Master Computer Networks: From OSI Layers to TCP Handshakes and Security Essentials

1. Say the computer network architecture

Computer network architectures generally include three models: OSI seven‑layer model, TCP/IP four‑layer model, and a five‑layer model.

OSI Seven‑Layer Model

Application layer: HTTP, FTP, SMTP, SNMP, DNS.

Presentation layer: data representation, encryption, compression.

Session layer: session management.

Transport layer: reliable data transfer.

Network layer: routing, protocols such as ICMP, IGMP, IP.

Data link layer: link‑level communication.

Physical layer: physical connection.

TCP/IP Four‑Layer Model

Application layer (covers OSI application, presentation, session).

Transport layer (corresponds to OSI transport).

Internet layer (corresponds to OSI network).

Network interface layer (corresponds to OSI data link and physical).

Five‑Layer Model

Application layer (covers OSI application, presentation, session).

Transport layer (corresponds to OSI transport).

Network layer (corresponds to OSI network).

Data link layer (corresponds to OSI data link).

Physical layer (corresponds to OSI physical).

2. Protocols in each layer

A table summarizes common protocols for each layer.

3. How data is transmitted between layers

Data is encapsulated layer by layer on the sender side and decapsulated in reverse order on the receiver side.

Application process sends data to the local application layer.

Each layer adds its own header (H5, H4, H2, T2, etc.).

Physical layer transmits the bit stream.

The process is analogous to writing a letter and adding envelopes at each step.

Network Integration

4. From URL entry to homepage display

DNS resolution: domain name to IP address.

TCP three‑way handshake to establish a connection.

Client sends HTTP request.

Server processes request and returns HTTP response.

Browser parses and renders the page.

Connection termination via TCP four‑way handshake.

5. DNS resolution process

Domain Name System (DNS) maps domain names to IP addresses.

Check browser cache.

Query local DNS server.

Local DNS queries root server for TLD server.

Root server returns TLD server IP (e.g., .com).

Local DNS queries TLD server for authoritative server.

Authoritative server returns the final IP address.

6. WebSocket vs. Socket

Socket is a low‑level IP + port + protocol interface; WebSocket is a persistent application‑layer protocol built on HTTP to provide full‑duplex communication.

7. Ports and services

A table lists common ports (e.g., 80 for HTTP, 443 for HTTPS) and their associated services.

8. Common HTTP status codes

1xx informational, 2xx success, 3xx redirection, 4xx client error, 5xx server error. Notable codes: 301 (permanent redirect), 302 (temporary redirect).

9. HTTP request methods

GET, POST, DELETE, PUT, etc., each mapping to read, create, update, delete operations.

10. Differences between GET and POST

GET parameters are in the URL, limited in length, less secure.

POST parameters are in the request body, no length limit, more secure.

11. HTTP request process and principles

Clients send requests; servers respond with status line, headers, and optional body.

12. URI vs. URL

URI identifies any resource; URL is a subset that also provides the location mechanism.

13. HTTP/1.0, 1.1, 2.0 differences

HTTP/1.0: short connections by default.

HTTP/1.1: persistent connections, chunked transfer, pipelining.

HTTP/2.0: binary framing, multiplexing, header compression, server push.

14. HTTP/3

Based on UDP and QUIC to improve latency and reliability.

15. TCP three‑way handshake

Client sends SYN.

Server replies SYN‑ACK.

Client sends ACK, establishing the connection.

16. Why three handshakes?

To avoid resource waste and ensure both sides are ready; two handshakes cannot guarantee reliability.

17. TCP four‑way termination

Client sends FIN.

Server ACKs.

Server sends FIN.

Client ACKs and enters TIME_WAIT.

18. TIME_WAIT purpose

Ensures the final ACK reaches the server and prevents old packets from being misinterpreted by new connections.

19. Keep‑alive timer

Detects dead peers by sending probe packets after inactivity.

20. TCP states CLOSE‑WAIT and TIME‑WAIT

CLOSE‑WAIT: server waits to finish sending data after receiving FIN. TIME‑WAIT: client waits to ensure the final ACK is received and old packets expire.

21. TCP flow control

Uses a sliding window; each side advertises its receive window size to regulate the sender’s rate.

