1TCP/IP2目标通过本章的学习,你将能掌握以下内容:了解TCP/IP通信协议及DoD模型掌握TCP、UDP及IP报文格式理解并掌握TCP、UDP、IP通信原理熟悉PING、TRACEROUTE、ARP、RARP等几种三层协议3早期的协议栈普遍性的介绍TCP/IP主机InternetTCP/IP主机4TCP/IP协议栈764325432应用层表示层会话层传输层网络层数据链路层物理层1应用层传输层互联网层数据链路层物理层15应用层概述*Usedbytherouter应用层传输层互联网层数据链路层物理层FileTransfer-TFTP*-FTP*-NFSE-Mail-SMTPRemoteLogin-Telnet*-rlogin*NetworkManagement-SNMP*NameManagement-DNS*6传输层概述TransmissionControlProtocol(TCP)UserDatagramProtocol(UDP)应用层传输层互联网层数据链路层物理层面向连接的非面向连接的7TCP报文格式Sourceport(16)Destinationport(16)Sequencenumber(32)Headerlength(4)Acknowledgementnumber(32)Reserved(6)Codebits(6)Window(16)Checksum(16)Urgent(16)Options(0or32ifany)Data(varies)20BytesBit0Bit15Bit16Bit318端口号TCP端口号FTP传输层TELNETDNSSNMPTFTPSMTPUDP应用层2123255369161RIP5209TCP端口号SourcePortDest.Port…HostA102823…SPDPHostZTelnetZDest.port=23.SendpackettomyTelnetapplication.10SendSYN(seq=100ctl=SYN)SYNreceivedHostAHostB1TCP三次握手建立连接11SendSYN(seq=100ctl=SYN)SYNreceivedSendSYN,ACK(seq=300ack=101ctl=syn,ack)HostAHostBSYNreceived12TCP三次握手建立连接12SendSYN(seq=100ctl=SYN)SYNreceivedSendSYN,ACK(seq=300ack=101ctl=syn,ack)Established(seq=101ack=301ctl=ack)HostAHostB123SYNreceivedTCP三次握手建立连接13TCP会话的建立与释放过程TCP会话的建立与释放过程14TCP简单确认Windowsize=1SenderReceiver15TCP简单确认Windowsize=1SenderReceiverSend1Receive116TCP简单确认Windowsize=1SenderReceiverSend1Receive1ReceiveACK2SendACK217TCP简单确认Windowsize=1SenderReceiverSend1Receive1ReceiveACK2SendACK2Send2Receive218TCP简单确认Windowsize=1SenderReceiverSend1Receive1ReceiveACK2SendACK2Send2Receive2ReceiveACK3SendACK319TCP简单确认Windowsize=1SenderReceiverSend1Receive1ReceiveACK2SendACK2Send2Receive2ReceiveACK3SendACK3Send3Receive320Windowsize=1SenderReceiverSend1Receive1ReceiveACK2SendACK2Send2Receive2ReceiveACK3SendACK3Send3Receive3ReceiveACK4SendACK4TCP简单确认21TCP序列号和确认号SourcePortDest.Port…Sequence#Acknowledgement#SourceDest.Seq.Ack.102823101Ijustsent#10.22Ijustgot#10,nowIneed#11.SourcePortDest.Port…Sequence#Acknowledgement#102823SourceDest.10Seq.1Ack.102823SourceDest.11Seq.1Ack.Ijustsent#10.TCP序列号和确认号23TCP序列号和确认号SourcePortDest.Port…Sequence#Acknowledgement#102823SourceDest.11Seq.2Ack.102823SourceDest.10Seq.1Ack.102823SourceDest.11Seq.1Ack.Ijustgot#10,nowIneed#11.Ijustsent#11.24TCP序列号和确认号SourcePortDest.Port…Sequence#Acknowledgement#102823SourceDest.11Seq.2Ack.102823SourceDest.10Seq.1Ack.102823SourceDest.11Seq.1Ack.102823SourceDest.12Seq.2Ack.Ijustgot#11,nowIneed#12.Ijustsent#11.25TCP窗口SenderReceiver26TCP窗口Windowsize=3Send2SenderReceiverWindowsize=3Send1Windowsize=3Send327Windowsize=3Send2TCP窗口