TCP IP详解卷1协议 第二版(英文版)
作者:(美)KevinR.Fall,W.RichardStevens 著
出版时间:2012年版
内容简介
《TCP/IP详解》是已故网络专家、著名技术作家W. RichardStevens的传世之作,内容详尽且极具权威,被誉为TCP/IP领域的不朽名著。 本书是《TCP/IP详解》的第1卷,主要讲述TCP/IP协议,结合大量实例讲述TCP/IP协议族的定义原因,以及在各种不同的操作系统中的应用及工作方式。第2版在保留Stevens卓越的知识体系和写作风格的基础上,新加入的作者KevinR.Fall结合其作为TCP/IP协议研究领域领导者的尖端经验来更新本书,反映了最新的协议和最佳的实践方法。首先,他介绍了TCP/IP的核心目标和体系结构概念,展示了它们如何能连接不同的网络和支持多个服务同时运行。接着,他详细解释了IPv4和IPv6网络中的互联网地址。然后,他采用自底向上的方式来介绍TCP/IP的结构和功能:从链路层协议(如Ethernet和Wi-Fi),经网络层、传输层到应用层。 书中依次全面介绍了ARP、DHCP、NAT、防火墙、ICMPv4/ICMPv6、广播、多播、UDP、DNS等,并详细介绍了可靠传输和TCP,包括连接管理、超时、重传、交互式数据流和拥塞控制。此外,还介绍了安全和加密的基础知识,阐述了当前用于保护安全和隐私的重要协议,包括EAP、IPsec、TLS、DNSSEC和DKIM。 本书适合任何希望理解TCP/IP协议如何实现的人阅读,更是TCP/IP领域研究人员和开发人员的权威参考书。无论你是初学者还是功底深厚的网络领域高手,本书都是案头必备,将帮助你更深入和直观地理解整个协议族,构建更好的应用和运行更可靠、更高效的网络。
目录
Foreword v
Chapter 1 Introduction
1.1 Architectural Principles 2
1.1.1 Packets, Connections, and Datagrams 3
1.1.2 The End-to-End Argument and Fate Sharing 6
1.1.3 Error Control and Flow Control 7
1.2 Design and Implementation 8
1.2.1 Layering 8
1.2.2 Multiplexing, Demultiplexing, and Encapsulation inLayered
Implementations 10
1.3 The Architecture and Protocols of the TCP/IP Suite 13
1.3.1 The ARPANET Reference Model 13
1.3.2 Multiplexing, Demultiplexing, and Encapsulation in TCP/IP16
1.3.3 Port Numbers 17
1.3.4 Names, Addresses, and the DNS 19
1.4 Internets, Intranets, and Extranets 19
1.5 Designing Applications 20
1.5.1 Client/Server 20
1.5.2 Peer-to-Peer 21
1.5.3 Application Programming Interfaces (APIs) 22
Preface to the Second Edition vii
Adapted Preface to the First Edition xiii
1.6 Standardization Process 22
1.6.1 Request for Comments (RFC) 23
1.6.2 Other Standards 24
1.7 Implementations and Software Distributions 24
1.8 Attacks Involving the Internet Architecture 25
1.9 Summary 26
1.10 References 28
Chapter 2 The Internet Address Architecture 3
2.1 Introduction 31
2.2 Expressing IP Addresses 32
2.3 Basic IP Address Structure 34
2.3.1 Classful Addressing 34
2.3.2 Subnet Addressing 36
2.3.3 Subnet Masks 39
2.3.4 Variable-Length Subnet Masks (VLSM) 41
2.3.5 Broadcast Addresses 42
2.3.6 IPv6 Addresses and Interface Identifiers 43
2.4 CIDR and Aggregation 46
2.4.1 Prefixes 47
2.4.2 Aggregation 48
2.5 Special-Use Addresses 50
2.5.1 Addressing IPv4/IPv6 Translators 52
2.5.2 Multicast Addresses 53
2.5.3 IPv4 Multicast Addresses 54
2.5.4 IPv6 Multicast Addresses 57
2.5.5 Anycast Addresses 62
2.6 Allocation 62
2.6.1 Unicast 62
2.6.2 Multicast 65
2.7 Unicast Address Assignment 65
2.7.1 Single Provider/No Network/Single Address 66
2.7.2 Single Provider/Single Network/Single Address 67
