapacketstochoosethecorrectrouteandreachthedestinationaddressmorequicklyintime,therefore,weusuallydonotuseitsownrecordingfunctiontoobtainnetworktrafficstatistics,otherwiseitwillgreatlyreducetherouter’sSelectfunction.WegenerallyusethemethodofSNMPprotocolandTelnetprogramtoobtainthetrafficstatisticsofdatapacketsfromtherouter.
Therearemanywaystocountnetworkdatatraffic.Eachmethodhasitsadvantagesanddisadvantages.Thestatisticalmethodofnetworkdatatrafficthroughroutershasthefollowingcharacteristics:
Přesné statistiky datového provozu
Becausetherouteristhethroatoftheflowdata,itisanimportantdevicetorealizetheinterconnectionbetweennetworks,andthecommunicationbetweenthenetworksmustbeconvertedbytherouterTobedone.Thetaskoftherouteristoselectthecorrespondingrouteaccordingtothedestinationaddressofthedatapacket,andthenconnectwithothernetworks.Therefore,theroutercanaccuratelyreflectthenetworkdatatrafficexceptforinandout.
Zajistěte, aby fakturační server nebyl omezen podle umístění
Theultimatepurposeofstatisticsandmonitoringofnetworkdatatrafficistochargeforit,duetovariousThelimitationofthestatisticalmethoditselfmakestheaccountingservermustbeplacedintheaccountingnetworksegment.Asaresult,asmanybillingserversareneededastherearebillingnetworksegments,whichgreatlyincreasestheworkload.Andifyouusearouter,youwillgettwicetheresultwithhalftheeffort.Aslongasthebillingservercanaccesstherouterwherethenetworksegmentislocated,onebillingservercancompletethedatacollectionofallnetworktraffic.AsforwherethebillingserverislocatedThebillingnetworksegmentisnotimportant.Moreover,therouterusedinthisbillingdoesnotneedtobetoocomplicated,nordoesitneedtoaddotherhardware,soitissimplertoimplementthanotherbillingmethods.
Konzistence s ostatními funkcemi správy sítě
TheInternetusesthestandardnetworkmanagementprotocolSNMP,androutersalsomainlyusetheLoftheSNMPprotocol.Orderthestatisticsandmonitoringofnetworkdatatraffic.Thisensuresconsistencywithothernetworkmanagementfunctionsindatacollectionmethods.
Nevýhody
Ontheonehand,themainfunctionoftherouteristorealizetheroutingofdata,tohelpthedatapacketchoosethefastestpath,sothatitcantransferthedataassoonaspossible.Sendtothedestinationaddress.However,theuseofrouterstocollectstatisticsonnetworkdatatrafficwilltakeupadditionalmemoryandCPUoverheadoftherouter.Especiallyfornetworkswithrelativelylargecommunicationtraffic,thecontradictionwillbemoreprominent.Seriously,itwillcausethechargingbuffertooverflow,causethelossofincomingandoutgoingtrafficdata,andultimatelyaffectthenetworkspeed.Ontheotherhand,therouterperformstrafficaccountingforIPaddresses,soitdoesnotsupporttrafficaccountingforusers,norcanitpreventpeoplefromembezzlingIPaddresses,soitwillalsoaffectthestatisticsandmonitoringofnetworkdatatraffic.