December 6, 2019 what happens after the browser enters a URL

The following is a summary and connection of computer network knowledge ( Poor writing , Ha ha ha ha !), Input from the browser url From that moment on …

meanwhile , Let's take a look at the picture below , This is the process of package encapsulation , And the corresponding model layer .

ps: Original connection Hzy Blog

[ Failed to transfer the external chain picture , The origin station may have anti-theft chain mechanism , It is suggested to save the pictures and upload them directly (img-GLExADU8-1576242687553)(/img/ Packet encapsulation process .jpg)]

Here is a packet of clothes , Undress story .

application layer ： I am a packet , After you input url The moment I press enter, I have ！ Now where am I going ？

1. First of all, we input in the browser url, that url What is it ？

url Is a unified resource locator symbol , Specify where the resources we need are located .

1.1 url What are the components of ？

url from [ The name of the agreement ]/[ host ip And port ]/[ The host path where the resource is stored ]/[ Resource name ]

2. But we don't usually use ip+ port , It's the domain name , And this requires understanding The domain name system 了 , The domain name system :" Packet the resource you requested is in xxxIP"

2.1 What is DNS The domain name system , What is its function ？

DNS The domain name system is a distributed database , Its function is to help us ip Address mapping domain name , It is convenient for us to remember and use .

2.2 That, that, that DNS How the domain name system works , How to put domain name mapping ip Address of the ？

We can regard the domain name system as a big tree , Just like this .

[ Failed to transfer the external chain picture , The origin station may have anti-theft chain mechanism , It is suggested to save the pictures and upload them directly (img-96xEi4N1-1576242687555)(/img/ The domain name system .jpeg)]

• The root domain name server seems to have 13 platform , Records all top-level domain name servers ip And address , It is said that China has its own root domain name server recently ！
• As long as there is a root domain name server working properly , The whole domain name system will not hang up ,
• There will be many top-level domains under the root domain name .
• Under the top-level domain name , There will be many secondary domain names , Just like this layer by layer … There are many domain names .

Of course, we also have a local domain name server , There is a domain name IP Cache table , Help us quickly find some frequently used domain names ip, Omit the parsing process ！

Domain name resolution process

• Input hzeyuan.cn
• The computer requests the local domain name server ,DNS Cache To see if this domain name has a cache , Looking at the local host file , Yes Then go back to ip Query results .
• If not , Then send DNS request Root domain server , The root domain server tells it , stay cn Domain name server Next .
• The computer also Run and ask cn Domain name server ,cn The domain name server tells it , stay hzeyuan.cn Domain name server Next .
• Then pinch , The computer went looking for it ,hzeyuan.cn Domain name server .
• At this time , The domain name server tells it , So you came to me , And then put ip Tell it , end .

The process of domain name resolution is like this , So you can see the meaning of caching , No cache , You have to ask around , Efficiency is very low !

2.3 After understanding the domain name resolution process , Then you have to understand the security problem .

1. Domain name hijacking (DNS hijacked )

• Simply put, in the process of domain name resolution , Being manipulated , Back to ip No, it's the original ip 了 , It is modified by the attacker ip.

1.1 The way ：

• Local DNS Cache By or hosts The file has been modified , Return to the changed IP,GG.
• I can't find it here , Send a request to the root domain name server , Layer by layer , During this process, the domain name server is hacked ,GG.

2. Domain name pollution ( Domain name deception )( The domain name cache is poisoned )

2.1 The computer mentioned above sends DNS request , That's in Before the real request comes , I forged a fake DNS The reply Here you are. , Are you serious GG 了 .

3. Disadvantage ：

• The result may be the domain name you visit , What came back was a phishing website .
• Or come back with a fake ip, You can't get on the Internet .

The network layer : Now I know the goal ip La , Data packets :“ How can I get there ？”

ps:( Transport layer tcp We are unpacking the data in the packet and saying !, Suppose the data package has been encapsulated in its belly tcp and http Information !)

3. Let's get to know ip agreement .

3.1 What is? ip?

What we usually see IP like this

• 171.48.163.10（ Decimal system ）,
• 10101011,110000,10100011,1010( Binary system )
• from 32 Bit binary , A byte 8 position , from 4 Byte composition .
• According to the field, it can be divided into network number , Host number .

