The Internet is a global system of interrelated computer, local and other networks that interact with each other by the TCP / IP protocol stack (Fig. 1.).

Figure 1 - generalized network scheme

The Internet provides the exchange of information between all computers connected to it. The type of computer and the values \u200b\u200bused by them do not have.

Basic Internet Cells - Local Computing Networks (LAN - Local Area Network). If some local network is directly connected to the Internet, then each workstation of this network can also be connected to it. There are also computers, independently connected to the Internet. They're called host computers (Host - Host).

Each computer connected to the network has its own address by which a subscriber can find from any point of light.

An important feature of the Internet is that it, uniting various networks, does not create any hierarchy - all computers connected to the network are equal.

Another distinctive feature of the Internet is high reliability. When dealing with parts of computers and communication lines, the network will continue to function. Such reliability is ensured by the fact that there is no online unified Center Control. If some links or computers fail, the messages can be transmitted over other communication lines, as there are always several information transmission paths.

The Internet is not commercial organization And does not belong to anyone. Internet users are available in almost all countries of the world.

Users are connected to the network through computers of special organizations, which are called Internet service providers. The Internet connection can be permanent or temporary. Internet service providers have multiple lines for connecting users and high-speed lines to communicate with the rest of the Internet. Often small suppliers are connected to the larger, which, in turn, are connected to other suppliers.

Organizations connected to each other with the most high-speed communication lines form the base part of the network, or the Internet backbon internet range. If the supplier is connected directly to the ridge, then the information transfer rate will be maximum.

In fact, the difference between users and Internet service providers is sufficiently conditional. Anyone who connected your computer or your local computer network to the Internet and installed required programscan provide network connection services to other users. A single user, in principle, can connect the speed line directly to the internet range.

In general, the Internet exchanges information between any two computers connected to the network. Computers connected to the Internet, often called Internet, or sites , from the English word Site, which is translated as a place location. Nodes installed on Internet service providers provide Internet access to the Internet. There are also nodes specializing in providing information. For example, many firms create nodes on the Internet, with the help of which they distribute information about their products and services.

How is the transmission of information? On the Internet used two main concepts: address and protocol. Your unique address has any computer connected to the Internet. Just as the postal address unambiguously determines the location of a person, the address on the Internet unambiguously determines the location of the computer on the network. The addresses on the Internet are its most important part, and below them will be described in detail.

Data sent from one computer to another using the Internet is divided into packets. They move between computers constituting networks network. Packages of one message can pass by different routes. Each package has its markup, which ensures the correct assembly of the document on the computer to which the message is addressed.

What is the protocol? As previously said, the protocol is the rules of interaction. For example, the diplomatic protocol prescribes how to act when meeting foreign guests or during admission. Also the network protocol prescribes the rules of work to computers that are connected to the network. Standard protocols make different computers "speak in one language". Thus, it is possible to connect to the Internet of different-type computers running various operating systems.

Basic Internet protocols is the TCP / IP protocol stack. First of all it is required to clarify that, in the technical understanding of TCP / IP - This is not a single network protocol, but two protocols lying at different levels of the network model (this is the so-called stack of protocols).TCP protocol - protocol transport level. He controls how data is transmitted. IP protocol - address. It belongs network leveland determines where the transfer takes place.

ProtocolTCP. According to TCP protocol , The data sent is "cut" into small packages, after which each package is marked in such a way that it has the data necessary for the correct assembly of the document on the recipient's computer.

To understand the essence of the TCP protocol, you can submit a game of correspondence in chess when two participants play a dozen parties simultaneously. Each course is recorded on a separate postcard with the party number and the course number. In this case, between the two partners through the same postal channel, there is a dozen compounds (one at the party). Two computers related to each physical connection can simultaneously maintain several TCP connections simultaneously. For example, two intermediate network servers can simultaneously transmit each other in both sides of the TCP packets from numerous clients.

When we work on the Internet, then by one only telephone line We can simultaneously receive documents from America, Australia and Europe. Packages of each of the documents come apart, with division in time, and as they arrived in different documents.

Protocol IP. . Now consider the address protocol - IP (Internet Protocol). Its essence is that each participant has a worldwide network should have its own unique address (IP address). Without it, it is impossible to talk about the accurate delivery of TSR packages to the desired workplace. This address is expressed very simply - four numbers, for example: 195.38.46.11. We will consider the structure of the IP address later. It is organized so that every computer through which a TCP packet passes can determine by this four numbers, to whom from the nearest "neighbors" must be sent a package so that it turns out to be "closer" to the recipient. As a result of the final number of TSR transfers, the address reaches the addressee.

The word "closer" is taken in quotes not by chance. In this case, not geographic "proximity" is estimated. The terms of communication and bandwidth lines. Two computers on different continents, but connected by the high-performance line of space communication, are considered more "close" to each other than two computers from neighboring villages associated with a simple telephone wire. Solving issues to consider "closer" and what "further" are engaged in special funds - routers. The role of routers on the network usually perform specialized computers, but these are also special programs running on nodal network servers.

TCP / IP protocol stack

TCP / IP protocol stack - A set of network data transmission protocols used in networks, including the Internet. The TCP / IP name comes from the two most important protocols of the TRANSMISSION CONTOCOL (TCP) and Internet Protocol (IP), which have been developed and described in the first in this standard.

Protocols work with each other in the stack (eng. stack, Stack) - This means that the protocol, located at the level above, works "over" the lower, using encapsulation mechanisms. For example, the TCP protocol runs on top of the IP protocol.

