Networking Concepts

目录

Task1 Introduction 引言

Have you ever wondered why you need an IP address to access the Internet? Is it true that an IP address can uniquely identify the user? Are you curious to learn what the life of a packet looks like? If the answer is yes, let’s dive in!
你是否曾经想过为什么需要 IP 地址才能访问互联网？IP 地址真的能唯一识别用户吗？你是否好奇数据包的生命周期是怎样的？如果答案是肯定的，那就让我们深入探讨吧！

This room is the first room in a series of four rooms dedicated to introducing the user to vital networking concepts and the most common networking protocols:
这个房间是一系列四个房间中的第一个，专门用于向用户介绍重要的网络概念和最常见的网络协议：

• Networking Concepts (this room)网络概念 (这个房间)
• Networking Essentials网络基础知识
• Networking Core Protocols核心协议网络化
• Networking Secure Protocols网络安全协议

Room Prerequisites房间前提条件

This room expects that you know terms such as IP address and TCP port number; however, we don’t expect that the reader is able to explain such terms in proper technical depth. If you are unfamiliar with these terms, please consider joining the Pre Security path.

这个房间期望您了解 IP 地址和 TCP 端口号等术语；然而，我们并不期望读者能够以适当的技术深度解释这些术语。如果您不熟悉这些术语，请考虑加入 Pre Security 路径。

Learning Objectives学习目标

By the time you finish this room, you will have learned about the following:
当你结束这个房间时，你将了解以下内容：

• ISO OSI network modelISO OSI 网络模型
• IP addresses, subnets, and routingIP 地址、子网和路由
• TCP, UDP, and port numbersTCP、UDP 和端口号
• How to connect to an open TCP port from the command line
  如何从命令行连接到开放的 TCP 端口

Task2 OSI Model OSI 模型

图片版

文字版

Before we start, we should note that the OSI model might initially seem complicated. Don’t worry if you encounter cryptic acronyms, as we provide examples of the OSI model layers. We assure you that by the time you finish this module, this task will feel like a piece of cake.
在开始之前，我们应该注意到 OSI 模型最初可能看起来很复杂。如果你遇到了晦涩的缩写，不用担心，因为我们提供了 OSI 模型层的示例。我们保证，当你完成这个模块时，这个任务会感觉像一块蛋糕。

The OSI (Open Systems Interconnection) model is a conceptual model developed by the International Organization for Standardization (ISO) that describes how communications should occur in a computer network. In other words, the OSI model defines a framework for computer network communications. Although this model is theoretical, it is vital to learn and understand as it helps grasp networking concepts on a deeper level. The OSI model is composed of seven layers:
开放系统互连 (OSI) 模型是由国际标准化组织 (ISO) 开发的概念模型，描述了计算机网络中通信应如何发生。换句话说，OSI 模型定义了计算机网络通信的框架。尽管这个模型是理论上的，但学习和理解它至关重要，因为它有助于在更深层次上理解网络概念。OSI 模型由七层组成：

1. Physical Layer物理层
2. Data Link Layer数据链接层
3. Network Layer网络层
4. Transport Layer传输层
5. Session Layer会话层
6. Presentation Layer演示层
7. Application Layer应用层

The numbering starts with the physical layer being layer 1, while the top layer, the application layer, is layer 7. To help you remember the layers from bottom to top, you can use a mnemonic such as “Please Do Not Throw Spinach Pizza Away.” You can check the Internet for other easy-to-remember acronyms if this helps you memorise them. Remembering the OSI model layers with their layer numbers is important; otherwise, you will struggle to understand terms such as “layer 3 switch” or “layer 7 firewall.”
编号从物理层为第 1 层开始，而顶层，即应用层，是第 7 层。为了帮助你从下到上记住这些层，你可以使用一个助记符，例如 “请不要把菠菜披萨扔掉”。如果这有助于你记住它们，你可以在互联网上查找其他容易记住的缩写。记住 OSI 模型层及其层数很重要；否则，你将难以理解 “第 3 层交换机” 或 “第 7 层防火墙” 等术语。

Layer 1: Physical Layer第 1 层：物理层

The physical layer, also referred to as layer 1, deals with the physical connection between devices; this includes the medium, such as a wire, and the definition of the binary digits 0 and 1. Data transmission can be via an electrical, optical, or wireless signal. Consequently, we need data cables or antennas, depending on our physical medium.
物理层，也称为第 1 层，处理设备之间的物理连接；这包括介质，如电线，以及二进制数 0 和 1 的定义。数据传输可以通过电气、光学或无线信号进行。因此，我们需要数据电缆或天线，具体取决于我们的物理介质。

In addition to Ethernet cable, shown in the illustration below, and optical fibre cable, examples of the physical layer medium include the WiFi radio bands, the 2.4 GHz band, the 5 GHz band, and the 6 GHz band.
除了以太网电缆 (如下图所示) 和光纤电缆外，物理层介质的例子还包括 WiFi 无线频段、2.4 GHz 频段、5 GHz 频段和 6 GHz 频段。

 