Then pinch IP according to network number Can be divided into 5 class :

• A class （0.0.0.0~127.0.0.0) , Subnet mask : 255.0.0.0
• B class (128.0.0.0~191.255.0.0), Subnet mask : 255.255.0.0
• C class (192.0.0.0~223.255.255.0), Subnet mask : 255.255.255.0
• D class (224.0.0.0~239.255.255.255)
• E class (240.0.0.0~255.255.255.254)

In fact, it is the following figure

[ Failed to transfer the external chain picture , The origin station may have anti-theft chain mechanism , It is suggested to save the pictures and upload them directly (img-MyJYPz7L-1576242687556)(/img/ip.png)]
[ Failed to transfer the external chain picture , The origin station may have anti-theft chain mechanism , It is suggested to save the pictures and upload them directly (img-k4OenB6f-1576242687556)(/img/ip2.png)]

3.2 What is a subnet mask ?

• You can tell by the name that it has something to do with the subnet ！
• Our host number can be further subdivided into Subnet number , Host number
• And then we use Subnet mask To distinguish between , The number of digits of the subnet number and the host number .
• In the subnet mask 1 Corresponding network number and Subnet number ,0 Corresponding Host number , Through the given subnet mask , The route will know which one to assign subnet ！

3.3 Know the subnet ( Intranet ) And the Internet , You should know what a gateway is .

The gateway is the gateway between the public network and the intranet , We go through it with the outside Internet Connected to a , Usually, the router can complete the related functions of the gateway , So the gateway we usually call is the router ip Address

3.4 How the gateway connects us with the outside Internet？

adopt nat agreement : Full name Network Address Translation, Network address translation .

• Through this agreement , Distribute our intranet ip, Convert to public network ip, With the outside world internet signal communication .
• Or put the public network ip, Convert to intranet assigned ip, Let us receive from the outside internet Information about .
• In this way, many machines can , A school , A company , Just use a public ip La , You can save some public networks ip Address ！

Conclusion : Packets encapsulate ip The head information of , Then came the gateway , The gateway finds that the destination of the packet is not in the network , Ready for release , But before release, you need to know , This gateway MAC Address , So we came to the link layer .

4. The link layer :APR agreement , Packets want to know MAC Address , Need to pass through APR Only by agreement can we know ！

4.1 What is? APR agreement ？

ARP agreement ： Address resolution protocol , We can use him to make a known ip Address , It can be interpreted as MAC Address .

4.2 APR Protocol parsing process

Case one : Two ip The address in Same LAN .

• host A The request package , To broadcast , In this way, all hosts in the same LAN can receive .
• The received host will determine whether the request packet is its own , Choose to discard or respond .
• The target host B Make sure it's your own , Send a unicast Host computer A, So the mainframe A I know the mainframe B Of MAC Address .

The second case , Two ip Address Not on the same LAN .

• host A according to IP You can know , The goal is ip Are you on the same network as yourself .
• Not a network , What do you need to get out of the pass ？ Gateway, of course .
• host A Will put the gateway MAC Bring me the address , By gateway ( forward ) For the next operation ！
• Next is the matter between gateways , Gateways forward to each other , At the same time, record the results of each step MAC Address , Finally find the target host B Gateway for ！

Unicast is point-to-point network communication , Broadcast is a point to multipoint network communication .

4.3 APR Cache table

DNS There is a cache table ,APR There must be , Otherwise, it would be a waste to query every time .

• The cache table records frequently-used ip Address corresponding MAC Address .
• Of course, the records in the cache table are time effective , It's usually 20 minute .

4.4 ARP Package analysis

Direct mapping

[ Failed to transfer the external chain picture , The origin station may have anti-theft chain mechanism , It is suggested to save the pictures and upload them directly (img-x41uGk80-1576242687557)(/img/APR Packet format .png)]

• Ethernet destination address = Address of the receiver : When asked ,ff-ff-ff-ff-ff-ff For the broadcast , Unicast on return .
• Ethernet original address = Originator Adress .

4.5 ARP Common attacks on the protocol

4.5.1 Man-in-the-middle attack

What is man in the middle attack ？

In short , It's the middlemen who entrap people , Both can pit the seller ( The sender ), Can also pit buyers ( The receiving party ), Information Asymmetry .

• The sender's ARP package , Robbed by the villain's machine , Because the bad guy's host , Tell the sender , I am the destination you want to send .
• The sender , A face of meng , I received two replies ( There should be only one ), Then I chose a new reply .
• The result? , The sender's ARP The cache table will record the bad guy's host MAC Address , Then send it to him …

The impact of man in the middle attacks ?

• Some plaintext , Sensitive information is stolen .
• May cause network disconnection , Or the speed limit , Because your bag went through the bad guy's machine , It can choose to discard , Or do something about it .

