Starting from the computer network, analyze the content of the ftp message

foreword

Recently, the teacher of Jiwang asked to refer to the PPPoE protocol in the textbook to analyze the ftp username message captured by wireShark, analyze the frame structure, and parse the content of the message.

computer network architecture

To analyze the message, we need to go back and seriously understand the computer network architecture .

(mostly because I forgot)
[}9[L$G%~%1MMT<span class= ---def82303c51ddf9f09ad7dff5938d4aa--- Q.jpg" title="[}9[L$G%~%1MMT CNI_HK Q.jpg">

A computer network is a very complex system.

Imagine this: Two computers connected on a network want to transfer files to each other. What do we need to do?

Obviously, there must be a path for data transfer between the two computers.

But that's not enough. We still have a lot of work to do:

The computer ensures that data can be sent and received correctly on this path
To tell the network how to identify the computer receiving the data.
You must find out whether the other computer is turned on and connected to the network normally.
It must be clear that the other party is ready to receive and store the document.
If the computer's file format is not compatible, at least one of the computers should complete the format conversion function.
For data transmission errors, duplication or loss, and failure of a node switch in the network, measures should be taken to ensure that the other party can receive the correct file.

In order to design and solve these problems, we'd better convert these large and complex problems into small ones. stratified

How to layer these problems to form an architecture?

The International Organization for Standardization began to study this problem in 1977, and finally proposed an OSI standard , but unfortunately, it has not been widely used due to problems such as complex implementation, low efficiency, and long development cycle. And at that time, the Internet based on TCP/IP has been successfully operated on a large scale in the world, and there are not many people producing OSI standard products.
And another standard: the TCP/IP standard . Today's largest Internet application covering the world is the TCP/IP standard. become the de facto international standard.

Let's take a look at how the two standards are layered:

OSI is divided into seven-layer protocols in the figure, and the TCP/IP standard is divided into four-layer protocols in the figure.

The concept of OSL's seven-layer protocol architecture is clear and the theory is relatively complete, but it is complex and impractical.

The TCP/IP architecture is different, but it is now very widely used. TCP/IP is a four-layer architecture, which includes the application layer, the transport layer, the Internet layer and the network interface layer (the name of the Internet layer is to emphasize that this layer is to solve the interconnection problem of different networks).

But in essence, TCP/IP has only the top three layers, because the bottom network interface layer has no specific content.

Therefore , a compromise approach is often adopted when learning the principles of computer networks, that is, integrating the advantages of OSI and TCP/IP, and adopting an architecture with only five-layer protocols.

data flow

OK, now that we have the architecture for transferring data between two computers, let's start transferring data. Y(~PM34@B)CK9~5IOS{JD}U.jpg

Transmission starts. My computer starts sending data to Xiao Ming's computer.

So an application process AP1 of my computer tries to transmit data to an application process AP2 of Xiaoming's computer.

my transmission

At this point, the data I want to transmit flows from top to bottom according to the five-layer protocol.

Respectively through the application layer, transport layer, network layer, data link layer, physical layer.

Application layer: When data passes through the application layer, it adds necessary control information to the data. The application layer defines the rules of interaction between application processes. These rules include HTTP protocol, DNS protocol, SMTP protocol, etc.
Transport layer: After the transport layer receives the information sent to it by the application layer, it adds its own control information and also passes it to the next layer. The role of the transport layer is to provide communication services to the transport layer above. Protocols are TCP, UDP.
Network layer: The network layer encapsulates the segments or user datagrams passed to it by the transport layer into packets or packets for transmission. The packetized data is called IP datagrams. The protocol uses the IP protocol.
Data link layer: The data link layer encapsulates the IP datagram passed from the network layer into frames, each frame includes data and necessary control information, so that the receiver can know which bit starts and which bit ends. And provide error correction function.
Physical layer: The physical layer transmits data bit streams through physical transmission media, such as cables.

Xiao Ming's reception

After the data bit stream reaches the Xiaoming computer through the physical transmission medium, it goes through the physical layer to the application layer, and operates layer by layer from bottom to top, and the process AP2 of Xiaoming computer can receive the data.

Analyze FTP message content

This is the content of the packet captured with wireShark.

The corresponding layers are shown in Fig.

Frame The data frame of the physical layer

After clicking Frame, all the data bytes are illuminated at the bottom. It represents all bytes.
What is captured by the capture tool is the bit stream , which is encapsulated layer by layer, with a total of 65 bytes.

Ethernet II: Data link layer Ethernet frame header information

"Address" refers to a mac address, either a hardware address or a physical address.

The destination address occupies 6 bytes, that is, Xiaoming's mac address is 34: c9:3d:99:53:c7.
The source address occupies 6 bytes, that is, the mac address of the machine is: 34:36:3b:d4:14:72.
0x0800 means that the upper layer (network layer) uses IP datagrams, using the IPv4 protocol, accounting for 2 bytes.

The structure of an Ethernet frame is as follows:

You may ask why there is no FCS in the picture?

answer:
Before Wireshark captures the packet, the physical layer network card has removed some of the things added in the previous layers, such as the preamble synchronization code, FCS, etc., and then uses the check code CRC to check, and the next step will be performed only when it is correct. Start to capture packets. Therefore, the packet capture software captures data other than the preamble synchronization code and FCS, and there is no check field.

IPV4 network layer

You can see that the data is: the version is IPv4, and the header length is 20 bytes. DiffServ is not used. The total length is 51 bytes. The flag is 4, the flag flag is 0, and no fragmentation is performed. The slice offset is 0. The TTL is 64, the protocol number is 6, and the TCP protocol is used. The first checksum is not confirmed. The source ip is 192.168.1.13, and the destination ip is the local ip 192.168.1.15.

The TTL field is used to limit how many hops the packet can transmit on the Internet. Generally, the value is set to 64, 128, etc.

TCP transport layer

It can be seen that the data is: the source port is 50668, the destination port is 21, the serial number is 1, the confirmation number is 1, the flag bit is 0x018, and the ACK and PSH flag bits are set. exist

In addition, in the captured packets, you can see that the TCP connection is established through the three-way handshake.

Application layer FTP

The application layer here uses the FTP protocol. The data content is very simple, request to log in to USR, the account is soft

impression

In this summary, I have a deeper understanding of the computer network structure system. It is unexpected to add so much data from simple data at the application layer to the physical layer.
Still just started to learn computer network, continue to study seriously.