Unlocking TCP, UDP, IP & More: A Deep Dive into Network Protocols

01、TCP

1. Source and Destination Port Numbers: Represented with 16 bits, ranging from 0 to 65535, they identify processes on the source and destination hosts for transport‑layer multiplexing and demultiplexing.

2. Sequence Number: Used to distinguish original transmission from retransmissions, and to prevent replay attacks within a connection.

3. Replay Attack: An attacker re‑sends captured encrypted fragments to a server; using a nonce with the password before encryption makes each ciphertext unique.

4. Acknowledgment Number: Paired with the sequence number, it indicates the next expected byte sequence from the sender.

5. Header Length: 4 bits, indicating the number of 32‑bit words; the maximum header size is 64 bytes, typically 20 bytes without options.

6. Flag Bits: Each 1‑bit flag (SYN, FIN, ACK, RST, PSH, URG, CWR, ECE) controls connection establishment, termination, acknowledgment, reset, push, urgent data, and congestion notification.

7. Explicit Congestion Notification: Routers set the ECN bits; the receiver echoes ECE, the sender halves its congestion window and sets CWR.

8. Receive Window: Flow‑control field indicating how much buffer space the receiver has left; the sender uses the minimum of receive window and congestion window.

9. Internet Checksum: 16‑bit checksum covering the TCP header and data to detect errors.

10. Urgent Pointer: Points to the last byte of urgent data.

02、UDP

1. Source and Destination Port Numbers: Same 16‑bit range (0‑65535) as TCP, used for multiplexing.

2. Length: 16‑bit field indicating the total length of UDP header (8 bytes) plus data, up to 65535 bytes.

3. Internet Checksum: 16‑bit checksum covering the UDP header and data.

03、IP

1. Version: 4 bits indicating IPv4 (value 4) or IPv6 (value 6).

2. Header Length: 4 bits, maximum 64 bytes; typically 20 bytes without options.

3. Type of Service: Differentiates traffic types (e.g., real‑time IP‑telephony vs. non‑real‑time HTTP).

4. Total Length: 16‑bit field, up to 65535 bytes; practical MTU limits often keep packets ≤1500 bytes.

5. Identification, Flags, Fragment Offset: Used for fragmentation and reassembly of IP packets.

6. Time‑to‑Live (TTL): 8‑bit field decremented by each router; packet is discarded when it reaches zero.

7. Protocol: Indicates the encapsulated transport protocol (6 = TCP, 17 = UDP).

8. Header Checksum: Checks only the IP header for errors.

9. Source and Destination IP Addresses: Identify the sending and receiving hosts.

04、IPv6

1. Version: Same 4‑bit field as IPv4.

2. Traffic Class: Similar purpose to IPv4’s Type of Service.

3. Flow Label: Used to identify traffic flows for special handling.

4. Payload Length: 16‑bit field; IPv6 does not fragment, so this length excludes the fixed 40‑byte IPv6 header.

5. Next Header: Replaces IPv4’s Options field; indicates the type of the following header.

6. Hop Limit: Same function as IPv4 TTL.

7. Source and Destination Addresses: 128‑bit addresses.

05、IPSec

ESP (Encapsulation Security Payload) and SPI (Security Parameter Index)

IPSec encrypts IP packets through the following steps:

1. Append an ESP trailer to the original IPv4 packet (header + data).

2. Encrypt the result using the algorithm and key defined by the Security Association (SA).

3. Add an ESP header in front of the encrypted payload.

4. Compute a MAC (Message Authentication Code) over the entire ESP packet.

5. Append the MAC to the trailer.

6. Generate a new outer IPv4 header with the addresses of the security gateways; after decryption, the original inner packet is extracted.

06、Ethernet Frame Structure

1. Preamble: 7 bytes of 0xAA followed by 1 byte of 0xAB; synchronizes sender and receiver clocks.

2. Destination and Source MAC Addresses: 6‑byte addresses (e.g., AA‑AA‑AA‑AA‑AA‑AA).

3. EtherType: Indicates the encapsulated protocol (e.g., IPv4, IPv6).

4. CRC: Cyclic Redundancy Check for error detection; frames failing CRC are discarded.

07、802.1Q Ethernet Frame

Extends the standard Ethernet frame with a 4‑byte VLAN tag consisting of a 2‑byte Tag Protocol Identifier, a 2‑byte Priority/CFI/VID field.

08、802.11 Wireless Link Frame

1. Frame Control: Type and subtype fields differentiate management, control, and data frames; To/From DS fields indicate address meanings; WEP bit shows encryption usage.

2. Duration: Indicates the time the channel is reserved (used by RTS/CTS).

3. RTS/CTS Mechanism: Prevents hidden‑node collisions by exchanging Request‑to‑Send and Clear‑to‑Send frames before data transmission.

4. Address Fields: Up to four MAC addresses (receiver, transmitter, distribution system, and optional AP address).

5. Payload: Carries upper‑layer data, typically < 1500 bytes, maximum 2312 bytes.

6. CRC: Cyclic Redundancy Check for error detection.

09、SSL Record

The first three fields are not encrypted.

1. Type: Indicates whether the record is a handshake, application data, or a closure.

2. Version: Self‑describing protocol version.

3. Length: Specifies the size of the following encrypted fragment.

10、RTP (Real‑Time Transport Protocol)

1. Payload Type: 7‑bit field indicating the audio codec (e.g., PCM, ADPCM, LPC).

2. Sequence Number: 16‑bit counter incremented for each RTP packet; used for loss detection and reordering.

3. Timestamp: Reflects the sampling instant of the first byte in the RTP payload.

4. Synchronization Source Identifier (SSRC): Randomly chosen 32‑bit identifier that distinguishes the RTP stream source.

11、OpenFlow Flow Table

Network‑layer protocols and actions are abstracted into match‑action flow entries; for example, a router’s forwarding table matches destination IP addresses and forwards packets accordingly.