TCP / IP protocol stack includes four levels:

• application Level (Application Layer),
• transport Layer (TRANSPORT LAYER),
• network Level (Internet Layer),
• channel Level (Link Layer).

The protocols of these levels fully implement the functionality of the OSI model (Table 1). The TCP / IP protocol stack contains all user interaction in IP networks. The stack is independent of the physical data environment.

Table 1 - Comparison of the TCP / IP protocol stack and the reference OSI model

Applied level

At the application (Application Layer), most network applications are running.

These programs have their own information exchange protocols, such as HTTP for WWW, FTP (File Transfer), SMTP ( email), SSH (safe connection with a remote machine), DNS (transformation of symbolic names in IP addresses) and many others.

In their mass, these protocols work over TCP or UDP and are tied to a specific port, for example:

• HTTP on TCP port 80 or 8080,
• FTP on TCP port 20 (for data transmission) and 21 (for control commands),
• dNS requests to UDP port (less often TCP) 53,

Transport level

Transport Layer (Transport Layer) can solve the problem of non-marginal messages delivery ("Does the message come to the destination?"), As well as ensure the correct sequence of data arrival. In TCP / IP stack, transport protocols are determined, for which applications this data is intended.

Automatic routing protocols, logically presented at this level (since they work over IP), are actually part of the network-level protocols; For example OSPF (IP identifier 89).

TCP (IP ID 6) is a "guaranteed" transport mechanism with a preliminary establishment of a connection providing an application of a reliable data stream, which gives confidence in the error of the resulting data, rewrite the data in case of loss and eliminating data duplication. TCP allows you to adjust the load on the network, as well as reduce data waiting time when transmitting over long distances. Moreover, TCP ensures that the data obtained has been sent exactly in the same sequence. This is his main difference from UDP.

UDP (IP identifier 17) Datagram transmission protocol without connecting the connection. It is also called the protocol of the "unreliable" transmission, in the sense of the impossibility to make sure to deliver the message to the message, as well as possible stirring of the packages. In applications requiring guaranteed data transfer, the TCP protocol is used.

UDP is usually used in applications such as streaming video and computer games, where packet loss is allowed, and the re-request is difficult or not justified, or in the application request applications (for example, requests to DNS), where the creation of a connection takes more resources than Resending.

And TCP, and UDPs are used to determine the top-level protocol number called the port.

Network level

The network level (Internet Layer) is initially designed to transfer data from one (under) network to another. With development concept global Network in the level were made additional features For transmission from any network to any network, regardless of the lower level protocols, as well as the possibility of requesting data from the remote side, for example, in the ICMP protocol (used to transmit the IP connection diagnostic information) and IGMP (used to manage multicast flows).

ICMP and IGMP are located above the IP and should get to the next - the transport level, but is functionally functionally protocols, and therefore they cannot be entered into the OSI model.

The IP network protocol packages may contain code indicating exactly what the next level protocol must be used to extract data from the package. This number is unique Protocol IP number. ICMP and IGMP have numbers, respectively, 1 and 2.

Channel Level

Channel Level (Link Layer) describes how data packets are transmitted through the physical level, including coding (that is, special sequences of the bit defining the beginning and end of the data packet). Ethernet, for example, in the packet header fields contains an indication of which machine or machines in the network is designed to this package.

Examples of channel-level protocols - Ethernet, Wi-Fi, Frame Relay, Tank Ring, ATM, etc.

The channel level is sometimes separated by 2 sublevels - LLC and Mac.

In addition, the channel level describes the data transmission medium (be it a coaxial cable, twisted steam, optical fiber or radio channel), physical characteristics of such an environment and data transmission principle (channel separation, modulation, signal amplitude, signal frequency, transmission time, waiting time Answer and maximum distance).

Encapsulation

Encapsulation - packaging, or attachment, high-level packets (possibly different protocol) in the packages of one protocol (lower level), including the address.

For example, when an application needs to send a message using TCP, the following sequence of actions is performed (Fig. 2):

Figure 2 - Process of encapsulation

• first of all, the application fills in a special data structure in which it specifies the recipient information (network protocol, IP address, TCP port);
• transmits a message, its length and structure with information about the recipient TCP protocol handler (transport level);
• tCP handler generates a segment in which the message is the message as the data, and the recipient TCP port is in the headers (as well as other data);
• the TCP handler transmits the formed segment of the IP processor (network level);
• the IP handler examines the transmitted TCP segment as data and precedes them with its heading (in which, in particular, the recipient's IP address, taken from the same application data structure, and the upper protocol number;
• the resulting package The IP handler transmits to a channel level that again considers current Package as "raw" data;
• the channel-level handler, similar to the previous handlers, adds to the beginning of its header (in which the top-level protocol number is also indicated, in our case it is 0x0800 (IP)) and, in most cases, adds a finite checksum, thereby forming a frame;
• the resulting frame is transmitted to the physical level, which transforms bits to electrical or optical signals and sends them to the transmission medium.

On the recipient side to unpack the data and provide them with an application, a reverse process is made (bottom-up), called decapsulation.

Similar information:

2015-2020 Lektsii.org -

Network Stack Protocol and TCP Hacking

Alexander Antipov.

The network stack of protocols that form conveyorism and data transmission between hosts is designed for the best interaction between different network levels. In this article, we will try to describe the movement of data through the levels located on the stack and try to implement the Linux kernel module that helps us capture and display the data passing through the TCP level. Below is a program showing how to install a new element in the PROC file system. And most importantly, this program hacks the TCP protocol, tracks all the data passing through the TCP level, and displays them to / proc / tcpdata.