5. Now the gateway is cleared , The packet is on its way , All the way , Gateway to destination ！ Look at the gateway of the destination , There's nothing wrong with the address , release ！ Then the same , The link layer , And then came The network layer ！

ps: terminus ad quem , The next step is to unpack the package ！

Two protocols that are often encountered at the transport layer ,TCP and UDP, Let's get to know TCP agreement .

5.1 What is? TCP agreement ,UDP agreement ？

TCP Full name of agreement ：(Transmission Control Protocol) Transmission control protocol .
UDP Full name of agreement ：(User Datagram Protocol) User packet protocol .

5.2 UDP The protocol and TCP The difference between agreements ( Difference )？

[ Failed to transfer the external chain picture , The origin station may have anti-theft chain mechanism , It is suggested to save the pictures and upload them directly (img-j3FTFE5Q-1576242687558)(/img/tcpAndUdpdiff.png)]

• Reliability means :TCP There is a special in the agreement Delivery assurance mechanism , but UDP The agreement will not .
• Connectivity means :TCP The protocol will establish a communication channel between both parties , but UDP The agreement will not .
• The difference between byte stream and message ：

TCP Byte stream in ：TCP There is a send buffer in the , If the data stream is too long, it will be cut into appropriate length and sent . The data stream is too short , Wait for the buffer to reach the appropriate length before sending . And the data in the buffer will be deleted only after the other party receives it .

UDP Message in ：UDP Message in , Will not split , Will not merge , Send one message at a time .

• efficiency :TCP The protocol is inefficient , Because it is necessary to ensure the reliability of transmission , but UDP The agreement does not , Only transmit as much as possible .
• Duplex :tcp The agreement is two-way .UDP Agreement , It can be two-way , It can also be one to many , Or many to many , because UDP The protocol does not establish a connection .

5.3 TCP Packets and UDP The difference between packets

TCP Message structure

[ Failed to transfer the external chain picture , The origin station may have anti-theft chain mechanism , It is suggested to save the pictures and upload them directly (img-zfoQitPZ-1576242687558)(/img/tcp Data packets .jpeg)]

UDP Message structure

[ Failed to transfer the external chain picture , The origin station may have anti-theft chain mechanism , It is suggested to save the pictures and upload them directly (img-ZqQddOzR-1576242687560)(/img/udp Data packets .jpeg)]

After observing, you will find

• 1.tcp Baotou Bubi udp Head length , One for 20 byte , One for 8 byte !!! udp More space saving .
• 2.tcp The inside of the bag is better than udp A lot more things ！
• Serial number (seq): every last tcp They all have their own numbers , So there is order
• Confirmation no. : Is to confirm the sequence number of the next packet to be sent , stay ACK Mark is 1 In force , Usually : Confirmation no. = Serial number +1.
• 1. SYN: A sign to establish a connection
• 2. ACK: Confirm flag bit , It is just confirmed that the number is 1 Valid flags .
• 3. FIN: Release the connected flag .
• tcp and udp There are tests and , But in tcp It is necessary to test and , So you'll see a Fake head
• But in UDP Intermediate inspection is not necessary ！

5.4 TCP How the protocol establishes the connection ?( Three handshakes )

[ Failed to transfer the external chain picture , The origin station may have anti-theft chain mechanism , It is suggested to save the pictures and upload them directly (img-LOzny5wu-1576242687561)(/img/ Three handshakes .png)]

1. The sender ： Send a tcp package .

• among ： Sign a SYN=1, To establish a connection

2. The receiver , Receive a tcp package . Ready to return a packet .

• In this packet Sign a ACK and SYN All for 1, Why? ？
• ACK=1, Indicates receipt of the above Packets sent by the sender .
• SYN=1, Indicates that the receiving end is ready to establish a connection with the sending end .
• Both cases return in the same packet ！

3. The sender : received : Packets sent from the receiving end (SYN/ACK)

• At this time , The sender knows , The receiving end has received the packet just sent by itself ！
• meanwhile , The sender , You have to tell the receiver , The bag you sent me , I got it too ！

At this time, both parties have confirmed the communication and acceptance ability of the other party , You can establish a connection ！

5.3 Why do I need three handshakes instead of two ？

Because only three times can both sides confirm that the receptivity of the other side and themselves is normal ！

5.4 TCP Release ( End ) Connect ( Four waves )

[ Failed to transfer the external chain picture , The origin station may have anti-theft chain mechanism , It is suggested to save the pictures and upload them directly (img-VKyvAywx-1576242687561)(/img/ Four waves .png)]

1. Assume that the client is the active party . The client first sends a message .

• here , Client access FIN_WAIT_1 state
• Where the flag bit FIN=1, Express I'm ready to disconnect , I don't have any data to send to you ！.
• Ack=Z, Express : The sequence number of the next package you want to receive is Z
• Seq, Express : The serial number of this package .