2.7.3 Single Provider/Multiple Networks/Multiple Addresses 67
2.7.4 Multiple Providers/Multiple Networks/Multiple Addresses
(Multihoming) 68
Contents xvii
2.8 Attacks Involving IP Addresses 70
2.9 Summary 71
2.10 References 72
Chapter 3 Link Layer 79
3.1 Introduction 79
3.2 Ethernet and the IEEE 802 LAN/MAN Standards 80
3.2.1 The IEEE 802 LAN/MAN Standards 82
3.2.2 The Ethernet Frame Format 84
3.2.3 802.1p/q: Virtual LANs and QoS Tagging 89
3.2.4 802.1AX: Link Aggregation (Formerly 802.3ad) 92
3.3 Full Duplex, Power Save, Autonegotiation, and 802.1X FlowControl 94
3.3.1 Duplex Mismatch 96
3.3.2 Wake-on LAN (WoL), Power Saving, and Magic Packets 96
3.3.3 Link-Layer Flow Control 98
3.4 Bridges and Switches 98
3.4.1 Spanning Tree Protocol (STP) 102
3.4.2 802.1ak: Multiple Registration Protocol (MRP) 111
3.5 Wireless LANs—IEEE 802.11(Wi-Fi) 111
3.5.1 802.11 Frames 113
3.5.2 Power Save Mode and the Time Sync Function (TSF) 119
3.5.3 802.11 Media Access Control 120
3.5.4 Physical-Layer Details: Rates, Channels, and Frequencies123
3.5.5 Wi-Fi Security 129
3.5.6 Wi-Fi Mesh (802.11s) 130
3.6 Point-to-Point Protocol (PPP) 130
3.6.1 Link Control Protocol (LCP) 131
3.6.2 Multi link PPP (MP) 137
3.6.3 Compression Control Protocol (CCP) 139
3.6.4 PPP Authentication 140
3.6.5 Network Control Protocols (NCPs) 141
3.6.6 Header Compression 142
3.6.7 Example 143
3.7 Loopback 145
3.8 MTU and Path MTU 148
3.9 Tunneling Basics 149
3.9.1 Unidirectional Links 153
x viii Contents
3.10 Attacks on the Link Layer 154
3.11 Summary 156
3.12 References 157
Chapter 4 ARP: Address Resolution Protocol 165
4.1 Introduction 165
4.2 An Example 166
4.2.1 Direct Delivery and ARP 167
4.3 ARP Cache 169
4.4 ARP Frame Format 170
4.5 ARP Examples 171
4.5.1 Normal Example 171
4.5.2 ARP Request to a Nonexistent Host 173
4.6 ARP Cache Timeout 174
4.7 Proxy ARP 174
4.8 Gratuitous ARP and Address Conflict Detection (ACD) 175
4.9 The arp Command 177
4.10 Using ARP to Set an Embedded Device’s IPv4 Address 178
4.11 Attacks Involving ARP 178
4.12 Summary 179
4.13 References 179
Chapter 5 The Internet Protocol (IP) 18
5.1 Introduction 181
5.2 IPv4 and IPv6 Headers 183
5.2.1 IP Header Fields 183
5.2.2 The Internet Checksum 186
5.2.3 DS Field and ECN (Formerly Called the ToS Byte or IPv6Traffic Class) 188
5.2.4 IP Options 192
5.3 IPv6 Extension Headers 194
5.3.1 IPv6 Options 196
5.3.2 Routing Header 200
5.3.3 Fragment Header 203
5.4 IP Forwarding 208
5.4.1 Forwarding Table 208
5.4.2 IP Forwarding Actions 209
Contents xix
5.4.3 Examples 210
5.4.4 Discussion 215
