What is TCP/IP?

TCP / IP (Transmission Control Protocol / Internet Protocol, Transmission Control Protocol / Internet Protocol) refers to a protocol cluster capable of implementing information transmission between multiple different networks. The TCP / IP protocol does not only refer to the two protocols TCP and IP, but refers to a protocol cluster composed of protocols such as FTP, SMTP, TCP, UDP, IP, etc., just because TCP and IP protocols It is the most representative, so it is called TCP / IP protocol. ^[1]

Chinese name: Transmission Control Protocol / Interconnection Protocol
Foreign name: Transmission Control Protocol / Internet Protocol

Short name: TCP / IP protocol
Hierarchical structure: 4th floor
Field: computer technology

TCP / IP protocol introduction

TCP / IP transmission protocol, namely transmission control / network protocol, is also called network communication protocol. It is the most basic communication protocol in the use of the network. The TCP / IP transmission protocol specifies the standards and methods for communication between various parts of the Internet. In addition, the TCP / IP transmission protocol is two important protocols to ensure the timely and complete transmission of network data information. The TCP / IP transmission protocol is strictly a four-layer architecture, and the application layer, transport layer, network layer, and data link layer are all included. ^[2]

The TCP / IP protocol is the most basic protocol of the Internet. The main protocols of the application layer are Telnet, FTP, SMTP, etc., which are used to receive data from the transport layer or transmit data to the transport layer according to different application requirements and methods; the transport layer The main protocols are UDP and TCP, which are channels for users to use the platform and the internal data of the computer information network to achieve data transmission and data sharing; the main protocols at the network layer are ICMP, IP, and IGMP, which are mainly responsible for the data packets in the network Transmission and so on; and the network access layer, also called the network interface layer or the data link layer, the main protocols are ARP, RARP, the main function is to provide link management error detection, the effective treatment of detailed information about different communication media issues. ^[3]

TCP / IP protocol history

TCP / IP protocol generation background

The predecessor of the Internet network, ARPANET, was not using Transmission Control Protocol / Internet Protocol (TCP / IP), but a network protocol called Network Control Protocol (NCP). With the development of the network and the increasing demand of users for the network, designers have found that the NCP protocol has many shortcomings that cannot fully support ARPANET networks, especially NCP can only be used in a homogeneous environment (the so-called homogeneous environment is All computers on the network run the same operating system), the designer believed that the "isomorphism" restriction should not be imposed on a widely distributed network. In 1980, the TCP / IP protocol used in the "heterogeneous" network environment was successfully developed, that is, the TCP / IP protocol could be interoperable on various hardware and operating systems. In 1982, ARPANET began using the TCP / IP protocol.

TCP / IP protocol generation process

(1) In 1973, Kahn and Cerf developed two core protocols in the TCP / IP protocol: the TCP protocol and the IP protocol. ^[1]

(2) In December 1974, Kahn and Cerf officially published the TCP / IP protocol and explained it in detail. At the same time, in order to verify the availability of the TCP / IP protocol, a data packet was sent from one end and reached the server after a journey of nearly 100,000 km. In this transmission, the data packet did not lose a byte, which indicates the success of the TCP / IP protocol. ^[1]

(3) On New Year's Day in 1983, the TCP / IP protocol formally replaced NCP. Since then, TCP / IP has become a type of network rule that most Internets comply with. ^[1]

(4) In 1984, the TCP / IP protocol was affirmed by the United States Department of Defense, and became a standard commonly followed by most computers. ^[1]

(5) On September 9, 2005, Kahn and Surf were awarded the Presidential Medal of Freedom for their outstanding contributions to American culture. ^[1]

TCP/IP The composition of TCP / IP protocol

The TCP / IP protocol refers to the OSI architecture to a certain extent. The OSI model has seven layers, from the bottom to the top: the physical layer, the data link layer, the network layer, the transport layer, the session layer, the presentation layer, and the application layer. But this is obviously a bit complicated, so in the TCP / IP protocol, they are simplified to four levels. ^[1]

(1) The services provided by the three layers of the application layer, presentation layer and session layer are not very different, so in the TCP / IP protocol, they are merged into one layer of the application layer. ^[1]

(2) Because the status of the transport layer and the network layer in the network protocol is very important, they are considered as two independent layers in the TCP / IP protocol. ^[1]

(3) Because the contents of the data link layer and the physical layer are similar, they are merged in the network interface layer in the TCP / IP protocol. The TCP / IP protocol with only a four-layer architecture is much simpler than the OSI with a seven-layer architecture. It is precisely this way that the TCP / IP protocol is more efficient and lower cost in actual applications. ^[1]

The four levels in the TCP / IP protocol are introduced separately.

