其他分享
首页 > 其他分享> > 44.第十章 网络协议和管理配置(五)

44.第十章 网络协议和管理配置(五)

作者:互联网

3.2.2 UDP User Datagram Protocol

3.2.2.1 UDP特性

工作在传输层

提供不可靠的网络访问

非面向连接协议

有限的错误检查

传输性能高

无数据恢复特性

更多关于udp的内核参数,可参看man 7 udp

3.2.2.2 UDP包头

在这里插入图片描述

3.3 Internet 层

在这里插入图片描述

3.3.1 Internet Control Message Protocol

在这里插入图片描述
范例: 利用icmp协议判断网络状态

[root@rocky8 ~]# ping 223.5.5.5
PING 223.5.5.5 (223.5.5.5) 56(84) bytes of data.
64 bytes from 223.5.5.5: icmp_seq=1 ttl=128 time=38.9 ms
64 bytes from 223.5.5.5: icmp_seq=2 ttl=128 time=24.1 ms
64 bytes from 223.5.5.5: icmp_seq=3 ttl=128 time=24.4 ms
64 bytes from 223.5.5.5: icmp_seq=4 ttl=128 time=22.1 ms
^C
--- 223.5.5.5 ping statistics ---
4 packets transmitted, 4 received, 0% packet loss, time 3005ms
rtt min/avg/max/mdev = 22.138/27.384/38.910/6.711 ms

[root@rocky8 ~]# ping 172.31.0.7
PING 172.31.0.7 (172.31.0.7) 56(84) bytes of data.
64 bytes from 172.31.0.7: icmp_seq=1 ttl=64 time=0.365 ms
64 bytes from 172.31.0.7: icmp_seq=2 ttl=64 time=0.407 ms
64 bytes from 172.31.0.7: icmp_seq=3 ttl=64 time=0.492 ms
64 bytes from 172.31.0.7: icmp_seq=4 ttl=64 time=0.390 ms
^C
--- 172.31.0.7 ping statistics ---
4 packets transmitted, 4 received, 0% packet loss, time 3108ms
rtt min/avg/max/mdev = 0.365/0.413/0.492/0.051 ms

[root@rocky8 ~]# ping 180.76.76.76
PING 180.76.76.76 (180.76.76.76) 56(84) bytes of data.
64 bytes from 180.76.76.76: icmp_seq=1 ttl=128 time=33.2 ms
64 bytes from 180.76.76.76: icmp_seq=2 ttl=128 time=33.9 ms
64 bytes from 180.76.76.76: icmp_seq=3 ttl=128 time=34.10 ms
64 bytes from 180.76.76.76: icmp_seq=4 ttl=128 time=36.5 ms
^C
--- 180.76.76.76 ping statistics ---
4 packets transmitted, 4 received, 0% packet loss, time 3006ms
rtt min/avg/max/mdev = 33.222/34.660/36.522/1.259 ms

[root@rocky8 ~]# ping 114.114.114.114
PING 114.114.114.114 (114.114.114.114) 56(84) bytes of data.
64 bytes from 114.114.114.114: icmp_seq=1 ttl=128 time=32.4 ms
64 bytes from 114.114.114.114: icmp_seq=2 ttl=128 time=32.7 ms
64 bytes from 114.114.114.114: icmp_seq=3 ttl=128 time=30.6 ms
64 bytes from 114.114.114.114: icmp_seq=4 ttl=128 time=32.3 ms
^C
--- 114.114.114.114 ping statistics ---
4 packets transmitted, 4 received, 0% packet loss, time 3008ms
rtt min/avg/max/mdev = 30.643/32.005/32.708/0.830 ms

[root@rocky8 ~]# ping 119.29.29.29
PING 119.29.29.29 (119.29.29.29) 56(84) bytes of data.
64 bytes from 119.29.29.29: icmp_seq=1 ttl=128 time=28.2 ms
64 bytes from 119.29.29.29: icmp_seq=2 ttl=128 time=31.1 ms
64 bytes from 119.29.29.29: icmp_seq=3 ttl=128 time=31.6 ms
64 bytes from 119.29.29.29: icmp_seq=4 ttl=128 time=28.7 ms
^C
--- 119.29.29.29 ping statistics ---
4 packets transmitted, 4 received, 0% packet loss, time 3004ms
rtt min/avg/max/mdev = 28.176/29.885/31.571/1.474 ms