22. TCP sliding window

Divides the window into sent‑and‑acked, sent‑but‑unacked, ready‑to‑send, and not‑ready‑to‑send segments.

23. Nagle algorithm and delayed ACK

Nagle reduces small packet overhead by sending only one unacknowledged segment at a time; delayed ACK postpones acknowledgments to combine them with data.

24. TCP congestion control

Manages network congestion using algorithms such as slow start, congestion avoidance, fast retransmit, and fast recovery, adjusting the congestion window (cwnd).

25. TCP retransmission mechanisms

Timeout retransmission (RTO based on RTT estimates).

Fast retransmit (triggered by three duplicate ACKs).

SACK (Selective Acknowledgment) to specify received blocks.

D‑SACK (Duplicate SACK) to detect duplicate packets.

26. TCP packet loss handling

On timeout, cwnd is reduced and slow start restarts; on fast retransmit, cwnd is halved and fast recovery continues.

27. TCP sticky packets and packet splitting

Because TCP is a byte stream, application data may be combined (sticky) or split; solutions include fixed‑length framing, delimiters, or length fields.

UDP

28. TCP vs. UDP differences

TCP is connection‑oriented, reliable, and ordered; UDP is connectionless, unreliable, and unordered, suitable for low‑latency applications.

29. Why QQ uses UDP

Voice and video require low latency; UDP avoids the overhead of TCP handshakes and retransmissions.

30. Why UDP is unreliable

No delivery guarantees.

No ordering.

No connection state.

No congestion control.

31. DNS over UDP

Typical DNS queries fit within a single UDP packet (≤512 bytes); TCP is used for zone transfers or large responses.

IP

32. IP protocol definition and role

IP operates at the network layer, providing addressing, routing, and fragmentation/reassembly for packets.

33. IP address classes

A (1‑126): /8 network.

B (128‑191): /16 network.

C (192‑223): /24 network.

D (224‑239): multicast.

E (240‑255): reserved.

34. Domain name vs. IP relationship

A domain name maps to one or more IP addresses; an IP can host multiple domain names (virtual hosting).

35. IPv4 exhaustion solutions

DHCP for dynamic allocation.

CIDR for efficient address aggregation.

NAT to share public IPs.

IPv6 deployment for a vastly larger address space.

36. ARP operation

Host checks its ARP cache for the target IP.

If missing, it broadcasts an ARP request.

The owner of the IP replies with its MAC address.

The requester caches the mapping and sends the packet.

37. Why both IP and MAC addresses exist

MAC addresses identify devices on the local link (layer 2); IP addresses identify hosts across networks (layer 3). Routers use IP for routing, while switches use MAC for forwarding.

38. ICMP functions

ICMP conveys control messages such as error reports and diagnostics (e.g., ping).

39. Ping mechanism

Host sends an ICMP Echo Request.

Target replies with an ICMP Echo Reply.

Round‑trip time is measured.

Network Security

40. Types of security attacks

Passive: eavesdropping, traffic analysis.

Active: tampering, malware, DoS.

41. DNS hijacking

Attacker replaces legitimate DNS records to redirect users to malicious sites. Mitigation includes using trusted DNS resolvers and HTTPS.

42. CSRF attacks

Cross‑Site Request Forgery tricks a logged‑in user’s browser into sending unwanted requests. Defenses: verify Referer header, use anti‑CSRF tokens, and require multi‑factor confirmation for sensitive actions.

43. DoS, DDoS, DRDoS

DoS: single source overwhelms a service.

DDoS: multiple sources coordinated attack.

DRDoS: attackers exploit third‑party servers to reflect traffic toward the victim.

44. XSS attacks

Cross‑Site Scripting injects malicious scripts into webpages. Prevention: input sanitization, output encoding, content security policies, and limiting input length.

45. Symmetric vs. asymmetric encryption

Symmetric encryption uses the same key for encryption and decryption (e.g., AES) and is fast. Asymmetric encryption uses a public‑private key pair (e.g., RSA) for secure key exchange but is slower.

46. RSA vs. AES

RSA: asymmetric, suitable for key exchange and digital signatures.

AES: symmetric, efficient for bulk data encryption.