Directory
1. Understanding Ethernet
1.1 Ethernet frame format
1.2 Simple simulation of LAN communication based on Ethernet frame
Question 1: What if multiple hosts are sending data?
Question 2: Does the sender know that his data has been affected?
1.3 MTU
1.3.1 The influence of MTU on IP protocol
1.3.2 The influence of MTU on UDP protocol
1.3.3 The impact of MTU on the TCP protocol
1.3.4 View hardware address and MTU
2. Ask questions
Will the MAC header change during network forwarding?
To send data to the target host, a MAC address is required. How to know the MAC address?
3.ARP protocol
3.1 Workflow of ARP protocol
3.1.1 Representational workflow
3.1.2 Understanding the ARP protocol
3.1.3 Simulate a real workflow
3.2 View the cache table of the relationship mapping between IP address and MAC address
3.3 Simple understanding of what is ARP spoofing
1. Understanding Ethernet
Ethernet is not a specific network, but a technical standard.
Take the medium as an example. The propagation of sound requires a medium, which can be gas, liquid, or solid. Then Ethernet is a medium for transmission at the link layer!
1.1 Ethernet frame format
Answer two questions first:
How to unpack and repackage Ethernet?
Unpacking: The header of Ethernet is fixed-length, 6 + 6 + 2. And the CRC (checksum) is also a fixed length. When unpacking, you only need to subtract these two lengths, and the result is the data. (Note: The data here is the entire IP packet)
How will it be delivered?
The two-byte type field determines who to deliver it to.
Destination address: MAC address of the destination host.
Source address: MAC address of the sender host
Type: If it is 0800, it means that the payload is an IP packet, and then it is delivered to the IP layer when it is delivered upward.
If it is 0806 or 0805, it will be handed over to the ARP layer. We will talk about this later.
MAC address: MAC address is a scheme to uniquely identify a host.
1.2 Simple analog LAN communication based on Ethernet frame
Suppose host 1 wants to send a message to host 4, then his message should be filled in as shown in the figure. This message is equivalent to broadcasting, that is, each host will get this message, but after unpacking and comparing the message, it is found that the destination address is not itself, so the message will be discarded.
Just like in class, the teacher points out a classmate to answer the question.
Question 1: What if multiple hosts are sending data?
Collision problems will occur between data, resulting in unusable data.
At a lower level, these data come from photoelectric signals. If multiple hosts are sending data at the same time, all the data will inevitably be interfered. The result is that these message data cannot be used normally.
Question 2: Does the sender know that his data has been affected?
Know. The message that oneself send, oneself also can receive.
It’s like being able to hear yourself talking.
If it finds that its own data is incorrect (CRC verification fails), the sender will rest for a random time according to the “collision avoidance” algorithm, and then resend.
1.3 MTU
Answer two questions first,
The more hosts in the LAN, the better, or the fewer the better?
The less the better, you can reduce data collisions. However, the actual situation cannot require fewer hosts connected to the LAN, so there is a switch.
The role of the switch is equivalent to dividing the LAN into two areas. If the two communicating parties are on the same side of the divided area, the switch will not send the message to the other side of the area. Thereby reducing data collisions.
When sending LAN data, should the data be as long as possible or as short as possible?
The shorter the better, and the shorter the hair, the faster. The possibility of data collision is small.
MTU is equivalent to the limit on the package size when sending express delivery. This limit is the limit caused by the physical layer corresponding to different data link layers.
The minimum data length in the Ethernet frame is 46 bytes and the maximum is 1500 bytes. The length of the ARP data packet is not enough for 46 bytes, and padding bits must be added at the back.
The maximum value of 1500 is called the maximum transmission unit (MTU) of Ethernet, and different network types have different MTUs. The MTU of different data link layer standards is different.
1.3.1 Impact of MTU on IP Protocol
More than 1500 bytes will be fragmented, which has been mentioned in detail in the previous blog post.
Linux–IP protocol–0316-19_Gosolo! Blog-CSDN Blog
1.3.2 Impact of MTU on UDP protocol
Once the data carried by UDP exceeds 1472 (1500 – 20 (IP header) – 8 (UDP header)), it will be divided into multiple IP datagrams at the network layer. If any one of these multiple IP datagrams is lost, it will cause the network layer reassembly failure at the receiving end. This means that if the UDP datagram is fragmented at the network layer, the probability of the entire data being lost is greatly increased
1.3.3 The impact of MTU on the TCP protocol
A datagram of TCP cannot be infinitely large, and is still subject to the MTU. The maximum message length of a single datagram of TCP, called MSS
In the process of establishing a TCP connection, the two communicating parties will conduct MSS negotiation. Ideally, the value of MSS is exactly the maximum length that IP will not be fragmented (subject to the MTU of the data link layer).
