ccna֮��

ping and Traceroute

Ping �� Traceroute ��

Introduction This document illustrates the use of the ping and traceroute commands. With the aid of some debug commands, this document captures a more detailed view of how these commands work.
Note: Enabling any debug commands on a production router may cause serious problems. We recommend that you carefully read the Use the Debug Command section before you issue debug commands.
Prerequisites Requirements There are no specific requirements for this document.
Components Used This document is not restricted to specific software and hardware versions.
The information in this document was created from the devices in a specific lab environment. All of the devices used in this document started with a cleared (default) configuration. If your network is live, make sure that you understand the potential impact of any command.
Conventions For more information on document conventions, refer to the Cisco Technical Tips Conventions.
Background Information In this document, we use the basic configuration shown below as a basis for our examples:

The Ping Command The ping command is a very common method for troubleshooting the accessibility of devices. It uses a series of Internet Control Message Protocol (ICMP) Echo messages to determine:

Whether a remote host is active or inactive.
The round-trip delay in communicating with the host.
Packet loss.

The ping command first sends an echo request packet to an address, then waits for a reply. The ping is successful only if:

the echo request gets to the destination, and
the destination is able to get an echo reply back to the source within a predetermined time called a timeout. The default value of this timeout is two seconds on Cisco routers.

For all the options about this command, see "Ping" under Troubleshooting Commands.
Here is an output example showing the ping command after enabling the debug ip packet detail command:
Warning: Using the debug ip packet detail command on a production router can cause high CPU utilization. This may result in a severe performance degradation or a network outage. We recommend that you carefully read Use the Debug Command before issuing debug commands.
Router1#debug ip packet detail IP packet debugging is on (detailed)Router1#ping 12.0.0.2 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 12.0.0.2, timeout is 2 seconds: !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 4/6/8 ms Router1# Jan 20 15:54:47.487: IP: s=12.0.0.1 (local), d=12.0.0.2 (Serial0), len 100, sendingJan 20 15:54:47.491: ICMP type=8, code=0!--- This is the ICMP packet 12.0.0.1 sent to 12.0.0.2. !--- ICMP type=8 corresponds to the echo message. Jan 20 15:54:47.523: IP: s=12.0.0.2 (Serial0), d=12.0.0.1 (Serial0), len 100, rcvd 3Jan 20 15:54:47.527: ICMP type=0, code=0!--- This is the answer we get from 12.0.0.2. !--- ICMP type=0 corresponds to the echo reply message. !--- By default, the repeat count is five times, so there will be five !--- echo requests, and five echo replies. The table below lists possible ICMP-type values.

ICMP Type	Literal
0	echo-reply
3	destination unreachable code 0 = net unreachable 1 = host unreachable 2 = protocol unreachable 3 = port unreachable 4 = fragmentation needed and DF set 5 = source route failed
4	source-quench
5	redirect code 0 = redirect datagrams for the network 1 = redirect datagrams for the host 2 = redirect datagrams for the type of service and network 3 = redirect datagrams for the type of service and host
6	alternate-address
8	echo
9	router-advertisement
10	router-solicitation
11	time-exceeded code 0 = time to live exceeded in transit 1 = fragment reassembly time exceeded
12	parameter-problem
13	timestamp-request
14	timestamp-reply
15	information-request
16	information-reply
17	mask-request
18	mask-reply
31	conversion-error
32	mobile-redirect

The table below lists the possible output characters from the ping facility:

Character	Description
!	Each exclamation point indicates receipt of a reply.
.	Each period indicates the network server timed out while waiting for a reply.
U	A destination unreachable error PDU was received.
Q	Source quench (destination too busy).
M	Could not fragment.
?	Unknown packet type.
&	Packet lifetime exceeded.

Why Can't I Ping? If you are not able to successfully ping to an address, consider these causes:
Routing Issue Here are examples of unsuccessful ping attempts, determining the problem, and what to do to resolve the problem.
This scenario is explained using the network topology diagram below:

Router1# ! ! interface Serial0 ip address 12.0.0.1 255.255.255.0 no fair-queue clockrate 64000 ! ! Router2# ! ! interface Serial0 ip address 23.0.0.2 255.255.255.0 no fair-queue clockrate 64000 ! interface Serial1 ip address 12.0.0.2 255.255.255.0 ! ! Router3# ! ! interface Serial0 ip address 34.0.0.3 255.255.255.0 no fair-queue ! interface Serial1 ip address 23.0.0.3 255.255.255.0 ! ! Router4# ! ! interface Serial0 ip address 34.0.0.4 255.255.255.0 no fair-queue clockrate 64000 ! ! Let us try to ping Router4 from Router1:
Router1#ping 34.0.0.4 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 34.0.0.4, timeout is 2 seconds: ..... Success rate is 0 percent (0/5)Let us have a closer look at what has happened:
Router1#debug ip packetIP packet debugging is on Warning: Using the debug ip packet command on a production router can cause high cpu utilization. This may result in a severe performance degradation or a network outage. We recommend that you carefully read Use the Debug Command before issuing debug commands.
Router1#ping 34.0.0.4 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 34.0.0.4, timeout is 2 seconds: Jan 20 16:00:25.603: IP: s=12.0.0.1 (local), d=34.0.0.4, len 100, unroutable.Jan 20 16:00:27.599: IP: s=12.0.0.1 (local), d=34.0.0.4, len 100, unroutable.Jan 20 16:00:29.599: IP: s=12.0.0.1 (local), d=34.0.0.4, len 100, unroutable.Jan 20 16:00:31.599: IP: s=12.0.0.1 (local), d=34.0.0.4, len 100, unroutable.Jan 20 16:00:33.599: IP: s=12.0.0.1 (local), d=34.0.0.4, len 100, unroutable.Success rate is 0 percent (0/5)Since no routing protocols are running on Router1, it does not know where to send its packet and we get an "unroutable" message.
Now let us add a static route to Router1:
Router1#configure terminalEnter configuration commands, one per line.  End with CNTL/Z. Router1(config)#ip route 0.0.0.0 0.0.0.0 Serial0We now have:
Router1#debug ip packet detailIP packet debugging is on (detailed)Router1#ping 34.0.0.4 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 34.0.0.4, timeout is 2 seconds: U.U.U Success rate is 0 percent (0/5) Jan 20 16:05:30.659: IP: s=12.0.0.1 (local), d=34.0.0.4 (Serial0), len 100, sendingJan 20 16:05:30.663:    ICMP type=8, code=0Jan 20 16:05:30.691: IP: s=12.0.0.2 (Serial0), d=12.0.0.1 (Serial0), len 56, rcvd 3Jan 20 16:05:30.695:    ICMP type=3, code=1Jan 20 16:05:30.699: IP: s=12.0.0.1 (local), d=34.0.0.4 (Serial0), len 100, sendingJan 20 16:05:30.703:    ICMP type=8, code=0Jan 20 16:05:32.699: IP: s=12.0.0.1 (local), d=34.0.0.4 (Serial0), len 100, sendingJan 20 16:05:32.703:    ICMP type=8, code=0Jan 20 16:05:32.731: IP: s=12.0.0.2 (Serial0), d=12.0.0.1 (Serial0), len 56, rcvd 3Jan 20 16:05:32.735:    ICMP type=3, code=1Jan 20 16:05:32.739: IP: s=12.0.0.1 (local), d=34.0.0.4 (Serial0), len 100, sendingJan 20 16:05:32.743:    ICMP type=8, code=0Now let us examine what is wrong on Router2:
Router2#debug ip packet detailIP packet debugging is on (detailed)Router2# Jan 20 16:10:41.907: IP: s=12.0.0.1 (Serial1), d=34.0.0.4, len 100, unroutableJan 20 16:10:41.911:    ICMP type=8, code=0Jan 20 16:10:41.915: IP: s=12.0.0.2 (local), d=12.0.0.1 (Serial1), len 56, sendingJan 20 16:10:41.919:    ICMP type=3, code=1Jan 20 16:10:41.947: IP: s=12.0.0.1 (Serial1), d=34.0.0.4, len 100, unroutableJan 20 16:10:41.951:    ICMP type=8, code=0Jan 20 16:10:43.943: IP: s=12.0.0.1 (Serial1), d=34.0.0.4, len 100, unroutableJan 20 16:10:43.947:    ICMP type=8, code=0Jan 20 16:10:43.951: IP: s=12.0.0.2 (local), d=12.0.0.1 (Serial1), len 56, sendingJan 20 16:10:43.955:    ICMP type=3, code=1Jan 20 16:10:43.983: IP: s=12.0.0.1 (Serial1), d=34.0.0.4, len 100, unroutableJan 20 16:10:43.987:    ICMP type=8, code=0Jan 20 16:10:45.979: IP: s=12.0.0.1 (Serial1), d=34.0.0.4, len 100, unroutableJan 20 16:10:45.983:    ICMP type=8, code=0Jan 20 16:10:45.987: IP: s=12.0.0.2 (local), d=12.0.0.1 (Serial1), len 56, sendingJan 20 16:10:45.991:    ICMP type=3, code=1 Router1 is correctly sending its packets to Router2, but Router2 doesn't know how to access address 34.0.0.4. Router2 sends back an "unreachable ICMP" message to Router1.
Now let's enable Routing Information Protocol (RIP) on Router2 and Router3:
Router2# router rip  network 12.0.0.0  network 23.0.0.0 Router3# router rip  network 23.0.0.0  network 34.0.0.0 Now we have:
Router1#debug ip packetIP packet debugging is onRouter1#ping 34.0.0.4 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 34.0.0.4, timeout is 2 seconds: Jan 20 16:16:13.367: IP: s=12.0.0.1 (local), d=34.0.0.4 (Serial0), len 100, sending.Jan 20 16:16:15.363: IP: s=12.0.0.1 (local), d=34.0.0.4 (Serial0), len 100, sending.Jan 20 16:16:17.363: IP: s=12.0.0.1 (local), d=34.0.0.4 (Serial0), len 100, sending.Jan 20 16:16:19.363: IP: s=12.0.0.1 (local), d=34.0.0.4 (Serial0), len 100, sending.Jan 20 16:16:21.363: IP: s=12.0.0.1 (local), d=34.0.0.4 (Serial0), len 100, sending.Success rate is 0 percent (0/5) This is slightly better. Router1 is sending packets to Router4, but is not getting any answer from Router4.
Let us see what the problem could be on Router4:
Router4#debug ip packetIP packet debugging is onRouter4# Jan 20 16:18:45.903: IP: s=12.0.0.1 (Serial0), d=34.0.0.4 (Serial0), len 100, rcvd 3Jan 20 16:18:45.911: IP: s=34.0.0.4 (local), d=12.0.0.1, len 100, unroutableJan 20 16:18:47.903: IP: s=12.0.0.1 (Serial0), d=34.0.0.4 (Serial0), len 100, rcvd 3Jan 20 16:18:47.907: IP: s=34.0.0.4 (local), d=12.0.0.1, len 100, unroutableJan 20 16:18:49.903: IP: s=12.0.0.1 (Serial0), d=34.0.0.4 (Serial0), len 100, rcvd 3Jan 20 16:18:49.907: IP: s=34.0.0.4 (local), d=12.0.0.1, len 100, unroutableJan 20 16:18:51.903: IP: s=12.0.0.1 (Serial0), d=34.0.0.4 (Serial0), len 100, rcvd 3Jan 20 16:18:51.907: IP: s=34.0.0.4 (local), d=12.0.0.1, len 100, unroutableJan 20 16:18:53.903: IP: s=12.0.0.1 (Serial0), d=34.0.0.4 (Serial0), len 100, rcvd 3Jan 20 16:18:53.907: IP: s=34.0.0.4 (local), d=12.0.0.1, len 100, unroutableRouter4 receives the ICMP packets, and tries to answer to 12.0.0.1, but because it does not have a route to this network, it simply fails.
Let us add a static route to Router4:
Router4(config)#ip route 0.0.0.0 0.0.0.0 Serial0Now it works perfectly, and both sides can access each other:
Router1#ping 34.0.0.4 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 34.0.0.4, timeout is 2 seconds: !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 32/35/36 ms Interface Down This is a situation where the interface stops working. In the example below, we try to ping Router4 from Router1:
Router1#ping 34.0.0.4 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 34.0.0.4, timeout is 2 seconds: U.U.U Success rate is 0 percent (0/5) Since the routing is fine, we will do the troubleshooting step-by-step. First, let us try to ping Router2:
Router1#ping 12.0.0.2 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 12.0.0.2, timeout is 2 seconds: !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 4/4/4 ms From the above, we see that the problem lies between Router2 and Router3. One possibility is that the serial interface on Router3 has been shut down:
Router3#show ip interface brief Serial0 34.0.0.3 YES manual up                   upSerial1 23.0.0.3 YES manual administratively down down                   This is quite simple to fix:
Router3#configure terminal Enter configuration commands, one per line.  End with CNTL/Z. Router3(config)#interface s1 Router3(config-if)#no shutdownRouter3(config-if)# Jan 20 16:20:53.900: %LINK-3-UPDOWN: Interface Serial1, changed state to up Jan 20 16:20:53.910: %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial1, changed state to up Access-list Command In this scenario, we want to allow only telnet traffic to enter Router4 through interface Serial0 .
Router4(config)# access-list 100 permit tcp any any eq telnet Router4(config)#interface s0Router4(config-if)#ip access-group 100 inRouter1#configure terminalEnter configuration commands, one per line.  End with CNTL/Z.Router1(config)#access-list 100 permit ip host 12.0.0.1 host 34.0.0.4Router1(config)#access-list 100 permit ip host 34.0.0.4 host 12.0.0.1Router1(config)#endRouter1#debug ip packet 100 IP packet debugging is onRouter1#debug ip icmpICMP packet debugging is onRefer to the Use the Debug Command section for using access lists with debug commands.
When we now try to ping Router4, we have the following:
Router1#ping 34.0.0.4 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 34.0.0.4, timeout is 2 seconds: U.U.U Success rate is 0 percent (0/5) Jan 20 16:34:49.207: IP: s=12.0.0.1 (local), d=34.0.0.4 (Serial0), len 100, sendingJan 20 16:34:49.287: IP: s=34.0.0.4 (Serial0), d=12.0.0.1 (Serial0), len 56, rcvd 3Jan 20 16:34:49.291: ICMP: dst (12.0.0.1) administratively prohibited unreachable rcv from 34.0.0.4Jan 20 16:34:49.295: IP: s=12.0.0.1 (local), d=34.0.0.4 (Serial0), len 100, sendingJan 20 16:34:51.295: IP: s=12.0.0.1 (local), d=34.0.0.4 (Serial0), len 100, sendingJan 20 16:34:51.367: IP: s=34.0.0.4 (Serial0), d=12.0.0.1 (Serial0), len 56, rcvd 3Jan 20 16:34:51.371: ICMP: dst (12.0.0.1) administratively prohibited unreachable rcv from 34.0.0.4Jan 20 16:34:51.379: IP: s=12.0.0.1 (local), d=34.0.0.4 (Serial0), len 100, sendingAt the end of an access-list command, we always have an implicit "deny all". This means that the ICMP packets that are entering the Serial 0 interface on Router4 are denied, and Router 4 sends an ICMP "administratively prohibited unreachable" message to the source of the original packet as shown in the debug message. The solution is to add the following line in the access-list command:
Router4(config)#access-list 100 permit icmp any anyAddress Resolution Protocol (ARP) Issue Here is a scenario with an Ethernet connection:

