Introduction
TheprotocolunitofIPprotocolcontroltransmissioniscalledIPdatagram(IPDatagram,IPdatagram,IPpacketorIPpacket).TheIPprotocolshieldsthedifferencesbetweenthevariousphysicalsubnetsofthelowerlayer,andcanprovideIPdatagramsinauniformformattotheupperlayer.TheIPdatagramadoptsthedatagrampackettransmissionmethod,andtheserviceprovidedisaconnectionlessmethod.TheformatoftheIPdatagramcanexplainwhatfunctiontheIPprotocolhas.AnIPv4datagramconsistsofaheaderandadata.Amongthem,thedataisthedatathattheupperlayerneedstotransmit,andtheheaderisthecontrolinformationaddedforthecorrecttransmissionoftheupperlayerdata.Thefirstpartoftheheaderhasafixedlength,atotalof20bytes,whichismandatoryforallIPdatagrams.Behindthefixedpartoftheheaderisanoptionalfieldwithvariablelength.
Rakenne
Kiinteä osa
(1)Versioon 4 numeroa, mikä viittaa IP-protokollan versioon. Molempien osapuolten käyttämän IP-protokollan version on oltava sama.Laajalti käytetty IP-protokollaversionumero on4.
(2)Headerlengthoccupies4digits,andthelargestdecimalvaluethatcanberepresentedis15.Pleasenotethattheunitofthenumberrepresentedbythisfieldisa32-bitwordlength(a32-bitwordlengthis4bytes).Therefore,whentheIPheaderlengthis1111(thatis,15indecimal),theheaderlengthreaches60byte.WhenthelengthoftheheaderoftheIPpacketisnotanintegermultipleof4bytes,thelastpaddingfieldmustbeusedtofillit.Therefore,thedatapartalwaysstartsatanintegermultipleof4bytes,whichismoreconvenientwhenimplementingtheIPprotocol.Thedisadvantageoftheheaderlengthbeinglimitedto60bytesisthatitmaynotbeenoughsometimes.Butthisisdoneinthehopethatuserswillminimizeoverhead.Themostcommonlyusedheaderlengthis20bytes(thatis,theheaderlengthis0101),andnooptionsareusedatthistime.
(3)DifferentiatedServicessijoittaa 8 asemaa saadakseen parempia palveluja.Tätä kenttää kutsuttiin palvelutyypiksi vanhassa standardissa, mutta sitä ei ole tosiasiallisesti käytetty. Vuonna 1998 IETF nimettiin uudelleen DifferentiatedServices (DS) -alaksi.
(4)KokonaispituusKokonaispituus tarkoittaa otsikon ja tietojen summan pituutta, tavuina.Kokonaispituus on16 bittiä, joten datagrammin enimmäispituus on2^16-1=65535 tavua.
EachdatalinklayerbelowtheIPlayerhasitsownframeformat,includingthemaximumlengthofthedatafieldintheframeformat,whichiscalledtheMaximumTransferUnit(MTU).Whenadatagramisencapsulatedintoalinklayerframe,thetotallengthofthedatagram(thatis,theheaderplusthedatapart)mustnotexceedtheMTUvalueofthedatalinklayerbelow.
(5)Identification(identification)occupies16digits.TheIPsoftwaremaintainsacounterinthememory.Eachtimeadatagramisgenerated,thecounterisincrementedby1,andthisvalueisassignedtotheidentificationfield.Butthis"identification"isnotasequencenumber,becauseIPisaconnectionlessservice,andthereisnoproblemofsequentialreceptionofdatagrams.WhenadatagrammustbefragmentedbecauseitslengthexceedstheMTUofthenetwork,thevalueofthisidentificationfieldiscopiedtotheidentificationfieldofalldatagrams.Thevalueofthesameidentificationfieldenableseachdatagramafterfragmentationtobefinallyreassembledintotheoriginaldatagramcorrectly.
(6)Lippu(lippu)varaa 3 numeroa, mutta vain 2 numeroa ovat merkityksellisiä.
●Lippukentän alin bitti on merkitty MF(MoreFragment).MF=1tarkoittaa, että takana on "fragmentoituja" datagrammeja.MF=0tarkoittaa, että tämä on useista tietogrammifragmenteista.
●Lippukentän keskellä oleva bitti on merkitty DF:ksi (Don’t Fragment), mikä tarkoittaa, että "ei voi olla pirstoutunut". Sirpaloituminen on sallittua vain, kun DF=0.