When both parties send SYN, they will write the MSS value they can support in the TCP header. Then after both parties know the MSS value of the other party, they choose the smaller one as the final MSS.
The value of MSS is in the 40-byte variable length option of the TCP header (kind=2);
1.3.4 View hardware address and MTU
bash: ifconfig
2. Throw a question
Will the MAC header change during network forwarding?
The answer is, it will change. This involves a function of the router.
To send data to the target host, you need a MAC address. How do you know the MAC address?
ARP protocol!
3. ARP protocol
First of all, but when the sender wants to send data, it will know the IP of the receiver, and also know the target network + target host. But in the data link layer, our header file has the field of destination MAC address, how to know the destination MAC address through the destination IP?
The ARP protocol establishes the mapping relationship between the host IP address and the MAC address. The ARP protocol is a LAN protocol.
Relationship between ARP protocol and Ethernet frame protocol
Both are at the data link layer. But it belongs to the relationship between the upper and lower layers, that is to say, the upper layer protocol of the Ethernet frame protocol, or so it also explains the type field of the Ethernet frame header!
3.1 ARP protocol workflow
3.1.1 ConcreteWorkflow
Suppose there are multiple hosts in the LAN, A, B, C, D. Where host A wants to send a message to host D.
A will in the form of “broadcasting” in the LAN to send a message “The host whose IP address is IP_D, please tell me your MAC address”. All hosts in the LAN will compare this message with themselves, and find that it is not their own, so they discard the message and ignore it.
When host D receives this message, it confirms that it is itself, so it will fill in its own MAC address in the message, and then send it to host A in a targeted manner, because at this time host D has already received the message sent by A. Know A’s MAC address.
Conclusion:
Any host may have initiated an ARP request to the target host before, and is destined to receive a corresponding ARP response in the future.
Any host may also be initiated by others to request ARP.
In the local area network, when any one receives ARP, it may be a response or a request.
3.1.2 Understanding ARP Protocol
Related fields:
| hardware type |
Refers to the link layer network type 1 for Ethernet. |
| Protocol Type |
Refers to the address type to be converted 0x0800 is the IP address. |
| Hardware address length |
6 for Ethernet, Represents 6 bytes. |
| Protocol address length |
4 for the IP address, Represents 4 bytes. |
|
sender ethernet address sender IP address Destination IP address |
are known, just fill in |
| Destination ethernet address |
Generally, all are set to 1, which means broadcasting. The MAC address of the destination host, Just fill in the MAC address directly. |
| op field |
op is 1 means ARP request op is 2 means ARP response |
3.1.3 Simulate a real workflow
Host A broadcasts a message, the message content is as shown in the figure below
The Ethernet frame layer is equivalent to the ARP layer handing over the message to him, and this layer encapsulates the header again for him!
Hosts B and C also receive the message, so do they need to unpack the message and deliver it to the ARP layer protocol?
need. Because the destination MAC address in the Ethernet frame header is all 1, it is broadcast. Every host must receive this message. After submitting to the ARP layer, first distinguish whether it is an ARP request or an ARP response. If it is a request, then check the destination IP address. If the IP addresses do not match. The packet will be discarded at the ARP layer!
Host D receives the message and responds with an ARP response.
Hosts B and C also receive the ARP response message, do they need to unpack it and deliver it to the ARP layer protocol?
No, the destination Ethernet address is MAC_A, and the BC host will discard the message at the Ethernet frame protocol layer after receiving the message.
After such a process, host A obtains the MAC address of the destination host. In this way, historically received packets can be delivered downwards and encapsulated into complete Ethernet frames.
Question:
ARP seems to perform at least one request and one response. Does it have to do this every time it sends data?
After the ARP request is successful, the requester will temporarily save the IP:MAC mapping relationship into the cache table. And there are other schemes to determine the time to update the buffer table.
Does ARP only occur in the final subnet of the destination, and will ARP also occur in other places?
Yes, when the routers send to the external LAN layer by layer, the lower routers do not know the MAC address of the upper router, so they also need to perform ARP. The process of ARP will happen at any time in the network path.
3.2 View the cache table of mapping between IP address and MAC address
Under linux
windos
3.3 Simple understanding of what is ARP spoofing
Since the cache table stores the new but not the old, if the mapping relationship between host A and router B has been established. At this time, in the LAN, there is a host C that frantically sends an ARP message “I am host A, MAC_C, IP_A” to router B, and then the cache table will be updated at this time. Host C continues to send ARP replies frantically to host A, “I am router B, MAC_C, IP_B”.
In this way, the communication between host A and router B is intercepted by C without the knowledge of both parties. Called ARP spoofing.