C:\Users\raymond>ping 180.76.76.76

正在 Ping 180.76.76.76 具有 32 字节的数据:
来自 180.76.76.76 的回复: 字节=32 时间=27ms TTL=51		#ttl=51,就是64-51=13,经过了13个路由器,每经过一个路由器就减少一个
来自 180.76.76.76 的回复: 字节=32 时间=27ms TTL=51
来自 180.76.76.76 的回复: 字节=32 时间=26ms TTL=51
来自 180.76.76.76 的回复: 字节=32 时间=27ms TTL=51

180.76.76.76 的 Ping 统计信息:
    数据包: 已发送 = 4,已接收 = 4,丢失 = 0 (0% 丢失),
往返行程的估计时间(以毫秒为单位):
最短 = 26ms,最长 = 27ms,平均 = 26ms


[root@rocky8 ~]# iptables -A INPUT -s 172.31.0.7 -j REJECT
[root@rocky8 ~]# iptables -vnL
Chain INPUT (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 REJECT     all  --  *      *       172.31.0.7           0.0.0.0/0            reject-with icmp-port-unreachable

Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination         

Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination 
 
 [root@centos7 ~]# ping 172.31.1.8
PING 172.31.1.8 (172.31.1.8) 56(84) bytes of data.
From 172.31.1.8 icmp_seq=1 Destination Port Unreachable
From 172.31.1.8 icmp_seq=2 Destination Port Unreachable
From 172.31.1.8 icmp_seq=3 Destination Port Unreachable
From 172.31.1.8 icmp_seq=4 Destination Port Unreachable
^C
--- 172.31.1.8 ping statistics ---
4 packets transmitted, 0 received, +4 errors, 100% packet loss, time 3000ms

 pkts bytes target     prot opt in     out     source               destination         
[root@rocky8 ~]# iptables -F

[root@rocky8 ~]# ping www.raymond01.org
ping: www.raymond01.org: Name or service not known

[root@rocky8 ~]# ping -s 65508 172.31.1.8
Error: packet size 65508 is too large. Maximum is 65507

[root@rocky8 ~]# ping -f -s 65507 172.31.0.7
PING 172.31.0.7 (172.31.0.7) 65507(65535) bytes of data.
.^C
--- 172.31.0.7 ping statistics ---
4382 packets transmitted, 4381 received, 0.0228206% packet loss, time 20105ms
rtt min/avg/max/mdev = 0.928/4.400/6.028/0.562 ms, ipg/ewma 4.589/3.998 ms

PING 的作用?

PING 主要的作用就是测试在两台主机之间能否建立连接,如果 PING 不通就无法建立连接。

它其实就是向目的主机发送多个 ICMP 回送请求报文

3.3.2 Address Resolution Protocol

3.2.2.1 ARP

ARP 地址解析协议由互联网工程任务组(IETF)在1982年11月发布的RFC 826中描述制定,是根据IP地址获取物理地址的一个TCP/IP协议。

主机发送信息时将包含目标IP地址的ARP请求广播到局域网络上的所有主机,并接收返回消息,以此确定目标的物理地址;收到返回消息后将该IP地址和物理地址存入本机ARP缓存中并保留一定时间,下次请求时直接查询ARP缓存以节约资源。地址解析协议是建立在网络中各个主机互相信任的基础上的,局域网络上的主机可以自主发送ARP应答消息,其他主机收到应答报文时不会检测该报文的真实性就会将其记入本机ARP缓存

同网段的ARP

在这里插入图片描述
跨网段的ARP
在这里插入图片描述
范例:ARP 表

[root@rocky8 ~]# ip neigh
172.31.0.2 dev eth0 lladdr 00:50:56:ea:ab:89 STALE
172.31.0.7 dev eth0 lladdr 00:0c:29:50:0f:03 STALE
172.31.7.254 dev eth0 lladdr 00:50:56:f4:6a:1b STALE
172.31.0.1 dev eth0 lladdr 00:50:56:c0:00:08 DELAY
[root@rocky8 ~]# arp -n
Address                  HWtype  HWaddress           Flags Mask            Iface
172.31.0.2               ether   00:50:56:ea:ab:89   C                     eth0
172.31.0.7               ether   00:0c:29:50:0f:03   C                     eth0
172.31.7.254             ether   00:50:56:f4:6a:1b   C                     eth0
172.31.0.1               ether   00:50:56:c0:00:08   C                     eth0

范例:

[root@centos7 ~]# yum install -y tcpdump

[root@centos7 ~]# tcpdump -i eth0 arp -nn
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth0, link-type EN10MB (Ethernet), capture size 262144 bytes