Layer 2: Data Link Layer第 2 层：数据链路层

The physical layer defines a medium to transmit our signal. The data link layer, i.e., layer 2, represents the protocol that enables data transfer between nodes on the same network segment. Let’s put it in simpler terms. The data link layer describes an agreement between the different systems on the same network segment on how to communicate. A network segment refers to a group of networked devices using a shared medium or channel for information transfer. For example, consider a company office with ten computers connected to a network switch; that’s a network segment.
物理层定义了传输信号的媒介。数据链接层，即第 2 层，代表了允许同一网段节点之间进行数据传输的协议。让我们用更简单的术语来说明。数据链接层描述了同一网段上不同系统之间关于如何通信的协议。网段是指一组使用共享媒介或信道进行信息传输的网络化设备。例如，考虑一个公司办公室，其中有 10 台计算机连接到一个网络交换机；这就是一个网段。

Examples of layer 2 include Ethernet, i.e., 802.3, and WiFi, i.e., 802.11. Ethernet and WiFi addresses are six bytes. Their address is called a MAC address, where MAC stands for Media Access Control. They are usually expressed in hexadecimal format with a colon separating each two hexadecimal digits (one byte). The three leftmost bytes identify the vendor.
第 2 层的示例包括以太网 (即 802.3) 和 WiFi (即 802.11)。以太网和 WiFi 地址为 6 字节。它们的地址称为 MAC 地址，其中 MAC 代表媒体访问控制。它们通常以十六进制格式表示，每两个十六进制数 (1 字节) 之间用冒号分隔。最左边的 3 字节用于标识供应商。

 

We expect to see two MAC addresses in each frame in real network communication over Ethernet or WiFi. The packet in the screenshot below shows:
我们预计在以太网或 WiFi 上的实际网络通信中，每帧中会出现两个 MAC 地址。以下截图中的数据包如下所示：

• The destination data-link address (MAC address) highlighted in yellow
  目标数据链路地址 (MAC 地址) 以黄色突出显示
• The source data link address (MAC address) is highlighted in blue
  源数据链路地址 (MAC 地址) 以蓝色突出显示。
• The remaining bits show the data being sent
  剩余的位显示发送的数据

 

Layer 3: Network Layer第 3 层：网络层

The data link layer focuses on sending data between two nodes on the same network segment. The network layer, i.e., layer 3, is concerned with sending data between different networks. In more technical terms, the network layer handles logical addressing and routing, i.e., finding a path to transfer the network packets between the diverse networks.
数据链路层专注于在同一网段上的两个节点之间发送数据。网络层，即第 3 层，关注的是在不同网络之间发送数据。用更技术性的术语来说，网络层处理逻辑寻址和路由，即找到一条在不同网络之间传输网络数据包的路径。

In the data link layer, we gave an example of one company office with ten computers, where the data link layer is responsible for providing a connection between them. Let’s say that this company has multiple offices distributed across various cities, countries, or even continents. The network layer is responsible for connecting the different offices together.
在数据连接层中，我们举了一个公司办公室有 10 台计算机的例子，其中数据连接层负责提供它们之间的连接。假设这家公司有多个办公室分布在不同的城市、国家甚至大洲。网络层负责将不同的办公室连接在一起。

The network below shows that computers A and B are connected, although on different networks. You can also notice two paths connecting the two computers; the network layer will route the network packets through the path it deems better.
下面的网络显示计算机 A 和 B 是连接的，尽管它们位于不同的网络中。你还可以注意到连接两台计算机的两条路径；网络层将通过它认为最好的路径路由网络数据包。

Examples of the network layer include Internet Protocol (IP), Internet Control Message Protocol (ICMP), and Virtual Private Network (VPN) protocols such as IPSec and SSL/TLS VPN.
网络层的例子包括互联网协议 (IP)、互联网控制消息协议 (ICMP) 和虚拟专用网络 (VPN) 协议，如 IPSec 和 SSL/TLS VPN。

Layer 4: Transport Layer第 4 层：传输层

Layer 4, the transport layer, enables end-to-end communication between running applications on different hosts. Your web browser is connected to the TryHackMe web server over the transport layer, which can support various functions like flow control, segmentation, and error correction.
第 4 层，即传输层，实现了不同主机上运行的应用程序之间的端到端通信。您的 Web 浏览器通过传输层连接到 TryHackMe Web 服务器，该服务器可以支持各种功能，如流量控制、分段和纠错。

Examples of layer 4 are Transmission Control Protocol (TCP) and User Datagram Protocol (UDP).
第 4 层的例子包括传输控制协议 (TCP) 和用户数据报协议 (UDP)。

Layer 5: Session Layer第 5 层：会话层

The session layer is responsible for establishing, maintaining, and synchronising communication between applications running on different hosts. Establishing a session means initiating communication between applications and negotiating the necessary parameters for the session. Data synchronisation ensures that data is transmitted in the correct order and provides mechanisms for recovery in case of transmission failures.
会话层负责建立、维护和同步在不同主机上运行的应用程序之间的通信。建立会话意味着启动应用程序之间的通信并协商会话所需的参数。数据同步确保数据以正确的顺序传输，并提供在传输故障时的恢复机制。

Examples of the session layer are Network File System (NFS) and Remote Procedure Call (RPC).
会话层的例子包括网络文件系统 (NFS) 和远程程序调用 (RPC)。

Layer 6: Presentation Layer第 6 层：表示层

The presentation layer ensures the data is delivered in a form the application layer can understand. Layer 6 handles data encoding, compression, and encryption. An example of encoding is character encoding, such as ASCII or Unicode.
表示层确保数据以应用层能够理解的形式传递。第 6 层处理数据编码、压缩和加密。字符编码就是一个例子，例如 ASCII 或 Unicode。