(7)Chipoffsetvaraa 13 bittiä.Sipupoikkeama ilmaiseepalansuhteellisen sijainninalkuperäisessä ryhmässäpidemmän ryhmän siivutuksen jälkeen.Toisin sanoen,suhteessa käyttäjätietokentän alkuun, josta kappaleet alkavat. Jokaisen fragmentin on oltava kokonaislukumonia 8 tavua (64 bittiä).
(8)TimetoLiveoccupies8digits.ThecommonlyusedEnglishabbreviationforthetimetolivefieldisTTL(TimeToLive),whichindicatesthelifetimeofthedatagraminthenetwork.Thisfieldissetbythesourceofthedatagram.ItspurposeistopreventundeliverabledatagramsfromgoingaroundtheInternetindefinitely,thusconsumingnetworkresourcesinvain.TheoriginaldesignusessecondsastheunitofTTL.Everytimeitpassesthrougharouter,theTTLissubtractedfromtheperiodoftimethedatagramisconsumedbytherouter.Ifthetimeconsumedbythedatagramontherouterislessthan1second,theTTLvalueisreducedby1.WhentheTTLvalueis0,thedatagramisdiscarded.Later,thefunctionoftheTTLfieldwaschangedto"hoplimit"(butthenameremainsunchanged).TherouterreducestheTTLvalueby1beforeforwardingthedatagram.IftheTTLvalueisreducedtozero,thedatagramisdiscardedandnolongerforwarded.Therefore,theunitofTTLisnolongerinseconds,butinhops.ThemeaningofTTListospecifyatmosthowmanyroutersadatagramcanpassthroughinthenetwork.Obviously,themaximumnumberofroutersthatadatagrampassesonthenetworkis255.IftheinitialvalueofTTLissetto1,itmeansthatthedatagramcanonlybetransmittedinthelocalareanetwork.
(9)Protocoloccupies8bits,andtheprotocolfieldindicateswhichprotocolisusedforthedatacarriedinthisdatagram,sothattheIPlayerofthedestinationhostknowsthatthedatapartshouldbeuploadedWhichprocesstohandover.
(10)Ensimmäinen tarkistussummaon 16 paikkaa.Tämä kenttä tarkistaa vain tietogrammin otsikon, mutta ei sisällä dataosaa. Tämä johtuu siitä, että joka kerta datagrammi kulkee läpi ulomman, ulomman on laskettava uudelleenotsakkeen tarkistussumma. Tiedonosien tarkistaminen voi vähentää laskennan työmäärää.
(11)Lähdeosoitevaraa 32 bittiä.
(12)Kohdeosoitevaraa 32 bittiä.
Variablepart
ThevariablepartoftheIPheaderisanoptionalfield.Theoptionfieldisusedtosupporttroubleshooting,measurement,andsecuritymeasures,andthecontentisveryrich.Thelengthofthisfieldisvariable,rangingfrom1byteto40bytes,dependingontheselecteditem.Someoptionitemsonlyrequire1byte,anditonlyincludes1byteofoptioncode.Buttherearesomeoptionsthatrequiremultiplebytes.Theseoptionsaresplicedonebyonewithoutaseparatorinthemiddle.Finally,apaddingfieldofall0sisusedtofillinanintegermultipleof4bytes.
AddingthevariablepartoftheheaderistoincreasethefunctionoftheIPdatagram,butitalsomakesthelengthoftheheaderoftheIPdatagramvariable.Thisincreasestheoverheadforeachroutertoprocessdatagrams.Infact,theseoptionsarerarelyused.ThenewIPversionIPv6makestheheaderlengthoftheIPdatagramfixed.Theseoptionsaredefinedasfollows:
(1)Turvallisuus- ja käsittelyrajoitukset (käytetään armeija-alalla)
(2)Tallenna polku (ilmoita reitittimen IP-osoite)
(3)TimeStamp(LeteachrouterwritedowntheIPaddressandlocaltimeofeachrouterthattheIPdatagrampassesthrough)
(4)RelaxLooseSourceRoute(määritä sarja IP-osoitteita, jotka on välitettävä datagrammien kautta)
(5)StrictSourceRoute(samanlainen lähdereitti,Mutta vaaditaan vainnäihin määritellyihin osoitteisiin,ei muihin osoitteisiin)
Theseoptionsarerarelyused,andnotallhostsandrouterssupporttheseoptions.