Application layer: The application layer is the first layer of the TCP / IP protocol and directly provides services for application processes.

(1) For different types of applications, they will use different protocols at the application layer according to their needs. The mail transfer application uses the SMTP protocol, the web application uses the HTTP protocol, and the remote login service application uses the TELNET protocol. ^[1]

(2) The application layer can also encrypt, decrypt, and format data. ^[1]

(3) The application layer can establish or disconnect with other nodes, which can fully save network resources. ^[1]

Transport layer: As the second layer of the TCP / IP protocol, the transport layer plays a mainstay role in the entire TCP / IP protocol. And in the transport layer, TCP and UDP also play a mainstay role. ^[1]

Network layer: The network layer is located in the third layer in the TCP / IP protocol. In the TCP / IP protocol, the network layer can perform functions such as the establishment and termination of network connections and the search for IP addresses. ^[1]

Network interface layer: In the TCP / IP protocol, the network interface layer is located at the fourth layer. Because the network interface layer merges the physical layer and the data link layer, the network interface layer is not only a physical medium for transmitting data, but also provides an accurate and correct line for the network layer. ^[1]

The composition of the TCP / IP protocol

TCP / IP protocol features

The TCP / IP protocol can quickly develop and become a de facto standard because it just meets the needs of data communication worldwide. It has the following characteristics:

(1) The protocol standard is completely open, can be used by users for free, and is independent of specific computer hardware and operating systems.

(2) Independent of the network hardware system, it can run on a wide area network and is more suitable for the Internet.

(3) Network addresses are assigned uniformly, and each device and terminal in the network has a unique address.

(4) Standardization of high-level protocols can provide a variety of reliable network services.

TCP / IP protocol communication process and related protocols

In the process of network communication, the host that sends data is called the source host, and the host that receives data is called the destination host. When the source host sends data, the data is transferred from the upper layer to the lower layer in the source host. The application process in the source host first passes the data to the application layer, and the application layer plus the necessary control information becomes a message flow, which is passed down to the transport layer. The transport layer adds the received data units to this layer's control information to form message segments and datagrams, which are then delivered to the internet layer. The Internet layer adds the control information of this layer to form an IP datagram, which is transmitted to the network interface layer. The network interface layer assembles the IP datagrams handed down from the internet layer into frames, and transmits them to the network hardware (ie, the physical layer) in the form of a bit stream, and the data leaves the source host.

TCP / IP protocol link layer

The Ethernet protocol requires that devices connected to the network must have a network adapter, that is, a network card, and data packets must be transmitted from one network card to another. The network card address is the sending address and receiving address of the data packet. With the MAC address, Ethernet uses broadcast to send the data packet to all hosts in the subnet. After receiving this packet, each host in the subnet receives the packet. Both will read the destination MAC address in the header and compare it with their own MAC address. If they are the same, the next step is processed. If they are different, the packet is discarded. ^[4]

Therefore, the main job of the link layer is to group electrical signals and form data frames with specific meanings, and then send them to the receiver through the physical medium in the form of broadcast. ^[4]

TCP / IP protocol network layer

IP protocol

The network layer introduced the IP protocol and formulated a new set of addresses, which enables us to distinguish whether two hosts belong to the same network. This set of addresses is the network address, which is the so-called IP address. The IP protocol divides this 32-bit address into two parts, the former part represents the network address, and the latter part represents the host's address in the local area network. If two IP addresses are in the same subnet, the network addresses must be the same. In order to determine the network address in the IP address, the IP protocol also introduces a subnet mask. The IP address and the subnet mask can be obtained by bitwise AND operation. ^[4]

ARP protocol

The address resolution protocol is a network layer protocol that obtains MAC addresses based on IP addresses. The working principle is as follows: ARP will first initiate a request packet, the header of the packet contains the IP address of the target host, and then this packet will be repacked at the link layer to generate an Ethernet packet, which will eventually be broadcast by Ethernet For all hosts in the subnet, each host will receive this packet, take out the IP address in the header, and compare it with its own IP address. If it is the same, it will return its own MAC address. If it is different, it will be discarded. The packet. ARP receives the return message to determine the MAC address of the target machine. At the same time, ARP also stores the returned MAC address and the corresponding IP address in the local ARP cache and retains it for a certain period of time. It will directly query ARP when the next request Caching to save resources. ^[4]