2. The server receives a packet , You know that the client is ready to disconnect Client to server connection

• but Server to client connection Not disconnected yet .( At this time, the server may have data to send to the client ！)
• The server sends a packet (ACK=1), Express ： client , I know it. , If you disconnect, just disconnect ！
• here , Client access FIN_WAIT_2 state

3. When the server has no data to send , The server is ready to disconnect .

• Will send a message ( Sign a FIN=1), To the client .
• Express , I also want to disconnect ！
• here , Server access LAST_ACK state .

4. After the client confirms receiving the message .

• here , Client access TIME_WAIT state
• client Wait for a while , Find out No response has been received , Just disconnect .

5.5 Why do you need to wave four times , It only takes three handshakes ？

Look closely at the three handshakes and you will find that the second handshake ：

• The message returned by the server is (SYN+ACK)

But four waves , In the second wave and the third wave ：

• The server waved for the second time : Send the ACK message , Indicates that a message from the client is received .
• The server waved for the third time : Send the FIN message , Indicates that you can disconnect .

That's the difference , When waving, the server may There is also data that needs to be sent to the client , So you can't disconnect immediately ！ But when shaking hands , No need , Just confirm that the sending and receiving functions are normal OK La .

• So the server , Tell the client first , I got your message .
• When the server wants to disconnect , To notify the client ！

5.6 Why did you wave your hand at last , The client needs to wait for some time to disconnect ？

Because the client It must be confirmed that the server has received the message sent by itself , To safely disconnect ！

• Suppose the client doesn't wait , Disconnect directly , If the server side No message received from the client , Server side , Will send again and again FIN message …
• So , If the client waits for a period of time and receives a message from its own server FIN message , It indicates that the message server just did not receive . Will resend a ACK message .

5.7 what SYN attack ？

5.7.1 First of all, know what is Half a connection

It happened in TCP The process before the third handshake is called semi connection .

• SYN An attack occurs in a semi connection .

SYN An attack is to forge a large number of nonexistent ip, Send to server SYN message .

• The server is stupid , I don't know ip It's a forgery , Will reply until it times out ！
• fake SYN Bao Hui Occupy the unconnected queue for a long time , Cause normal requests to be discarded ！
• As a result, the server will be overloaded and down, or the processing speed will be very slow ！

5.8 TCP How does the protocol guarantee reliable transmission ？

• 1.TCP Is oriented to a byte stream , Packets will be sent after being cut or merged into appropriate sizes .
• 2.TCP The packets sent will be numbered , Is ordered .
• 3. The checksum , Will follow a certain algorithm , Check whether the message has been modified , change , Select whether to discard this message .
• 4.TCP Duplicate data will be lost , According to serial number .
• 5.TCP To ensure reliability , Every time a packet is sent , will stop it Confirm the other party's receipt before continuing to send ！ But what if the other party doesn't reply ？
• 6. The sender will have a timer , When it times out, it will resend the packet that has just received no reply ！ This is called timeout retransmission ！ But it doesn't seem to be very efficient , What else can we do ？
• 7. It's too much trouble to send a packet every time , So there is a way to send multiple packets one time in succession , The recipient only needs to confirm the latest grouping , By default, all the previous groups have been received ！ This is it. ARQ agreement , The disadvantage is that if the previous group is lost ！ Then it becomes a timeout retransmission .
• 8. Fast retransmission and fast recovery : When packets are lost , The sender does not know , But the recipient knows , Because of the discontinuous grouping , So? , He will send the same message repeatedly ( Serial number ) confirm , Trying to tell the sender , You lost your bag ！ The packet will be retransmitted after sending , This is it. Fast retransmission , Upon receipt by the recipient , In grouping discontinuities , Make it orderly , This is it. Fast recovery .

6. After the network layer is the transport layer , But we already know that in the transport layer UDP and TCP, Now let's look at... In the lower application layer http agreement , It is also something we have been in contact with recently .

6.1 What is? http agreement ？

http agreement ( Hypertext transfer protocol ), be based on TCP/IP To transfer data .

• Is a stateless protocol , To manage state, you need to use Cookie.

In short http History

• http/0.9, Simple transmission html, Only get.
• http/1.0, Official version , Default short connection , With post,head, Request has version and header , The response has States and headers , Can be transmitted without html,text, Pictures and more .
• http/1.1 Default long connection , You can drive more at the same time tcp Connect , With more caching strategies .
• Developed by Google SPDY agreement , To optimize the http/1.1 Some shortcomings of , Requests have priority , You can make the page display first , Adopt multiplexing technology , Compress the head , Reduce latency .

