What is an IP Packet?

A packet is a unit of data in the TCP / IP protocol communication transmission, and is also generally called a "data packet".

A packet is a unit of data in the TCP / IP protocol communication transmission, and is also generally called a "data packet".

The TCP / IP protocol works on the third layer (network layer) and the fourth layer (transport layer) of the OSI model, and the frame works on the second layer (data link layer). The content of the upper layer is transmitted by the content of the next layer, so in the local area network, the "packet" is contained in the "frame".

Chinese name

data pack

Foreign name

Data Packet

Packet interpretation

Packet: In a packet-switched network, a single message is divided into multiple data blocks. These data blocks are called packets, and they contain the address information of the sender and receiver. These packets are then transmitted on one or more networks along different paths and reassembled at the destination. ^[1]

Glossary explanation: The OSI (Open System Interconnection) model is a standard defined by the International Organization for Standardization (ISO). It defines a layered architecture in which each layer defines protocols for different communication levels. . The OSI model has 7 layers, and the layers 1 to 7 are: physical layer, data link layer, network layer, transport layer, session layer, presentation layer, and application layer. The OSI model can be logically divided into two parts: the lower layers 1 to 3 are concerned with the transmission of raw data; the upper layers 4 to 7 are concerned with the applications under the network.

Packet overview

Any host can send packets with any source address. When data packets are transmitted over long distances, they need to pass through many relay stations. Each relay station is a host or router, and they pass data packets to the next relay station based on routing information. On the way of data transmission, if the router encounters large data traffic, it may drop some packets without any prompt. Higher-level protocols, such as the TCP protocol, are used to deal with these issues in order to provide a reliable link for applications. If the packet is too large for the next relay station, the packet will be fragmented. In other words, a large data packet is divided into two or more small data packets, and each small data packet has its own IP header, but its payload is only a part of the large data packet payload. Each small data packet can reach its destination via a different path. On the way of transmission, each small data packet may still be fragmented. When these small packets arrive at the target machine, they are reassembled together. According to the rules, assembly and combination of small data packets is not allowed on intermediate nodes. ^[2]

We can use a visual example to illustrate the concept of the data packet: When we post the product at the post office, although the product itself comes with its own box, it is obviously not possible to use the product's original box to pack it during mail . The box containing the product must be placed in a special carton designated by the post office so that it can be mailed. Here, the product box is equivalent to a data packet, and the product inside is equivalent to available data, while the dedicated carton is equivalent to a frame, and there is only one data packet in a frame. "Package" sounds very abstract, isn't it invisible? Through certain technical means, the existence of data packets can be sensed. For example, in Windows 2000 Server, move the mouse to the network card icon in the lower right corner of the taskbar (the network card needs to be twisted pair and connected to the network), you can see "Send: × × packet, received: × × packet "Prompt. With packet capture software, packets can also be captured and analyzed. It is the interface diagram of the packets captured by the packet capture software Iris. Here, you can clearly see the details of the captured packets' MAC address, IP address, protocol type port number and so on. By analyzing these data, the network administrator can know what kind of data packets are active in the network.

Packet capture software

Packet instance

The structure of the data packet: The structure of the data packet is very complicated and can not be explained in a few words. It is sufficient to understand its key components here, which is very important to understand the communication principle of the TCP / IP protocol. The data packet is mainly composed of "destination IP address", "source IP address", "payload data" and other parts, including the header and the body. The header is a fixed length, the length of the body is indefinite, and the length of each field is fixed. Both parties request The header structure of the data packet and the response data packet is the same, the difference is the definition of the packet body. The structure of the data packet is very similar to what we usually write. The destination IP address indicates to whom this data packet is sent, which is equivalent to the address of the recipient. The source IP address indicates where the data packet is from, which is equivalent to sending it. The address of the letter; and the payload is equivalent to the content of the letter. Because of the structure of the data packet, computers with TCP / IP protocol can communicate with each other. When we use a network based on the TCP / IP protocol, what the network actually transmits is the data packet. Understanding data packets is vital to network security for network management.

Packet usage

Simply put, when you open a webpage on the Internet, this simple action is that you first send a data packet to the website. After it receives it, it returns the data packet to your webpage according to the IP address of the data packet you sent, that is, The browsing of web pages is actually the exchange of data packets.