[root@rocky8 ~]# ping 172.31.0.6
PING 172.31.0.6 (172.31.0.6) 56(84) bytes of data.
64 bytes from 172.31.0.6: icmp_seq=1 ttl=64 time=0.382 ms
64 bytes from 172.31.0.6: icmp_seq=2 ttl=64 time=0.464 ms
64 bytes from 172.31.0.6: icmp_seq=3 ttl=64 time=0.290 ms
64 bytes from 172.31.0.6: icmp_seq=4 ttl=64 time=0.375 ms

[root@centos7 ~]# tcpdump -i eth0 arp -nn
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth0, link-type EN10MB (Ethernet), capture size 262144 bytes
14:57:47.117529 ARP, Request who-has 172.31.0.6 tell 172.31.1.8, length 46
14:57:47.117628 ARP, Reply 172.31.0.6 is-at 00:0c:29:8e:46:7a, length 46

[root@rocky8 ~]# arp -n
Address                  HWtype  HWaddress           Flags Mask            Iface
172.31.0.6               ether   00:0c:29:8e:46:7a   C                     eth0
172.31.0.2               ether   00:50:56:ea:ab:89   C                     eth0
172.31.0.7               ether   00:0c:29:50:0f:03   C                     eth0
172.31.7.254             ether   00:50:56:f4:6a:1b   C                     eth0
172.31.0.1               ether   00:50:56:c0:00:08   C                     eth0

范例:ARP静态绑定可以防止ARP欺骗

[root@rocky8 ~]# arp -s 172.31.0.6 00:0c:29:8e:46:7a
[root@rocky8 ~]# arp -n
Address                  HWtype  HWaddress           Flags Mask            Iface
172.31.0.6               ether   00:0c:29:8e:46:7a   CM                    eth0
172.31.0.2               ether   00:50:56:ea:ab:89   C                     eth0
172.31.0.7               ether   00:0c:29:50:0f:03   C                     eth0
172.31.7.254             ether   00:50:56:f4:6a:1b   C                     eth0
172.31.0.1               ether   00:50:56:c0:00:08   C                     eth0

范例:

[root@rocky8 ~]# arp -d 172.31.0.6
[root@rocky8 ~]# arp -n
Address                  HWtype  HWaddress           Flags Mask            Iface
172.31.0.2               ether   00:50:56:ea:ab:89   C                     eth0
172.31.0.7               ether   00:0c:29:50:0f:03   C                     eth0
172.31.7.254             ether   00:50:56:f4:6a:1b   C                     eth0
172.31.0.1               ether   00:50:56:c0:00:08   C                     eth0

范例:kali 系统实现 arp 欺骗上网流量劫持

#启动路由转发功能
[root@kali ~]# echo 1 > /proc/sys/net/ipv4/ip_forward

#安装包
[root@kali ~]# apt-get install dsniff

#欺骗目标主机,本机是网关
[root@kali ~]# arpspoof -i eth0 -t 被劫持的目标主机IP 网关IP

#欺骗网关,本机是目标主机
[root@kali ~]# arpspoof -i eth0 -t 网关IP 被劫持的目标主机IP

3.2.2.2 Gratuitous ARP

Gratuitous ARP也称为免费ARP,无故ARP。Gratuitous ARP不同于一般的ARP请求,它并非期待得到ip对应的mac地址,而是当主机启动的时候,将发送一个Gratuitous arp请求,即请求自己的ip地址的mac地址

免费ARP可以有两个方面的作用:

范例:抓取 CentOS 8 重启过程的ARP信息
在这里插入图片描述
在这里插入图片描述
范例:抓取 CentOS 6 重启过程的ARP信息
在这里插入图片描述
在这里插入图片描述
在这里插入图片描述

在这里插入图片描述

范例:

[root@centos7 ~]# tcpdump -i eth0 arp -nn
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth0, link-type EN10MB (Ethernet), capture size 262144 bytes
15:05:45.952866 ARP, Request who-has 172.31.1.8 tell 172.31.0.6, length 46
15:05:45.952970 ARP, Reply 172.31.1.8 is-at 00:0c:29:f9:6a:d1, length 46
#免费ARP

3.3.3 Reverse Address Resolution Protocol

RARP 即将MAC转换成IP
在这里插入图片描述

3.3.4 internet 协议

3.3.4.1 Internet 协议特征

3.3.4.2 IP PDU 报头

在这里插入图片描述
IP PDU 报头格式

范例:

[root@rocky8 ~]# cat /proc/sys/net/ipv4/ip_default_ttl
64

[root@rocky8 ~]# echo "ibase=2;10101100000111110000000100001000" |bc
2887713032

[root@rocky8 ~]# ping 2887713032
PING 2887713032 (172.31.1.8) 56(84) bytes of data.
64 bytes from 172.31.1.8: icmp_seq=1 ttl=64 time=0.041 ms
64 bytes from 172.31.1.8: icmp_seq=2 ttl=64 time=0.037 ms
64 bytes from 172.31.1.8: icmp_seq=3 ttl=64 time=0.056 ms
^C
--- 2887713032 ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 2025ms
rtt min/avg/max/mdev = 0.037/0.044/0.056/0.011 ms

范例:

[root@centos7 ~]# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host 
       valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
    link/ether 00:0c:29:50:0f:03 brd ff:ff:ff:ff:ff:ff
    inet 172.31.0.7/21 brd 172.31.7.255 scope global noprefixroute eth0
       valid_lft forever preferred_lft forever
    inet6 fe80::20c:29ff:fe50:f03/64 scope link 
       valid_lft forever preferred_lft forever
[root@centos7 ~]# ip a a 172.31.0.6/21 dev eth0 label eth0:1
[root@centos7 ~]# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host 
       valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
    link/ether 00:0c:29:50:0f:03 brd ff:ff:ff:ff:ff:ff
    inet 172.31.0.7/21 brd 172.31.7.255 scope global noprefixroute eth0
       valid_lft forever preferred_lft forever
    inet 172.31.0.6/21 scope global secondary eth0:1
       valid_lft forever preferred_lft forever
    inet6 fe80::20c:29ff:fe50:f03/64 scope link 
       valid_lft forever preferred_lft forever

[root@rocky8 ~]# arp -n
Address                  HWtype  HWaddress           Flags Mask            Iface
172.31.0.6               ether   00:0c:29:8e:46:7a   C                     eth0
172.31.0.2               ether   00:50:56:ea:ab:89   C                     eth0
172.31.0.7               ether   00:0c:29:50:0f:03   C                     eth0
172.31.7.254             ether   00:50:56:f4:6a:1b   C                     eth0
172.31.0.1               ether   00:50:56:c0:00:08   C                     eth0

#发现IP冲突的主机
root@ubuntu1804:~# arping 172.31.0.6
ARPING 172.31.0.6
60 bytes from 00:0c:29:50:0f:03 (172.31.0.6): index=0 time=202.791 usec
60 bytes from 00:0c:29:8e:46:7a (172.31.0.6): index=1 time=347.122 usec
60 bytes from 00:0c:29:50:0f:03 (172.31.0.6): index=2 time=181.210 usec
60 bytes from 00:0c:29:8e:46:7a (172.31.0.6): index=3 time=459.633 usec
60 bytes from 00:0c:29:50:0f:03 (172.31.0.6): index=4 time=295.335 usec
60 bytes from 00:0c:29:8e:46:7a (172.31.0.6): index=5 time=632.849 usec
60 bytes from 00:0c:29:8e:46:7a (172.31.0.6): index=6 time=160.417 usec
60 bytes from 00:0c:29:50:0f:03 (172.31.0.6): index=7 time=326.288 usec
60 bytes from 00:0c:29:8e:46:7a (172.31.0.6): index=8 time=480.989 usec
60 bytes from 00:0c:29:50:0f:03 (172.31.0.6): index=9 time=868.357 usec
^C
--- 172.31.0.6 statistics ---
5 packets transmitted, 10 packets received,   0% unanswered (5 extra)
rtt min/avg/max/std-dev = 0.160/0.395/0.868/0.211 ms

协议域
在这里插入图片描述

3.4 主机到主机的包传递完整过程

在这里插入图片描述
在这里插入图片描述
在这里插入图片描述
在这里插入图片描述
在这里插入图片描述
在这里插入图片描述
在这里插入图片描述
在这里插入图片描述
在这里插入图片描述
在这里插入图片描述
在这里插入图片描述
在这里插入图片描述
在这里插入图片描述
在这里插入图片描述
在这里插入图片描述
在这里插入图片描述
在这里插入图片描述
在这里插入图片描述
在这里插入图片描述
在这里插入图片描述
在这里插入图片描述
在这里插入图片描述
范例:

1 22/tcp 

1 分析目标地址是否在同一网段(之后)
2 ARP 得到MAC
3 三次握手
4 数据通讯

标签:00,网络协议,bytes,44,第十章,64,time,172.31,eth0
来源: https://blog.csdn.net/qq_25599925/article/details/120955416