Linux Network Foundation (CentOS7)

Common network connection methods##

LAN connection:
A local area network (LAN) is a network that exists in a certain area and can be connected to the Internet through the local area network.
wireless network:
As for the security protocol of wireless networks, WPA has replaced WEP as the mainstream technology for wireless networks.
Cable Broadband:
Digital Subscriber Line (DSL) uses ordinary telephone lines to transmit data. To use DSL, you need to apply to the telecommunications company. The telecommunications company provides a "set box."
The main domestic DSL technology used is ADSL (Asymmetric, asymmetric), which simply means that the upload and download speeds are different.
dial:
This method requires a modem device to convert the analog signal of the phone into a digital signal that the computer can understand. We call this device a "cat". With the explosive growth of data in the Internet era, this method has gradually faded out of people's vision.

OSI seven-layer model##

Application layer
Presentation layer
Session layer
Transport layer
Network layer
data link layer
Physical layer

TCP/IP four-layer model##

Application layer (1～3):
FTP、Telnet、DNS、SMTP
Transport layer (4):
Transmission Control Protocol (TCP) (reliable connection-oriented protocol), User Datagram Protocol (UDP) (unreliable connection-oriented protocol)
Internet layer (5):
Internet Protocol (IP), Internet Group Management Protocol (IGMP), Internet Control Message Protocol (ICMP) (ping)
Network interface layer (6～7):
Address Resolution Protocol (ARP) can translate IP addresses into physical addresses, and use physical addresses to transfer data in LAN

TCP/IP three-way handshake##

Three handshake.png

SYN：
Synchronize Sequence Numbers (Synchronize Sequence Numbers)
ACK：
Acknowledge character

Data encapsulation process##

Comparison of OSI model and TCP/IP two models

Same point:

Both OSI model and TCP/IP model adopt the characteristics of hierarchical structure
Both can provide connection-oriented and connectionless communication service mechanisms

difference:

The two models have different requirements for reliability, and TCP/IP has higher requirements
The OSI model is established before the development of various protocols and is universal, while the TCP/IP model is established after the protocol is developed, so it is only suitable for TCP/IP networks
The OSI model is just a theoretical model and has no actual product, while the TCP/IP model has become the "actual international standard"

IP address

definition###

IP (Internet Protocol) address is a unified address format provided by the IP protocol. The IP address is represented by 32 binary digits and each 8 binary digits is a group, and its range is 00000000.00000000.00000000.00000000～11111111.11111111.11111111.11111111, in decimal The integer is expressed as 0.0.0.0～255.255.255.255.

classification###

We divide the above-defined IP addresses into the following five categories: A, B, C, D, and E in a specific way. Among them, D and E IP addresses are not for civilian use and will not be discussed.

Network category	Maximum number of networks	IP address range	Maximum number of hosts	Private IP address
A	126（）	1.0.0.0~126.255.255.255	16777214（）	10.0.0.0～10.255.255.255
B	16384（）	128.0.0.0～191.255.255.255	65536（）	172.16.0.0~172.31.255.255
C	2097152（）	192.0.0.0～223.255.255.255	254（）	192.168.0.0~192.168.255.255

note:

Maximum number of networks:
The first octet binary number of each IP address in category A represents the current network segment, 0.0.0.0 does not represent any network, and 127.0.0.1 represents the machine, so the maximum number of networks in category A is

。
The first two sets of octet binary numbers of category B represent the current network segment, and the first three sets of octet binary numbers of category C represent the current network segment, so the maximum number of networks in category B and C can be calculated accordingly.

Maximum number of hosts:
For example, 1.0.0.0 of category A represents the network address, and 1.255.255.255 represents the broadcast address of the current network, so the maximum number of hosts in category A is

, B, C categories and so on.

Private IP address:
A certain segment of IP address specified by man can be reused in any different LAN, which can reduce the number of public IP addresses.