InternetIPprotocol
IPprotocoloverview.TheInternetProtocolorInternetProtocol(IP)isadata-orientedprotocolusedinthemessageexchangenetwork.Itisastandardprotocolfornetworklayercommunication.Itisresponsibleforprovidingbasicdatapackettransmissionfunctions,sothateverydatapacketisAbletoreachthedestinationhost,butdoesnotcheckwhetheritisreceivedcorrectly.TherearefourprotocolsusedinconjunctionwiththeIPprotocol:AddressResolutionProtocolARP,ReverseAddressResolutionProtocolRARP,InternetControlMessageProtocolICMP,andInternetGroupManagementProtocolIGMP.
ThetransmissionofIPdatagramsinavirtualinterconnectionnetwork.Forexample,asourcehostintheInternetwantstosendanIPdatagramtothedestinationhost.Accordingtotheconceptofpacket-switchedstoreandforward,thesourcehostmustfirstlookupitsownroutingtabletoseeifthedestinationhostisonthenetwork.Ifitis,youdonotneedtogothroughanyroutersbutdirectlydeliver,andthetaskiscompleted.Ifnot,youmustsendtheIPdatagramtoarouterA.Afterlookingupitsownroutingtable,AknowsthatitshouldforwardthedatagramtorouterBforindirectdelivery.Inthisway,itkeepsforwarding.Finally,routerCknowsthatitisconnectedtothesamenetworkasthedestinationhostanddoesnotneedtouseotherroutersforforwarding,soitdeliversthedatagramdirectlytothedestinationhost.Thevariousnetworkscanbeheterogeneous.
IPaddress.TheIPaddressistoassignauniqueidentificationworldwideforeachnetworkconnection(networkcard).ThesourceIPaddressandthesinkIPaddressinthemessageheaderrespectivelyindicatetheIPlogicaladdressesofthesourcehostandthedestinationhost.TheIPaddresshasalengthof32bitsandiscomposedofanetworknumberandahostnumber.CommonlyusedIPaddressesincludeclassA,classB,andclassCaddresses,androuterswilladdressthemaccordingtotheIPaddress.TheInternetgenerallyadoptstheIPprotocol.TheIPprotocolrunninginthenetworkisIPv4;IPv6isasubsequentversionofIPv4.TheInternetisslowlyrunningoutofIPaddresses,andtheemergenceofIPv6hassolvedthisproblem.Comparedwiththe32-bitaddressofIPv4,IPv6hasa128-bitaddressspacethatcanprovidemuchmoreaddressesthantheformer.
IPlayerforwardspackets.IntheTCP/IPsystem,routingreferstotheprocessofselectingapathfortransmittingIPdatapacketsinthenetwork.Arouterisanetworkdevicethatundertakesroutingtasks.Theinformationusedfordecision-makingandroutingiscalledIProutinginformation.TherouterusestheIProutinginformationtoperformIPforwardingonthetransmittedIPdatapackets.
IPdatagramheader-tarkastus
Periaate
TheIPdatagramheaderischeckedandverifiedtoensureitscorrectness.ThesenderdividestheheaderoftheIPdatagramintomultiple16-bitsmalldatablocksinorder.Theinitialvalueoftheheaderchecksumfieldissetto0,andthe16-bitsmalldatablocksaresummedwith1’scomplementalgorithm,andfinallyComplementtheresultagaintogetthefirstchecksum.Thecalculatedheaderchecksumisfilledbackintotheheaderchecksumfieldofthedatagram,encapsulatedintoaframe,andsenttothenexthopdeviceleadingtothesink.
Asthereceiver,thenext-hopdevicedividestheheaderofthereceivedIPdatagramintomultiple16-bitsmalldatablocks,andcalculatesthe16-bitsmalldatablockwith1’scomplementalgorithm.And,finally,theresultiscomplemented.Iftheresultis0,thecorrectnessoftheheaderofthedatagramisverified.Whenthesenderuses1'scomplementtocalculatethesum,thefirstchecksumfieldissettoO,whichmeansthatitdidnotparticipateinthecalculation.Thechecksumafterthecomplementisexactlytheoppositeoftheoriginalchecksum.Whenthereceiveruses1’scomplementtocalculatethesum,sincethenewheaderchecksumfieldhasbeenadded,thesumshouldbe0xffffiftheheaderhasnotchanged.Therefore,theresultofthecomplementshouldbe0x0000.