Routing Protocol

First, use the IP protocol to determine whether the two hosts are on the same subnet. If they are on the same subnet, query the corresponding MAC address through the ARP protocol, and then send a packet to the hosts on the subnet by broadcast; if not In the same subnet, Ethernet will forward the packet to the gateway of this subnet for routing. The gateway is a bridge between the subnet and the subnet on the Internet, so the gateway will forward it multiple times, and finally forward the packet to the subnet where the target IP is located. Then, the target machine MAC is obtained through ARP, and finally it is also broadcast. The form sends the packet to the receiver. The physical device that completes this routing protocol is the router. The router plays the role of a transportation hub. It selects and sets the route according to the channel conditions, and forwards the data packets with the best path. ^[4]

Therefore, the main work of the network layer is to define network addresses, distinguish network segments, MAC addressing within subnets, and route packets for different subnets. ^[4]

TCP / IP protocol transport layer

The link layer defines the identity of the host, that is, the MAC address, and the network layer defines the IP address, which clarifies the network segment where the host is located. With these two addresses, data packets can be sent from one host to another host . In fact, the data packet is sent from an application on one host and then received by the application on the other host. And each computer may run many applications at the same time, so after the data packet is sent to the host, it is impossible to determine which application will receive this packet. Therefore, the transport layer introduced the UDP protocol to solve this problem, in order to identify each application.

UDP protocol

The UDP protocol defines the port, and each application on the same host needs to specify a unique port number, and stipulates that the data packet transmitted in the network must be added with the port information. When the data packet reaches the host, it can be found based on the port number. Corresponding application. The UDP protocol is relatively simple and easy to implement, but it does not have a confirmation mechanism. Once a data packet is sent, it is impossible to know whether the other party has received it, so the reliability is poor. To solve this problem and improve network reliability, the TCP protocol was born.

TCP protocol

TCP is the transmission control protocol, which is a connection-oriented, reliable, byte stream-based communication protocol. In simple terms, TCP is a UDP protocol with an acknowledgement mechanism. Every time a data packet is sent, an acknowledgement is required. If a data packet is lost, no acknowledgement can be received, and the sender must resend the data packet. In order to ensure the reliability of transmission, the TCP protocol has established a confirmation mechanism for three conversations on the basis of UDP, that is, a reliable connection must be established with the other party before formal data transmission and reception. TCP data packets, like UDP, are composed of a header and data. The only difference is that TCP data packets have no length limit and can theoretically be infinitely long, but in order to ensure the efficiency of the network, usually the length of TCP data packets is not Exceed the length of the IP packet to ensure that a single TCP packet does not have to be split. ^[4]

The main job of the transport layer is to define ports, identify application identities, and implement port-to-port communication. The TCP protocol can ensure the reliability of data transmission. ^[4]

TCP / IP protocol application layer

In theory, with the support of the above three layers of protocols, data can already be transmitted from the application on one host to the application on another host, but the data transmitted at this time is a byte stream and cannot be very good. It is recognized by the program and has poor operability. Therefore, the application layer defines various protocols to regulate the data format. Commonly, there are http, ftp, smtp, etc. In the request header, the request data format Accept and the response data format are defined respectively. Content-Type. With this specification, when the other party receives the request, it knows what format to use for parsing, then processes the request, and finally returns the data in the format requested by the requester. After the requester receives the response, it Read it in the prescribed format. ^[4]

So the main job of the application layer is to define the data format and interpret the data according to the corresponding format. ^[4]

TCP / IP protocol security risks

Attacks on the TCP / IP protocol link layer

In TCP / IP networks, the level of complexity at the link layer is the highest. The most common attack method is usually the Ethernet of TCP / IP protocol composed of network sniffing. At present, the most widely used local area network in our country is Ethernet, and its shared channel utilization rate is very high. The Ethernet card has two main working modes, one is the general working mode, and the other is a more special hybrid mode. In this case, it is likely that the information is lost due to the attack, and the attacker can obtain key data information such as account, password, etc. through data analysis. ^[3]

Attacks on the TCP / IP protocol network layer

ARP spoofing

ARP (Address Resolution Protocol) is a TCP / IP protocol that obtains a physical address based on an IP address. Generally, during the sending of IP data packets, there will be one subnet or multiple subnet hosts using the first layer of the network level, and ARP acts as the first query tool for the source host. When no physical address corresponding to the IP address is found The host sends the physical address information related to the host and the IP address to the host. At the same time, the source host sends a response including its own IP address and ARP detection to the destination host. If ARP recognizes that the link is wrong, then if ARP directly applies suspicious information, then suspicious information will easily enter the target host. The ARP protocol has no status. Regardless of whether a request is received, the host will automatically cache any ARP received accordingly. If there is a virus in the information, the use of ARP spoofing will lead to the security leakage of network information. Therefore, in the ARP identification link, we should increase protection and establish more identification levels. We cannot simply identify by IP name. We also need to fully refer to IP-related properties. ^[3]