Shemith, translation Alexey Antipov

The network stack of protocols that form conveyorism and data transmission between hosts is designed for the best interaction between different network levels. In this article, we will try to describe the movement of data through the levels located on the stack and try to implement the Linux kernel module that helps us capture and display the data passing through the TCP level. Since the discussion of all types of network connections is beyond the scope of this article, we will focus on TCP / IP connections.

Network stack protocols

Network devices form a basic level of Stack protocols. To communicate with other devices and receiving traffic, they use the data channel protocol (usually Ethernet). The interface organized by the network devices drivers copies the packets from the physical environment by performing some error checks, after which the packets are placed in the network level. Output interfaces take packets from a network level, perform some error checks and forward them into the physical environment. We will discuss IP (Internet protocol) that is a standard network-level protocol. The main functions of the IP are routing, checking incoming packets, which determines whether these packages are directed to this host or they need further shipment. At the same time, if necessary, packets are defraged and delivered to transport protocols. Such protocols have a dynamic route database for outgoing packets, address and fragmented them before sending to the level of communication.

TCP and UDP are the most commonly used transport level protocols. UDP creates a structure to address packets within the host, while TCP supports more comprehensive operations for connecting the type of lost packets and traffic management.

Moved on the transport level, we can find the inet level forming an intermediate level between the transport level and applications sockets. With the inet level, the sockets belonging to applications are supported. At this level, all specific socket operations were carried out.

BSD - an abstract data structure containing inet sockets. An application request for connection, reading or writing through a socket is converted to inet operations using BSD.

Total package structure. The data consists in the overall data structure called SK_Buff. All levels use this data structure. Immediately after copying data from the user's space to the kernel space, they are placed in SK_Buff and move to different levels. In turn, the level add to this structure their headlines. SK_BUFF contains links to all information about the package, its socket, device, route, data location, etc.

Network functions Linux

For a normal network programmer, an interface part of network services is available using the following subprograms of the C. Library

socket (), Bind (), Listen (), Connect (), Accept (), send (), Sendto (), RecV (), RecVFrom (), GetSockopt (), and setsockopt ().

The Socket () function is used to create a new socket. All operations with different protocols occur with the help of sockets. Since the Socket () function returns the value of the file descriptor, then standard operations of working with files type Read (), Write () can be accessed.

Bind () poundation is used to communicate the created socket with the port. The port, along with the IP address of the network interface, is used for unique socket identification.

The LISTEN () function is used to program the server. After creating a socket and connection of it with the port, the LISTEN () function sets the socket into the audition state. This means that the socket expects connecting from other hosts.

When calling the ACCEPT () function on the server, a continuous socket survey occurs before receiving a request to connect from another host. After establishing the connection, the server program awakens and gives the process to handle a request from someone else's host. From the Client side, the Connect () function is used, showing the server that the client wants to open a connection on a socket and send a request.

Necessary data structures

This structure is the basis for performing the BSD sockets interface. Installing and initializing this structure occurs using the Socket () system call.

sK_Buff:

This structure manages individual compounds of compounds coming and sent from the host. In this case, an input-output buffering occurs.

This structure manages various parts of sockets, depending on the specific network. It is necessary for TCP, UDP and RAW sockets.

This structure contains a number of operations that are identical for all protocols.

SOCKADDR (SOCADDR_IN):

Such a structure is necessary to support various formats addresses.

Linux kernel modules

Linux kernels Core consist of modules. Some parts of the kernel are in memory of constantly (such as the planner), and some are loaded if necessary. For example, the VFAT file system for reading disks is loaded only if necessary. Such a feature of the Linux kernel allows the kernel space to take a little space.

Thus, it is essential to design your protocol, drivers and any species software The kernel as kernel modules and insert them into the kernel from the user space. After the insertion, the module becomes intolerable until it is removed from the kernel space. The only thing you must be a privileged user to insert or delete modules. This is a general format for recording the kernel module.

#Define Module #include / * ... Other Required Header Files ... * / / * * ... Module Declarations and Functions ... * / int_module () (/ * Code Kernel Will Call WHEN INSTALLING MODULE * / ) void cleanup_module () (/ * Code Kernel Will Call Will Removing Module * /)

Hacker Module Project for TCP Protocol.

Our kernel module is very simple, it is virtually placed between the operating interface of sockets to forward TCP packets and TCP level. Now all data packets passing through the socket registered with the TCP protocol will be intercepted by our kernel module. This data will be transferred to / proc / tcpdata.

Used data structures

tCP_PROT -\u003e Contains pointers to all TCP operations made

struct MSGHDR -\u003e Contains the data sent by the application, as well as other fields to identify the socket address

Struct MSG_IOV -\u003e Located in MSGHDR, it contains pointers to data

Before starting the coding, let's understand the value of the file system / proc. The proc file system is called, due to the fact that it is in the / proc directory on most Linux machines. The system is a powerful tool, frequently used applications. This is part of the mechanism with which the kernel is associated with the user space and vice versa. Although it is designed as a file system with directories and inodes structure, at the same time, this is actually a component of registered functions that provide important variables.

When creating a file in / proc, it is immediately recorded with a set of functions that report the kernel, which must be done when opening this file or write to it. Most files support only reading, and only some support recording.