Merkitys
IPdatagramsdonotverifytheirdataareaduringtransmission.Therearetworeasonsforthis:
TheIPprotocolisapoint-to-pointprotocol.Ifeverypointinthetransmissionprocesschecksthedata,itwillinevitablyincreasethecost,whichisinconsistentwiththeIP"bestefforttransmission"idea.Leavethereliabilitytoahigherleveltosolve,whichcannotonlyensurethereliabilityofthedata,butalsogetgreaterflexibilityandefficiency.BecausetheuppertransportlayeroftheIPlayerisanend-to-endprotocol,thecostofend-to-endverificationismuchsmallerthanthatofpoint-to-pointverification,especiallywhenthecommunicationlineisbetter.Inaddition,theupperlayerprotocolcanchoosewhethertoperformverificationaccordingtotherequirementsfordatareliability,andevenconsiderusingdifferentverificationmethods,whichbringsgreatflexibilitytothesystem.
ThenwhydoestheIPprotocolprovideaverificationfunctionfortheIPdatagramheader?Ontheonehand,theIPheaderbelongstothecontentoftheIPlayerprotocolandcannotbeprocessedbytheupperlayerprotocol.Ontheotherhand,somefieldsintheIPheaderareconstantlychangingduringthepoint-to-pointtransmissionprocessandcanonlybereformedateachintermediatepoint.Verifythedataandcompletetheverificationbetweenadjacentpoints.
IPpacketmonitoringtechnologyforlocalareanetwork
WiththerapiddevelopmentofcomputerInternettechnology,thenetworkhaspenetratedintopeople’slivesandhasaverycloseconnectionwithourlives.Partofourlives.Hackersattackournetworkthroughcomplexandchangeablenetworkattacks,invadingourInternet,andcausingourInternettohaveaconsiderablesecuritythreat.Theycaninterceptthedatapacketsbeingtransmittedinthelocalareanetworkandthenanalyzethedatapackets.,Toobtainaseriesofdata,resultinginallourpersonalinformationandprivacyexposed,andevencausedincalculablelosstoourpersonalproperty.IfyouuseIPpacketmonitoringtechnology,youcanobtainhackerintrusioninformationintime,andpreventhackersfromintrudinginadvancetopreventhackersfromtakingadvantageofitandprotectourinformationsecurity.Networkmonitoringisaveryimportanttechnologytoprotectinformationsecurity.Itcandiscoversecurityproblemsinthenetworkintime,whichisbeneficialtomaintainingthesecurityofthecomputerInternetnetwork.
ThestructureoftheLANIPdatapacketThestructureoftheLANIPdatapacketismainlycomposedofthreeparts,whichinclude"destinationIPaddress","sourceIPaddress"and"data",amongwhich"sourceIPaddress""Isusedtoindicatewherethedatapacketissentfrom;the"destinationIPaddress"isusedtodeclarewherethedatapacketwillbesent;the"data"partcontainsthedetailedandspecificdatainthedatapacketinformation.ThestructureoftheLANIPdatapacketisverysimilartothee-mailboxusedinourdailylife,anditispreciselybecauseofthisstructurethatitcancommunicatenormallyinacomputernetworkbasedontheTCP/IPprotocol.
Networkmonitoringisactuallyatechnologythatusesacomputer'snetworkinterfacetoobtaindatafromothercomputers.Thistechnologycanmonitorthecurrentnetworktrafficandillegallystealconfidentialfileinformationtransmittedonthenetwork.Thebasicprincipleoflocalareanetworkmonitoringisthatwhendataistransmittedinthelocalareanetworkenvironment,thedatapacketcontainingthephysicaladdressissenttoeachhostthroughthelocalareanetwork.Whenthedatapacketreachesthehostnetworkcard,undernormalcircumstances,thenetworkcardwillcheckReturnwhetherthephysicaladdressofthedatapacketisthesameasthephysicaladdressorbroadcastaddressofthemachine,ifitisthesame,itwillbehandedovertotheIPlayerforprocessing,andifitisnotthesame,thedatapacketwillbediscarded.Whenthenetworkcardofahostisinpromiscuousmode,alldatapacketsarrivingatthecomputerwillbehandedovertotheIPlayerforprocessing.Evenifthephysicaladdressofthedatapacketisdifferentfromthephysicaladdressofthemachine,itwillnottransferthedata.Thepacketisdropped.Therefore,inalocalareanetworkenvironment,alldatapacketstransmittedonthesamerootnetworkwirewillbereceived,andthenthroughtheanalysisandcrackingofthereceiveddata,thedatathattheuserwantscanbeobtained.