SenderWindowsize=3Send1Windowsize=3Send3ACK3Windowsize=2Packet3isDroppedReceiver28Windowsize=3Send2TCP窗口SenderWindowsize=3Send1Windowsize=3Send3ACK3Windowsize=2Packet3isDroppedWindowsize=2Send4Windowsize=2Send3Receiver29Windowsize=3Send2TCP窗口SenderWindowsize=3Send1Windowsize=3Send3ACK3Windowsize=2Packet3isDroppedWindowsize=2Send4Windowsize=2Send3ACK5Windowsize=2Receiver30TCP会话数据处理机制TCP会话中数据传递的过程31没有序列号或确认号字段UDP报文格式Sourceport(16)Destinationport(16)Length(16)Data(ifany)1Bit0Bit15Bit16Bit31Checksum(16)8Bytes32互联网层概述OSI网络层在TCP/IP里被描述成互联网层InternetProtocol(IP)InternetControlMessageProtocol(ICMP)AddressResolutionProtocol(ARP)ReverseAddressResolutionProtocol(RARP)应用层传输层互联网层数据链路层物理层33IP数据包Version(4)DestinationIPAddress(32)Options(0or32ifany)Data(variesifany)1Bit0Bit15Bit16Bit31HeaderLength(4)Priority&TypeofService(8)TotalLength(16)Identification(16)Flags(3)Fragmentoffset(13)Timetolive(8)Protocol(8)Headerchecksum(16)SourceIPAddress(32)20Bytes34决定目的高层协议协议字段传输层互连网层TCPUDP协议号IP17635因特网控制报文协议ApplicationTransportInternetDataLinkPhysicalDestinationUnreachableEcho(Ping)OtherICMP136ICMP协议1、目的不可达ICMP报文(目的网络、目的主机、目的协议、目的端口不可达)2、超时ICMP报文(TTL每经过一次路由器就减1,减到0时,数据包被丢弃。Trace充分利用了ICMP超时报文)3、重定向ICMP报文(向源主机通知更好的路由)4、ICMP回应请求与回应应答(ping发送和接收icmpecho/icmpechoreply报文)37Ping命令的结论Ping的主要功能是确定一个给定的IP地址是否可以到达。如果ping执行成功,则暗示:1)从源到目的节点存在一条可以工作的路径;2)目标IP地址对应的机器在正常工作;3)从目标节点到源节点存在一条可以工作的路径。但是,从源到目标的路径与从目标回源节点的路径可能不一致。即不对称路由。38Ping命令的输出结果!Ping操作成功,收到了icmpechoreply报文.未收到任何报文Uicmp不可到达目的主机Nicmp不可到达目的网络Picmp不可到达目的端口Qicmp源地址失踪Micmp禁止数据包分段?收到无法识别的数据包39Traceroute命令的原理Traceroute命令描述了从源到目的地址的详细路径,即整个路径上的所有路由器。其原理如下:1)最开始,源向目的地址发送3个TTL=1的数据包,第1个路由器收到该包后将其TTL改为0,并向源发送一个ICMP超时消息,源在接到这个消息后便知道了到达目的地址要经过的第1个路由器的地址。2)接下来,源向目的地址发送3个TTL=2的数据包,于是,第一个路由器收到该包后改其TTL=1并转发给第2个路由器,第2个路由器改其TTL=0,并向源发一个ICMP超时消息,源就知道了应经过的第2个路由器的地址。3)最后,向目的地址发送3个TTL=n且目的节点不认识的包,目的节点就向源发回一个目的地址不可达的ICMP消息,于是,源就知道自己已到达了最终目标。4)依据上述原理,源就知道了到达目的地址应经过的各个路由器的地址。40地址解析协议172.16.3.1172.16.3.2IP:172.16.3.2=???IneedtheEthernetaddressof176.16.3.2.41地址解析协议172.16.3.1172.16.3.2IP:172.16.3.2=???Iheardthatbroadcast.Themessageisforme.HereismyEthernetaddress.IneedtheEthernetaddressof176.16.3.2.42地址解析协议172.16.3.1IP:172.16.3.2Ethernet:0800.0020.1111172.16.3.2IP:172.16.3.2=???Iheardthatbroadcast.Themessageisforme.HereismyEthernetaddress.IneedtheEthernetaddressof176.16.3.2.43地址解析协议MapIPEthernetLocalARP172.16.3.1IP:172.16.3.2Ethernet:0800.0020.1111172.16.3.2IP:172.16.3.2=???Iheardthatbroadcast.Themessageisforme.HereismyEthernetaddress.IneedtheEthernet