Now we will start coding

/ * tcpdata.c. Below is a program showing how to install a new element in the PROC file system. And most importantly, this program hacks the TCP protocol, tracks all the data passing through the TCP level, and displays them to / proc / tcpdata. * / #Define MODULE #define __KERNEL__ / * we are doing kernel work * / #include #include #include / * for registering proc entry * / #include #include #include #include #include #include #include static struct proc_dir_entry * test_entry ; Struct MSGHDR * MSG_MONITER; Struct iOVEC * iOVEC_MONITER; Static Char * TCP \u003d "TCP Monitered Data"; int (* Orginalsend) (struct SOCK *, STRUCT MSGHDR *, INT); / * show_tcp_stats this function is what the / proc fs will call when anything tries to read / proc / tcpstat you kould to see last 200 bytes Move Out of the Sockets Through TCP Connections * / Static Int Show_tcp_stats (char * buf, char ** start , OFF_T OFFSET, INT LEN, INT UNUSED) (LEN + \u003d SPRINTF (BUF + LEN, "% S \\ N", TCP); RETURN LEN;) / * This is the function of the handler, addictive TCP SENDMSG requests * / int moniter_tcp (struct SOCK * SK, STRUCT MSGHDR * MSG, INT LEN) (int Size; char * temp; printk ("I am Dangerously Monitoring Your TCP Data \\ n"); msg_moniter \u003d (struct msghdr *) Kmalloc (SizeOF (Struct MSGHDR), GFP_KERNEL); memcpy (MSG_MONITER, MSG, SIZEOF (STRUCT MSGHDR)); ORGINALSEND (SK, MSG, LEN); iOVEC_MONITER \u003d MSG_MONITER-\u003e MSG_IOV; Size \u003d SizeOF (TCP); Printk ("Sizeof of Tcpdat IS% D \\ N ", Size); (Sizeiov_Base): StrCpy (TCP," TCP Monitered Data "); kfree (msg_moniter); Return Len;) / * init_Module This feature sets the module; It simply registers a new directory in / proc and creates a pointer. * / int init_module () (test_entry \u003d create_proc_entry ("tcpdata", s_irugo, null); test_entry-\u003e read_proc \u003d show_tcp_stats; OrginSend \u003d TCP_PROT.SendMSG; / * Printk ("The Address of Send Send Mes IS% X \\ n" , TCP_PROT.SendMSG); Printk ("The Address of Hack Mes IS% X \\ N", OrginSend); * / tcp_prot.sendmsg \u003d moniter_tcp; / * Printk ("The Address of Send Send Mes After Hacking% X \\ N" , TCP_PROT.SendMSG); Printk ("The Address of Send Send Mes After Hacking% X \\ N", moniter_tcp); * / return 0;) / * init_Module * / / * CleanUp_Module This function deletes the module; She deletes recording directory recording from / Proc FS * / Void Cleanup_Module () (/ * Put The Pointer Back to TCP "S Orgin Message Sender * / TCP_PROT.Sendmsg \u003d Orginalsend; / * Unregister The Function from The Proc FS * / Remove_Proc_Entry ( "Tcpdata", null);) / * cleanup_module * / module_author ("shyamjithe.cs"); / * Macros * / module_description ("Moniteer TCP Data"); module_license ("GPL");

This program It was tested on the kernel 2.4, so you can compile it using:

Gcc -o6 -wall -c tcpdata.c -i /usr/src/linux-2.4.20-8/include/ this Will Produce TCPDATA.O NOW INSMOD TCPDATA.O OPEN Some TCP Applications Cat / Proc / Tcpdata to Remove Module Use RMMOD TCPDATA Now in order to understand this code, I will give some explanations. The entire program is just a tricky way to use functional pointers. But it is necessary to be attentive when using your own handlers, because the incorrect placement of the functional pointer can lead to the system freezing. As mentioned, this is the minimum way for hacking TCP. You can form a new level above the TCP level like this that will interfere in all types of tasks made by TCP. Also can also be done with UDP.

Conclusion

The most important output received by their program described above is that it is not always necessary to change the source code of the core when we do any modification associated with the protocol. This object-oriented Linux kernel implementing us allows us to manipulate data objects inside the kernel.

Strike protocols, or in the Spatrical TCP / IP call network architecture modern devicesDeveloped to use the network. Stack is a wall in which each component of the brick lies on top of another depends on it. To call the TCP / IP Stack protocols began thanks to two main protocols that were implemented - directly IP and TCP on its basis. However, they are only the main and most suspended. If not hundreds, then dozens of others are used to this day for different purposes.

Our usual web (World Wide Web) is based on the HTTP Protocol (Hyper-Text Transfer Protocol), which is based on TCP based. This is a classic example of using the protocol stack. There are still IMAP / POP and SMTP email protocols, a remote SSH remote RDP desktop protocols, MYSQL, SSL / TLS databases, and thousands of other applications with their protocols (..)

What do all these protocols differ? Everything is quite simple. In addition to the various tasks set in developing (for example, speed, safety, stability and other criteria), the protocols are designed to distinguish. For example, there are application-level protocols, different applications: IRC, SKYPE, ICQ, Telegram and Jabber are incompatible with each other. They are designed to perform a specific task, and in this case the ability to call WhatsApp to ICQ is simply not defined technically, since applications use a different protocol. But their protocols are based on the same IP protocol.

The protocol can be called a scheduled, regular sequence of actions in a process in which there are several subjects, in the network they are called peers (partners), less often - client and server, emphasizing the specific protocol features. The simplest example of the protocol for not understanding still - a handshake at a meeting. Both know how and when, but the question is why it is already a matter of developers, and not users of the protocol. By the way, the handshake (Handshake) is almost on all protocols, for example, to ensure the distinction of protocols and protection against "flyers not on that aircraft."

That's what TCP / IP is on the example of the most popular protocols. Here is the dependence hierarchy. It must be said that applications only use these protocols that may be and may not be implemented inside the OS.