Various standards are used at the presentation layer. Consider the scenario where we want to send an image via email. First, we use JPEG, GIF, and PNG to save our images; furthermore, although hidden from the user by the email client, we use MIME (Multipurpose Internet Mail Extensions) to attach the file to our email. MIME encodes a binary file using 7-bit ASCII characters.
表示层使用各种标准。考虑我们想要通过电子邮件发送图像的场景。首先，我们使用 JPEG、GIF 和 PNG 来保存图像；此外，尽管电子邮件客户端对用户隐藏，但我们使用 MIME (多用途互联网邮件扩展) 将文件附加到我们的电子邮件中。MIME 使用 7 位 ASCII 字符对二进制文件进行编码。

Layer 7: Application Layer第 7 层：应用层

The application layer provides network services directly to end-user applications. Your web browser would use the HTTP protocol to request a file, submit a form, or upload a file.
应用层直接向最终用户应用程序提供网络服务。Web 浏览器将使用 HTTP 协议请求文件、提交表单或上传文件。

The application layer is the top layer, and you might have encountered many of its protocols as you use different applications. Examples of Layer 7 protocols are HTTP, FTP, DNS, POP3, SMTP, and IMAP. Don’t worry if you are not familiar with all of them.
应用程序层是最顶层，在使用不同的应用程序时，你可能会遇到其中的许多协议。第 7 层协议的例子包括 HTTP、FTP、DNS、POP3、SMTP 和 IMAP。如果你不熟悉所有这些协议，不用担心。

Summary摘要

Reading about the ISO OSI model for the first time can be intimidating; however, it becomes easier as you progress in your study of networking protocols. To help with your studies, we have summarised the ISO OSI layers in the table below.
第一次阅读 ISO OSI 模型可能会感到畏惧；然而，随着你对网络协议研究的进展，这会变得越来越容易。为了帮助你的研究，我们在下表中总结了 ISO OSI 层。

Layer Number层号	Layer Name层名称	Main Function主函数	Example Protocols and Standards示例协议和标准
Layer 7第 7 层	Application layer应用层	Providing services and interfaces to applications 为应用程序提供服务和接口	HTTP, FTP, DNS, POP3, SMTP, IMAP
Layer 6第 6 层	Presentation layer表示层	Data encoding, encryption, and compression数据编码、加密和压缩	Unicode, MIME, JPEG, PNG, MPEG
Layer 5第 5 层	Session layer会话层	Establishing, maintaining, and synchronising sessions 建立、维护和同步会话	NFS, RPC
Layer 4第 4 层	Transport layer传输层	End-to-end communication and data segmentation 端到端通信和数据分割	UDP, TCP
Layer 3第 3 层	Network layer网络层	Logical addressing and routing between networks 网络间的逻辑寻址和路由	IP, ICMP, IPSec
Layer 2第 2 层	Data link layer数据链接层	Reliable data transfer between adjacent nodes 相邻节点之间可靠的数据传输	Ethernet (802.3), WiFi (802.11)
Layer 1第 1 层	Physical layer物理层	Physical data transmission media物理数据传输媒介	Electrical, optical, and wireless signals电气、光学和无线信号

问题

答案

Task3 TCP/IP ModelTCP/IP 模型

图片版

文字版

Now that we have covered the conceptual ISO OSI model, it is time to study an implemented model, the TCP/IP model. TCP/IP stands for Transmission Control Protocol/Internet Protocol and was developed in the 1970s by the Department of Defense (DoD). I hear you ask why DoD would create such a model. One of the strengths of this model is that it allows a network to continue to function as parts of it are out of service, for instance, due to a military attack. This capability is possible in part due to the design of the routing protocols to adapt as the network topology changes.
现在我们已经介绍了概念性的 ISO OSI 模型，是时候研究一个实现的模型了，即 TCP/IP 模型。TCP/IP 代表传输控制协议 / 互联网协议，它是由国防部 (DoD) 在 20 世纪 70 年代开发的。我听到你问为什么 DoD 要创建这样一个模型。这个模型的一个优势是，它允许网络在部分服务中断时继续运行，例如，由于军事攻击。这种能力之所以可能，部分原因是路由协议的设计能够适应网络拓扑的变化。

In our presentation of the ISO OSI model, we went from bottom to top, from layer 1 to layer 7. In this task, let’s look at things from a different perspective, from top to bottom. From top to bottom, we have:
在我们对 ISO OSI 模型的介绍中，我们从底部到顶部，从第 1 层到第 7 层。在这个任务中，让我们从一个不同的角度，从顶部到底部来看待事物。从顶部到底部，我们有：

• Application Layer: The OSI model application, presentation and session layers, i.e., layers 5, 6, and 7, are grouped into the application layer in the TCP/IP model.
  应用层：在 TCP/IP 模型中，OSI 模型的应用层、表示层和会话层，即第 5、6 和 7 层，被分组到应用层。
• Transport Layer: This is layer 4.
  传输层：这是第 4 层。
• Internet Layer: This is layer 3. The OSI model’s network layer is called the Internet layer in the TCP/IP model.
  互联网层：这是第 3 层。在 TCP/IP 模型中，OSI 模型的网络层被称为互联网层。
• Link Layer: This is layer 2.
  链路层：这是第 2 层。

The table below shows how the TCP/IP model layers map to the ISO/OSI model layers.
下表显示了 TCP/IP 模型层如何映射到 ISO/OSI 模型层。

