Linux高新能服务器编程笔记 -- Chapter1 TCP/IP协议栈

查看服务端口号 sudo cat /etc/services

kali@kali:/etc$ sudo cat services 
# Network services, Internet style
#
# Note that it is presently the policy of IANA to assign a single well-known
# port number for both TCP and UDP; hence, officially ports have two entries
# even if the protocol doesn't support UDP operations.
#
# Updated from https://www.iana.org/assignments/service-names-port-numbers/service-names-port-numbers.xhtml .
#
# New ports will be added on request if they have been officially assigned
# by IANA and used in the real-world or are needed by a debian package.
# If you need a huge list of used numbers please install the nmap package.

tcpmux          1/tcp                           # TCP port service multiplexer
echo            7/tcp
echo            7/udp
discard         9/tcp           sink null
discard         9/udp           sink null
systat          11/tcp          users
daytime         13/tcp
daytime         13/udp
netstat         15/tcp
qotd            17/tcp          quote
chargen         19/tcp          ttytst source
chargen         19/udp          ttytst source
ftp-data        20/tcp
ftp             21/tcp
fsp             21/udp          fspd
ssh             22/tcp                          # SSH Remote Login Protocol
telnet          23/tcp
smtp            25/tcp          mail
time            37/tcp          timserver
time            37/udp          timserver
whois           43/tcp          nicname
tacacs          49/tcp                          # Login Host Protocol (TACACS)
tacacs          49/udp
domain          53/tcp                          # Domain Name Server
domain          53/udp
bootps          67/udp
bootpc          68/udp
tftp            69/udp
gopher          70/tcp                          # Internet Gopher
finger          79/tcp
http            80/tcp          www             # WorldWideWeb HTTP
kerberos        88/tcp          kerberos5 krb5 kerberos-sec     # Kerberos v5
kerberos        88/udp          kerberos5 krb5 kerberos-sec     # Kerberos v5
iso-tsap        102/tcp         tsap            # part of ISODE
acr-nema        104/tcp         dicom           # Digital Imag. & Comm. 300
pop3            110/tcp         pop-3           # POP version 3
sunrpc          111/tcp         portmapper      # RPC 4.0 portmapper
sunrpc          111/udp         portmapper
auth            113/tcp         authentication tap ident
nntp            119/tcp         readnews untp   # USENET News Transfer Protocol
ntp             123/udp                         # Network Time Protocol
epmap           135/tcp         loc-srv         # DCE endpoint resolution
netbios-ns      137/tcp                         # NETBIOS Name Service
netbios-ns      137/udp
netbios-dgm     138/tcp                         # NETBIOS Datagram Service
netbios-dgm     138/udp
netbios-ssn     139/tcp                         # NETBIOS session service
netbios-ssn     139/udp
imap2           143/tcp         imap            # Interim Mail Access P 2 and 4
snmp            161/tcp                         # Simple Net Mgmt Protocol
snmp            161/udp
snmp-trap       162/tcp         snmptrap        # Traps for SNMP
snmp-trap       162/udp         snmptrap
cmip-man        163/tcp                         # ISO mgmt over IP (CMOT)
cmip-man        163/udp
cmip-agent      164/tcp
cmip-agent      164/udp
mailq           174/tcp                 # Mailer transport queue for Zmailer
xdmcp           177/udp                 # X Display Manager Control Protocol
bgp             179/tcp                         # Border Gateway Protocol
smux            199/tcp                         # SNMP Unix Multiplexer
qmtp            209/tcp                         # Quick Mail Transfer Protocol

ARP协议： IP地址到物理地址的转换

查看arp高速缓存

arp -a

kali@kali:~$ sudo arp -a
? (192.168.152.2) at 00:50:56:e6:96:7d [ether] on eth0
? (192.168.152.254) at 00:50:56:ef:ad:b8 [ether] on eth0