Router4#ping 100.0.0.5 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 100.0.0.5, timeout is 2 seconds: Jan 20 17:04:05.167: IP: s=100.0.0.4 (local), d=100.0.0.5 (Ethernet0), len 100, sendingJan 20 17:04:05.171: IP: s=100.0.0.4 (local), d=100.0.0.5 (Ethernet0), len 100, encapsulation failed.Jan 20 17:04:07.167: IP: s=100.0.0.4 (local), d=100.0.0.5 (Ethernet0), len 100, sendingJan 20 17:04:07.171: IP: s=100.0.0.4 (local), d=100.0.0.5 (Ethernet0), len 100, encapsulation failed.Jan 20 17:04:09.175: IP: s=100.0.0.4 (local), d=100.0.0.5 (Ethernet0), len 100, sendingJan 20 17:04:09.183: IP: s=100.0.0.4 (local), d=100.0.0.5 (Ethernet0), len 100, encapsulation failed.Jan 20 17:04:11.175: IP: s=100.0.0.4 (local), d=100.0.0.5 (Ethernet0), len 100, sendingJan 20 17:04:11.179: IP: s=100.0.0.4 (local), d=100.0.0.5 (Ethernet0), len 100, encapsulation failed.Jan 20 17:04:13.175: IP: s=100.0.0.4 (local), d=100.0.0.5 (Ethernet0), len 100, sendingJan 20 17:04:13.179: IP: s=100.0.0.4 (local), d=100.0.0.5 (Ethernet0), len 100, encapsulation failed.Success rate is 0 percent (0/5)Router4# In this example, the ping is not working due to "encapsulation failed". This means that the router knows on which interface it has to send the packet, but does not know how to do it. In this case, you need to understand how Address Resolution Protocol (ARP) works. See Configuring Address Resolution Methods for a detailed explanation.
Basically, ARP is a protocol used to map the Layer 2 address (MAC address) to a Layer 3 address (IP address). You can check this mapping using the show arp command:
Router4#show arp Protocol  Address       Age (min)  Hardware Addr Type InterfaceInternet  100.0.0.4             - 0000.0c5d.7a0d  ARPA Ethernet0Internet  100.0.0.1             10 0060.5cf4.a955  ARPA Ethernet0Return to the "encapsulation failed" problem. We get a better idea of the problem using this debug command:
Router4#debug arp ARP packet debugging is on Router4#ping 100.0.0.5 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 100.0.0.5, timeout is 2 seconds: Jan 20 17:19:43.843: IP ARP: creating incomplete entry for IP address: 100.0.0.5 interface Ethernet0Jan 20 17:19:43.847: IP ARP: sent req src 100.0.0.4 0000.0c5d.7a0d,                dst 100.0.0.5 0000.0000.0000 Ethernet0.Jan 20 17:19:45.843: IP ARP: sent req src 100.0.0.4 0000.0c5d.7a0d,                dst 100.0.0.5 0000.0000.0000 Ethernet0.Jan 20 17:19:47.843: IP ARP: sent req src 100.0.0.4 0000.0c5d.7a0d,                dst 100.0.0.5 0000.0000.0000 Ethernet0.Jan 20 17:19:49.843: IP ARP: sent req src 100.0.0.4 0000.0c5d.7a0d,                dst 100.0.0.5 0000.0000.0000 Ethernet0.Jan 20 17:19:51.843: IP ARP: sent req src 100.0.0.4 0000.0c5d.7a0d,                dst 100.0.0.5 0000.0000.0000 Ethernet0.Success rate is 0 percent (0/5)The above output shows that Router4 is broadcasting packets by sending them to the Ethernet broadcast address FFFF.FFFF.FFFF. Here, the 0000.0000.0000 means that Router4 is looking for the MAC address of the destination 100.0.0.5. Since it does not know the MAC address during the ARP request in this example, it uses 0000.0000.000 as a placeholder in the broadcast frames sent out of interface Ethernet 0, asking which MAC address corresponds to 100.0.0.5. If we do not get an answer, the corresponding address in the show arp output is marked as incomplete:
Router4#show arp Protocol  Address       Age (min)  Hardware Addr Type InterfaceInternet  100.0.0.4             - 0000.0c5d.7a0d  ARPA Ethernet0Internet  100.0.0.5             0 Incomplete    ARPAInternet  100.0.0.1             2 0060.5cf4.a955  ARPA Ethernet0After a predetermined period, this incomplete entry is purged from the ARP table. As long as the corresponding MAC address is not in the ARP table, the ping fails as a result of "encapsulation failed".
Delay By default, if you do not receive an answer from the remote end within two seconds, the ping fails:
Router1#ping 12.0.0.2 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 12.0.0.2, timeout is 2 seconds: ..... Success rate is 0 percent (0/5) On networks with a slow link or a long delay, two seconds are not enough. You can change this default using an extended ping:
Router1#ping Protocol [ip]: Target IP address:  12.0.0.2 Repeat count [5]: Datagram size [100]: Timeout in seconds [2]: 30 Extended commands [n]: Sweep range of sizes [n]: Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 12.0.0.2, timeout is 30 seconds: !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 1458/2390/6066 ms In the example above, increasing the timeout has led to a successful ping.
Note: The average round-trip time is more than two seconds.
Correct Source Address Here is an example of a typical situation:

We add a LAN interface on Router1:
Router1(config)#interface e0Router1(config-if)#ip addressRouter1(config-if)#ip address 20.0.0.1 255.255.255.0 From a station on the LAN, you can ping Router1. From Router1 you can ping Router2. But from a station on the LAN, you cannot ping Router2.
From Router1, you can ping Router2 because, by default, you use the IP address of the outgoing interface as the source address in your ICMP packet. Router2 has not information about this new LAN. If it has to reply to a packet coming from this network, it does not know how to handle it.
Router1#debug ip packetIP packet debugging is onWarning: Using the debug ip packet command on a production router can cause high cpu utilization. This may result in a severe performance degradation or a network outage. We recommend that you carefully read Use the Debug Command before issuing debug commands.
Router1#ping 12.0.0.2 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 12.0.0.2, timeout is 2 seconds: !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 4/7/9 ms Router1# Jan 20 16:35:54.227: IP: s=12.0.0.1 (local), d=12.0.0.2 (Serial0), len 100, sendingJan 20 16:35:54.259: IP: s=12.0.0.2 (Serial0), d=12.0.0.1 (Serial0), len 100, rcvd 3The output example above works because the source address of the packet we are sending is s=12.0.0.1. If we want to simulate a packet coming from the LAN, we have to use an extended ping:
Router1#ping Protocol [ip]: Target IP address: 12.0.0.2 Repeat count [5]: Datagram size [100]: Timeout in seconds [2]: Extended commands [n]: y Source address or interface: 20.0.0.1 Type of service [0]: Set DF bit in IP header? [no]: Validate reply data? [no]: Data pattern [0xABCD]: Loose, Strict, Record, Timestamp, Verbose[none]: Sweep range of sizes [n]: Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 12.0.0.2, timeout is 2 seconds: Jan 20 16:40:18.303: IP: s=20.0.0.1 (local), d=12.0.0.2 (Serial0), len 100, sending.Jan 20 16:40:20.303: IP: s=20.0.0.1 (local), d=12.0.0.2 (Serial0), len 100, sending.Jan 20 16:40:22.303: IP: s=20.0.0.1 (local), d=12.0.0.2 (Serial0), len 100, sending.Jan 20 16:40:24.303: IP: s=20.0.0.1 (local), d=12.0.0.2 (Serial0), len 100, sendingJan 20 16:40:26.303: IP: s=20.0.0.1 (local), d=12.0.0.2 (Serial0), len 100, sending.Success rate is 0 percent (0/5) This time, the source address is 20.0.0.1, and it is not working! We are sending our packets, but we are not receiving anything. To fix this issue, we simply have to add a route to 20.0.0.0 in Router2.
The basic rule is that the pinged device should also know how to send the reply to the source of the ping.
The Traceroute Command The traceroute command is used to discover the routes that packets actually take when traveling to their destination. The device (for example, a router or a PC) sends out a sequence of User Datagram Protocol (UDP) datagrams to an invalid port address at the remote host.
Three datagrams are sent, each with a Time-To-Live (TTL) field value set to one. The TTL value of 1 causes the datagram to "timeout" as soon as it hits the first router in the path; this router then responds with an ICMP Time Exceeded Message (TEM) indicating that the datagram has expired.
Another three UDP messages are now sent, each with the TTL value set to 2, which causes the second router to return ICMP TEMs. This process continues until the packets actually reach the other destination. Since these datagrams are trying to access an invalid port at the destination host, ICMP Port Unreachable Messages are returned, indicating an unreachable port; this event signals the Traceroute program that it is finished.
The purpose behind this is to record the source of each ICMP Time Exceeded Message to provide a trace of the path the packet took to reach the destination. For all the options about this command, see Trace (privileged).
Router1#traceroute 34.0.0.4 Type escape sequence to abort. Tracing the route to 34.0.0.4 1 12.0.0.2 4 msec 4 msec 4 msec 2 23.0.0.3 20 msec 16 msec 16 msec 3 34.0.0.4 16 msec *  16 msec Jan 20 16:42:48.611: IP: s=12.0.0.1 (local), d=34.0.0.4 (Serial0), len 28, sendingJan 20 16:42:48.615:    UDP src=39911, dst=33434Jan 20 16:42:48.635: IP: s=12.0.0.2 (Serial0), d=12.0.0.1 (Serial0), len 56, rcvd 3Jan 20 16:42:48.639:    ICMP type=11, code=0                   !--- ICMP Time Exceeded Message from Router2.Jan 20 16:42:48.643: IP: s=12.0.0.1 (local), d=34.0.0.4 (Serial0), len 28, sendingJan 20 16:42:48.647:    UDP src=34237, dst=33435Jan 20 16:42:48.667: IP: s=12.0.0.2 (Serial0), d=12.0.0.1 (Serial0), len 56, rcvd 3Jan 20 16:42:48.671:    ICMP type=11, code=0Jan 20 16:42:48.675: IP: s=12.0.0.1 (local), d=34.0.0.4 (Serial0), len 28, sendingJan 20 16:42:48.679:    UDP src=33420, dst=33436Jan 20 16:42:48.699: IP: s=12.0.0.2 (Serial0), d=12.0.0.1 (Serial0), len 56, rcvd 3Jan 20 16:42:48.703:    ICMP type=11, code=0This is the first sequence of packets we send with a TTL=1. The first router, in this case Router2 (12.0.0.2), drops the packet, and sends back to the source (12.0.0.1) a type=11 ICMP message. This corresponds to the Time Exceeded Message.
Jan 20 16:42:48.707: IP: s=12.0.0.1 (local), d=34.0.0.4 (Serial0), len 28, sendingJan 20 16:42:48.711:    UDP src=35734, dst=33437Jan 20 16:42:48.743: IP: s=23.0.0.3 (Serial0), d=12.0.0.1 (Serial0), len 56, rcvd 3 Jan 20 16:42:48.747:    ICMP type=11, code=0       !--- ICMP Time Exceeded Message from Router3.Jan 20 16:42:48.751: IP: s=12.0.0.1 (local), d=34.0.0.4 (Serial0), len 28, sendingJan 20 16:42:48.755:    UDP src=36753, dst=33438Jan 20 16:42:48.787: IP: s=23.0.0.3 (Serial0), d=12.0.0.1 (Serial0), len 56, rcvd 3Jan 20 16:42:48.791:    ICMP type=11, code=0Jan 20 16:42:48.795: IP: s=12.0.0.1 (local), d=34.0.0.4 (Serial0), len 28, sendingJan 20 16:42:48.799:    UDP src=36561, dst=33439Jan 20 16:42:48.827: IP: s=23.0.0.3 (Serial0), d=12.0.0.1 (Serial0), len 56, rcvd 3Jan 20 16:42:48.831:    ICMP type=11, code=0The same process occurs for Router3 (23.0.0.3) with a TTL=2:
Jan 20 16:42:48.839: IP: s=12.0.0.1 (local), d=34.0.0.4 (Serial0), len 28, sendingJan 20 16:42:48.843:    UDP src=34327, dst=33440Jan 20 16:42:48.887: IP: s=34.0.0.4 (Serial0), d=12.0.0.1 (Serial0), len 56, rcvd 3Jan 20 16:42:48.891:    ICMP type=3, code=3!--- Port Unreachable message from Router4.                   Jan 20 16:42:48.895: IP: s=12.0.0.1 (local), d=34.0.0.4 (Serial0), len 28, sendingJan 20 16:42:48.899:    UDP src=37534, dst=33441Jan 20 16:42:51.895: IP: s=12.0.0.1 (local), d=34.0.0.4 (Serial0), len 28, sendingJan 20 16:42:51.899:    UDP src=37181, dst=33442Jan 20 16:42:51.943: IP: s=34.0.0.4 (Serial0), d=12.0.0.1 (Serial0), len 56, rcvd 3Jan 20 16:42:51.947:    ICMP type=3, code=3With a TTL=3, we finally reach Router4. This time, since the port is not valid, Router4 sends back to Router1 an ICMP message with type=3, a Destination Unreachable Message, and code=3 meaning port unreachable.
The table below lists the characters that can appear in the traceroute command output.
IP Traceroute Text Characters
Character
Description
nn msec
For each node, the round-trip time in milliseconds for the specified number of probes
*
The probe timed out
A
Administratively prohibited (example, access-list)
Q
Source quench (destination too busy)
I
User interrupted test
U
Port unreachable
H
Host unreachable
N
Network unreachable
P
Protocol Unreachable
T
Timeout
?
Unknown packet type
Performance Using the ping and traceroute commands, we obtain the round-trip time (RTT). This is the time required to send an echo packet, and get an answer back. This can be useful to have a rough idea of the delay on the link. However, these figures are not precise enough to be used for performance evaluation.
When a packet destination is the router itself, this packet has to be process-switched. The processor has to handle the information from this packet, and send an answer back. This is not the main goal of a router. By definition, a router is built to route packets. Answering a ping is offered as a best-effort service.
To illustrate this, here is an example of a ping from Router1 to Router2:
Router1#ping 12.0.0.2 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 12.0.0.2, timeout is 2 seconds: !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 4/4/4 ms  The RTT is approximately four milliseconds. After you enable some process-intensive features on Router2, try to ping Router2 from Router1.
Router1#ping 12.0.0.2 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 12.0.0.2, timeout is 2 seconds: !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 24/25/28 msThe RTT has dramatically increased here. Router2 is quite busy, and answering the ping is not its main priority.
A better way to test router performance is with traffic going through the router:

The traffic is then fast-switched, and is handled by the router with the highest priority. To illustrate this, let us go back to our basic network:

Let us ping Router3 from Router1:
Router1#ping 23.0.0.3 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 23.0.0.3, timeout is 2 seconds: !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 32/32/32 ms The traffic is going through Router2, and is now fast-switched.
Now let us enable the process-intensive feature on Router2:
Router1#ping 23.0.0.3 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 23.0.0.3, timeout is 2 seconds: !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 32/32/36 msThere is almost no difference. This is because, on Router2, the packets are now handled at interrupt level.
Use the Debug Command Before issuing debug commands, please see Important Information on Debug Commands.
The different debug commands we have used so far gives us an insight into what happens when we use a ping or traceroute command. They can also be useful for troubleshooting. However, in a production environment, debugs should be used with caution. If your CPU is not powerful, or if you have a lot of process-switched packets, they can easily stall your device. There are a couple of ways to minimize the impact of the debug command on the router. One way is to use access lists to narrow down the specific traffic that you want to monitor. Here is an example:
Router4#debug ip packet ?   <1-199>    Access list <1300-2699>  Access list (expanded range) detail    Print more debugging detail Router4#configure terminalRouter4(config)#access-list 150 permit ip host 12.0.0.1 host 34.0.0.4 Router4(config)#^Z Router4#debug ip packet 150 IP packet debugging is on for access list 150 Router4#show debug Generic IP: IP packet debugging is on for access list 150 Router4#show access-list Extended IP access list 150    permit ip host 12.0.0.1 host 34.0.0.4 (5 matches) With this configuration, Router4 only prints the debug message that matches the access-list 150. A ping coming from Router1 causes the following message to be displayed:
Router4# Jan 20 16:51:16.911: IP: s=12.0.0.1 (Serial0), d=34.0.0.4 (Serial0), len 100, rcvd 3Jan 20 16:51:17.003: IP: s=12.0.0.1 (Serial0), d=34.0.0.4 (Serial0), len 100, rcvd 3Jan 20 16:51:17.095: IP: s=12.0.0.1 (Serial0), d=34.0.0.4 (Serial0), len 100, rcvd 3Jan 20 16:51:17.187: IP: s=12.0.0.1 (Serial0), d=34.0.0.4 (Serial0), len 100, rcvd 3Jan 20 16:51:17.279: IP: s=12.0.0.1 (Serial0), d=34.0.0.4 (Serial0), len 100, rcvd 3We no longer see the answer from Router4 because, these packets do not match the access-list. To see them, we should add the following:
Router4(config)#access-list 150 permit ip host 12.0.0.1 host 34.0.0.4 Router4(config)#access-list 150 permit ip host 34.0.0.4 host 12.0.0.1 We then have:
Jan 20 16:53:16.527: IP: s=12.0.0.1 (Serial0), d=34.0.0.4 (Serial0), len 100, rcvd 3Jan 20 16:53:16.531: IP: s=34.0.0.4 (local), d=12.0.0.1 (Serial0), len 100, sendingJan 20 16:53:16.627: IP: s=12.0.0.1 (Serial0), d=34.0.0.4 (Serial0), len 100, rcvd 3Jan 20 16:53:16.635: IP: s=34.0.0.4 (local), d=12.0.0.1 (Serial0), len 100, sendingJan 20 16:53:16.727: IP: s=12.0.0.1 (Serial0), d=34.0.0.4 (Serial0), len 100, rcvd 3Jan 20 16:53:16.731: IP: s=34.0.0.4 (local), d=12.0.0.1 (Serial0), len 100, sendingJan 20 16:53:16.823: IP: s=12.0.0.1 (Serial0), d=34.0.0.4 (Serial0), len 100, rcvd 3Jan 20 16:53:16.827: IP: s=34.0.0.4 (local), d=12.0.0.1 (Serial0), len 100, sendingJan 20 16:53:16.919: IP: s=12.0.0.1 (Serial0), d=34.0.0.4 (Serial0), len 100, rcvd 3Jan 20 16:53:16.923: IP: s=34.0.0.4 (local), d=12.0.0.1 (Serial0), len 100, sendingAnother way of minimizing the impact of the debug command is to buffer the debug messages and show them using the show log command once the debug has been turned off:
Router4#configure terminalRouter4(config)#no logging console Router4(config)#logging buffered 5000 Router4(config)#^Z Router4#debug ip packet IP packet debugging is on Router4#ping 12.0.0.1 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 12.0.0.1, timeout is 2 seconds: !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 36/36/37 ms Router4#undebug all All possible debugging has been turned off Router4#show log Syslog logging: enabled (0 messages dropped, 0 flushes, 0 overruns)    Console logging: disabled    Monitor logging: level debugging, 0 messages logged    Buffer logging: level debugging, 61 messages logged    Trap logging: level informational, 59 message lines logged Log Buffer (5000 bytes):  Jan 20 16:55:46.587: IP: s=34.0.0.4 (local), d=12.0.0.1 (Serial0), len 100, sendingJan 20 16:55:46.679: IP: s=12.0.0.1 (Serial0), d=34.0.0.4 (Serial0), len 100, rcvd 3As you can see, the ping and traceroute commands are very helpful utilities that you can use to troubleshoot network access problems. They are also very easy to use. As these two commands are the most widely used commands by network engineers, understanding them is very crucial for troubleshooting network connectivity.
NetPro Discussion Forums - Featured Conversations Networking Professionals Connection is a forum for networking professionals to share questions, suggestions, and information about networking solutions, products, and technologies. The featured links are some of the most recent conversations available in this technology.

TCP/IP��ѧϰ�ʼ�(14)-TCP��ӵ�δ��

��TCP�ճ��ʱ��Ҫ��̫��SLIP֮��ĵ��硣��Ÿ��ĳ��֣��TCPЭ��Ч�ʸ��ߵ�Ҫ��С�Ϊ�ˣ�TCP��Ҫ��Ӧ��ڵı仯��

·��MTU��֡�
��ѡ��ʱ��
T/TCP(��ܵ�TCPЭ��)��
1.·��MTU��
��˼��·��MTUָ��Դ��Ĺ��֮��·��Ŀɴ��Ԫ�Ĵ�С��ԭ��ͬ��ʹ��˲��Ƭ��IP��ݱ��ȴ�ICMP��MTU�Ĵ�С��е�P257��TCP��θ��ICMP�ı��޸��Լ��MTU��£�
��Դ��յ��µ�ICMP��ʱ��ֱ��޸��Լ��ͱ��Ķδ�СΪ��ICMP��ĵķ��Ͷ˵�MTU��IPͷ��TCPͷ�Ĳ�ֵ��
��Դ��յ��µ�ICMP��ʱ��볢��һ��MTU��ֲ�ͬ��豸��һ��MTU��MTU�Ӵ�СΪ"65535,17914,4464,4352,1500,1492,576,296"��
��Ϊ·�ɿ��Զ�̬�仯��ÿ��10��ӣ��Ͷ˾Ϳ��ñȽϴ�ı��һ��·��MTU��
2.��ʹܵ�
��ν����ʹܵ���˵�ľ��Ƿ��ʱ�ӳ��Ĺܵ��һ��ı�׼��ʱ��硰�ֳ��ַʡ��ô��ʾͻ��ȵĽ��ͣ��ͨ�ļ�ʱ��ʹ��Ͳ��ˡ��Ҫ��Ĵ�ʩ��ֲ��ȱ�ݡ��ʱ��ʹ��ѡ���Щ��ھ��TCPЭ��ͷ֮�ⶨ��չѡ���ʽ��:

2.1.ʱ��ѡ��
�û��ڷ��ÿһ��TCP��ĵ�ʱ�򶼷��һ��ʱ��ܷ��ȷ��з��ʱ��ֵ��ͷ��Ϳ��Ը��ʱ��RTT��Ӷ�ʹ��RTT��Ӿ�ȷ��ٲ��Ҫ��ش��ĸ��ء�
2.2.��ѡ��
��ֵ��Ϊʲô��չ��ֻ��14��64��Ϊ�Ͼ��ѡ��һ��ֽ��ô��ݿ��ã��ô��Ǽ�סΪ�á��ѡ��ô��2��30�η��ͼ��Ľ��˷ʹܵ��⡣

TCP/IP��ѧϰ�ʼ�(13)-TCP��ֶ�ʱ��TCP��ʱ��

TCPһ��ĸ��Ҫ�Ķ�ʱ��ǰ��Ѿ��һ��ʱ��ʱ��TCP���ӵ�һ��ǣ�

��ֶ�ʱ��
��ʱ��
2MSL��ʱ��
��м�ֶ�ʱ��ڷ�ֹͨ�洰��Ϊ0�Ժ�˫��ȴ��ʱ��ڴ��뿪��
1.��ֶ�ʱ��
��ֶ�ʱ��ԭ��Ǽ򵥵ģ��TCP��յ��˿ͻ��˵�0��ڱ��ĵ�ʱ�򣬾��һ��ʱ��ʱ��ڶ�ʱ��ʱ��ͻ��˲�ѯ��
�Ƿ��Ѿ��õ��Ĵ��ھ��¿�ʼ��ݣ��õ�0��ھ��ٿ�һ��µĶ�ʱ��׼��һ�β�ѯ��ͨ��۲��Ե�֪��TCP�ļ�ֶ�ʱ��ʹ��
1��2��4��8��16��64��ָͨ��˱��Ϊÿһ�ε��ʱ�䡣
��Ϳ��ۺ�֢
TCP�Ĵ��Э�飬��һ��ͨ��Ϳ��ۺ�֢��⣬��Ϊ��ͻ��ͨ��һ��С�ķ��㴰��ʱ��̷��С��ݸ��ͻ��˲��
��һ��ȥ�ͻ��г��СTCP��ݱ��Ӷ�Ӱ��ʡ��ڷ��ͷ��ͽ��ն˵��ֺ�Ϳ��Ϊ��TCP��һЩ��飨��ǹ涨��
��շ��ͨ��С��ڡ�ͨ��㷨�ǽ��շ��ͨ��һ��ȵ�ǰ��ڴ�Ĵ��ڣ��Ϊ0��
��Ǵ��ڿ��һ��Ķδ�С��Ҳ��ǽ�Ҫ��յ�MSS��߿��ӽ��շ��ռ�
��һ�룬��ʵ��ж��١�
��ͷ��ֺ�Ϳ��ۺ�֢�Ĵ�ʩ��ֻ��֮һ��ʱ�ŷ��ݣ� ( a )��
�Է��һ��ȵı��ĶΣ� ( b )��Է��ǽ��շ�ͨ�洰�ڴ�Сһ��ı��ĶΣ� ( c )��
��κ��ݲ��Ҳ�ϣ��ACK��Ҳ��˵��û�л�δ��ȷ�ϵ��ݣ��߸��
��ʹ��Nagle�㷨��
ok��ǻ��һ�£��Է��TCP�ĺܶ�涨��Ϊ��һ�δ��з��;��ݣ��Ӵ�ACK��ݱ��ĵĲ��ԣ�Nagle�㷨��ش�ʱ��Ͱ��ԭ��ݱ��ĵĲ��ԣ��ȵȡ�
2.��ʱ��
��ʱ��ӵļ򵥣��ǵ�FTP��Http��Sesstion
Time��ô��ΪTCP��ӵģ��Ծͻ��ֻ��Ӳ��ݵġ��뿪��ӡ��ȻҪ��⵽��Ӳ��ĳЩ��ͷ��ӣ��
��Ǳ��ʱ��á��ʱ�޸��ݷ��ʵ�ֲ�ͬ��ͨ��Ҫ�ᵽ��ǣ��һ��£��յ��öˡ�ǰ��ı��̽�죬��
Ҫ��һ��RST��ݱ��İ��һ�˽��

TCP/IP��ѧϰ�ʼ�(12)-TCP�ĳ�ʱ��ش�

��ʱ�ش��TCPЭ�鱣֤��ݿɿ��Ե��һ��Ҫ��ƣ��ԭ��ڷ��ĳһ��Ժ�Ϳ��һ��ʱ��һ��ʱ��û�еõ��͵��ݱ��ACK��ģ��ô��·��ݣ�ֱ��ͳɹ�Ϊֹ��
1.��ʱ
��ʱʱ��ļ��ǳ�ʱ�ĺ��Ĳ��֣�TCPҪ��㷨�ܴ��¹��Ƴ��ǰ��״��Ȼ��ȷʵ��ѡ�Ҫ��ȷ��ԭ��(1)��ʱ��û��ʲ��ߡ�(2)��ʱ̫�̻��ɶ��ش��ʹ��ԣ��и��һ������ʽ��ı�֤��ʱ��׼ȷ�Ĵ�ʩ��
1.1.��ƹ�ʽ��˵
��TCP��һ��ǳ��򵥵Ĺ�ʽ��Ƶ�ǰ��״��
R RTP=Rb
��a��һ��ϵ��Ϊ0.1��bͨ��Ϊ2��ע�⣬��Ǿ��飬û��Ƶ��̣��ֵ�ǿ��Ա��޸ĵġ��ʽ��˵�þɵ�RTT(R)��µ�
RTT(M)�ۺϵ�һ��µ�RTT(R)�Ĵ�С��ǣ��ֿ��ֹ��仯�ܴ��ȫ��ķ�Ӧ
��Jacoboson˵�ģ��ż˵�ģ��Ǻǣ��Ǿ��ʽ��
Err=M-A A D RTO=A+4D
��Ľ��뿴��228ҳ��ƹ�ʽ��ѷ��ͳ�Ƹ��Ҳʹ��˽��ʹ��ƫ��ӵ�С��ң��Ҫָ��ǣ��鹫ʽ��£��
��ݳɹ��²Ž��У��ڷ��´��£��ʹ��Ĺ�ʽ��ƣ��ɺܼ򵥣��Ϊ��Ѿ��״̬��ˣ��Ƴ��
Ҳ��û��ġ�
1.2.RTO�ĳ�ʼ��
RTO�ĳ�ʼ��ɹ�ʽ��ģ��Ĺ�ʽ��ʼ��ֵӦ��1��ʽ��ʼRTOӦ��A+4D��
1.3.RTO�ĸ��
��£��Ǿͻ��Ĺ�ʽ��¸��ݣ��ؿ��ʱ��֤��һ��ݱ�˳��䡣Ҫע��ǣ��ش��£�RTO��Ĺ�ʽ��㣬��һ�ֽ��ָ��˱ܡ��ķ�ʽ����磺��RTOΪ1S��£��ش��Ǿ��RTO=2S�Ķ�ʱ��´��ݣ��һ��4S��һֱ��ӵ�64SΪֹ��
1.4.��ĳ�ʼ��
��SYN�õĹ��ʼ��ƺ��ʹ��õĹ��һ��Ҳû�а��գ��ҵ��⣬��ʽ�У�SYN��£�A��ʼ��Ϊ0,D��ʼ��Ϊ3S��
��ڵõ��һ��ݵ�ACK��ʱ��Ӧ�ð��Ĺ�ʽ��г�ʼ��
A=M+0.5 D=A/2
1.5.��ĸ��
��۲�࣬��£��Ĺ�ʽ��㣬��ش��£���¹��ĸ��ֲ��ԭ��Ϊ��Ʋ�׼ȷ��
1.6.Karn�㷨
�ⲻ��һ��㷨��Ӧ��һ��ԣ�˵�ľ��Ǹ��RTO�͹��ֵ��ʱ��ѡ��⣬1.3.��1.5.��˵�ø��ʱ��Karn�㷨��
1.7.��ʱ��ʹ��
��仰:

һ��У��ҽ��һ��ʱ��ʹ�á�Ҳ��˵��TCP��3��ݣ�ֻ��һ��ݻᱻ��
ACK��ݱ��ᱻ��ԭ��ܼ򵥣�û��ACK��ACK��Ӧ��Թ��ʱ��
2.�ش�
��˳�ʱ��Ҫ��ش��Ǿ��ش�Ҳ��в��Եģ��ǽ��ݼ򵥵ķ��͡�
2.1.�ش�ʱ��ݵĴ�С
ǰ��ᵽ��ڴ��ʱ��ֻʹ��һ��Э�飬��ǻ��Ҫ��һ��ӵ��ݵ��ʹ��ݲ��һ��Ӷ��ܵ��·��ӵ��
��Ҳ��ᵽ��ӵ��ʹ��ָ��ٶ��Ĵ��ڣ�ֱ��ʱ�ش��ٽ��һ��΢��û��ᵽ��ν��΢��ӵ��㷨��
��޾��Ϊ�˶��
��ν��޾��˵��ӵ��ڳ��޵�ʱ�򣬾�ʹ��ӵ��㷨��ھͲ��㷨��׼�Ž������ͨ��ӵ��ڼ��cwnd��޼��ssthresh��ӵ��ôһ��
�㷨��Ҫ(ֱ�Ӵ��п��)
��һ��ӣ��ʼ��cwndΪ1��ĶΣ�ssthreshΪ65535��ֽڡ�
TCP��̵��ܳ��cwnd�ͽ��շ�ͨ�洰�ڵĴ�С��ӵ��Ƿ��ͷ�ʹ�� ƣ��ͨ�洰��ǽ��շ��е��ơ�ǰ��Ƿ��ͷ��ܵ��ӵ��Ĺ� �ƣ��շ��ڸ��ϵĿ��û��С�йء�
��ӵ��ʱ��ʱ��յ��ظ�ȷ�ϣ��ssthresh��Ϊ��ǰ��ڴ�С��һ�루cwnd �ͽ��շ�ͨ�洰�ڴ�С��Сֵ��Ϊ2��ĶΣ��⣬��ǳ�ʱ��ӵ�� cwnd��Ϊ1��ĶΣ��
��
�µ��ݱ��Է�ȷ��ʱ��cwnd��ӵķ��Ƿ��ڽ��
��ӵ��⡣��cwndС�ڻ��ssthresh��ڽ��ڽ��ӵ��⡣
��һֱ��ǻص��ӵ��ʱ��λ�õİ�ʱ��ֹͣ��Ϊ��Ǽ�¼��ڲ��2 �и��鷳�Ĵ��ڴ�С��һ�룩��Ȼ��תΪִ��ӵ��⡣
��ӵ��⹫ʽ��P238ҳ��뵽��Ĺ��̡�
2.2.��ش��Ϳ��ٻָ��㷨
��ݶ��¸��һ��޲��ơ�һ��˵��ش��ڳ�ʱ֮�󣬵��Ͷ˽��ܵ�3��ϵ��ظ�ACK��£��Ӧ��ʶ��ݶ��ˣ��Ҫ��´��ݡ��ǲ��Ҫ�ȵ��ش��ʱ��ģ��Խ����ش���´��Ժ��Ϊ�ߵĲ������ӵ��㷨��ֽ����ٻָ��㷨��£�
��յ��3��ظ��ACKʱ��ssthresh��Ϊ��ǰӵ��cwnd��һ�롣�ش��ʧ�� ĶΡ��cwndΪssthresh��3��ı��Ķδ�С��
ÿ��յ��һ��ظ��ACKʱ�� cwnd��1��Ķδ�С��1��飨��µ� cwnd��ͣ��
��
��һ��ȷ��ݵ�ACK��ʱ��cwndΪssthresh��ڵ�1��õ�ֵ��
ACKӦ��ڽ��ش��һ��ʱ��ڶԲ��1��ش��ȷ�ϡ��⣬��ACKҲӦ��
�ǶԶ�ʧ�ķ��յ��ĵ�1��ظ��ACK֮��м䱨�Ķε�ȷ�ϡ��һ��õ��ӵ ��⣬��Ϊ��鶪ʧʱ��ǽ��ǰ��ʼ��롣
2.3.ICMP��´��ô��
��ǣ�����TCP��Լ��Ķ�ʱ��TCP�ᱣ��ICMP�Ĵ��֪ͨ�û��
2.4.��·��
TCPΪ��Լ��Ч�ʣ��´��ʱ��ֻҪ��ش��ݱ��ĵı��ľͿ��ԣ��ֻ�ش��Ҫ��ı��ġ�

TCP/IP��ѧϰ�ʼ�(10)-TCP��ӵĽ��ֹ

TCP��һ��ӵ�Э�飬��˫��֮ǰ��Ҫ��Ƚ��һ��ӡ��ǰ�潲��Э��ȫ��ͬ��ǰ�潲��Э�鶼ֻ�Ƿ��
��ѣ��ķ��͵��ǲ��͵��UDP��ԣ��ӱ�̵ĽǶ��˵��UDP��ҲҪ�򵥵Ķ�----UDP��ÿ��ݷ�Ƭ��
��telnet��½�˳��TCPЭ��ӵĽ��ֹ�Ĺ��̣��Կ��TCP��ӵĽ��Լ򵥵ĳ�Ϊ����ӵ��ֹ��Խ���Ĵ����
1.��ӵĽ��
�ڽ��ӵ�ʱ�򣬿ͻ��ĳһ��˿�(��SYN�ε��1��TCP��)��Ȼ��˷��һ��ACK��֪ͨ�ͻ��
��ͻ��յ�ȷ�ϱ��Ժ��ٴη��ȷ�ϱ��ȷ�ϸղŷ��˷��ȷ�ϱ��ģ��ƿ�ô��ˣ��ӵĽ��ɡ��ͽ��֡��˫��
׼��Ļ��һ��Ҫ��α��ģ��ֻ��Ҫ��α��ľͿ��ˡ�
��ټ��TCP�ĳ�ʱ�ش��ƣ��ôTCP��ȫ��Ա�֤һ��ݰ��͵�Ŀ�ĵء�
2.��
TCP��һ��ر�ĸ��half-close��˵��TCP��ȫ˫��ͬʱ��ͺͽ��գ��ӣ��ڹر�
��ӵ�ʱ�򣬱��رմ��ϵ��ӡ��ͻ��һ��FINΪ1��TCP��ģ�Ȼ��ظ��ͻ��һ��ȷ��ACK��ģ��ҷ��һ��
FIN��ģ��ͻ��ظ�ACK��ĺ��Ĵ��֣��Ӿͽ��ˡ�
3.��ĳ��
�ڽ��ӵ�ʱ��ͨ�ŵ�˫��Ҫ��ȷ�϶Է��ĳ��(MSS)��Ա�ͨ�š�һ��SYN��MTU��ȥ�̶�IP�ײ��TCP�ײ��ȡ�
��һ��̫��һ��Դﵽ1460�ֽڡ��Ȼ��ڷǱ��ص�IP��MSS��ܾ�ֻ��536�ֽڣ��ң��м�Ĵ��MSS��ѵ�С��
��ֵ��ø�С��
4.TCP��״̬Ǩ��ͼ
��P182ҳ��TCP��״̬ͼ��һ��Ƚϸ��ӵ�״̬Ǩ��ͼ��Ϊ��---��״̬Ǩ�ƺͿͻ��˵�״̬Ǩ�ƣ��
ĳһ��Ƕȳ��ͼ��ͻ��࣬��ķ��Ϳͻ��˶��Ǿ��Եģ��ݵľ��ǿͻ��ˣ��ݵľ��Ƿ��
4.1.�ͻ��Ӧ�ó��״̬Ǩ��ͼ
�ͻ��˵�״̬��µ��ʾ��
CLOSED->SYN_SENT->ESTABLISHED->FIN_WAIT_1->FIN_WAIT_2->TIME_WAIT->CLOSED
��ڳ��Ӧ��е��̣��е�ͼ�п��Կ��ڽ��ʱ��ͻ��յ�SYN��ĵ�ACK�Ժ󣬿ͻ��˾ʹ��ݽ��
��ӡ��ͨ��ǿͻ��ģ��ͻ��˽��Ӧ�ó��Ժ��Ҫ��FIN_WAIT_1��FIN_WAIT_2��״̬��Щ״̬��Ǩ�ƾ��ǰ
��ᵽ�Ľ��ӵ��Ĵ��֡�
4.2.��״̬Ǩ��ͼ
��״̬��µ��ʾ��
CLOSED->LISTEN->SYN�յ�->ESTABLISHED->CLOSE_WAIT->LAST_ACK->CLOSED
�ڽ��ӵ�ʱ�򣬷��ڵ��֮��Ž��ݽ��״̬��ر��ڹر��ӵĵڶ��Ժ�ע�ⲻ�ǵ��ĴΣ��ر��Ժ�Ҫ�ȴ��ͻ��˸��ACK��ܽ��ʼ��״̬��
4.3.��״̬Ǩ��
��е�ͼ��һЩ��״̬Ǩ�ƣ��Щ״̬Ǩ��Է��Ϳͻ��ܽ��

LISTEN->SYN_SENT��;ͺܼ��ˣ��ʱ��ҲҪ��ӵ��
SYN_SENT->SYN�յ��Ϳͻ��SYN_SENT״̬��յ�SYN��ݱ��Ҫ��SYN��ACK��ݱ��Լ��״̬��SYN�յ�״̬��׼��ESTABLISHED
SYN_SENT->CLOSED��ڷ��ͳ�ʱ��£��᷵�ص�CLOSED״̬��
SYN_�յ�->LISTEN��ܵ�RST��᷵�ص�LISTEN״̬��
SYN_�յ�->FIN_WAIT_1��Ǩ��˵��Բ��õ�ESTABLISHED״̬��ֱ��ת��FIN_WAIT_1״̬��ȴ��رա�
4.4.2MSL�ȴ�״̬
��и��ͼ��棬��һ��TIME_WAIT�ȴ�״̬��״̬�ֽ��2MSL״̬��˵��TIME_WAIT2��һ��ACK��ݱ��Ժ�
Ҫ��TIME_WAIT״̬��״̬�Ƿ�ֹ��һ��ֵ��ݱ�û�д��͵��Է��׼��ģ�ע��ⲻ��Ĵ��֣��ǵ��Ĵ��ֵı��״̬��
״̬�ںܴ�̶��ϱ�֤��˫��ǣ��Ҳ��ˡ�
��ڲ�ڵ�2MSL״̬��IP�Ͷ˿ڶԵ��˼��socket��ʹ��Ӧ�ó��2MSLʱ��޷��ٴ�ʹ��ͬһ��ڵģ��ڿͻ��򻹺�
һЩ��Ƕ��ڷ��httpd��Ҫʹ��ͬһ��˿��з��񣬶��2MSLʱ��ڣ��httpd�ͻ��ִ��󣨲�ڱ�ʹ�ã��Ϊ�˱��
��󣬷��һ��ƽ��ʱ��ĸ����˵��2MSLʱ��ڣ��Ȼ��Ҫƽ���ĵȴ�2MSLʱ��Ĺ�ȥ��ܽ��һ��ӡ�
4.5.FIN_WAIT_2״̬
��İ�رյ�״̬�ˣ��ڹر��ʱ��ͻ��˺ͷ��֮��״̬��״̬�£�Ӧ�ó��н��ݵ��Ѿ��޷��
��ݣ��Ҳ��һ�ֿ��ǣ��ͻ��һֱ��FIN_WAIT_2״̬��һֱ��WAIT_CLOSE״̬��ֱ��Ӧ�ò��ر��״̬��
5.RST��ͬʱ�򿪺�ͬʱ�ر�
RST��һ�ֹر��ӵķ�ʽ��Ӧ�ó��Ӧ�ÿ��ж�RST��ʵ�ԣ��Ƿ�Ϊ�쳣��ֹ��ͬʱ�򿪺�ͬʱ�ر��TCP״̬��ĸ��ʺ�С��
6.TCP��
ǰ��UDP�ķ��ƣ��Է��UDP�ķ��ȫ��Ҫ��ν�Ĳ��ƣ��ֻҪ��һ��оͿ��ԡ��TCP��ͬ��TCP
��ÿһ��Ӷ��Ҫ��һ��Ľ��̣��ģ��̣߳��֤�Ի��Ķ��ԡ��TCP��ǲ��ġ��TCP��Ҫ�䱸һ��
��У�UDP��Ҳͬ��Ҫ��Ϊÿһ��Ի��̣��Ҳ��Ϊʲô��TCP��һ��ԭ�򡣶��Դ��
IP�Ͷ˿ں��룬��Ժ��ɵ��ͬ�ĻỰ��ݵķַ��
��ձ��µ�״̬Ǩ��ͼ��ѧϰ��µĹؼ��

TCP/IP��ѧϰ�ʼ�(9)-TCPЭ��

��ڿ��TCPЭ�飬��TCP/IP��ҪҲ���ʵĲ��֣�Ҫ��ǰ��TFTP��BOOTP��һЩ�򵥵�Э�飬�Ͳ�д�ʼ��ˣ�д��Ҳûɶ��
TCP��UDP��ͬһ��---��㣬��TCP��UDP�ͬ�ĵط��ǣ�TCP�ṩ��һ�ֿɿ��ݴ��TCP��ӵģ�Ҳ��˵��
��TCPͨ�ŵ��̨��Ҫ��һ��绰��Ĺ��̣��ȵ�ͨ��׼��ſ�ʼ��ݣ��ͨ��TCPҪ��UDP�ɿ��Ķ࣬UDP�ǰ�
��ֱ�ӷ��ȥ��ܶԷ��ǲ��ţ��UDP�޷��ʹҲ��ICMP��ģ��һ��ʱ��˺ܶ��ˡ�
��TCP��֤�ɿ��Եļ򵥹��ԭ��ժ��

Ӧ��ݱ��ָ��TCP��Ϊ��ʺϷ��͵��ݿ顣��UDP��ȫ��ͬ��Ӧ�ó�� ݱ��Ƚ��ֲ��䡣��TCP��ݸ�IP��Ϣ��λ��Ϊ��Ķλ�Σ� segment��μ�ͼ1 - 7��1 8.4��ǽ��TCP��ȷ��Ķεĳ��ȡ�
��TCP��һ��κ��һ��ʱ��ȴ�Ŀ�Ķ�ȷ��յ��ĶΡ�� ʱ�յ�һ��ȷ�ϣ��ط��ĶΡ��ڵ�21��ǽ��˽�TCPЭ��Ӧ�ĳ�ʱ ��ش��ԡ�
��TCP�յ��TCP��һ�˵��ݣ��һ��ȷ�ϡ��ȷ�ϲ��ͣ�ͨ��Ƴټ��֮һ�룬�⽫��1 9.3��ۡ�
TCP��ײ��ݵļ��͡��һ��˵��˵ļ��ͣ�Ŀ��Ǽ��ڴ�� е��κα仯��յ��εļ��в�� T P��ĶκͲ�ȷ��յ��˱��ĶΣ�ϣ��˳�ʱ��ط��
��ȻTCP��Ķ��ΪIP��ݱ��䣬��IP��ݱ��ĵ��ܻ�ʧ��TCP��Ķ� �ĵ��Ҳ��ܻ�ʧ��Ҫ�� TCP��յ��ݽ��򣬽��յ��ȷ��˳�򽻸�Ӧ�ò㡣
TCP��ṩ��ơ�TCP��ӵ�ÿһ��й̶��С�Ļ��ռ䡣TCP�Ľ��ն�ֻ��һ�˷��ͽ��ն˻��ܽ��ɵ��ݡ��⽫��ֹ�Ͽ��ʹ��Ļ��

��λ��п��Կ��TCP�б��ֿɿ��Եķ�ʽ��ǳ�ʱ�ط��е��ģ��ȻTCPҲ��ø��ָ��ICMP��Щ��Ҳ��ǿɿ��ģ���ɿ��ķ�ʽ��ֻҪ��õ�ȷ�ϣ��·��ݱ��ֱ��õ��Է��ȷ��Ϊֹ��
TCP��ײ��UDP�ײ�һ��з��Ͷ˿ںźͽ��ն˿ںš��Ȼ��TCP��ײ��ϢҪ��UDP�Ķ࣬��Կ��TCPЭ��ṩ�˷��ͺ�ȷ��Ҫ��б�Ҫ��Ϣ��P171-173��ϸ�ؽ��ܡ��һ��TCP��ݵķ��Ӧ��µ�һ��̡�

˫��
��ͷ��ܷ�TCP��ݱ��Ȼ��ȴ��Է��ȷ��TCP��ݱ��û�У��·��У��ͷ��һ��ݱ��
��ܷ��ȴ��ͷ��ݱ��õ��ݱ��󣬾ͷ��ACK(ȷ��)��ݱ��ȴ��һ��TCP��ݱ��ĵ��ֱ��յ�FIN(��ݱ�)
��ֹ��

��Ϊ�˽��һ��TCP��ӣ�ϵͳ��ܻὨ��һ��µĽ��̣��Ҳ��һ��̣߳��ݵĴ��

TCP/IP��ѧϰ�ʼ�(8)-DNS��ϵͳ

ǰ��Ѿ��ᵽ�˷��һ̨��Ҫ��IP��ַ��MAC��ַ��У�MAC��ַ��ͨ��ARPЭ��õ��û��͸��ģ��IP��ַ�Ͳ��У��û��Ҫ��һ��ָ��IP��һ̨��IP��ַ�ַǳ��üǣ��Ǿͳ��DNSϵͳ
1.DNSϵͳ��
DNS��ȫ��Domain Name
System��FQDN(��"."�ָ��β��)��һ��IP��DNSϵͳʹ�õ��һ��޴��hosts.txt�ļ��ܳԾ��
��ͺ�ʹ�ˣ��һ��ʱ��Ժ󣬿��Ͳ��ò��ݿ��hosts.txt�ļ��շ�չ��ڵķֲ�ʽ��ݿ⡣
��е�143ҳ��Կ��DNSϵͳ��һ��޴��Ϸ��һ��һ��arpa,com,edu,gov,int,mil��us,
cn��ȵȣ��arpa��Ķ��ˣ��com��edu��ֻ��Ǽ��Ȩ��ڼ��ȫ��ͨ�ã��us��
cn��Ƚ��ͳһ��ģ��Ϣ��ģ�NIS��䶥��ί��ƶ��Ȩ��
һ��DNS��zone����Ƕ��˵.com.cn��ǻ��԰��ֳɸ�С��򣬱��˵sina.com.cn��
DNSϵͳ��һ��ֲ�ʽ��ݿ⣬��һ��ݿⷢ��Լ��û��ĳ��ѯ��Ҫ��ݵ�ʱ��Ѳ�ѯת��ȥ��ת��Ŀ�ĵ�ͨ��Ǹ��
��²��ת��ѯ��ֱ��ҵ�Ŀ��Ϊֹ��DNS��һ��ص��ʹ�ø��ٻ��棬DNS�Ѳ�ѯ��ݻ��ĳ��Ա��´β�ѯʱʹ�á�
2.DNSЭ��
DNS��Ķ��һ��ȿ��Բ�ѯҲ��Ӧ�ı��ĸ�ʽ��ʽ��Կ�P145ҳ��Ը��ֶμ򵥽��

��ǰ��16��bitΨһ�ı�ʾ��룬��ڲ�ѯ��Լ��Ĳ�ѯ��
��ŵ�16��bit�ֿ��һ��ϸ�֣��ʾ�˱��ĵ��ʺ�һЩϸ�ڣ��˵�ǲ�ѯ��Ļ��Ӧ��ģ��Ҫ�ݹ��ѯ��һ��֧�ֵݹ��ѯ��Ҳ��Ҫ�κ��ã�BIND��
��ѯ��в�ѯ��ͣ��A��NS��CNAME��PTR��HINFO��MX��ϤBIND�Ļ��֪��zong��ļ��棬ÿһ��¼��˸��Ե��ͣ��A��IP��ַ��NS��ַ��
��Ӧ��Ŀ��Իظ��IP��Ҳ��˵��ԺͶ��IP��ַ��Ӧ��кܶ�CNAME��
3.��ѯ
��ѯָ��ͨ��õ�IP�Ĳ�ѯ��ѯ��ͨ��IP�õ��host��host ip�Ϳ��Եõ��host domainName �͵õ�IP��
��΢֪��һ��ݽṹ��˶��ʶ��ѯ��ѯ��ֻ�б��ݼ��----��DNS��˵��Ǿ��Ǳ��ݿ⣬
�⽫��޴�ĸ��DNS��ȡ��һ�ַ��ʹ��һ��ά��IP-��Ķ�Ӧ��ĸ��ڵ��in-addr.arpa,��һ��IP
��192.168.11.2)��е�DNS��ַ��
2.11.168.192.in-addr.arpa��ip��ã��DNSϵͳ��棬һ��ַ��Ӧһ��PTR��¼��ӦA��¼��Է��ѯ�ֽ�
��ָ��(PTR)��ѯ��
4.��
4.1.DNS��ٻ��
BIND9Ĭ��Ϊһ��ٻ��佫��еĲ�ѯ��ת��ȥ��Ȼ��õ��ڱ��صĻ��Լӿ��ѯ�ٶȡ��Ȥ��԰�װһ��BIND9��һ�¡��Լ��zone��Թ涨��ڻ��е�ʱ�䣬һ��1�죨��ļ��е�1D��
4.2.��UDP��TCP
DNS��֧��TCP��UDP��Э��Ĳ�ѯ��ʽ��Ҷ˿ڶ��53��Ĳ�ѯ��UDP��ѯ�ģ�һ��ҪTCP��ѯ��
��ѯ��ݶ��ڲ��ݽض�(TC��־Ϊ1)��ʱ��Ҫ��TCP�ķ�Ƭ��ݴ��䣨��TCP��½ڣ��
��master��͸��slave��֮��ͨ�ţ��Ҫ�õ��zone��Ϣ��ʱ��
��

TCP/IP��ѧϰ�ʼ�(7)-�㲥�Ͷಥ��IGMPЭ��

1.��ಥ��㲥�Ľ��
1.1.��(unicast)
��˵��ض��ݴ��͡��ĳһ��IP��ݰ��ʱ��·��ͷ��Ƿǳ��Ŀ�ĵ�ַ��̫��
˵��MAC��ַ��FF-FF-FF-FF-FF-FF��ĵ�ַ��ڵľ��·�ɹ��ܵ��Ӧ�ÿ��Խ��ݶ��ת��Ŀ��
��ӿ��Թ��˵��Լ�MAC��ַ��һ�µ��ݡ�
1.2.�㲥(unicast)
�㲥��ĳһ��ϵ��ݰ��磬��е��磬��A��ַ�Ĺ㲥��
netid.255.255.255��netid.netid.subnetid.255��е��B��IP��
netid.netid.255.255��㲥��õ�MAC��ַFF-FF-FF-FF-FF-FF��е��յ��㲥��ݣ��ֻҪ��
MAC��ַΪFF-FF-FF-FF-FF-FF��ݽ��ں˾Ϳ��ˡ�һ��˵��ARP��·��Э��RIPӦ��Թ㲥��ʽ��ġ�
1.3.�ಥ(multicast)
��˵�㲥�Ƕಥ��ಥ��Ǹ�һ��ض��ಥ�飩��ݣ��ݵĲ��Χ��СһЩ(ʵ��ϲ��ķ�Χһ��Ҳû�б�С)��ಥ��
MAC��ַ��ֽڵĵ�λΪһ��
��01-00-00-00-00-00��ಥ��ĵ�ַ��D��IP��涨��224.0.0.0-239.255.255.255��
��Ȼ�ಥ�Ƚ��⣬��Ǿ��ԭ��ಥ��ݻ��Ҫͨ��·��MAC��ַ��Ȼ��з��͡��һ��̫��ڰ��һ��ಥIP��ַ֮
�󣬱�
��Ҫ��һ��ಥ��MAC��ַ��ʹ��񵥲��ಥ��IP�ͶಥMAC��ַ��һ��Ӧ��㷨��p133��p134֮�䡣��
�� Ӧ��һһ��Ӧ�ģ��Ҫ�Զಥ��ݽ��й��ˡ�
��˵Ŀ��㲥�Ͷಥ��һ��ģ�·��ݷŵ��棬Ȼ��Щ��ݽ��й��ˣ�ֻ�õ��Լ��Ҫ��ݣ��Լ��Ȥ�Ķ�
��ݣ��Լ��Ȥ��鲥��ݡ��һ��һ��ĳһ��ಥIP�Ľ��̵�ʱ��̻��һ��Ķಥmac��ַ��һ��ಥ
ip��ͻ��ô��ಥmac��ַ��ݽ��Ӷ�ʵ��ͨ�ţ��Щû�м��Щ��ݵ��ͻ��Щ��ݹ��˵��仰˵��ಥ��
��ں��ˣ��Բ��۵�ɡ�
һЩ��Ҳӡ֤��뷨��Եľ��
��ԭ��ʵ��
2.һЩ��֤��ʵ��
��Щʵ�鲢��Ǻܸ��ӣ��ֻ��Ҫpingһ��һ��ip��һ��㲥��ַ��pingһ��Լ��ڵ��ĳһ̨��:
Reply from 192.168.11.1: bytes=32 time
��Կ��ص��һ̨��Ļ�Ӧ��Ʋ⣬��pingһ��㲥��ַ�أ��
Reply from 192.168.11.9: bytes=32 time=1ms TTL=255
Reply from 192.168.11.174: bytes=32 time
��Կ��ping��һЩ��ip�Ľ��Щip��ͬһ��ڵ�ip��ǿ��Կ��㲥ʵ��Ǹ��ڵ��ip��š�
��һ��ಥ��ӣ��Ҫʵ��ಥ��ף��Ϊ�Ҳ�֪��ж��ٸ��ಥ�飬��ֻ��ü��Ķಥ��ַ��֤�ˡ�
��ڶಥ��ַ��м��Ķಥ��ַ��ռ�ã��

224.0.0.1--��е�ϵͳ�顣
224.0.0.2--��е�·��
224.0.1.1--��ʵ��Э��NTPר��IP��
224.0.0.9--RIPv2ר��IP
��ֻҪping�⼸��IP��Ӧ��ܵõ�һЩ��˵��ping 224.0.0.2��
Reply from 192.168.11.1: bytes=32 time
��ǿ��Կ��pingֻ��һ��ip�Ļ�Ӧ��ҵ��صĵ�ַ��Ҳ��֤��224.0.0.2��·��Ķಥ(�鲥)��ַ
3.IGMPЭ��
IGMP��ڣ��Ҫ֪��Լ��ĸ��ಥ��·��֪��Լ��״̬��һ��ಥ·��Ҫ֪��ĳһ��ಥ��ж��ٸ�
��ֻҪ֪��Լ��ڻ��û�д��ĳ��ಥ��Ϳ��ˡ�ֻҪĳһ��ಥ�黹��һ̨��ಥ·��ͻ��ݴ��ȥ��ܷ��ͻ�ͨ
��˹��õ��Լ��Ҫ��ݡ�Ϊ��֪��ಥ��Ϣ��ಥ·��Ҫ��ʱ�ķ��IGMP��ѯ��IGMP�ĸ�ʽ��Կ��飬��ಥ��Ҫ��
�ݲ�ѯ��ظ��Լ��״̬��·��м��ಥ�飬�Լ�Ҫ��ĳһ��ಥ�鷢��ʲô��ݡ�
��ֲ�ѯ��Ӧ��ݱ��TTLһ��1��Ҿ��ǳ��Ҳ��ICMP��û��Ҫ��

TCP/IP��ѧϰ�ʼ�(6)-UDPЭ��

2.UDPЭ��ͷ
2.1.UDP�˿ں�
��ںܶ��Ҫ�õ�UDPЭ�飬��UDPЭ��ͨ��ĳ��־��ֲ�ͬ�ĳ��Ҫ��ݰ��˿ںŵĹ��ܾ��ڴˣ��ĳһ��UDP��
A��ϵͳ��ע��3000�˿ڣ��ô��Ժ��洫��Ŀ�Ķ˿ں�Ϊ3000��UDP��ύ��ó��򡣶˿ں��Ͽ��2^16��ô�ࡣ��Ϊ��ĳ�
��16��bit
2.2.UDP��
��һ��ѡ��ѡ���е�ϵͳ��UDP��ݰ��Լ��(��TCPЭ��ı��˵)��RFC�б�׼Ҫ�󣬷��Ͷ�Ӧ�ü��͡�
UDP��͸��UDPЭ��ͷ��ݣ��IP�ļ��ǲ�ͬ�ģ�IPЭ��ļ��ֻ�Ǹ��IP��ͷ��е��ݡ�UDP��TCP��
һ��α�ײ��Ϊ�˼��Ͷ��Ƶġ�α�ײ��IP��ַ��IPЭ��涼�е��Ϣ��Ŀ��UDP��μ��Ƿ��Ѿ��ȷ��Ŀ�ĵء�
��Ͷ�û�д򿪼��ѡ���ն˼��в��ôUDP��ݽ��ᱻ��ĵĶ��֤�ʹ��κβ��ġ�
2.3.UDP��
UDP��Ժܳ��ܳ��65535�ֽ��ô��һ��ڴ��͵�ʱ��һ��һ�㴫�Ͳ��ô��Э�飨�漰��MTU��⣩��ֻ�ö��
��Ƭ��Ȼ��Щ�Ƕ�UDP��ϼ�Э��͸��ģ�UDP��Ҫ��IPЭ��η�Ƭ��һ��½ڽ��΢��һЩ��Ƭ�Ĳ��ԡ�
3.IP��Ƭ
IP�ڴ��ϲ�ӵ��Ժ�Ҫ��IP��ַ��жϴ��Ǹ��ӿڷ��ݣ�ͨ��ѡ·��MTU�Ĳ�ѯ��ݴ�С��MTU�ͽ��ݷ�Ƭ��
�ݵķ�Ƭ�Ƕ��ϲ��²�͸��Ҳֻ�ǵ��Ŀ�ĵػ��ᱻ��װ��õ��ģ�IP��ṩ��㹻��Ϣ��ݵ��װ��
��IPͷ��棬16bitʶ��Ψһ��¼��һ��IP��ID,��ͬһ��ID��IPƬ��ᱻ��װ��13λƬƫ��¼��ĳIPƬ��
λ�ã��ʾ�м��3bit��־��ʾ�Ÿ÷�Ƭ��Ƿ��µķ�Ƭ��ʾ��IP��Ƭ��Ϣ��ܷ��Ϳ��Щ��Ϣ��IP��
��֯��Ǻ��ķ�Ƭ��ǰ��ķ�Ƭ�ȵ��Щ��ϢҲ��㹻�ˣ��
��Ϊ��Ƭ��ϱ��ʹ�ã��α��IP��Ƭ��å��Ҳ�Ͳ��
��Trancdroute��м򵥵�MTU��⡣��ο��̲ġ�
3.UDP��ARP֮��Ľ��ʽ��
��ǲ��ע�⵽��һ��ϸ�ڣ��һЩϵͳ��ʵ��˵�ġ��ARP��滹�ǿյ�ʱ��UDP�ڱ��֮ǰһ��Ҫ��һ��ARP��Ŀ��
��MAC��ַ��UDP��ݰ��㹻�󣬴�IP��һ��Ҫ��з�Ƭ��ʱ��У��UDP��ݰ��ĵ�һ��Ƭ�ᷢ��һ��ARP��ѯ��
��еķ�Ƭ��Եȵ��ѯ��Ժ��ٷ��͡��ʵ��
��ǣ�ĳЩϵͳ��ÿһ��Ƭ��һ��ARP��ѯ��еķ�Ƭ��ڵȴ��ǽ��ܵ��һ��Ӧ��ʱ��ȴֻ��һ��Ƭ��
��ʵ��˷��˼��Ϊ��Ƭ��ݲ��ܱ��ʱ��װ��һ��ʱ��ڽ��Զ�޷��װ��IP��ݰ��ҷ��װ��ʱ��ICMP
��ģ��ʵ�ܶ�ϵͳ��Ա�֤��Լ��Ľ��ն˻��治��Щ��Զ�ò��װ�ķ�Ƭ��
4.ICMPԴվ��Ʋ��
��Ŀ��Ĵ��ٶȸϲ��ݽ��յ��ٶȣ��Ϊ��IP�㻺��ᱻռ��ͻᷢ��һ��ܲ��ˡ��һ��ICMP��ġ�
5.UDP��
UDPЭ��ĳЩ��Խ��Ӱ��ǵķ��ƣ��ܽ��£�

��ڿͻ�IP�͵�ַ��и��ݿͻ�IP��ַ�Ͷ˿ں��ж��ݰ��Ƿ�Ϸ��ƺ�Ҫ��ÿһ��Ҫ�߱��
��Ŀ�ĵ�ַ��Ҫ�й��˹㲥��ַ��
��룺ͨ��ϵͳ��ÿһ��˿ںŶ��һ��뻺��Ӧ��󵽵�ԭ��ȴ��Ĵ��ֻ��⣬��£�UDP��ݰ��ܻᱻ��Ӧ�÷��֪��⡣
��Ӧ��Ʊ��IP��ַ��˵��Ӧ�ÿ��԰��Լ��󶨵�ĳһ��ӿڵ�ĳһ��˿��ϡ�

TCP/IP��ѧϰ�ʼ�(5)-IPѡ·��̬ѡ·��һЩϸ��

192.168.11.0 *             255.255.255.0 U    0    0       0 eth0
169.254.0.0    *             255.255.0.0    U    0    0       0 eth0
default       192.168.11.1 0.0.0.0       UG 0    0       0 eth0

��һ��·��Դ�ӡ��ֲ�ͬ��flag��

U��·�ɿ��á�
G��·��ǵ�һ��ء��û��־��˵��Destination��ֱ��ģ��Ӧ��GatewayӦ��ֱ�Ӹ��Destination�ĵ�ַ��
H��·��ǵ�һ��û�иñ�־��˵��Destination��һ��磬��仰˵Destination��Ӧ��д��һ��ź��ŵ��ϣ��(��봦Ϊ0)�� 192.168.11.0
D��·��Ϊ�ض��Ĵ��
M��·��Ѿ��ض��޸�
Uûɶ��˵�ģ�G˵��һ��أ��Ҫ��ݸ�Destination��IPͷӦ��дDestination��IP��ַ��·��
MAC��ַ��Ӧ��GateWay��Mac��ַ�ˣ��֮��û��G��־��ô��·��IP��ĵ�ַӦ��Ƕ�Ӧ�ġ�H˵��Destination��
��ʣ��H�ģ��˵��õ�ַ��һ��ĵ�ַ��ţ��ô��ƥ��ʱ��ͼ�Ҫƥ��ţ��Ҫƥ��ţ��
֮��Destination�ʹ��һ��磬��ƥ��ʱ��ֻҪƥ��һ��žͿ��ˡ�
��IPѡ·�ķ�ʽ�Ϳ��Ը��Ӿ��廯�ˡ��
��IP��ַ��ƥ��Щ��H��־��DestinationIP��ַ��
��1ʧ�ܾ�ƥ��Щ��ַ��
��2ʧ�ܾͷ��͵�Default��
˳��һ��Ǹ�GenMask��ǵ��ô��ָ��Ŀ�ĵ�ַ��ţ��һ��11��
1.2.��й�·�ɱ��֪ʶ
һ�㣬��ú�һ��ӿڵ�ʱ��һ��·�ɾͱ�ֱ�Ӵ��ˡ��Ȼ��Ҳ��ֶ��·�ɡ��route add��Ϳ��ˡ�
��һ��IP��ĳһ��·��ʱ��û��·�ɿ��ߣ��ô��·��ͻ��Դ��͡��ɴ��ߡ��粻�ɴ��ICMP��
ע�⣬һ��Ĳ��ϵͳĬ��û��·�ɹ��ܵģ��Ҫ�Լ��á��Щ��ʷԭ��Ͳ�ϸ˵�ˣ�
1.3.ICMP��IP�ض��ĺ�·�ɷ��ֱ��
��IP��ĳһ��ط�ת��ʱ�򣬶��ظ��IP��Դ��һ��ICMP�ض��ģ��Դ��Ϳ��Ϣ��Լ��·�ɱ��ͨ�ŵ��࣬·�ɱ�Ҳ��Խ��Խ�걸��ת��ٶ�Ҳ��Խ��Խ�졣��Ҫע��ǣ�
�ض��ֻ��·��
�ض��Ϊ��ã��Ϊ·��á�
��ʱ��һ��ᷢ��ڹ㲥һ��·��ICMP��ģ��·��Ӧһ��·��ͨ�汨�ġ��ң�·��䱾��ڵ��ڷ�
��·��ͨ�汨�ģ��Щ��ģ�ÿһ��л��Ὠ��Լ��·�ɱ��ʵ��ͨ�š�·��һ��ͨ�汨��п��ͨ��ַ��Ҹ��ÿһ��
ַ��ȵȼ��ȵȼ��Ǹ�IP��ΪĬ��·�ɵĵȼ��ô��ľͲ���ˡ�
·��һ��450-600��ʱ��ڷ��һ��ͨ�棬��һ��ͨ�汨�ĵ��30��ӡ��ʱ��ÿ��뷢��һ��ģ�һ��ܵ�һ��Ч��ͨ�汨�ģ��ֹͣ��ġ�
��TCP/IP��д��ʱ��ֻ��Solaris2.x֧��ֱ��ģ��ϵͳ��֧��ֱ��ġ��滹�ὲ��һЩ��õ�·�ɱ��ģ�
��̬ѡ·Э��
ǰ��ѡ·��̬ѡ·��Ҫ��˵��ýӿڵ�ʱ��Ĭ�ϵķ�ʽ��·�ɱ����ͨ��route��ӱ����ͨ��ICMP��±��ͨ��Ĭ�Ϸ�ʽ��£�� ַ��㣬��ô��Ǿ�ʹ�ö�̬ѡ·��
��̬ѡ·Э��ڶ�̬ѡ·��Ҫ��ɲ��֣��ֻ��ʹ��·��֮�䣬��·��֮�以��ͨ�š�ϵͳ��·��ѡ��ѡ��ȽϺ��ʵ�·�зŵ�
��·�ɱ��У�Ȼ��ϵͳ�Ϳ��Ը��·�б��ҵ��ʵ��·��Ҳ��˵��̬ѡ·��ϵͳ��ⲿ��еģ��ֻ��һЩѡ·�Ĳ��Ӱ��·�ɱ��
��Ӱ�쵽��ͨ��·�ɱ�ѡ��·�ɵ��һ��֡�ѡ·Э��һ��ೣ�õĽ��ڲ��Э��(IGP)��IGP�У�RIP��Ҫ��Э�顣һ��
��IGPЭ����·��(OSPF)Э����ȡ��RIP��һ��·�Ǹ��ϵ�IGPЭ��--HELLO��Ѿ��ˡ�
��κ�֧�ֶ�̬ѡ·��·��ͬʱ֧��OSPF��RIP��ѡ��Ե�֧��IGPЭ�顣
2.1.Unixѡ·��
Unixϵͳ��ͨ��·��ػ��򣭣�routed��һ��gate��gate��֧�ֵ�Э��Ҫ��routed�࣬routedֻ��֧��RIPv1�汾��gate��֧��RIPv1��v2��BGPv1 �ȵȡ�
2.1.RIP��ѡ·��ϢЭ��
��Ķ��RFC1058��ҵ��Э��ʹ��UDP��Ϊ��壨Ҳ��UDP��ϲ�Э�飩��ĵľ��RIP��е�һ��Σ��
�Σ��һ��hop��Ϊ��߹��·��Ϊ��ĶΣ�IPЭ��Ҳ��һ��TTL��ô��ν��Ӱ�쵽·�ɱ��Ľ��ο�
ͼ:

һ��˵��routedҪ�е��µĹ��
��ÿһ��֪��·��rip��ģ�Ҫ��·��·�ɱ��ֱ��ĵ��ֶ�Ϊ1��ַ�ֶ�Ϊ0��ض�Ϊ16��൱��󣩡�
��յ��ղŵ��Ǹ��󣬾Ͱ��Լ��·�ɱ��ߡ��û�У��ʹ��IP���ѱ��Լ��еĲ��û�еĲ��16��Ȼ�󷢸��ߡ�
��ܻ�Ӧ��Լ��·�ɱ��ʹ��hop��С�Ĺ��
��ڸ��·�ɱ��һ��30s(��Ƶ��)��ڵ�·��һ��Լ��·�ɱ��ʽ��ʹ�㲥��ʽ�ġ�
��Э�鿴��Ṥ��ĺܺã��ǣ��ʵ�кܶ��ص��ǻ��˵RIPû��ĸ����˵��·��Σ�ա��hop��Ҳ��Ĵ�С��
��ˣ��˺ܶ�RIPv1��Ʒ��˵RIPv2,��˵OSPF��Ƕ��ͨ��ĳ�ֲ��Ӱ��·�ɱ��ԾͲ�˵�ˡ�

TCP/IP��ѧϰ�ʼ�(4)-ICMPЭ�飬ping��Traceroute

Ŀ�ĵ�ַ�ǹ㲥��ַ��ಥ��ַ��IP��ݱ��
��Ϊ��·��㲥��ݱ��
��IP��Ƭ�ĵ�һƬ��
Դ��ַ��ǵ��ݱ��˵��Դ��ַ��Ϊ��ַ��ص�ַ��㲥�� ַ��ಥ��ַ��
��Ȼ��һЩ�涨��ڻ��Ǻ��ף��е��һ�й涨��Ϊ�˷�ֹ��ICMP��ĵ��޴��ġ�
ICMPЭ��·�Ϊ��࣬һ��ǲ�ѯ��ģ�һ��ǲ��ġ��в�ѯ��¼��;:
ping��ѯ��Ҫ��㲻֪��ping��
��ѯ��̹��վ�ڳ�ʼ��ʱ��ʼ��룩
ʱ��ѯ��ͬ��ʱ�䣩
��ݴ��ͷ��ʱ�򡣾Ͳ�׸��ˡ�
2.ICMP��Ӧ��--ping
ping��˵��ICMP��Ӧ�ã��ĳһ��վ�ϲ�ȥ��ʱ��ͨ��pingһ��վ��ping��Գ�һЩ��õ��Ϣ��һ��Ϣ��:

Reply from 10.4.24.1: bytes=32 time
ping��Դ��ɶ�λ��Ҳȷʵ��ˣ��ICMPЭ��һ��Ƿ�ɴԭ��Ϊ0��ICMP��
��ܵ��Ϊ8��ICMP��Ӧ��ping��ʱ�䣬��ж��ٸ��ʹ�û��Ϳ��ж��µ��ǿ��Կ��
ping��˴��͵�ʱ��TTL��ݡ��Ҹ��Ӳ�̫�ã��Ϊ�ߵ�·��٣��Ȥ�ؿ��pingһ�¹��վ��sf.net��Ϳ��Թ۲쵽һЩ
��󣬶��е�ʱ��Ҳ��ӵĳ��
ping��һ��Ŀ��·�ɵĻ��ᡣ��Ϊ��ICMP��ping��ݱ��ÿ��һ��·��ʱ��·��Լ��ip�ŵ��
�ݱ��С��Ŀ��ip�б��Ƶ��Ӧicmp��ݰ��з��ظ��ǣ��Σ�ipͷ��ܼ�¼��·��б��Ƿǳ��ޡ��Ҫ�۲�·�ɣ�
��ǻ��Ҫʹ�ø��õĹ��ߣ��Ҫ��Traceroute(windows��ֽ��tracert)��
3.ICMP��Ӧ��--Traceroute
Traceroute��Ŀ��֮��·��Ҫ��ߣ�Ҳ��Ĺ��ߡ�ǰ��˵��ping��Ҳ��Խ��⣬��ǣ��Ϊipͷ��ƣ�ping��ȫ�ļ�¼��·��Traceroute��þ����ȱ��
Traceroute��ԭ��Ƿǳ��ǳ��˼��ܵ�Ŀ��IP��ȸ�Ŀ��һ��TTL=1��ǵ�TTL��ʲô�𣿣��UDP(��
֪��UDP��ʲô��)��ݰ��ĵ�һ��·��յ��ݰ��Ժ󣬾��Զ��TTL��1��TTL��Ϊ0�Ժ�·��Ͱ��ˣ��ͬʱ��
һ��ɴ��ICMP��ݱ��յ��ݱ��Ժ��ٷ�һ��TTL=2��UDP��ݱ��Ŀ��Ȼ��̼��ڶ��·��ICMP��
��ֱ��Ŀ��traceroute��õ��е�·��ip��Ӷ��ܿ��ipͷֻ�ܼ�¼��·��IP��⡣
��Ҫ�ʣ��ô֪��UDP��û��Ŀ��أ��漰һ��ɵ��⣬TCP��UDPЭ��һ��˿ںŶ��壬��ͨ��ֻ��ļ��
С�Ķ˿ڣ��˵80,��˵23,�ȵȡ��traceroute��͵��Ƕ˿ں�>30000(��̬)��UDP��Ե��Ŀ��ʱ��Ŀ��
��ֻ�ܷ��һ��˿ڲ��ɴ��ICMP��ݱ��ӵ��Ժ��֪��ˣ��ԣ�˵Traceroute��һ��ƭ��һ��Ҳ��Ϊ��:)
Traceroute��ṩ��һЩ��õ�ѡ���IPѡ·��ѡ���쿴man�ĵ��˽��Щ��Ͳ�׸��ˡ�

TCP/IP��ѧϰ�ʼ�(3)-IPЭ�飬ARPЭ�飬RARPЭ��

��Э��ŵ�һ��ѧϰ��Ϊ��Э�鴦��ͬһ�㣬ARPЭ��ҵ�Ŀ��Ethernet��Mac��ַ��IP��Ҫ��͵��Ϣ��·��Դ�ARP�õ��ݵĴ��Ϣ��IP�õ�Ҫ��Ϣ��
1.IPЭ��
IPЭ��TCP/IPЭ��ĺ��ģ��е�TCP��UDP��IMCP��IGCP��ݶ��IP��ݸ�ʽ��䡣Ҫע��ǣ�IP��ǿɿ��Э�飬��
˵��IPЭ��û��ṩһ��δ��Ժ�Ĵ��ƣ��ⱻ��Ϊ��ϲ�Э�飭��TCP��UDPҪ��顣��Ҳ�ͳ��TCP��һ��ɿ��Э�飬��
UDP��û��ô�ɿ��Ǻ󻰣��Ҳ��
1.1.IPЭ��ͷ
��ͼ��ʾ

��ǽ̿��Ļ�ƣ��Ҹ��Ȥ��ֻ��ǰ�λ��TTL�ֶΣ��ǵ��ֶ��ʲô��ô��ֶι涨��ݰ��ڴ��ٸ�·��֮��Żᱻ��
(��ֳ��IPЭ��Ĳ��ɿ��ԣ��֤��ݱ��ʹ�)��ĳ��ip��ݰ�ÿ��һ��·��ݰ��TTL��ֵ�ͻ��1��ݰ��TTL��
Ϊ�㣬��ͻᱻ�Զ��ֶε��ֵҲ��255��Ҳ��˵һ��Э��Ҳ��·��洩��255�ξͻᱻ��ˣ��ϵͳ�Ĳ�ͬ��Ҳ��һ
��һ��32��64��Tracerouter��߾��ԭ��ģ�tranceroute��-mѡ��Ҫ��ֵ��255��Ҳ��Ϊ��
TTL��IPЭ��ֻ��8bit��
��ڵ�ip�汾��4��Ҳ��IPv4��ڻ��IPv6��ҲԽ��Խ�㷺�ˡ�
1.2.IP·��ѡ��
��һ��IP��ݰ�׼��˵�ʱ��IP��ݰ��˵��·��ν��ݰ��͵�Ŀ�ĵص��أ��ôѡ��һ��ʵ�·��"�ͻ�"��أ�
��Ŀ��ֱ��ô��Ѱ��·�ɣ�ֱ�Ӱ��ݴ��ݹ�ȥ�Ϳ��ˡ��ôֱ�Ӵ��ݵģ��Ҫ��ARPЭ��ˣ��ὲ��
��΢һ��һ��ǣ��ͨ��ɸ�·��(router)��Ŀ��ӡ��ô·��Ҫͨ��ip��Ϣ��Ϊip��Ѱ�ҵ�һ��ʵ�Ŀ��д��ݣ��ʵ��ߺ��ʵ�·�ɡ�·��µķ�ʽ��ĳһ��IP��ݰ�

��IP��ݰ��TTL��ڣ��Ե��IP��ݰ��ͱ��
��·�ɱ��ƥ��ҵ��IP��ַ��ȫһ�µ�Ŀ��򽫸ð��Ŀ��
��·�ɱ��ƥ��ʧ�ܣ��ƥ��ͬ��·��Ҫ��(1.3.)��Э��ҵ�·��򽫸ð��·��
��·�ɱ��ƥ��ͬ��·��ʧ�ܣ��ƥ��ͬ��ţ��һ��н��⣩·��ҵ�·��򽫸ð��·��
��½�α��϶�ʧ��ˣ��Ĭ��·�ɣ��Ĭ��·�ɴ��ڣ��򷢰�
��ʧ��ˣ��Ͷ��
��һ��֤��ˣ�ip��ǲ��ɿ��ġ��Ϊ��֤�ʹ
1.3.��Ѱַ
IP��ַ�Ķ��+��š��е��Ҫ��ַ��Ҳ��˵��ϸ�ֳ��+��š��һ��IP��ַ�ͳ�Ϊ ��+��+��š��һ��B��ַ��210.30.109.134��һ��£��IP��ַ�ĺ�ɫ��־��ţ��ɫ��־��ţ��ɫ��־��š��ж��λ��ϣ��û��һ��Ӳ�ԵĹ涨��ȡ��֮������
У԰��Ŵ��˶��ù��У԰��趨��һ��255.255.255.0�Ķ��롣��32bit�Ķ��,��ʽ
Ϊ��һ��1��һ��0��磺255.255.255.0(��ƾ��11111111.11111111.11111111.00000000)
��ڸղŵ��Ǹ�B��ַ��Ϊ210.30��ţ��ô��109.134��ź��ŵ��ϣ��Ϊ��ֻ�к��bitΪ0��
��IP��ַ�ĺ�˸�bit��134��ʣ�µľ��룭��109��
2. ARPЭ��
��ǵ��·��̫��Э��У�ÿһ��ݰ��һ��MAC��ַͷô��֪��ÿһ��̫��һ��MAC��ַ��ַ��Ψһ�ģ��ôIP��֪��MAC��ַ�ģ��ARPЭ��Ĺ��
ARP��ַ��Э��һ�ֽ��Э�飬��ȫ��֪��IP��Ӧ��ĸ��ĸ��ӿڣ��Ҫ��һ��IP��ʱ�򣬻��Ȳ�һ��
��ARP��ٻ��棨��һ��IP-MAC��ַ��Ӧ��棩��ѯ��IP��MACֵ�Բ��ڣ��ô��緢��һ��ARPЭ��㲥��㲥��
��д��ѯ��IP��ַ��ֱ��յ��ݹ㲥�İ��ѯ�Լ��IP��ַ��յ��㲥��ĳһ��Լ��ô��׼��һ��
��Լ��MAC��ַ��ARP��͸��ARP�㲥��㲥��õ�ARP��Լ��ARP��棨��Ǵ��IP-MAC��Ӧ��ĵط��
�㲥��ͻ��µ�ARP��׼��·��ĵ��ݰ��͹��
һ��͵�arp��Ϣ��£��һ��ϵͳ��á�arp -a��:
Interface: 192.168.11.3 --- 0x2
  Internet Address    Physical Address    Type
  192.168.11.1       00-0d-0b-43-a0-2f    dynamic
  192.168.11.2       00-01-4a-03-5b-ea    dynamic