RouterIPdatapackettrafficstatistics
Arouterisadevicethatconnectsmultiplenetworksandnetworksegments.Itcandecodeandre-encodeinformationfromdifferentnetworksandnetworksegments.,Sothatthenetworkscanbeconnectedtoeachother,theroutercanchoosethemosteffectiveandsimplestpathtoconnecttoothernetworksaccordingtothedestinationaddressofthedatapacket,andthenformalargernetwork,sothatthenetworkcanbemaximized.ResourceSharing.Itisthethroatthroughwhichtrafficdataentersandexits.AllnetworktrafficfromtheLANtotheInternetmustpassthroughtherouter.Therefore,therouterplaystheroleofdatacollection.Therearealsomanywaystocollectnetworktrafficdatathroughrouters,suchastheshowIPaccountcommand,SNMPprotocol,andTelnetprograms.BecausethemainfunctionoftherouteristohelpIPdatapacketstochoosethecorrectrouteandreachthedestinationaddressmorequicklyintime,therefore,weusuallydonotuseitsownrecordingfunctiontoobtainnetworktrafficstatistics,otherwiseitwillgreatlyreducetherouter’sSelectfunction.WegenerallyusethemethodofSNMPprotocolandTelnetprogramtoobtainthetrafficstatisticsofdatapacketsfromtherouter.
Therearemanywaystocountnetworkdatatraffic.Eachmethodhasitsadvantagesanddisadvantages.Thestatisticalmethodofnetworkdatatrafficthroughroutershasthefollowingcharacteristics:
Tietoliikenteen tarkat tilastot
Becausetherouteristhethroatoftheflowdata,itisanimportantdevicetorealizetheinterconnectionbetweennetworks,andthecommunicationbetweenthenetworksmustbeconvertedbytherouterTobedone.Thetaskoftherouteristoselectthecorrespondingrouteaccordingtothedestinationaddressofthedatapacket,andthenconnectwithothernetworks.Therefore,theroutercanaccuratelyreflectthenetworkdatatrafficexceptforinandout.
Tee laskutuspalvelimesta, jota ei rajoiteta sijainnin mukaan
Theultimatepurposeofstatisticsandmonitoringofnetworkdatatrafficistochargeforit,duetovariousThelimitationofthestatisticalmethoditselfmakestheaccountingservermustbeplacedintheaccountingnetworksegment.Asaresult,asmanybillingserversareneededastherearebillingnetworksegments,whichgreatlyincreasestheworkload.Andifyouusearouter,youwillgettwicetheresultwithhalftheeffort.Aslongasthebillingservercanaccesstherouterwherethenetworksegmentislocated,onebillingservercancompletethedatacollectionofallnetworktraffic.AsforwherethebillingserverislocatedThebillingnetworksegmentisnotimportant.Moreover,therouterusedinthisbillingdoesnotneedtobetoocomplicated,nordoesitneedtoaddotherhardware,soitissimplertoimplementthanotherbillingmethods.
Johdonmukaisuus muiden verkonhallintatoimintojen kanssa
TheInternetusesthestandardnetworkmanagementprotocolSNMP,androutersalsomainlyusetheLoftheSNMPprotocol.Orderthestatisticsandmonitoringofnetworkdatatraffic.Thisensuresconsistencywithothernetworkmanagementfunctionsindatacollectionmethods.
Haitat
Ontheonehand,themainfunctionoftherouteristorealizetheroutingofdata,tohelpthedatapacketchoosethefastestpath,sothatitcantransferthedataassoonaspossible.Sendtothedestinationaddress.However,theuseofrouterstocollectstatisticsonnetworkdatatrafficwilltakeupadditionalmemoryandCPUoverheadoftherouter.Especiallyfornetworkswithrelativelylargecommunicationtraffic,thecontradictionwillbemoreprominent.Seriously,itwillcausethechargingbuffertooverflow,causethelossofincomingandoutgoingtrafficdata,andultimatelyaffectthenetworkspeed.Ontheotherhand,therouterperformstrafficaccountingforIPaddresses,soitdoesnotsupporttrafficaccountingforusers,norcanitpreventpeoplefromembezzlingIPaddresses,soitwillalsoaffectthestatisticsandmonitoringofnetworkdatatraffic.