Layer Number层号	ISO OSI ModelISO OSI 模型	TCP/IP Model (RFC 1122)TCP/IP 模型 (RFC 1122)	Protocols协议
7	Application Layer应用层	Application Layer应用层	HTTP, HTTPS, FTP, POP3, SMTP, IMAP, Telnet, SSH,
6	Presentation Layer演示层
5	Session Layer会话层
4	Transport Layer传输层	Transport Layer传输层	TCP, UDP
3	Network Layer网络层	Internet Layer互联网层	IP, ICMP, IPSecI
2	Data Link Layer数据链接层	Link Layer链路层	Ethernet 802.3, WiFi 802.11
1	Physical Layer物理层

Many modern networking textbooks show the TCP/IP model as five layers instead of four. For example, in Computer Networking: A Top-Down Approach 8th Edition, Kurose and Ross describe the following five-layer Internet protocol stack by including the physical layer:
许多现代网络教科书将 TCP/IP 模型描述为五层而非四层。例如，在《计算机网络：自上而下的方法》第 8 版中，Kurose 和 Ross 通过包含物理层来描述以下五层互联网协议栈：

• Application应用
• Transport运输
• Network网络
• Link链接
• Physical身体

In the following tasks, we will cover the IP protocol from the Internet layer and the UDP and TCP protocols from the transport layer.
在以下任务中，我们将涵盖 Internet 层的 IP 协议以及传输层的 UDP 和 TCP 协议。

问题

答案

Task4 IP Addresses and Subnets IP 地址和子网

图片版

文字版

When you hear the word IP address, you might think of an address like 192.168.0.1 or something less common, such as 172.16.159.243. In both cases, you are right. Both of these are IP addresses; IPv4 (IP version 4) addresses to be specific.
当你听到 “IP 地址” 这个词时，你可能会想到像 192.168.0.1 这样的地址，或者一些不太常见的地址，比如 172.16.159.243。在这两种情况下，你都是对的。这两个都是 IP 地址；IPv4 (IP 版本 4) 地址更具体。

Every host on the network needs a unique identifier for other hosts to communicate with him. Without a unique identifier, the host cannot be found without ambiguity. When using the TCP/IP protocol suite, we need to assign an IP address for each device connected to the network.
网络上的每台主机都需要一个唯一标识符，以便其他主机与之通信。如果没有唯一标识符，就无法准确找到主机。使用 TCP/IP 协议套件时，需要为连接到网络的每台设备分配一个 IP 地址。

One analogy of an IP address is your home postal address. Your postal address allows you to receive letters and parcels from all over the world. Furthermore, it can identify your home without ambiguity; otherwise, you cannot shop online!
IP 地址的一个类比是你的家庭邮政地址。你的邮政地址可以让你收到来自世界各地的信件和包裹。此外，它可以毫不含糊地识别你的家；否则，你就无法在线购物了！

As you might already know, we have IPv4 and IPv6 (IP version 6). IPv4 is still the most common, and whenever you come across a text mentioning IP without the version, we expect them to mean IPv4.
正如你可能已经知道的，我们有 IPv4 和 IPv6 (IP 版本 6)。IPv4 仍然是最常见的，每当你遇到提到 IP 但没有版本的文本时，我们都希望它们指的是 IPv4。

So, what makes an IP address? An IP address comprises four octets, i.e., 32 bits. Being 8 bits, an octet allows us to represent a decimal number between 0 and 255. An IP address is shown in the image below.
那么，是什么构成了一个 IP 地址呢？一个 IP 地址包含四个八位数，即 32 位。作为 8 位数，一个八位数允许我们表示 0 到 255 之间的十进制数。IP 地址如下图所示。

 

At the risk of oversimplifying things, the 0 and 255 are reserved for the network and broadcast addresses, respectively. In other words, 192.168.1.0 is the network address, while 192.168.1.255 is the broadcast address. Sending to the broadcast address targets all the hosts on the network. With simple math, you can conclude that we cannot have more than 4 billion unique IPv4 addresses. If you are curious about the math, it is approximately 232 because we have 32 bits. This number is approximate because we didn’t consider network and broadcast addresses.
冒着过度简化的风险，0 和 255 分别用于网络地址和广播地址。换句话说，192.168.1.0 是网络地址，而 192.168.1.255 是广播地址。发送到广播地址的目标是网络上的所有主机。通过简单的数学计算，你可以得出结论，我们不可能有超过 40 亿个唯一的 IPv4 地址。如果你对数学感兴趣，大约是 232, 因为我们有 32 位。这个数字是近似的，因为我们没有考虑网络地址和广播地址。

Looking Up Your Network Configuration查看你的网络配置

You can look up your IP address on the MS Windows command line using the command ipconfig. On Linux and UNIX-based systems, you can issue the command ifconfig or ip address show, which can be typed as ip a s. In the terminal window below, we show ifconfig.
您可以使用 ipconfig 命令在 MS Windows 命令行上查找您的 IP 地址。在基于 Linux 和 UNIX 的系统上，您可以发出 ifconfig 或 ip address show 命令，这可以键入为 ip a s。在下面的终端窗口中，我们显示 ifconfig。