If a completely-quite simple language, this is a postal service.

Each participant of an IP-compatible network has its own address that looks like this: 162.123.058.209. Total addresses for the IPv4 protocol - 4.22 billion.

Suppose that one computer wants to contact the other and send him the parcel - "Package". He will contact the "postal service" TCP / IP and give her his parcel, specifying the address for which it must be delivered. Unlike addresses in the real world, the same IP addresses are often assigned multiple computers In turn, and therefore, the "postman" does not know where the necessary computer is physically located, so he sends the parcel to the nearest "post office" - on network fee Computer. Perhaps there is information about where the right computer is located, and perhaps there is no such information there. If it is not, the address of the address is taken to all the nearest "post offices" (switches). This step is repeated by all the "post offices" until they detect the desired address, while they remember how many "post offices" this request passed and if it passes a certain (sufficiently big) their quantity, then they will be returned back marked with the mark " Address not found. " The first "post office" will soon receive a bunch of answers from other "departments" with ways of paths to the addressee. If no short path is found (usually 64 shipments, but not more than 255), the parcel returns to the sender. If there is one or more paths, the parcel will be transferred along the shortest of them, while the "post office" will remember this path for some time, allowing you to quickly transmit subsequent parcels without asking anyone anyone. After delivery, "Postman" in obligatory Forced the recipient to sign the "receipt" that he received the parcel and give this "receipt" to the sender, as a certificate that the parcel was delivered to - check delivery to TCP is required. If the sender does not receive such a receipt after a certain period of time or in the receipt it will be written that the parcel was damaged or lost when sending, then he would try to send a parcel again.

TCP / IP is a set of protocols.

The protocol is a rule. For example, when you greet you - you greet in response (and not forgive or unwaying happiness). Programmers will say that we use the welcome protocol, for example.

What the TCP / IP (now it will be quite simple, let the colleagues be bombed):

Information to your computer goes on the wires (radio or what else is not important). If the current let the current - it means 1. turned off - it means 0. It turns out 10101010110000 and so on. 8 zolkov and units (bits) is byte. For example 00001111. This can be represented as a number in binary form. In the decimal form byte is a number from 0 to 255. These numbers compare with letters. For example, 0 this A, 1 is B. (this is called encoding).

So. In order for two computers to effectively transfer information on wires - they must submit a current for some kind of rules - protocols. For example, they must be alleged how often the current can be changed so that 0 from the second 0 can be distinguished.

This is the first protocol.

Computers as it understand that one of them ceased to give information (like "I said everything"). To do this, at the beginning of the data sequence 010100101, computers can sly a few bits, the length of the message they want to transmit. For example, the first 8 bits can mean the length of the message. That is, first in the first 8 bits transmit the encoded number 100 and then 100 bytes. After that, the receiving computer will expect the following 8 bits and the following message.

Here we have another protocol, you can send messages (computer) with it.

Computers Many so that they can understand who needs to send a message to use unique addresses of computers and a protocol that allows you to understand who this message is addressed. For example, the first 8 bits will mean the recipient's address, the following 8 - the length of the message. And then the message. We have just stuck one protocol in another. The IP protocol is responsible for addressing.

Communication is not always reliable. For reliable delivery of messages (computer) use TCP. When executing the TCP protocol, computers will ask each other - whether they received the right message. There is still UDP - this is when the computers do not ask or they got. Why should I? Here you are listening to the Internet Radio. If a pair of byte comes with errors - you will hear, for example, "PSH" and then again music. Not mortally, and not much important - for this use UDP. But if a pair of byte is spoiled when the site is loaded - you will get a crap on the monitor and do not understand anything. For the site use TCP.

TCP / IP More (UDP / IP) is the protocols attached to each other on which the Internet is running. In the end, these protocols allow us to transfer a computer message to the whole and accurately at the address.

There is still an HTTP protocol. The first line - the address of the site, the subsequent lines - the text that you will go to the site. All http lines are text. Which is twisted in the TCP a message that is addressed by IP and so on.

To answer

Stack of protocols - This is a hierarchically organized set of network protocols, sufficient to organize interaction of nodes on the network. Protocols work on the network at the same time, it means that the work of the protocols must be organized so that conflicts or unfinished operations arose. Therefore, the protocol stack is divided into hierarchically constructed levels, each of which performs a specific task - preparation, reception, data transmission and subsequent actions with them.

The number of levels in the stack changes in accordance with a specific stack of protocols. Lower level protocols are often implemented by a combination of software and hardware, and the upper level protocols are usually software.

There is a sufficient protocol stacks widely used in networks. The most popular stacks of protocols: OSI of the International Organization for Standardization, TCP / IP used on the Internet and in many networks based on operating system UNIX, IPX / SPX NOVELL, NETBIOS / SMB, developed by Microsoft and IBM, Digital Equipment Corporation DECNET, IBM SNA and some others.

Encyclopedic YouTube.

1 / 3

Basics of data networks. OSI model and TCP IP protocol stack. Basics of Ethernet.

Stack of protocols

Informatics. Network technologies: OSI protocol stack. Foxford Online Training Center

Subtitles

Standard Stacks of Communication Protocols

OSI

It is important to distinguish model OSI. and oSI protocol stack. While the OSI model is a conceptual interaction scheme of open systems, the OSI stack is a set of specific protocols specifications.