Subnet mask##

We mentioned earlier that the network address, host address, and broadcast address can be inferred from any IP address. The main function of the subnet mask is to separate the network address and host address from the IP address, and the subnet The mask must be used together with the IP address. If two computers want to communicate, it is necessary to determine whether the two computers are at the same network address. If the network address is the same, it means that the recipient is on the network, then the data packet can be sent directly to the target host, otherwise the routing gateway is required to transfer the data The packet is forwarded to the destination. The subnet mask is also used to further divide the network into several subnets to avoid too many hosts and congestion or too few IP waste.

display method###

Dotted decimal notation: binary conversion to decimal, every 8 bits are separated by a dot
For example: Subnet mask binary 11111111.11111111.11111111.00000000, expressed as 255.255.255.0
CIDR slash notation: IP address/number of "1"

Example 1: 192.168.1.100/24, its subnet mask is represented as 255.255.255.0, and its binary representation is 11111111.11111111.11111111.00000000
Example 2: 172.16.198.12/20, its subnet mask is represented as 255.255.240.0, and its binary representation is 11111111.11111111.11110000.00000000
It is not difficult to find that there are 24 1s in Example 1 and 20 1s in Example 2. The number of 1s also represents the length of the network number. Operators ISP often use this method to assign IP addresses to customers.

classification###

Default subnet mask (without subnetting): The 32-bit binary number of the subnet mask corresponds to the 32-bit binary number of the IP address. If a bit is a network address, the subnet mask is 1, otherwise Is 0. For example, for a class A IP address, the first section is the network address, and the remaining three sections are the host address, so the mask is "11111111.00000000.00000000.00000000"
Subnet mask corresponding to class A IP address:
255.0.0.0 , Expressed as /8 in CIDR
Subnet mask corresponding to class B IP address:
255.255.0.0 , Expressed as /16 in CIDR
Subnet mask corresponding to class C IP address:
255.255.255.0 , Expressed as /24 in CIDR
Custom subnet mask (used to divide subnets): After dividing a network into subnets, part of the original host number position is given to the subnet number, and the rest is the host number for the subnet. Its form is as follows:

IP address after subnetting: network number + subnet number + subnet host number

For example: 192.168.1.100/25, its subnet mask means: 255.255.255.128

This means that the highest 1 bit of the host bits in the 192.168.1.0 network segment is divided into subnets. Regarding the division of subnets, I will not elaborate here, and you can refer to other resources on the network for details.

The port number

We can compare the IP address to the recipient address and the port number to the recipient. The so-called port means that after a specific server is found through the IP address, there are many application ports on the server, and the port number means that each port is numbered.

Query port number command

Basic format: netstat [options]

Options:

- a：
  View all connections and listening ports
- n：
  Display the IP address and port number, not the domain name and service name