Terminal终端

user@TryHackMe$ ifconfig
[...]
wlo1: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet 192.168.66.89  netmask 255.255.255.0  broadcast 192.168.66.255
        inet6 fe80::73e1:ca5e:3f93:b1b3  prefixlen 64  scopeid 0x20<link>
        ether cc:5e:f8:02:21:a7  txqueuelen 1000  (Ethernet)
        RX packets 19684680  bytes 18865072842 (17.5 GiB)
        RX errors 0  dropped 364  overruns 0  frame 0
        TX packets 14439678  bytes 8773200951 (8.1 GiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

The terminal output above indicates the following:
上述终端输出显示如下内容：

• The host (laptop) IP address is 192.168.66.89
  主机 (笔记本电脑) IP 地址为 192.168.66.89
• The subnet mask is 255.255.255.0
  子网掩码为 255.255.255.0
• The broadcast address is 192.168.66.255
  广播地址为 192.168.66.255

Let’s use ip a s to compare how the network card IP address is presented.
让我们使用 ip a s 来比较网卡 IP 地址的呈现方式。

Terminal终端

user@TryHackMe$ ip a s
[...]
4: wlo1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
    link/ether cc:5e:f8:02:21:a7 brd ff:ff:ff:ff:ff:ff
    altname wlp3s0
    inet 192.168.66.89/24 brd 192.168.66.255 scope global dynamic noprefixroute wlo1
       valid_lft 36795sec preferred_lft 36795sec
    inet6 fe80::73e1:ca5e:3f93:b1b3/64 scope link noprefixroute 
       valid_lft forever preferred_lft forever

The terminal output above indicates the following:
上述终端输出显示如下内容：

• The host (laptop) IP address is 192.168.66.89/24
  主机 (笔记本电脑) IP 地址为 192.168.66.89/24
• The broadcast address is 192.168.66.255
  广播地址为 192.168.66.255

If you are wondering, a subnet mask of 255.255.255.0 can also be written as /24. The /24 means that the leftmost 24 bits within the IP address do not change across the network, i.e., the subnet. In other words, the leftmost three octets are the same across the whole subnet; therefore, we can expect to find addresses that range from 192.168.66.1 to 192.168.66.254. Similar to what was mentioned earlier, 192.168.66.0 and 192.168.66.255 are the network and broadcast addresses, respectively.
如果你感到好奇，255.255.255.0 的子网掩码也可以写成 / 24。/24 意味着 IP 地址中最左边的 24 位在整个网络 (即子网) 中保持不变。换句话说，最左边的三个字节在整个子网中是相同的；因此，我们可以期望找到从 192.168.66.1 到 192.168.66.254 的地址。与之前提到的类似，192.168.66.0 和 192.168.66. 255 分别是网络地址和广播地址。

Private Addresses私有地址

As we are explaining IP addresses, it is useful to mention that for most practical purposes, there are two types of IP addresses:
在解释 IP 地址时，值得一提的是，出于大多数实际目的，有两种类型的 IP 地址：

• Public IP addresses公共 IP 地址
• Private IP addresses私有 IP 地址

RFC 1918 defines the following three ranges of private IP addresses:
RFC 1918 定义了以下三个私有 IP 地址范围：

• 10.0.0.0 - 10.255.255.255 (10/8)
• 172.16.0.0 - 172.31.255.255 (172.16/12)
• 192.168.0.0 - 192.168.255.255 (192.168/16)

We presented earlier an analogy stating that a public IP address is like your home postal address. A private IP address is different; the original idea is that it cannot reach or be reached from the outside world. It is like an isolated city or a compound, where all houses and apartments are numbered systematically and can easily exchange mail with each other, but not with the outside world. For a private IP address to access the Internet, the router must have a public IP address and must support Network Address Translation (NAT). At this stage, let’s not worry about understanding how NAT works, as we will revisit it later in this module.
我们之前提出了一个类比，说明公共 IP 地址类似于你的家庭邮政地址。私有 IP 地址则不同；最初的想法是它不能被外界访问或接触到。它就像一个孤立的城市或大院，所有房屋和公寓都被系统地编号，可以轻松地相互交换邮件，但不能与外界交换。要使用私有 IP 地址访问互联网，路由器必须拥有公共 IP 地址，并且必须支持网络地址转换 (NAT)。在这个阶段，我们不用担心理解 NAT 是如何工作的，因为我们将在本模块后面再次回顾它。

Before moving on, I recommend memorising the private IP address ranges. Otherwise, you might see an IP address such as 10.1.33.7 or 172.31.33.7 and try to access it from a public IP address.
在继续之前，建议记住私有 IP 地址范围。否则，你可能会看到一个 IP 地址，如 10.1.33.7 或 172.31.33.7, 并尝试从公共 IP 地址访问它。

Routing路由

A router is like your local post office; you hand them the mail parcel, and they would know how to deliver it. If we dig deeper, you might mail something to an address in another city or country. The post office will check the address and decide where to send it next. For example, if it is to leave the country, we expect one central office to handle all shipments abroad.
路由器就像你当地的邮局；你把邮包交给他们，他们就会知道如何投递。如果我们深入研究，你可能会把东西寄到另一个城市或国家的地址。邮局会检查地址，然后决定下一步将它寄往哪里。例如，如果要出国，我们希望一个中央办公室处理所有海外发货。

In technical terms, a router forwards data packets to the proper network. Usually, a data packet passes through multiple routers before it reaches its final destination. The router functions at layer 3, inspecting the IP address and forwarding the packet to the best network (router) so the packet gets closer to its destination.
用技术术语来说，路由器将数据包转发到正确的网络。通常，一个数据包在到达最终目的地之前会经过多个路由器。路由器在第 3 层工作，检查 IP 地址并将数据包转发到最佳网络 (路由器), 以使数据包更接近其目的地。