6.2 http Message format ？

http Messages can be divided into two categories , Request message and response message .

Request message

• Request line , Ask for the first , Blank line , Message body

response message

• Response line , Response head , Blank line , Message body

List some common request header fields

• Accept : Browser accepted MIME type
• Accept-Encoding: Supported encoding
• Accept-Language: It is best to xxx Language
• Content-Length: The length of the main content
• Connection: Whether the connection is persistent or not (Keep-Alive)
• User-Agent: Browser information

F12 Take your time .

6.3 Common status codes , Request method .

Common status code ,1 To 5, common 5 Kind of .

• 1xx Informational status code
• 2xx Success status code , The most common 200.
• 3xx Redirect the status code , common 302 Temporary redirection .
• 4xx Client error status code , common 404, Web page not found ,400 Request error .
• 5xx Server error status code common 500, The server code has bug, Request error .

Common request methods

• get , Access to resources
• post , Transmit data to the server for request processing , Things like forms .
• put It also wants to transfer data to the server for request processing , But replace the resources completely .
• head , Request message header .
• delete, Delete a resource (URI).

6.5 What is long connection ( Persistent connection ), What is short connection .

http Long connections can be viewed as tcp( A long connection ),http1.0 The default is long connection .

• Establishing a connection — To transmit data - disconnect … Establishing a connection - To transmit data - disconnect .
• Disconnect as soon as data is transmitted , Establish and disconnect each time , It seems a bit of a waste of time .
• When both parties need to operate frequently , Like a database connection .

http Long connections can be viewed as tcp( A long connection ),http1.1 The default is long connection .

• Establishing a connection - To transmit data … ( Keep connected ) … disconnect
• Maintain connection and data transmission , But too many connections will put too much pressure on the server .
• There are many users , Different frequent operations .

6.6 https and http The difference between ？

https Is in the http On the basis of , Added a secure socket layer . Encrypt data , No longer is the plaintext transmission ！

6.7 https How to encrypt ？

You have to know what it is first Symmetric encryption : You and I are Share a key Unlock the door .

Asymmetric encryption : Public key encryption , Only the private key can unlock , Similarly, the private key encrypts the public key, which can be unlocked .

What is CA? ,CA Namely Certificate Authority Center , The first third party organization . The certificate he issued to you is CA certificate . The certificate contains your basic information and public key .

What's up Digital summary ？ Is to put a string of plaintext , use hash Encrypted into a fixed length ciphertext , A little change will make a big difference .

What is that digital signature ?, They all said it was a signature ,CA On the digital summary , Encrypt with your own private key , It's called digital signature .

What's that digital certificate ？ digital certificate = digital signature + Original information .

The encryption process , First Asymmetric encryption stay Symmetric encryption transmission .

• The client sends the request .
• The server returns the digital certificate . How to ensure that the digital certificate on the way has not been changed , This is the function of the digital signature above .
• The client with CA Certificate of verification , See if it has been tampered with .
• ok, Digital certificate is OK . client Randomly generate a secret key , Encrypt with a public key .
• After the server receives it , Decrypt with your own private key , Get the secret key ！
• Then the two sides communicate on the symmetric secret key .

Why do we need so many of these , Sign , Summary , To ensure reliable transmission , See the following article for specific reasons .

• In depth understanding of https Communication encryption process

7. summary

1. Client to server , One packet after another , The top-down : Layer upon layer , Bottom up : Layers of unsealing , In this way, the transmission is completed again and again .

2. Each layer model in the network has a corresponding role , meanwhile , Each agreement has its own background and reasons , And some loopholes in the design .

3. I have combed and summarized my knowledge of network planning , There is a general outline . Of course, there are many agreements , It needs to be studied carefully in the future .

If there's something wrong , Or you can tell me what needs to be improved ！ Thank you for reading

Reference article

• TCP/IP Packet message format （IP package 、TCP Headlines 、UDP Headlines ）
• Type one in the browser address bar URL Back carriage return , What are the technical steps behind it ？
• The illustration ARP agreement （ One ）
• ip The principle of address distribution is explained in detail
• Network packet analysis ARP Packet analysis of the protocol
• TCP Message arrival confirmation (ACK) Mechanism
• TCP The principle and implementation of checksums
• TCP/IP Packet message format （IP package 、TCP Headlines 、UDP Headlines ）
• Do computer network interview , Just read this one （ Supplement ））
  * In depth understanding of https Communication encryption process