Unlike other protocol stacks, the OSI stack fully corresponds to the OSI model, including protocol specifications for all seven levels of interaction defined in this model:

• On the physical and channel levels The OSI stack supports Ethernet, token Ring, FDDI protocols, as well as LLC, X.25 and ISDN protocols, that is, uses all the popular low-level protocols designed outside the stack, like most other stacks.
• Network level Includes relatively rarely used Connection-Oriented Network Protocol (CONP) and Connectionless Network Protocol (CLNP). As follows from the names, the first of them is focused on the connection (Connection-Oriented), the second - no (Connectionless). The OSI stack routing protocols are more popular: ES-IS (End System - Intermediate System) between the final and intermediate systems and IS-IS (Intermediate System - Intermediate System) between intermediate systems.
• Transport level OSI stack In accordance with the functions defined for it in the OSI model, hides the differences between network connection with connection and without connecting, so users receive the required service quality regardless of the underlying network level. To ensure this, the transport level requires that the user specifies the desired amount of service.
• Services applied level Provide file transfer, terminal emulation, directories and mail. Of these, the directory service is the most popular (Standard X.500), Email (Standard X.400), Virtual Terminal (VTP) protocol, transmission protocol, access and file management (FTAM), work management protocol (JTM).

TCP / IP.

TCP / IP protocol stack is a set of network protocols on which the Internet is based. Usually, the TCP / IP top 3 stack (applied, representations and session) models are combined into one - applied. Since this stack does not provide a unified data transfer protocol, the functions of data type definition are transmitted to the application.

TCP / IP stack levels:

1. Channel Level It describes how data packets are transmitted through the physical level, including encoding (that is, special bits that define the beginning and end of the data packet).
2. Network level It is initially designed to transfer data from one (under) network to another. Examples of such a protocol is X.25 and IPC in the ARPANET network. With the development of the global network concept to the level, additional features were made to transmit from any network to any network, regardless of the lower level protocols, as well as the ability to request data from the remote side.
3. Protocols transport level Can solve the problem of non-maritable messages delivery ("Did the message come to the addressee?"), and also ensure the correct sequence of data arrival.
4. On the applied level Works most network applications. These programs have their own information exchange protocols, such as HTTP for WWW, FTP (File Transfer), SMTP (Email), SSH (Safe Connection with Remote Machine), DNS (Conformation of Symbolic Walled in IP Address) and many others.

There are differences in how to enter the TCP / IP model in the OSI model, since the levels in these models do not coincide. Simplified TCP / IP stack interpretation can be represented as follows:

OSI	TCP / IP.
7. Applied	HTTP, FTP, Telnet, SMTP, DNS (RIP running over UDP, and BGP, working on top of TCP, are part of a network level), LDAP	Applied
6. Representations
5. Session
4. Transport	TCP, UDP, RTP, NCP) and SERVICE ADVERTISING PROTOCOL (SAP) ad protocol. NetBIOS / SMB. In the physical and channel levels of this stack, the protocols such as Ethernet, token Ring, FDDI, and at the top levels, the NetBeUI specific protocols are also involved in the top levels. user interface NetBeui - NetBiOS Extended User Interface) and SMB. NetBeui was developed as an effective protocol that consumes some resources and intended for networks no longer than 200 workstations. This protocol contains many useful network functions that can be attributed to the transport and session levels of the OSI model, but it is not possible to routing packets. This limits the application of NetBei Protocol with local networks, not divided by subnet, and makes it impossible to use it in composite networks. Server Message Block (SMB) supports session level functions, representation and application levels. Based on the SMB, the file service is implemented. as well as printing and transferring messages between applications.

With help session Layerthe dialogue between the parties is organized, is fixed, which of the parties is the initiator, which of the parties is active and how the dialogue is completed.

Representative Level (Presentation Layer) it is engaged in the form of providing information by the underlying levels, for example, transcoding or encryption of information.

Application Level (Application Layer) this is a set of protocols that exchange remote nodes that implement the same task (program).

It should be noted that some networks appeared much earlier than the OSI model was developed, therefore, for many systems, the correspondence of the levels of the OSI model is very conditional.

1.3. Internet protocol stack

The Internet is designed to transport any type of information from the source to the recipient. Different network elements are involved in the transportation of information (Fig. 1.1) - terminal devices, switching devices and servers. Groups of nodes using switching devices are combined into a local network, local networks are connected by gateways (routers). Switching devices use various technologies: Ethernet, Token Ring, FDDI and others.

Each terminal device (host) can simultaneously serve several information processing processes (speech, data, text ...), which exist in the form of network applications (specialized programs) located at the highest level; From the application information enters information processing tools to the underlying levels.

Transportation of the application in each node is solved in sequentially different levels. Each level to solve its part of the task uses its protocols and provides duplex passage of information. The task pass sequence forms a protocol stack. In the process of transporting information, each node involves the protocol stack you need. In fig. 1.3 shows full stack basic protocols Network connection to the Internet.

Nodes, from the point of view of the network, are sources and recipients of information. Four low levels in the aggregate are independent of the type of information transmitted. Each network application that binds to the fourth level is identified by its unique port number. Port values \u200b\u200boccupy a range from 0 to 65535. In this range, port number 0-1023 are highlighted for all-friendly applications (Well-Known Ports), ports of 1024-49151 ports are used by the developers of specialized software, ports of the ports 49152-65535 - dynamically secured for network applications. Users at the time of the communication session. The numerical values \u200b\u200bof the stack port numbers are given in.

Transport (fourth) level supports two communication modes

- With the establishment of the connection and without establishing the connection. Each of the modes is identified by its protocol number (Protocol). In the Internet standards, coding is taken in hexadecimal code. The first mode is used by the TCP module that has a protocol 6 code (in hexadecimal code - 0x06) and is used for guaranteed transportation of information. For this, each transmitted package is supplied with a sequence number and must be confirmed.