问题

答案

Task5 UDP and TCP UDP 和 TCP

图片版

文字版

The IP protocol allows us to reach a destination host on the network; the host is identified by its IP address. We need protocols that would enable processes on networked hosts to communicate with each other. There are two transport protocols to achieve that: UDP and TCP.
IP 协议允许我们到达网络上的目标主机；主机由其 IP 地址标识。我们需要能够使网络化主机上的进程相互通信的协议。有两种传输协议可以实现这一目标：UDP 和 TCP。

UDP

UDP (User Datagram Protocol) allows us to reach a specific process on this target host. UDP is a simple connectionless protocol that operates at the transport layer, i.e., layer 4. Being connectionless means that it does not need to establish a connection. UDP does not even provide a mechanism to know that the packet has been delivered.
UDP (用户数据固定报协议) 允许我们访问该目标主机上的特定进程。UDP 是一个简单的无连接协议，在传输层 (即第 4 层) 运行。无连接意味着它不需要建立连接。UDP 甚至不提供一种机制来知道数据包是否已经传输。

An IP address identifies the host; we need a mechanism to determine the sending and receiving process. This can be achieved by using port numbers. A port number uses two octets; consequently, it ranges between 1 and 65535; port 0 is reserved. (The number 65535 is calculated by the expression 216 − 1.)
IP 地址标识主机；我们需要一种机制来确定发送和接收过程。这可以通过使用端口号来实现。端口号使用两个字节；因此，它的范围在 1 到 65535 之间；端口 0 是保留的。(65535 是通过表达式 216-1 计算得到的。)

A real-life example similar to UDP is the standard mail service, with no delivery confirmation. In other words, there is no guarantee that the UDP packet has been received successfully, similar to the case of sending a parcel using standard mail with no confirmation of delivery. In the case of standard mail, it means a cheaper cost than the mail delivery options with confirmation. In the case of UDP, it means better speed than a transport protocol that provides “confirmation.”
与 UDP 类似的一个真实例子是标准邮件服务，它没有递送确认。换句话说，没有保证 UDP 数据包是否已成功收到，类似于使用标准邮件发送包裹但没有递送确认的情况。对于标准邮件，这意味着比带确认的邮件递送选项更低的成本。对于 UDP, 这意味着比提供 “确认” 的传输协议更好的速度。

But what if we want a transport protocol that acknowledges received packets? The answer lies in using TCP instead of UDP.
但是，如果我们想要一个确认已接收数据包的传输协议呢？答案在于使用 TCP 而不是 UDP。

TCP

TCP (Transmission Control Protocol) is a connection-oriented transport protocol. It uses various mechanisms to ensure reliable data delivery sent by the different processes on the networked hosts. Like UDP, it is a layer 4 protocol. Being connection-oriented, it requires the establishment of a TCP connection before any data can be sent.
TCP (传输控制协议) 是一种面向连接的传输协议。它使用各种机制来确保网络主机上不同进程发送的可靠数据传输。与 UDP 类似，它是一种第 4 层协议。作为面向连接的协议，它需要在发送任何数据之前建立 TCP 连接。

In TCP, each data octet has a sequence number; this makes it easy for the receiver to identify lost or duplicated packets. The receiver, on the other hand, acknowledges the reception of data with an acknowledgement number specifying the last received octet.
在 TCP 中，每个数据八位组都有一个序列号；这使得接收者能够轻松识别丢失或重复的数据包。另一方面，接收者用一个确认号来确认数据的接收，该确认号指定了最后接收到的八位组。

A TCP connection is established using what’s called a three-way handshake. Two flags are used: SYN (Synchronise) and ACK (Acknowledgment). The packets are sent as follows:
TCP 连接是通过所谓的三向握手建立的。使用两个标志：SYN (同步) 和 ACK (确认)。数据包的发送方式如下：

1. SYN Packet: The client initiates the connection by sending a SYN packet to the server. This packet contains the client’s randomly chosen initial sequence number.
   SYN 数据包：客户端通过向服务器发送 SYN 数据包来启动连接。这个数据包包含客户端随机选择的初始序列号。
2. SYN-ACK Packet: The server responds to the SYN packet with a SYN-ACK packet, which adds the initial sequence number randomly chosen by the server.
   SYN-ACK 数据包：服务器以 SYN-ACK 数据包响应 SYN 数据包，其中包含服务器随机选择的初始序列号。
3. ACK Packet: The three-way handshake is completed as the client sends an ACK packet to acknowledge the reception of the SYN-ACK packet.
   ACK 数据包：当客户端发送 ACK 数据包以确认接收到 SYN-ACK 数据包时，三方握手就完成了。

Similar to UDP, TCP identifies the process of initiating or waiting (listening) for a connection using port numbers. As stated, a valid port number ranges between 1 and 65535 because it uses two octets and port 0 is reserved.
与 UDP 类似，TCP 使用端口号来标识启动或等待 (监听) 连接的过程。如前所述，有效的端口号范围为 1 到 65535, 因为它使用两个字节，而端口 0 是预留的。