查看 IP: ip a

kali@kali:~$ ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host 
       valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
    link/ether 00:0c:29:0c:c4:4d brd ff:ff:ff:ff:ff:ff
    inet 192.168.152.128/24 brd 192.168.152.255 scope global dynamic noprefixroute eth0
       valid_lft 1670sec preferred_lft 1670sec
    inet6 fe80::20c:29ff:fe0c:c44d/64 scope link noprefixroute 
       valid_lft forever preferred_lft forever
3: tun0: <POINTOPOINT,MULTICAST,NOARP,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UNKNOWN group default qlen 100
    link/none 
    inet 10.8.77.60/16 brd 10.8.255.255 scope global tun0
       valid_lft forever preferred_lft forever
    inet6 fe80::a31a:cd83:2e17:9ad9/64 scope link stable-privacy 
       valid_lft forever preferred_lft forever

tun0 是一个隧道应用：转自：https://unix.stackexchange.com/questions/82673/what-is-the-tun-network-interface-for

Some operating systems allow the generation of virtual network interfaces that do not connect to a wire but to a process that simulates the network. Often these devices are called TUN or TAP.

As @slm has already written, a TUN interface is a software loopback that emulates a network interface the same as a TAP interface. In practical terms, a TUN interface is the emulation of a layer 3 interface. That is, it is a network layer emulation device that can tunnel data packets of varied nature, be it raw TCP, UDP, SCTP or encapsulated packets such as PPP, PPTP, AH/IPSEC, whatever. On the other hand, a TAP interface is the emulation of a layer 2 interface, that is it is a data link emulation device that can work as a raw ethernet, arcnet, token ring, etc.

telnet 通信

kali@kali:~$ telnet 192.168.1.209 22
Trying 192.168.1.209...
Connected to 192.168.1.209.
Escape character is '^]'.
SSH-2.0-OpenSSH_7.2p2 Ubuntu-4ubuntu2.8

tcpdump监听telnet数据流

kali@kali:~$ sudo tcpdump -i eth0 -ent dst 192.168.1.209
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth0, link-type EN10MB (Ethernet), capture size 262144 bytes
00:0c:29:0c:c4:4d > 00:50:56:e6:96:7d, ethertype IPv4 (0x0800), length 74: 192.168.152.128.47226 > 192.168.1.209.22: Flags [S], seq 4060215195, win 64240, options [mss 1460,sackOK,TS val 85834988 ecr 0,nop,wscale 7], length 0
00:0c:29:0c:c4:4d > 00:50:56:e6:96:7d, ethertype IPv4 (0x0800), length 54: 192.168.152.128.47226 > 192.168.1.209.22: Flags [.], ack 980118732, win 64240, length 0
00:0c:29:0c:c4:4d > 00:50:56:e6:96:7d, ethertype IPv4 (0x0800), length 54: 192.168.152.128.47226 > 192.168.1.209.22: Flags [.], ack 42, win 64199, length 0

linux 访问DNS服务

linux使用 /etc/resolv.conf 文件存放DNS服务器的IP地址

DNS服务器地址为192.168.152.2

kali@kali:~$ cat /etc/resolv.conf 
# Generated by NetworkManager
search localdomain
nameserver 192.168.152.2

使用DNS服务器查询www.baidu.com IP地址-->host命令

kali@kali:~$ man host
kali@kali:~$ host www.baidu.com
www.baidu.com is an alias for www.a.shifen.com.
www.a.shifen.com has address 183.232.231.174
www.a.shifen.com has address 183.232.231.172

tcpdump观测DNS通信：

kali@kali:~$ sudo tcpdump -i eth0 -nt -s 500 port domain
[sudo] password for kali: 
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth0, link-type EN10MB (Ethernet), capture size 500 bytes
IP 192.168.152.128.52311 > 192.168.152.2.53: 6138+ A? www.baidu.com. (31)
IP 192.168.152.2.53 > 192.168.152.128.52311: 6138 3/5/5 CNAME www.a.shifen.com., A 183.232.231.172, A 183.232.231.174 (260)

IP 192.168.152.128.52311 > 192.168.152.2.53: 6138+ A? www.baidu.com. (31)

中 +代表递归查询，A为使用A类型的查询方式，（31）为DNS查询报文长度。6138为查询报文标识符

3/3/5表示应答报文中有3个应答资源记录，5个授权资源记录和4个额外信息记录。

来源：oschina

链接：https://my.oschina.net/u/4342268/blog/4317785

标签

layer