1. The data link layer has a limit on the length of the data frame, which is the maximum data length that the link layer can bear. This value

It is called the maximum transmission unit, which is MTU. Taking Ethernet as an example, this value is usually 1500 bytes.

2. For IP data packets, there is also a length. In the IP header, the length of the IP packet is described by 16 bits. An IP packet can be up to 65535 bytes long.

3. Combining the above two concepts, the first important conclusion comes out. If the size of the IP packet exceeds the MTU value, then you need to

Fragmentation, that is, dividing an IP packet into multiple, the concept is very easy to understand, a truck carrying 5T needs to pull 10T cargo, it

Of course, I scored several times to pull.

4. IP fragmentation is often mentioned in many materials, but I don't think that fragmentation is actually not important. What is important is another thing. A data packet traverses a large network, and it will traverse multiple networks in the meantime, and the MTU value of each network is different. We can imagine that if both the receiving and sending ends are Ethernet and their MTU is 1500, we assume that when sending, the data packet will be encapsulated with 1500. However, unfortunately, there is a X.25 network in the transmission. Its MTU is 576. What happens? I think this is what we care about.

Of course, the conclusion is obvious. This data packet will be fragmented again. We started to pull it by train. At the halfway, there is no train and only cars. That car will be divided into many cars ... nothing more, more important. The thing is, in this case, what will happen if the IP packet is set to "fragment not allowed"? Yes, the data packet will be dropped, and then receive an ICMP unreachable error, telling you that fragmentation is needed! The smallest MTU value in this network is called the path MTU. We should have an effective way to find this value. The most stupid way is to first use traceroute to view all nodes, and then ping one by one ...

5. At the transport layer, there will be a limit on the maximum value. Of course, for UDP that only sends and does not care about others, it is not in our discussion. This is the TCP protocol. Speaking of size, it may make people think of TCP's famous sliding window window size, which is related to the buffers at both ends of the transmission and reception. The maximum packet size transmitted here is discussed, so it is not in the discussion.

In the option field of TCP, there is a maximum segment length (MSS), which indicates the maximum length of data transmitted by TCP to the other end. When a connection is established, both sides of the connection must announce their respective MSS, that is, It is together with the SYN flag of TCP. Of course, as far as transmission is concerned, I always hope that the larger the MSS, the better, and the overload is so serious. Who doesn't want to order more ... But there is always a limit to MSS, that is, its value = MTU-IP header length -TCP header length. For Ethernet, it is usually 1500-20-20 = 1460. Although it is always expected that it can be very large (such as 1460), most BSD implementations are multiples of 512, such as 1024 ... ...

6. Return to the slice. For example, execute the following command under Win2000:

"ping 192.168.0.1 -l 1473

According to what I just said, 1473 + 20 (ip header) +8 (icmp header) = 1501, which is larger than 1500, it will be fragmented, but we are concerned about:

How will this packet be divided?

As you can guess, the first package is

Data of ether head + IP head + ICMP head + 1472;

What about the second fragment pack?

it can be:

Ether head + IP header + ICMP header + 1 byte of data

or it could be:

Ether head + IP header + 1 byte of data "(Can the content in quotation marks not be explained in detail here, it is not very clear how the data of 1473 is divided into 1472 and 1 2010.01.15 13:50), which is omitted ICMP header encapsulation, of course, the IP header can not be saved, otherwise how to transmit ...

In fact, the TCP / IP protocol uses the latter encapsulation method. In this way, 8 bytes of space can be saved at one time. In the IP header, three flags are used to describe a fragmented packet:

1. Fragment flag: If a packet is fragmented, the fragment flag field is set to 1, except the last fragment; in this way, for the receiving end, it can be important to reorganize according to this flag bit. One of the basis

2. Fragment offset flag: It is not enough to have a flag to indicate "Is it a fragment packet". The offset flag indicates where the fragment is located in the original datagram. Obviously, once these two signs are combined, it is easy to reassemble the package.

3. Fragmentation flag is not allowed: If this flag is forcibly set in a data packet, then when fragmentation should be performed, err has already said.

IN OTHER LANGUAGES

• English
• Čeština
• Dansk
• Deutsch
• Svenska
• Français
• Italiano
• Nederlands
• Norsk
• Polski
• Português
• Español
• 日本語
• 한국어