问题

答案

Task6 Encapsulation 封装

图片版

文字版

Before wrapping up, it is crucial to explain another key concept: encapsulation. In this context, encapsulation refers to the process of every layer adding a header (and sometimes a trailer) to the received unit of data and sending the “encapsulated” unit to the layer below.
在总结之前，至关重要的是要解释另一个关键概念：封装。在这种情况下，封装是指每层向接收到的数据单元添加头部 (有时是尾部) 并将 “封装” 单元发送到下一层的过程。

Encapsulation is an essential concept as it allows each layer to focus on its intended function. In the image below, we have the following four steps:
Encapsulation 是一个基本概念，因为它允许每个层专注于其预期的功能。在下图中，我们有以下四个步骤：

• Application data: It all starts when the user inputs the data they want to send into the application. For example, you write an email or an instant message and hit the send button. The application formats this data and starts sending it according to the application protocol used, using the layer below it, the transport layer.
  应用程序数据：当用户输入他们想要发送到应用程序的数据时，这一切就开始了。例如，您编写一封电子邮件或即时消息，然后点击发送按钮。应用程序将格式化这些数据，并根据使用的应用程序协议开始发送它，使用它下面的层，即传输层。
• Transport protocol segment or datagram: The transport layer, such as TCP or UDP, adds the proper header information and creates the TCP segment (or UDP datagram). This segment is sent to the layer below it, the network layer.
  传输协议段或数据报：传输层，如 TCP 或 UDP, 添加相应的报头信息并创建 TCP 段 (或 UDP 数据报)。该段被发送到下面的网络层。
• Network packet: The network layer, i.e. the Internet layer, adds an IP header to the received TCP segment or UDP datagram. Then, this IP packet is sent to the layer below it, the data link layer.
  网络报文：网络层，即 Internet 层，向接收到的 TCP 段或 UDP 数据报添加 IP 报头。然后，这个 IP 报文被发送到下一层，即数据链路层。
• Data link frame: The Ethernet or WiFi receives the IP packet and adds the proper header and trailer, creating a frame.
  数据链路帧：以太网或 WiFi 接收 IP 数据包，并添加适当的报头和预告信息，创建一个帧。

We start with application data. At the transport layer, we add a TCP or UDP header to create a TCP segment or UDP datagram. Again, at the network layer, we add the proper IP header to get an IP packet that can be routed over the Internet. Finally, we add the appropriate header and trailer to get a WiFi or Ethernet frame at the link layer.
我们从应用程序数据开始。在传输层，我们添加 TCP 或 UDP 报头来创建 TCP 段或 UDP 数据报。同样，在网络层，我们添加适当的 IP 报头来获取可以通过互联网路由的 IP 数据包。最后，我们添加适当的报头和预告来获取链路层的 WiFi 或以太网帧。

 

The process has to be reversed on the receiving end until the application data is extracted.
在提取应用程序数据之前，必须在接收端逆转这个过程。

The Life of a Packet数据包的生命周期

Based on what we have studied so far, we can explain a simplified version of the packet’s life. Let’s consider the scenario where you search for a room on TryHackMe.
基于我们迄今为止的研究，我们可以解释一个简化版本的数据包生命周期。让我们考虑一个在 TryHackMe 上搜索房间的场景。

1. On the TryHackMe search page, you enter your search query and hit enter.
   在 TryHackMe 的搜索页面上，输入你的搜索查询并点击回车。
2. Your web browser, using HTTPS, prepares an HTTP request and pushes it to the layer below it, the transport layer.
   你的 Web 浏览器使用 HTTPS 准备一个 HTTP 请求，并将其推送到下一层 —— 传输层。
3. The TCP layer needs to establish a connection via a three-way handshake between your browser and the TryHackMe web server. After establishing the TCP connection, it can send the HTTP request containing the search query. Each TCP segment created is sent to the layer below it, the Internet layer.
   TCP 层需要通过浏览器和 TryHackMe Web 服务器之间的三方握手来建立连接。建立 TCP 连接后，它可以发送包含搜索查询的 HTTP 请求。创建的每个 TCP 段都会被发送到下面的 Internet 层。
4. The IP layer adds the source IP address, i.e., your computer, and the destination IP address, i.e., the IP address of the TryHackMe web server. For this packet to reach the router, your laptop delivers it to the layer below it, the link layer.
   IP 层会添加源 IP 地址 (即你的计算机) 和目标 IP 地址 (即 TryHackMe Web 服务器的 IP 地址)。为了让这个数据包到达路由器，你的笔记本电脑会将其传递到下面的链路层。
5. Depending on the protocol, The link layer adds the proper link layer header and trailer, and the packet is sent to the router.
   根据协议，链路层会添加适当的链路层报头和预告符，然后数据包就会被发送到路由器。
6. The router removes the link layer header and trailer, inspects the IP destination, among other fields, and routes the packet to the proper link. Each router repeats this process until it reaches the router of the target server.
   路由器会移除链路层报头和拖车，检查 IP 目的地和其他字段，然后将数据包路由到正确的链路。每台路由器都会重复这个过程，直到到达目标服务器的路由器。

The steps will then be reversed as the packet reaches the router of the destination network. As we cover additional protocols, we will revisit this exercise and create a more in-depth version.
然后，当数据包到达目标网络的路由器时，步骤将被逆转。随着我们介绍更多协议，我们将重新审视这个练习，并创建一个更深入的版本。