[ root@dad panjianqiao]# netstat -an
Active Internet connections(servers and established)
Proto Recv-Q Send-Q Local Address           Foreign Address         State      
tcp        000.0.0.0:1110.0.0.0:*               LISTEN #monitor
tcp        00192.168.122.1:530.0.0.0:*               LISTEN     
tcp        000.0.0.0:220.0.0.0:*               LISTEN     
tcp        00127.0.0.1:6310.0.0.0:*               LISTEN     
tcp        00127.0.0.1:250.0.0.0:*               LISTEN     
tcp        00192.168.172.146:3491485.12.30.226:443        ESTABLISHED #Link exists
tcp        00192.168.172.146:5797652.26.43.164:443        ESTABLISHED
tcp        00192.168.172.146:40268104.27.190.157:443      FIN_WAIT2  
tcp        00192.168.172.146:3490885.12.30.226:443        ESTABLISHED
tcp        00192.168.172.146:5499239.156.66.14:443        ESTABLISHED
tcp        00192.168.172.146:40168117.18.237.29:80        ESTABLISHED
tcp        00192.168.172.146:3481685.12.30.226:443        TIME_WAIT #time out
tcp        00192.168.172.146:56874203.208.50.95:443       ESTABLISHED
tcp        00192.168.172.146:4787452.84.44.53:443         ESTABLISHED
tcp        00192.168.172.146:3484285.12.30.226:443        ESTABLISHED
tcp        00192.168.172.146:4660223.49.60.160:80         ESTABLISHED
tcp        00192.168.172.146:3491285.12.30.226:443        TIME_WAIT  
tcp        00192.168.172.146:52922202.202.1.140:80        TIME_WAIT  
tcp        00192.168.172.146:3483685.12.30.226:443        ESTABLISHED
tcp        00192.168.172.146:3862834.211.94.5:443         ESTABLISHED
tcp        00192.168.172.146:40258104.27.190.157:443      ESTABLISHED
tcp        00192.168.172.146:3489085.12.30.226:443        ESTABLISHED
tcp        00192.168.172.146:55468203.208.39.247:80       ESTABLISHED
tcp        00192.168.172.146:49432104.19.197.151:443      ESTABLISHED
tcp        00192.168.172.146:4791852.222.223.94:443       ESTABLISHED
tcp        00192.168.172.146:3576652.222.223.19:443       ESTABLISHED
tcp        00192.168.172.146:5501039.156.66.14:443        ESTABLISHED
tcp        00192.168.172.146:3484485.12.30.226:443        ESTABLISHED
tcp        00192.168.172.146:3490485.12.30.226:443        ESTABLISHED
tcp        00192.168.172.146:49166221.180.224.32:443      TIME_WAIT  
tcp        00192.168.172.146:39628117.78.24.34:80         ESTABLISHED
tcp        00192.168.172.146:56870203.208.50.95:443       TIME_WAIT  
tcp        00192.168.172.146:3491085.12.30.226:443        ESTABLISHED
tcp        00192.168.172.146:3483485.12.30.226:443        ESTABLISHED
tcp        00192.168.172.146:3485285.12.30.226:443        ESTABLISHED
tcp        00192.168.172.146:3489485.12.30.226:443        ESTABLISHED
tcp        00192.168.172.146:55402203.208.39.247:80       ESTABLISHED
tcp        00192.168.172.146:52924202.202.1.140:80        TIME_WAIT  
tcp        00192.168.172.146:55434203.208.39.247:80       ESTABLISHED
tcp        00192.168.172.146:3485485.12.30.226:443        ESTABLISHED
tcp        00192.168.172.146:40206117.18.237.29:80        ESTABLISHED
tcp        00192.168.172.146:38382203.208.40.96:443       ESTABLISHED
tcp        00192.168.172.146:3491685.12.30.226:443        ESTABLISHED
tcp        00192.168.172.146:5802852.26.43.164:443        ESTABLISHED
tcp        00192.168.172.146:52806202.202.1.140:80        TIME_WAIT  
tcp        00192.168.172.146:52804202.202.1.140:80        TIME_WAIT  
tcp        00192.168.172.146:49402104.19.197.151:443      ESTABLISHED
tcp        00192.168.172.146:56868203.208.50.95:443       TIME_WAIT  
tcp        00192.168.172.146:56872203.208.50.95:443       TIME_WAIT  
tcp        00192.168.172.146:55434203.208.41.68:443       ESTABLISHED
tcp        00192.168.172.146:3484885.12.30.226:443        ESTABLISHED
tcp        00192.168.172.146:5498039.156.66.14:443        ESTABLISHED
tcp        00192.168.172.146:52808202.202.1.140:80        TIME_WAIT  
tcp        00192.168.172.146:52920202.202.1.140:80        TIME_WAIT  
tcp        00192.168.172.146:55432203.208.39.247:80       ESTABLISHED
tcp        00192.168.172.146:3483285.12.30.226:443        ESTABLISHED
tcp        00192.168.172.146:3490685.12.30.226:443        ESTABLISHED
tcp        00192.168.172.146:3482485.12.30.226:443        ESTABLISHED
tcp        00192.168.172.146:42554203.208.41.78:443       ESTABLISHED
tcp        00192.168.172.146:4394454.186.208.3:443        ESTABLISHED
tcp        00192.168.172.146:57072151.139.128.14:80       ESTABLISHED
tcp6       00:::111:::*                    LISTEN     
tcp6       00:::22:::*                    LISTEN     
tcp6       00::1:631:::*                    LISTEN     
tcp6       00::1:25:::*                    LISTEN     
udp        00192.168.122.1:530.0.0.0:*                          #UDP does not exist monitoring
udp        000.0.0.0:670.0.0.0:*                          
udp        000.0.0.0:680.0.0.0:*                          
udp        000.0.0.0:1110.0.0.0:*                          
udp        000.0.0.0:53530.0.0.0:*                          
udp        00192.168.172.146:44354192.168.172.2:53        ESTABLISHED
udp        000.0.0.0:8800.0.0.0:*                          
udp        000.0.0.0:433790.0.0.0:*                          
udp6       00:::111:::*                               
udp6       00:::880:::*                               
raw6       00:::58:::*7

