IP datagram inspection:
In order to calculate the I p inspection of a datagram, first set the inspection and field to 0. Then, each 16 bit of the first part is
Performing binary reflection summation (the entire head is consisting of a string of 16 bit), and the results are in the inspection and fields. when
After receiving an IP datagna, the first 16 bit is summed for each 16 bit in the first part. Since the recipient is calculated
26 Using TCP / IP, Volume 1: Agreement
download
The process contains the inspection in the first part of the sender, so if the header does not have any errors during the transmission process.
Then the result of the recipient calculation should be all 1.
This is the original text. When you look at some of the source code of the network program, it is found that it is almost all using the same program to calculate the inspection:
Ushort Checksum (Ushort * Buffer, Int size) {
Unsigned long cksum = 0;
While (size> 1) {CKSUM = * Buffer ; size - = sizeof (ushort);}
IF (size) {cksum = * (uchar *) buffer;}
CKSUM = (CKSUM >> 16) (CKSUM & 0xFFFF); CKSUM = (CKSUM >> 16); return (~ cksum);
Excerpt from the PING source code.
Everyone uses something that it seems to be wrong, but it is still necessary to use the stupid method to try it with the method.
Today is the ICMP protocol, basic format:
| -------- IP Data News ------------ - 20 Bytes - ---------------- IP head ICMP packet ------------------------------ ICMP packets are sent through the IP packet of.
ICMP format:
-- 8 --- ---- 8 --- ------ -------- 8-bit type 8-bit code 16-bit inspection and ---------------------------------- different types of different content and length - ---------------------------------
There are many types of ICMP messages, and there are a variety of code in each type.
Packets query packets and error messages. The error message will not nest. The error message includes the first 8 bytes of the IP header and the data section of the error, and links to the specific protocols and processes accordingly. Because the top 8 bytes of TCP and UDP include active ports and destination ports, you can find the user process with this connection. Only 8 bytes are returned in most implementations, and the system returns to the first 64 bytes. If it is a UDP message generated error, but no pre-Connect is linked to the specified port, the user process will not receive this error message. The kernel will discard after processing. The simple error retransmission mechanism in some TFTP implementations is discussed, waiting for 5 second retransmission, has been disabled by RFC. I use it in serial communication or this simple retransmission method, it seems to change.
The process of time cutting and reply is discussed in detail, and the address mask request and the format of the response packet. For ports that are unreachable, error messages are: ----------------- Port ICMP error messages ------------- ------------------ Ethernet first IP head ICMP head generated error IP head IP newspapers - 14 BYTES - 20 Bytes --- 8 Bytes ---- 20 Bytes ---- - 8 BYTES - According to the standard, in 5 cases, there will be no error messages, basically in order to avoid ICMP Broadcast storm.
This agreement is much simpler because of the type and specific details, but it is also relatively simple. If you don't make an agreement, you don't need to be very clear about each type. It seems that there is not much space that is not used. However, if a host tries to initiate a connection, send a camouflaged ICMP package tells it that "the port is not arrogant", how is the result? It is worth trying.
Volume 2, Chapter 13 HTTP Agreement
This chapter has made a brief introduction to the request and response format of HTTP. Since all delivered content is based on ASCII, although other binary, such as pictures, MIME files, but it is still possible to see the type of transfer from the request or response header, it is not difficult to analyze. These can be a real session process with Telnet or Nc. After reading the following chapter (Group 2 Chapter 14 HTTP Server), prepare to make a small web server from the handshake. The next plan of the company is to make most of the hardware can be operated directly by the browser. And these must be driven by a web server. I am a software, I don't need me to care about this. But I don't do it, practice is always a bad thing, and you can communicate with them. After reading a number of serious consequences of vulnerabilities about the web server, this should be paid attention from the beginning.