ICMP spoofing

The ICMP protocol is also an Internet control message protocol, which is mainly used to transfer control information between the host and the router. Through this protocol, information such as whether the network is unblocked, whether the host is reachable, and whether routes are available is controlled. In the event of an error, the data packet will be sent by the host in real time, and the information describing the error will be automatically returned. This protocol is very important in network security. However, due to its own characteristics, it is extremely vulnerable to intrusion. Generally speaking, if the target host sends a large number of ICMP data packets for a long time, it will cause the target host to occupy a large amount of CPU resources and eventually cause the system to be paralyzed. ^[3]

Attacks on the TCP / IP protocol transport layer

There are also network security issues at the transport layer. For example, in the field of network security, IP spoofing is an effective method to hide itself. It is mainly by forging its own IP address and sending malicious requests to the target host, which attacks the host, but the host cannot be accurately confirmed because the IP address is hidden. Attack source. Or take the opportunity to steal relevant confidential information by gaining the trust of the target host. IP spoofing is often used in DOS attacks. This is because the source address of the data packet is relatively wide and cannot be effectively filtered, which greatly reduces the effectiveness of the basic IP defense. In addition, in the ICMP transmission channel, as one of the components of the ICMP-type IP layer, any port in the IP software sends a PING file to the ICMP, which is used as an application to request whether file transmission is allowed, and ICMP will respond. This command checks the legitimacy of the message. All the data applied for transmission will basically be agreed by the transmission layer. The main reason for this is that PING software programming cannot intelligently identify malicious information. Generally, network security protection systems and firewalls will automatically default PING to exist, thus ignoring the possible causes. Security Risk. ^[3]

Attacks on the TCP / IP protocol application layer

For the Internet, IP addresses and domain names have a one-to-one correspondence. The conversion between the two is called domain name resolution. The DNS is the domain name resolution server. DNS spoofing refers to the behavior of an attacker impersonating a domain name server. Using DNS spoofing can provide wrong DNS information to the target host. Therefore, DNS spoofing can mislead users into illegal servers and make users believe in scam IP. In addition, the interface on the PTP network receives data that does not belong to the host. This is also a security problem at the application layer. Some Trojan viruses can take advantage of the opportunity to invade and cause data leakage, which causes network security problems. ^[3]

TCP / IP protocol security policy

TCP / IP protocol firewall technology

The core of firewall technology is to construct a relatively secure subnet environment in an insecure network environment to ensure the security of the internal network. It can be thought of as a switch that blocks input and allows input. That is to say, the firewall technology can allow resources with access permissions to pass, and reject other communication data without permissions. When the filter is called, it will be transferred to the kernel for implementation. When the service is stopped, the filtering rules will be eliminated from the kernel. All packet filtering functions in the kernel run in the deep layer of the stack. At the same time, there is a proxy service firewall, which is characterized by complete isolation of the direct communication between the internal network and the external network, and the access from the internal network to the external network is converted into the external access by the proxy firewall, which is then forwarded to the internal network. When the proxy server finds signs of being attacked, it will keep traces of the attack and promptly alert the network administrator. ^[3]

TCP / IP protocol intrusion detection system

Intrusion detection systems are network security technologies that have emerged in recent years. This technology belongs to a dynamic security technology. By studying the characteristics of the intrusion behavior and the intrusion process, the security system immediately responds in real time, and gradually intercepts and protects the attacker before it is completed. Intrusion detection system is also an important part of the research on network security issues. With this technology, logic compensation firewall technology can be implemented, which can prevent internal intrusions, misoperations and external intrusions in real time. It also has a real-time alarm function, which adds to network security protection A protection net. Intrusion detection technology has three development aspects: intelligent intrusion detection, comprehensive security defense scheme and distributed intrusion detection. ^[3]

TCP / IP protocol access control policy

Access control is the main strategy for protecting and preventing network security. Since each system needs to have access rights to access users, only the location authority can allow access. Such a mechanism is called access control. This security defense strategy is not achieved by directly resisting intrusion behaviors, but it is an important strategy for practical network protection and is also urgently needed by users. It mainly includes two aspects of functions, one is to check the validity of external directions, this function is similar to a firewall, and the other is to check some target sites for internal to external access, block illegal sites, and on the server , You can restrict access to those users. ^[3]