Common port number###

FTP：20 21

SSH：22
talnet (not recommended): 23
DNS：53
http：80
SMTP (Simple Mail Transfer Protocol): 25
POP3 (Post Office Protocol 3rd Generation): 110

DNS

DNS (Domain Name System, also known as name resolution) points domain names to Internet IP addresses. People can directly access the corresponding IP addresses through domain names. For example, the domain name of Dalian Maritime University is https://www.dlmu.edu .cn/, the IP address is 202.118.86.88, we can visit the website directly through the domain name without memorizing the IP address.

hosts file###

The hosts file is a file that associates IP and domain names. For example, I use VMware to install two CentOS virtual machines on my laptop, one named dad and the other named son. Modify the hosts file so that the two virtual machines can access each other. The specific operation as follows:

# In the terminal under the first centos virtual machine:
[ root@dad panjianqiao]# hostnamectl set-hostname dad #Modify the host name to dad, this command will take effect immediately and permanently
[ root@dad panjianqiao]# hostname #View host name
dad
[ root@dad panjianqiao]# ifconfig
ens33: flags=4163mtu 1500
  inet 192.168.172.146  netmask 255.255.255.0  broadcast 192.168.172.255 
  # The previous line is the IP address, subnet mask address, and broadcast address of the dad host
  inet6 fe80::b151:66fa:86a8:77d4  prefixlen 64  scopeid 0x20
  ether 00:0c:29:5a:b8:48  txqueuelen 1000(Ethernet)
  RX packets 91689  bytes 128904041(122.9 MiB)
  RX errors 0  dropped 0  overruns 0  frame 0
  TX packets 30004  bytes 2099851(2.0 MiB)
  TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

lo: flags=73mtu 65536
  inet 127.0.0.1  netmask 255.0.0.0
  inet6 ::1  prefixlen 128  scopeid 0x10
  loop  txqueuelen 1000(Local Loopback)
  RX packets 801  bytes 72812(71.1 KiB)
  RX errors 0  dropped 0  overruns 0  frame 0
  TX packets 801  bytes 72812(71.1 KiB)
  TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

virbr0: flags=4099mtu 1500
  inet 192.168.122.1  netmask 255.255.255.0  broadcast 192.168.122.255
  ether 52:54:00:31:2d:b6  txqueuelen 1000(Ethernet)
  RX packets 0  bytes 0(0.0 B)
  RX errors 0  dropped 0  overruns 0  frame 0
  TX packets 0  bytes 0(0.0 B)
  TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0
# Perform the same operation in the second virtual machine, change the host name to son, and readers can complete the specific operations themselves
# Modify the hosts file
[ root@dad panjianqiao]# cat /etc/hosts #View the hosts file
127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4
::1   localhost localhost.localdomain localhost6 localhost6.localdomain6
[ root@dad panjianqiao]# vim /etc/hosts #Edit the file and add the host name (or domain name) and IP address associated fields in the hosts file
# The following is the content of the added file. For specific vim operations, you can refer to related information
127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4
::1   localhost localhost.localdomain localhost6 localhost6.localdomain6
192.168.172.146 dad
192.168.172.145 son