问题

答案

帧

数据报

段

Task7 Telnet

图片版

文字版

Press the Start Machine button below.
按下面的 “Start Machine” 按钮。

Start Machine启动机器

Start the AttackBox by pressing the Start AttackBox button at the top of this page. The AttackBox machine will start in Split-Screen view. If it is not visible, use the blue Show Split View button at the top of the page.
通过按下本页顶部的 Start AttackBox 按钮启动 AttackBox。AttackBox 机器将在分屏视图中启动。如果它不可见，请使用页面顶部的蓝色 Show Split View 按钮。

Give them about 2 minutes each to properly boot up. Once the two machines are ready, we need to start the terminal on the AttackBox to experiment with telnet.
给它们各约 2 分钟时间来正确启动。一旦两台机器准备就绪，我们需要启动 AttackBox 上的终端来尝试使用 telnet。

The TELNET (Teletype Network) protocol is a network protocol for remote terminal connection. In simpler words, telnet, a TELNET client, allows you to connect to and communicate with a remote system and issue text commands. Although initially it was used for remote administration, we can use telnet to connect to any server listening on a TCP port number.
TELNET (Teletype Network) 协议是一种用于远程终端连接的网络协议。简而言之，TELnet 是一个 TELNET 客户端，允许您与远程系统连接和通信，并发出文本命令。尽管最初用于远程管理，但我们可以使用 telnet 连接到任何监听 TCP 端口号的服务器。

On the target virtual machine, different services are running. We will experiment with three of them:
在目标虚拟机上，运行着不同的服务。我们将尝试其中三种：

• Echo server: This server echoes everything you send it. By default, it listens on port 7.
  回声服务器：这个服务器会回传你发送的所有内容。默认情况下，它监听端口 7。
• Daytime server: This server listens on port 13 by default and replies with the current day and time.
  白天服务器：默认情况下，该服务器侦听端口 13, 并使用当前日期和时间进行回复。
• Web (HTTP) server: This server listens on TCP port 80 by default and serves web pages.
  Web (HTTP) 服务器：默认情况下，该服务器侦听 TCP 端口 80, 并提供网页服务。

Before continuing, we should mention that the echo and daytime servers are considered security risks and should not be run; however, we started them explicitly to demonstrate communication with the server using telnet. In the terminal below, we connect to the target VM at the echo server’s TCP port number 7. To close the connection, press the CTRL + ] keys simultaneously.
在继续之前，我们应该提到，echo 和日间服务器被认为存在安全风险，不应该运行；然而，我们明确地启动了它们，以演示如何使用 telnet 与服务器进行通信。在下面的终端中，我们在 echo 服务器的 TCP 端口 7 处连接到目标 VM。要关闭连接，请同时按 CTRL + ] 键。

Terminal终端

user@TryHackMe$ telnet MACHINE_IP 7
telnet MACHINE_IP 7
Trying MACHINE_IP...
Connected to MACHINE_IP.
Escape character is '^]'.
Hi
Hi
How are you?
How are you?
Bye
Bye
^]

telnet> quit
Connection closed.

In the terminal below, we use telnet to connect to the daytime server listening at port 13. We noticed that the connection closes once the current date and time are returned.
在下面的终端中，我们使用 telnet 连接到在端口 13 监听的日间服务器。我们注意到，一旦返回当前日期和时间，连接就会关闭。

Terminal终端

user@TryHackMe$ telnet MACHINE_IP 13
Trying MACHINE_IP...
Connected to MACHINE_IP.
Escape character is '^]'.
Thu Jun 20 12:36:32 PM UTC 2024
Connection closed by foreign host.

Finally, let’s request a web page using telnet. After connecting to port 80, you need to issue the command GET / HTTP/1.1 and identify the host where anything goes, such as Host: telnet.thm. Next, you need to press Enter twice so your last input line is a blank line. The output below shows the exchange. (The page has been redacted.)
最后，让我们使用 telnet 请求一个 Web 页面。连接到端口 80 后，您需要发出 GET/HTTP/1.1 命令，并标识任何内容发送到的主机，例如 Host: telnet.thm。接下来，您需要按两次 Enter 键，这样您的最后一个输入行就是空行。下面的输出显示了交换信息。(页面已经修改。)

Note: You may have to press Enter after sending the information in case you don’t get a response.
注意：如果没有收到回复，您可能需要在发送信息后按回车键。

Terminal终端

user@TryHackMe$ telnet MACHINE_IP 80
Trying MACHINE_IP...
Connected to MACHINE_IP.
Escape character is '^]'.
GET / HTTP/1.1
Host: telnet.thm

HTTP/1.1 200 OK
Content-Type: text/html
[...]

Connection closed by foreign host.

问题

答案

输完按回车

Task8 Conclusion 结论

n this room, we covered the ISO OSI and TCP/IP models, comparing and contrasting the two. We also covered IP addresses and subnets, briefly explaining routing. Furthermore, after diving into TCP and UDP, we explained encapsulation. For demonstration purposes, we used telnet to “talk” to different servers over TCP.
在这个房间里，我们介绍了 ISO OSI 和 TCP/IP 模型，并对两者进行了比较和对比。我们还介绍了 IP 地址和子网，简要解释了路由。此外，在深入研究 TCP 和 UDP 之后，我们解释了封装。出于演示目的，我们使用 telnet 通过 TCP 与不同的服务器进行 “通信”。

Now that you have finished Networking Concepts, it is time to join Networking Essentials.
现在你已经完成了网络概念，是时候开始学习网络基础知识了。