5.5 Mobile IP 215
5.5.1 The Basic Model: Bidirectional Tunneling 216
5.5.2 Route Optimization (RO) 217
5.5.3 Discussion 220
5.6 Host Processing of IP Datagrams 220
5.6.1 Host Models 220
5.6.2 Address Selection 222
5.7 Attacks Involving IP 226
5.8 Summary 226
5.9 References 228
Chapter 6 System Configuration: DHCP and Autoconfiguration233
6.1 Introduction 233
6.2 Dynamic Host Configuration Protocol (DHCP) 234
6.2.1 Address Pools and Leases 235
6.2.2 DHCP and BOOTP Message Format 236
6.2.3 DHCP and BOOTP Options 238
6.2.4 DHCP Protocol Operation 239
6.2.5 DHCPv6 252
6.2.6 Using DHCP with Relays 267
6.2.7 DHCP Authentication 271
6.2.8 Reconfigure Extension 273
6.2.9 Rapid Commit 273
6.2.10 Location Information (LCI and LoST) 274
6.2.11 Mobility and Handoff Information (MoS and ANDSF) 275
6.2.12 DHCP Snooping 276
6.3 Stateless Address Autoconfiguration (SLAAC) 276
6.3.1 Dynamic Configuration of IPv4 Link-Local Addresses 276
6.3.2 IPv6 SLAAC for Link-Local Addresses 276
6.4 DHCP and DNS Interaction 285
6.5 PPP over Ethernet (PPPoE) 286
6.6 Attacks Involving System Configuration 292
6.7 Summary 292
6.8 References 293
xx Contents
Chapter 7 Firewalls and Network Address Translation (NAT) 299
7.1 Introduction 299
7.2 Firewalls 300
7.2.1 Packet-Filtering Firewalls 300
7.2.2 Proxy Firewalls 301
7.3 Network Address Translation (NAT) 303
7.3.1 Traditional NAT: Basic NAT and NAPT 305
7.3.2 Address and Port Translation Behavior 311
7.3.3 Filtering Behavior 313
7.3.4 Servers behind NATs 314
7.3.5 Hairpinning and NAT Loopback 314
7.3.6 NAT Editors 315
7.3.7 Service Provider NAT (SPNAT) and Service Provider IPv6
Transition 315
7.4 NAT Traversal 316
7.4.1 Pinholes and Hole Punching 317
7.4.2 UNilateral Self-Address Fixing (UNSAF) 317
7.4.3 Session Traversal Utilities for NAT (STUN) 319
7.4.4 Traversal Using Relays around NAT (TURN) 326
7.4.5 Interactive Connectivity Establishment (ICE) 332
7.5 Configuring Packet-Filtering Firewalls and NATs 334
7.5.1 Firewall Rules 335
7.5.2 NAT Rules 337
7.5.3 Direct Interaction with NATs and Firewalls: UPnP,NAT-PMP,
and PCP 338
7.6 NAT for IPv4/IPv6 Coexistence and Transition 339
7.6.1 Dual-Stack Lite (DS-Lite) 339
7.6.2 IPv4/IPv6 Translation Using NATs and ALGs 340
7.7 Attacks Involving Firewalls and NATs 345
7.8 Summary 346
7.9 References 347
Chapter 8 ICMPv4 and ICMPv6: Internet Control Message Protocol353
8.1 Introduction 353
8.1.1 Encapsulation in IPv4 and IPv6 354
8.2 ICMP Messages 355
8.2.1 ICMPv4 Messages 356
Contents xxi
8.2.2 ICMPv6 Messages 358
8.2.3 Processing of ICMP Messages 360