At this point, the hosts file is modified, use the ping command to test whether the two virtual machines can communicate

# Test dad
[ root@dad panjianqiao]# ping son
PING son(192.168.172.145)56(84) bytes of data.64 bytes fromson(192.168.172.145): icmp_seq=1 ttl=64 time=0.549 ms
64 bytes fromson(192.168.172.145): icmp_seq=2 ttl=64 time=0.661 ms
64 bytes fromson(192.168.172.145): icmp_seq=3 ttl=64 time=0.709 ms
64 bytes fromson(192.168.172.145): icmp_seq=4 ttl=64 time=0.609 ms
64 bytes fromson(192.168.172.145): icmp_seq=5 ttl=64 time=0.636 ms
64 bytes fromson(192.168.172.145): icmp_seq=6 ttl=64 time=0.649 ms
64 bytes fromson(192.168.172.145): icmp_seq=7 ttl=64 time=0.783 ms
64 bytes fromson(192.168.172.145): icmp_seq=8 ttl=64 time=0.911 ms
^ Z
[3]+ Stopped                 ping son
# Use control and z to exit the ping operation
# Test son
[ root@son panjianqiao]# ping dad
PING dad(192.168.172.146)56(84) bytes of data.64 bytes fromdad(192.168.172.146): icmp_seq=1 ttl=64 time=0.582 ms
64 bytes fromdad(192.168.172.146): icmp_seq=2 ttl=64 time=0.831 ms
64 bytes fromdad(192.168.172.146): icmp_seq=3 ttl=64 time=0.854 ms
64 bytes fromdad(192.168.172.146): icmp_seq=4 ttl=64 time=0.926 ms
64 bytes fromdad(192.168.172.146): icmp_seq=5 ttl=64 time=1.03 ms
64 bytes fromdad(192.168.172.146): icmp_seq=6 ttl=64 time=0.963 ms
64 bytes fromdad(192.168.172.146): icmp_seq=7 ttl=64 time=0.733 ms
64 bytes fromdad(192.168.172.146): icmp_seq=8 ttl=64 time=0.929 ms

Two virtual machines can communicate successfully!

From hosts file to DNS

If we write all domain names and IP addresses into the hosts file, it seems that we can solve the problem of accessing through domain names, but because all IP addresses are too large, and the hosts file is only valid for the current host file, DNS service is required to resolve all domain names .

Domain name

The global domain name has a management organization ICANN (Internet Corporation for Assigned Names and Numbers), headquartered in California. However, there are a large number of domain names in the world. ICANN will not manage all domain names by itself, but will host the domain names. All matters of the domain names are the responsibility of the custodian, and ICANN only contacts the custodian.

One of ICANN’s main tasks is to specify top level domains (TLDs). TLDs can be divided into general top-level domains (gTLDs), such as .com, .net, .edu, .org There are more than 700 etc., and more than 300 country top-level domains (ccTLD), such as .cn and .hk.

Since ICANN manages all top-level domain names, it is the highest-level domain name node and is called the root domain. On some occasions, www.example.com is written as www.example.com., which means that there will be one more point at the end. This point is the root domain name. In theory, all domain name queries must first query the root domain name, because only the root domain name can tell you which server manages a certain top-level domain name. In fact, it is true. ICANN maintains a list of top-level domain names and corresponding custodians.

Domain structure

Root domain
Top-level domain
General top-level domain
Country top-level domain
Secondary domain
CPU name

Gateway

The role of routers and switches

The switch is a device connected in the local area network that does not recognize IP but only recognizes MAC address
A router is a device that can transmit data between different LANs. The router can be regarded as a gateway
The gateway can be a router or a server with routing function

The role of the gateway###

Gateways are needed between different networks to exchange data
Convert private IP address to public IP address