Easy-to-understand illustrations of online interview knowledge - Part 1

Regarding network knowledge, I mainly talk about OSI layering, network protocols and other related knowledge.

Talk about your understanding of the OSI seven-layer model and the TCP/IP four-layer model?

The so-called seven-layer model and four-layer model are hierarchical structures designed by our predecessors to enhance universality and compatibility. Each layer follows certain rules.

• Physical layer: Connect computers through physical means such as optical cables and network cables to transmit bit streams and specify the electrical levels, speeds, and cable pins.
• Data link layer: encapsulates the bit stream into a data frame format. The frame is the transmission unit of the data link layer. After the computers are connected, the data is transmitted through the network card, and the network card defines the world's only MAC address. It sends data to all computers in the local area network in the form of broadcasting, and compares the MAC address in the data with its own to determine whether it is sent to itself. The data link layer is mainly frame encoding and error correction control.
• Network layer: The network layer defines the IP protocol and subnet mask. By calculating the IP and subnet mask, it can determine whether it is through a subnet and transmit through routers and switches. The network layer has functions such as addressing and routing selection, connection establishment, maintenance, and termination.
• Transport layer: The transport layer is an end-to-end connection. In order to determine which process the data packet is sent from, a port number is required to establish communication through the port. For example, TCP and UDP belong to this layer of protocols.
• Session layer: responsible for establishing, managing, and disconnecting communication sessions between presentation layer entities.
• Presentation layer: Serves the application layer data encoding and conversion functions to ensure that the application layer data of one system can be recognized when sent to another application layer.
• Application layer: The layer closest to the user, which provides an application interface for computer users and is ultimately understood and used by users.

The TCP/IP model has four layers, which is a simplification of the OSI model:

• The network interface layer, also called the network access layer, includes the physical layer and data link layer of the OSI model and connects computers together.
• The network layer, also called the IP layer, handles the transmission and routing of IP packets and establishes communication between hosts.
• The transport layer provides end-to-end communication between two host devices.
• The application layer, which includes the session layer, presentation layer, and application layer of OSI, provides some commonly used protocol specifications, such as FTP, SMPT, HTTP, etc.

Summary of OSI Model

The physical layer connects computers through physical means, the data link layer encapsulates and encodes the bit stream, the network layer establishes host-to-host communication, the transport layer establishes port-to-port communication, the presentation layer handles data encoding and conversion, and the application layer is ultimately responsible for establishing connections, converting data formats, and presenting them to users.

In the OSI seven-layer reference model, what protocols are there in each layer?

• Physical layer protocols include: EIA/TIA-232, EIA/TIA-499, V.35, V.24, RJ45, Ethernet, 802.3, FDDI
• Data link layer protocols include: Frame Relay, HDLC, PPP, IEEE 802.3/802.2
• Network layer protocols include: IP, IPX, AppleTalk DDP
• Transport layer protocols are: TCP, UDP
• Session layer protocols include: RPC, SQL, NFS, NetBIOS, names, AppleTalk
• Presentation layer protocols include: TIFF, GIF, JPEG, PICT, ASCII, EBCDIC, encryption
• Application layer protocols include: FTP, WWW, Telnet, NFS, SMTP, Gateway, SNMP

How to know if two machines are connected?

To determine whether two machines are connected, we know from the OSI model above that we only need to implement it at the IP layer. The IP layer is used to implement communication between the two machines. We also know from the above that there are IP protocols, IPX protocols, etc. Regarding the IP layer, as long as we know some commands that implement the IP layer protocol, we can know how to use commands to know whether the two machines are connected.

How to know whether two machines are connected? We can use ping or traceroute command. Ping and traceroute commands are based on ICMP protocol. Let's analyze ping and traceroute commands and ICMP protocol.

Ping command: It is based on the network layer and detects the connection status between two computers by sending and receiving data packets. When a network failure occurs, we can use the ping command to estimate the fault point. If the ping command fails, then we should consider whether the hardware connection is wrong, such as whether the network card is set correctly, whether the network cable is connected, and whether the IP address is set correctly. It can also be used to measure the time it takes for a data packet to go back and forth. Use the command: Ping IP address.

The ping command will print the destination server's IP address, data size, and round-trip time to the screen, as shown below:

traceroute command: traceroute command is an application that makes full use of ICMP error message type, which is mainly used to trace routing information. Its implementation is to use the TTL of IP message between each machine node to increase from 1 and send UDP packets at the same time, and receive the timeout error information of ICMP packet when an error occurs.

If we refer to the figure below, we can clearly describe the entire process of traceroute.

Why does the tracerouter send ICMP when it sends UDP? Under normal circumstances, the protocol stack can reach UDP normally and return to UDP normally. However, your host is unreachable, which is the IP layer (not yet UDP). The IP layer, of course, only knows to return ICMP.

ICMP Protocol

ICMP is the abbreviation of Internet Control Message Protocol. It is one of the core protocols of the Internet protocol suite. It sends control messages in the IP layer and provides feedback on various problems that may occur in the communication environment. Through this information, network administrators can diagnose the problems sent and take appropriate measures to solve the problems.

ICMP itself is a protocol of the network layer, but its message is not sent directly to the data link layer, but encapsulated in IP data packets and then sent to the data link layer. ICMP's error and control information transmission is only to solve the unreliable problem that IP may have. It cannot exist independently of IP, so it should be regarded as a part of IP and belong to the IP system.

ICMP protocol message

Protocol message

The meaning of each field in the ICMP message is as follows:

• Type: 1 byte, indicating the type of ICMP message.
• Code: occupies 1 byte, further divides the subtypes of ICMP messages, such as type 3 (destination unreachable) is further subdivided into destination network unreachable (code 0), destination host unreachable (code 2), destination protocol unreachable (code 3), destination port unreachable (code 4), etc.
• Checksum: occupies 2 bytes and is used to check the ICMP message header and data.
• The fourth field: occupies 4 bytes. The content depends on the type of ICMP message. Some types do not define this field.
• Data part: The content and length depend on the type of ICMP message.

ICMP message types are divided into query messages and error control messages:

 ICMP message type | type value | description
 Query message | 8 | Response request
 Query message | 0 | Response message
 Query message | 13 | Timestamp request
 Query message | 14 | Response message
 Query message | 17 | Subnet mask request
 Query message | 18 | Response message
 Query message | 10 | route query
 Query message | 9 | Announcement message
 Error Control Message | 3 | Destination Unreachable
 Error Control Message | 4 | Source Control
 Error Control Message | 5 | Redirect
 Error Control Message | 11 | Timeout
 Error control message | 12 | Message parameter error

ICMP code type:

 Code | Meaning
 0 | Target network unreachable
 1 | The target host is unreachable
 2 | Target protocol unreachable
 3 | Destination port unreachable
 4 | Segmentation is required and DF is set
 5 | Source routing failed
 6 | Destination network unknown
 7 | Destination host unknown
 8 | The source host is isolated
 9 | The destination network is forcibly banned
 10 | The destination host is forcibly banned
 11 | The network cannot reach the specified service type
 12 | The host cannot reach the specified service type
 13 | The host of the management structure is unreachable because of the filter set
 14 | Unreachable because the priority set by the host is destroyed
 15 | Host unreachable due to priority being removed

Now that we know the ICMP protocol messages, let's look at the entire transmission process of the ICMP protocol implemented by the ping command. ICMP is an upper layer protocol of IP, but ICMP also shares some of the functions of IP. The following is a diagram of the implementation of the ICMP protocol.

​​