______________________________________________________________________________

the reception side of his proper reception. The second mode is used by the UDP module without a guarantee of information delivery to the recipient (delivery warranty is provided by the application). The UDP protocol has code 17 (in hexadecimal code - 0x11).

Applied

Representative

Session

DHCP (port \u003d 67/68)

Transport

Protocol \u003d 0x0059

Protocol \u003d 0x0002.

Protocol \u003d 0x0001

Protocol Type \u003d 0x0806

Protocol Type \u003d 0x0800

		Channel
	Channel
Channel		Physical
Channel			Cable, EtherTea Couple, Fiberglass
	Physical cable, twisted steam, fiber optic
Physical		Cable, twisted pair, fiber optic
Physical	Cable, radio, fiber optic

Fig. 1.3. Stack of basic Internet protocols

______________________________________________________________________________

Network (third) level provides the movement of information in the form of packets between networks (channel layer interfaces) using a network address. The third level protocol family of the underlying levels is identified by the protocol type (ARP type 0x0806 or IP type 0x0800). Bunch "Protocol - Network Address - Port Number" is called socket (Socket). A pair of sockets - on transmission and reception - definitely determines installed connection. The destination address of each packet received by the IP module from the channel layer is analyzed to understand where the package must be further sent: to your own application or move to another interface for further transport over the network.

The second (channel) level carries out the package processing in local networkUsing various technologies: Ethernet, Token Ring, FDDI and others. The first level ensures the transformation of binary codes into linear codes that are most well suited to the transport medium used (metal cable, fiber optic communication line, radio channel).

Questions to section 1.3

1. How are the network layer tools for processing packets coming from the channel level?

Answer. Type of protocol: 0x0806 - for ARP and 0x0800 - for IP.

2. How do the means of transportation levels for processing packets coming from the network layer?

Answer. Protocol number: 0x0006 - for TCP and 0x0011 - for UDP.

3. What determines the type of network application for processing datagrams?

Answer. Port number.

4. Give examples of ports of uniform applications.

Answer: Port 80 - HTTP, port 23 - Telnet, port 53 - DNS.

1.4. Internet access protocols

For Internet access, the protocol family is used under the general name PPP (Point-to-Point Protocol), including:

1. Channel Management Protocol (LINK Control Protocol - LCP) To negotiate the parameters of the batteries on the channel level on the host area, the network access server (in particular, to match the size of the package and the type of authentication protocol).

2. Authentication Protocol (Authentication Protocol) to establish the legitimacy of the user (in particular, using the Challenge Handshake Authentication Protocol protocol - CHAP).

3. Network Management Protocol (IP Control Protocol - IPCP) for the configuration of network metabolism (in particular, assignmentIP addresses).

After that, the exchange of information on the IP protocol begins.

Each of the listed protocols can use any transport environment, so there are many PPP encapsulation methods on physical level. For PPP encapsulation, the point-to-point communication channels use the procedure similar to

HDLC.

Frame exchange using the similar procedure with HDLC (High-Level Data Link Control Procedure) involves duplex frame exchange. Each transmitted frame must be confirmed, if there is no confirmation during a timeout, the transmitter repeats the transmission. The frame structure is shown in Fig. 1.4. The procedure for transmitting frame fields - from left to right. Purpose of frame fields Next.

Yu.F. Kozhanov, Kolbanev M.Os Interfaces and protocols of next-generation networks

______________________________________________________________________________

Fig. 1.4. HDLC-frame field structure

Each transmitted frame should begin and end with a combination "flag" (Flag) having a bit structure of the form 01111110 (0x7e). The same combination of "flag" can be used as closing for one frame and opening for the next frame. Combinations "Flag" should be detected by the receiving party in order to determine the frame boundaries. To provide code-dependent information transfer, it is necessary to exclude from subsequent frame fields all combinations that match service symbols (for example, a combination of the flag).

AT asynchronous mode The formation of all frame fields is done tolerately, each byte is preceded by the "Start" bit and ends with the "stop" bit.

AT synchronous mode is used eitherbyte-insert, or bit-insert. In the first case, the frame sequences 0x7e ("flag") on 0x7d and 0x5e, 0x7d 0x7d and 0x5D, 0x03 to 0x7D and 0x23 are replaced in the frame fields. In the second case, after the formation of all fields of the frame, it is used to view the contents of each frame between the "flag" combinations and the "zero" bit is inserted after every five adjacent bits "Unit". When decoding a frame at the reception, the framework of the frame is made between the combinations of the "flag" and seizure the "zero" bit after every five adjacent bits "Unit".

Address field (Address) has a constant value of 11111111 (0xFF), and the control field (Control) is the value 00000011 (0x03).

The protocol field takes the value of 0xc021 for the LCP protocol, 0xc223 - for the CHAP protocol, 0x8021 - for IPCP and 0x0021 - for IP protocol.

Filling the information field depends on the type of protocol, but its length should not be less than 4 bytes.

The check sequence (FRAME CHECK SEQUENCE, FCS) is formed in such a way that a) when the information is multiplying between the flags on x16 and b) the subsequent division of the module 2 to the polynomic-forming x16 + x12 + x5 + 1 result would be equal to a constant number of 0xF0B8.

The procedure for accessing the TFPT subscriber to the Internet consists of several stages. At the first stage, the LCP protocol is used (Protocol \u003d 0xC021), which

uses the following format (Fig. 1.5).