Research on Timeliness of TCP / IP Protocol

The timeliness of the TCP / IP transmission protocol means that the transmitted information is valuable to the user within a certain use scenario and time range. More broadly speaking, the timeliness of information also includes the interest of the recipients and the impact on society after the data is transmitted. But as time goes on, the value of the data used will become smaller and smaller. That is to say, the relevant data information for the same thing has a greater or lesser value difference in different time periods. This difference is called the timeliness of data information. The data information transmission under the TCP / IP transmission protocol overcomes the problems of lag, delay and low efficiency of traditional information transmission methods. The TCP / IP transmission protocol can often transmit effective information to those who need it in time, which can maximize the value of data information and ensure the timeliness of data information. ^[2]

Timeliness of TCP / IP protocol data

With the rapid operation of modern society, the amount of data information received by people has exploded, but the quality of data information is uneven. Therefore, people tend to forget about the received information over time. General event information may lose its timeliness in a short period of time. Therefore, data with timeliness must have the characteristics of timeliness and can keep pace with the times. However, the timeliness of TCP / IP transmission protocols in computer networks has the characteristics of timeliness. It can use high-speed network technology to capture scientific and effective data in time. And with the change of time, it can automatically eliminate obsolete useless information and keep pace with the times. ^[2]

TCP / IP protocol data flexibility

After the data is transmitted, it is ultimately to meet the needs of the user. In addition to ensuring the freshness of data information, the TCP / IP transmission protocol in computer networks can also provide data information that is consistent with the actual situation according to the different needs of users. It has sufficient flexibility and scalability. ^[2]

Security and accuracy of TCP / IP protocol data

Data information is generally affected by the transmitter, receiver, transmission channel, and external environment during the transmission process. These factors will affect the timeliness of data information transmission to varying degrees. For example, due to the limited level of computer expertise of the transmitter, the failure to recognize the importance of information transmission, the incomplete and effective collection of data, or the use of wrong transmission methods will affect the timeliness of information transmission. The data transmission of the TCP / IP transmission protocol in the computer network can not only handle complex information structures and a large amount of data information, but also maintain the security of the data information and ensure the scientific accuracy of the data information. ^[2]

Fluency of TCP / IP protocol data transmission process

In order to meet the demand for data information in today's society, the TCP / IP transmission protocol in computer networks has improved the traditional data transmission process, making the transmission of network information more time-efficient and more convenient. Based on the TCP / IP protocol of the computer network, the data transmission process mainly consists of the three main links of establishing a TCP / IP connection, data transmission, and data reception. The seamless connection of these three links enables real-time transmission of data information. In the communication of the TCP / IP transmission protocol, in order to ensure that the data information reaches the destination address, the data sending port and the data receiving port need to send information to both parties to confirm whether a communication connection can be established. Establishing TCP / IP connection station port is a prerequisite for data information transmission. After the TCP / IP connection station port is established, data information can be sent. The data information first enters the transmission buffer transmission layer, and then is transmitted layer by layer. During the sending process, the transport layer protocol encapsulates the data information accordingly in order to achieve complete and accurate transmission. The receiving of data information is mainly receiving the control command of the data transmission circuit board sent by the computer. After receiving the data packet, the destination host will first identify, determine whether the valid carrier of the data packet is IP, ARP, or RARP, and then perform corresponding data decapsulation processing. Finally send the data message to the required application. In the process of data information transmission, the three links are interlocked, realizing the timeliness based on the computer network TCP / IP transmission protocol. ^[2]

Advanced ease of use of TCP / IP protocol transmission technology

The most important thing to realize real-time information transmission is the support of network technology. The TCP / IP transmission protocol can ensure the timely transmission of data information. The technology it uses is advanced and easy to understand and use. The TCP / IP transmission protocol in computer networks mainly uses advanced data compression technology. Data compression is the process of text encoding in order to store the same data message in less byte space. Text takes up less space and transfers speed up. Data compression technology allows real-time encoding at the fastest operating speeds. ^[2]

TCP / IP protocol defects

Like the OSl model, the TCP / IP model and protocols also have their own problems.

(1) The model does not clearly distinguish the concepts of services, interfaces, and protocols. Therefore, the TCP / IP model is not a good template for designing new networks using new technologies. ^[5]

(2) The TCP / IP model is not universal at all and is not suitable for describing any protocol stack other than the TCP / IP model. ^[5]

(3) The link layer is not a layer in the usual sense. It is an interface between the network layer and the data link layer. The distinction between interfaces and layers is important. ^[5]

(4) The TCP / IP model does not distinguish between the physical layer and the data link layer. The two layers are completely different. The physical layer must handle the transmission characteristics of copper cable, fiber optics, and wireless communications. The job of the data link layer is to determine the beginning and end of the frame and send the frame from one end to the other with the required degree of reliability One end. ^[5]