Fig. 1.5. LCP frame format

The protocol field takes the value of 0xc021. Each message is characterized by its code (Code), a sequence number (ID), length (Length). The length of the message includes all fields from Code to FCS. In one message, several parameters may be contained, each of which is characterized by the type of parameter (Type),

length and data (DATE).

(Configure-NAK), 04 - configuration failure (configure-reject), 05 - disconnect request (Terminate-Request), 06 - Confirmation of separation (Terminate-ACK).

The complete chart of interaction of the terminal device (Host), the network access server (NAS) and the authentication server, authorization and accounting server (AAA) when organizing access to the TFP subscriber to the Internet is shown in Fig. 1.6.

______________________________________________________________________________

From Figure 1.6, it can be seen that at first a host via the LCP protocol (Protocol \u003d 0xC021) requested a connection to the MTU \u003d 300 parameters, PFC \u003d 7, but as a result of their matching with the NAS access server (Code \u003d 02) settings MTU \u003d 200 (MTU - Maximum package size in bytes), authentication protocol - CHAP (auth.prot \u003d C223). The exchange of compressed headers (PFC \u003d 7) the NAS access server was rejected (Code \u003d 04).

Type \u003d 3, IP-Address \u003d A.b.c.d, Mask,

	Protocol \u003d 0xc021, Code \u003d 04,
	Protocol \u003d 0xc021, Code \u003d 01,
	Type \u003d 1, MTU \u003d 300
	Protocol \u003d 0xc021, Code \u003d 03,
	Type \u003d 1, MTU \u003d 200
	Protocol \u003d 0xc021, Code \u003d 01,
	Type \u003d 1, MTU \u003d 200
	Protocol \u003d 0xc021, Code \u003d 02,
	Type \u003d 1, MTU \u003d 200
	Protocol \u003d 0xc021, Code \u003d 01,
	Protocol \u003d 0xc021, Code \u003d 02,
	Type \u003d 3, auth.prot \u003d 0xc223, algorithm \u003d 5
	Protocol \u003d 0xc223, Code \u003d 01,
	Protocol \u003d 0xC223, Code \u003d 02,		Prot \u003d UDP, Code \u003d 01,
	Name \u003d ABC, Value \u003d W
			Auth \u003d 0, ATTR \u003d Name, Chall \u003d V
			Prot \u003d UDP, Code \u003d 02,
	IP-address \u003d a.b.c.d, Mask,
		Prot \u003d UDP, Code \u003d 05, Data
Protocol \u003d 0x0021, ...
Protocol \u003d 0x0021, ...
Protocol \u003d 0xc021, Code \u003d 05, 1994, DS]. The essence of the authentication procedure is that NAS sends a host some random number V, and the host returns another number W calculated by a predetermined function using the name (Name) and password (Password), which are entered by the user to the computer from the purchased Internet map provider. In other words, W \u003d F (V, Name, Password). It is assumed that the attacker (hacker) is able to intercept the values \u200b\u200bof V, Name and W sent over the network, and the algorithm for calculating the function f is known for it. The creature of W formation is that the initial elements (bits) of a random number V in various ways are "mixed" with an unknown attacker elements of password Password. Then the resulting encrypted text is compressed, for example, the summation of the bytes in the module is two. Such a conversion is called digest function (Digest Function) or hash function, and the result is a digest. The exact procedure for forming a digest is determined by the MD5 algorithm and is described in. NAS via the RADIUS protocol requests a true W value from the AAA server, sending it the values \u200b\u200bof Name and Challenge \u003d V. The AAA server based on the V and NAME values \u200b\u200bobtained from NAS and the Password password in the password database on the same algorithm calculates W and sends it to NAS. NAS compares the two W values \u200b\u200bobtained from the host and from the AAA server: if they match, the host is sent to a successful authentication message - Success (Code \u003d 03). In the third stage, the network parameters configuration across the IPCP protocol (it is also PPP IPC, Protocol \u003d 0x8021). The host requests NAS network IP addresses and NAS highlights an IP address for a host from the pool (IP address \u003d A.b.c.d), and also tells the IP address of the DNS server (IP address \u003d E.f.g.h). NAS on the RADIUS protocol it sends an AAA server (code \u003d 04) to start tariffing and receives confirmation (Code \u003d 05). At the 4th stage, the user starts a communication session with the Internet via IP protocol (Protocol \u003d 0x0021). After the session is completed (step 5), the LCP user sends the NAS message about the destruction of the compound (Code \u003d 05), NAS confirms this message (Code \u003d 06), refers to the AAA signal to the end of the fault and receives confirmation from it. All devices are returned to its original state. Questions to section 1.4 1. Call the composition and appointment of the RWR protocol family. Answer. LCP - to negotiate the parameters of the package exchange, CHAP - to establish user legitimacy, IPCP - to assign an IP address. 2. Does the RD Protocol provide errors and orderly delivery of packets? Answer. Error detection - yes, ordered delivery - no, it provides TCP protocol. 3. Where is the data for user authentication? Answer. In the Internet map and on the AAA server. 4. Is it possible to establish a connection with the NAS server in advance to determine the user's iPadress? Answer: No. After successful NAS authentication issues a free IP address from the range of allotted addresses. 5. What methods are used to account for the cost of connections to the Internet? Answer: usually charged subscription fee or fee for the amount of accepted Share on Facebook. Recommended Configuring a router in a wireless network client mode as a WISP AP adapter - TP-LINK, ASUS, Netis Why not adjustable brightness on a laptop How to create a survey in google form Reset TP-LINK router - how to return the factory settings?