��õ��Ľ��
��ĸ��ٻ��ʱ�޵ģ�һ��20��ӣ��ϵͳ��ϵͳ��

Linux��Ż��

ConsoleKit
Fedota 7��¹��Fedora - Fast User Switchin��Ҫʹ��¹��ܾͿ��ţ��֮�ص��ɡ�
NetworkManager, NetworkManagerDispatcher
�Զ��ڶ��н��ת��ĵ��Wireless WiFi �� Ethernet��ɣ�Fedora��Զ�Ϊ��ѡ��õĿ��ӡ��
ֻ��һ��õģ��ǹص��ɡ�
anacron, atd, crond
��һЩ��Գ��ĺ�̨��һ��û��԰�anacron, atd��ˣ��㳣ʱ�俪��ǾͰ�crond�򿪡� ��ʼ�հ�crond��š�
auditd
��ڴ��ں��ɵ�ϵͳ��¼��Щ��¼�ᱻһЩ��ʹ�á��ر��Ƕ��SELinux�û��˵��ǿ��Űɡ�
autofs
�Զ��ƶ�Ӳ�̣�ûʲô˵�ģ��š�
avahi-daemon, avahi-dnsconfd
��Ҫ��Zero Configuration Networking ��ذɣ�һ��á�
bluetooth, hcid, hidd, sdpd, dund, pand
��أ��ߣ��ععء�
btseed, bttrack
BT��أ��޷��BT�ģ��Թ��
capi
ISDNӲ��֧�֣��󲿷��û��Թ��
cpuspeed
CPU�ٶȵ��õ��Pentium-M, Centrino, AMD PowerNow, Transmetta, Intel SpeedStep, Athlon-64, Athlon-X2, Intel Core 2
��Űɣ��ǻ��ǹ��˰ɣ��Ҳ��á�
cupsd
CUPS��ӡ��֧�֣�û�д�ӡ��ʹ�ӡ��ģ��Թ��
dhcdbd
D-BUSϵͳ��ӿڣ��ҪΪ��ṩ��ã�ǿ�ҽ��鿪�ţ��ù̶�IP��
firstboot
Fedora��װ��֮��Ǹ��û��򵼣�һ��Թ��
gpm
Text console��CTRL-ALT-F1,F2..��֧�֣��㲻��Text console��Թ��
haldaemon
HAL��Hardware Abstraction Layer��񣬿��Ű�
hplip, hpiod, hpssd
HPLIP��ӡ��֧�֣��п��Űɡ�
httpd
Apache HTTP��ҳ�� 㲻��ҳ��ذ�
ip6tables
��㲻�� IPv6��
iptables
��ǽ��ûʲô˵�ģ��
irda
��豸֧�֣��߹�
irqbalance
��CPU֧�֣� ��Ź�
isdn
ISDN modem֧�֣� ��߹�
jexec
��㰲װjava 1.6 �ͻ��˫�� *.jar �ļ��Ҫ�͹�
kudzu
FedoraӲ��񣬵��Ӳ�̵�ʱ��ʹ�ã�ƽʱ��Թ��
lirc
��ң��֧�֣� ��߹�
mcstrans
��Ҫ��SELinux��㲻��SELinux��Թ��
mdmonitor
RAID֧�֣� ��߹�
messagebus
Linux ICP �� ǿ�н��鿪�š�
netfs
��Ҫ��繲��ļ��ǾͿ��
netplugd
�Դ󲿷��û��ã��
network
ûʲô˵�ġ��ţ��㲻��
nfs, nfslock
�ļ��֧�֣��Ҫ�Ŀ��Թ��
nscd
NIS, NIS+, LDAP, or hesiod��ƣ� û��Щ��Ŀ��Թ��
ntpd
��ʱ��ͬ��windows��Ǹ���࣬��Ҫ�Ŀ��Թ��
nvidia-96XX �� nvidia-97XX
livna��nvidia�Կ��
pcscd
��ܿ�֧�֣��߹�
readahead_early, readahead_later
��ڴ��Ż�� Ű�
restorecond
SELinux��ڼ��ļ�� SELinux�Ŀ��Թ��
rpcbind
RPC��һ��Թر�
rpcgssd, rpcidmapd, rpcsvcgssd
NFS֧�֣��NFS�Ŀ��Թر�
sendmail
�ʼ��ʹ��Webmail �� Thunderbird, Kmail֮��շ��ʼ��Թ��
setroubleshoot
SELinux Troubleshooting�� SELinux�Ŀ��Թ��
smartd
SMART Disk Monitoring�� ٿ��Լ죬��Ű�
smolt
��ã��ذ�
sshd
OpenSSH��ͨ��Թ��ˣ��Ƿ��ˣ��رղ�Ӱ��ssh��ʹ��
syslog
ϵͳ��־��Ű�
vncserver
һ��û��Թ��
winbind
��Samba��Ļ�� Թ��
wpa_supplicant
��豸֧�֣��߹�
ypbind
��NIS/YP��Թ��
yum-update
�Զ��⣬ ��㾭��ֶ��Թ��

ACL��

��ʿ��б��Access Control List��ACL�� ·��ӿڵ�ָ��б��ƶ˿ڽ��ݰ��ACL��еı�·��Э�飬��IP��IPX��AppleTalk�ȡ�
��ACL�Ķ��Ҳ�ǻ��ÿһ��Э��ġ��·��ӿ��ó�Ϊ֧��Э�飨IP��AppleTalk�Լ�IPX��ô��û��붨��ACL��ֱ��Э��ݰ��
��
��ACL��
��
��ACL��ܡ��磬ACL��Ը��ݰ��Э�飬ָ��ݰ��ȼ��
��
��ACL�ṩ��ͨ��Ŀ��ֶΡ��磬ACL��޶��·�ɸ��Ϣ�ĳ��ȣ��Ӷ��ͨ��·��ĳһ��ε�ͨ��
��
��ACL��ṩ��簲ȫ��ʵĻ��ֶΡ��ͼ1��ʾ��ACL��A��Դ��磬��ܾ��B��ʡ�
��
��ACL��·��˿ڴ��͵�ͨ��ת��磬�û��E-mailͨ��·�ɣ��ܾ��е�Telnetͨ��
��
��ACL��ִ�й��
��
��һ��˿�ִ��ACL��Ҫ��б��е��ִ��˳��жϡ��һ��ݰ��ı�ͷ��ĳ��ж��ƥ�䣬��ô��ͽ��ԣ��ٽ��м�顣
��
��ACL��ִ��̼�ͼ2��
��
��ͼ2�У��ݰ�ֻ��ڸ��һ��ж��ƥ��ʱ��ű��ACL�е��һ��ж��бȽϡ��ƥ�䣨��Ϊ��ͣ��򲻹��ǵ�һ��һ��䣬��ݶ��͵�Ŀ�Ľӿڡ��е�ACL�ж��䶼��ϣ��û��ƥ��ڣ��ݰ��Ϊ��ܾ��
��
��Ҫע�⣬ACL��ܶԱ�·��ݰ��п��ơ�
��
��ACL�ķ��
��
��Ŀǰ��Ҫ��ACL:��׼ACL��չACL��
��
��ACL��ǣ��׼ACLֻ��ݰ��Դ��ַ; ��չACL�ȼ��ݰ��Դ��ַ��Ҳ��ݰ��Ŀ�ĵ�ַ��ͬʱ��Լ��ݰ��ض�Э��͡��˿ںŵȡ�
��
��Ա��ʹ�ñ�׼ACL��ֹ��ĳһ��ͨ��ĳһ�ض��ͨ��߾ܾ�ĳһЭ��أ��IP��ͨ��
��
��չACL�ȱ�׼ACL�ṩ�˸��㷺�Ŀ��Ʒ�Χ��磬��Ա��ϣ��Webͨ��ͨ��ܾ��FTP��Telnet��ͨ��ô��ʹ��չACL��ﵽĿ�ģ��׼ACL��ܿ��ô��ȷ��
��
��·��У��׼ACL��չACL��ACL�ı��ֵģ��ϱ�ָ��ÿ��Э��ĺϷ��ŵ�ȡֵ��Χ��
��
��ȷ��ACL
��
��ACLͨ��ݰ��Ҷ��ϣ��ִ�Ŀ�ĵص��ݰ��ͨ��Ȼ��ܷ��Ч�ؼ��ٲ��Ҫ��ͨ��⻹Ҫȡ��Ա��ACL��ĸ��ط��
��
��ͼ3��ʾ��һ��TCP/IPЭ��绷��У��ֻ��ܾ��RouterA��T0�ӿ��ӵ��絽RouterD��E1�ӿ��ӵ��ķ��ʣ��ֹ��1��2�ķ��ʡ�
��
��ݼ��ٲ��Ҫͨ��ͨ��׼��ԱӦ�þ��ܵذ�ACL��ڿ��ܾ��ͨ��Դ��RouterA�ϡ��Աʹ�ñ�׼ACL��ƣ��Ϊ��׼ACLֻ�ܼ��ԴIP��ַ��ʵ��ִ��Ϊ��Ǽ�鵽ԴIP��ַ��1ƥ��ݰ��ᱻ��1��2��3��4�ķ��ʶ��ֹ��ɴ˿ɼ��ACL��Ʒ��ܴﵽ��Ա��Ŀ�ġ�ͬ��ACL��RouterB��RouterC��Ҳ��ͬ��⡣ֻ�н�ACL��Ŀ��RouterD�ϣ�E0�ӿڣ��׼ȷʵ��Ա��Ŀ�ꡣ�ɴ˿��Եó�һ��: ��׼ACLҪ��Ŀ�Ķˡ�
��
��Ա��ʹ��չACL��ƣ��ȫ��԰�ACL��RouterA�ϣ��Ϊ��չACL�ܿ��Դ��ַ��1��Ҳ�ܿ��Ŀ�ĵ�ַ��2��1��2��ʵ��ݰ��RouterA�Ͼͱ��ᴫ��RouterB��RouterC��RouterD�ϣ��Ӷ��ٲ��Ҫ��ˣ��ǿ��Եó��һ��ۣ��չACLҪ��Դ�ˡ�
��
��ACL��
��
��ACL��÷�Ϊ��裺
��
��һ��:��ȫ��ģʽ�£�ʹ����ACL��
��
��Router (config)# access-list access-list-number {permit | deny } {test-conditions}
��
��У�access-list-numberΪACL�ı��š��ʹ�ý�Ƶ��ı��Ǳ�׼��IP ACL��1��99��չ��IP ACL��100��199��
��
��·��У��ʹ��ACL�ı��Ž��ã��б��ܲ��ɾ��С��б�Ҫ��ɾ��һ�У��ȥ��ACL��Ȼ��á��ACL��ܶ�ʱ��ָı�ǳ��һ��Ƚ��Ч�Ľ��취�ǣ��Զ��һ��TFTP��Ȱ�·��ļ��ص��أ��ı��༭��޸�ACL��Ȼ��޸ĺõ��ļ�ͨ��TFTP��·��
��
��Ҫ�ر�ע��ǣ��ACL��У��ɾ��һ����ɾ��ȫ��ACL��ʱһ��ҪС�ġ�
��
��Cisco IOS11.2�Ժ�İ汾�У��ʹ��ACL��ַ�ʽ��ɾ��ĳһ��ACL��Բ��ܲ��һ�л��ԣ��Ȼ��ʹ��TFTP��޸ġ�
��
��ڶ��ڽӿ��ģʽ�£�ʹ��access-group��ACLӦ�õ�ĳһ�ӿ��ϣ�
��
��Router (config-if)# {protocol} access-group access-list-number {in | out }
��
��У�in��out��Կ��ƽӿ��в�ͬ��ݰ��øò��ȱʡΪout��
��
��ACL��һ��ӿڿ��Խ��˫��ƣ��һ��Ϊin��һ��Ϊout��ִ�е�ACL��ſ��ͬ��Ҳ��Բ�ͬ��ǣ��һ��ӿڵ�һ��ϣ�ֻ��һ��ACL��ơ�
��
��ֵ��ע��ǣ��ڽ��ACL��ʱ��Աһ��Ҫ��ȫ��״̬��ACL��ھ��ӿ��Ͻ��ã��İ�ȫ��

nat

��ַת��NAT��
��ַת��(NAT,Network Address Traslation)��㷺Ӧ��ڸ��Internet��뷽ʽ�ͱ��͵��С�ԭ��ܼ򵥣�NAT��ؽ��lP��ַ��⣬��һ��ܹ��Ч�ر��ⲿ�Ĺ��ز��ڲ��ļ��ȻNAT��Խ��ĳЩ��δʵ�֣��ǵ��ɱ��ܣ��ܶ�ʱ��·��ʵ�ֵġ��NAT�Ŀ��CISCO��֤�У�ռ�кܴ�һ��֣��Ǵ��漸��֣��ǳ����ʶNAT��NAT,��ͨNAT��
һ��ַת��
��Ž��Internet�ļ��Ĳ��IP��ַ��ԴҲ��Ե�׽��⡣��ʵ�ϣ��й��Ϳ��м��(CERNET)�⣬һ��û��벻��ε�C��IP��ַ��ISP����ʹ��ӵ�м��̨��Ĵ��;��û��IP��ַʱ��ĵ�ַҲ��ֻ�м��ʮ��IP��ַ��Ȼ��ٵ�IP��ַ��޷��û��Ҳ�Ͳ��NAT��
l.NAT��
��NAT��˽��(��)��ַ��"�ڲ�"��ͨ��·��ݰ�ʱ��˽�е�ַ��ת��ɺϷ��IP��ַ��һ��ֻ��ʹ��IP��ַ(��1��)��ʵ��˽�е�ַ��м��Internet��ͨ��
NAT��Զ��޸�IP��ͷ��ԴIP��ַ��Ŀ��IP��ַ��IP��ַУ��NAT��Զ��ɡ��ЩӦ�ó��ԴIP��ַǶ�뵽IP��ĵ��ݲ��У��Ի��Ҫͬʱ�Ա��Ľ��޸ģ��ƥ��IPͷ��Ѿ��޸Ĺ��ԴIP��ַ................
��ַת��ʵ��
��ַת��Ĺ��֮ǰ��ȱ��ڲ��ӿں��ⲿ�ӡ��Լ��ĸ��ⶼ�ӿ��NAT��ͨ��£��ӵ��û��ڲ��Ľӿ��NAT�ڲ��ӿڣ��ӵ��ⲿ��(��Internet)�Ľӿ��NAT�ⲿ�ӡ�................
��ַת��ʵ��
ʾ��һ��ȫ��ö˿ڸ��õ�ַת��
��ISP��IP��ַ��٣��û��󣬼��ΪInternet�ṩ��ʱ��ɲ��ö˿��õ�ַת��ʽ��ʹ��ڵļ��ͬһIP��ַ��Internet��ڽ�ԼIP��ַ��Դ��ͬʱ��ֿ��Ч��ڲ��ļ��
��绷��Ϊ��
��10Mb/s��ˣ��Գ��ʽ��Internet��ͼ4-2-2��ʾ��·��ѡ��ӵ��2��10/100 Mb/s��Ӧ�˿ڵ�Cisco 2611��ڲ��ʹ�õ�IP��ַ��Ϊ192.168.100.1~192.101.254��˿�Ethernet 0��IP��ַΪ192.168.100.1,��Ϊ255.255.0.0��ĺϷ�IP��ַ��ΧΪ202.99.160.128~202.99.160.131,��ISP�Ķ˿�Ethernet 1��IP��ַΪ202.99.160.129,��Ϊ255.255.255.252��ת��IP��ַΪ202.99.160.130��Ҫ��ڲ��м��ɷ��Internet................
��ַת��(NAT)��
��ַת��(NAT,Network Address Traslation)��㷺Ӧ��ڸ��Internet��뷽ʽ�ͱ��͵��С�ԭ��ܼ򵥣�NAT��ؽ��lP��ַ��⣬��һ��ܹ��Ч�ر��ⲿ�Ĺ��ز��ڲ��ļ��
��ȻNAT��Խ��ĳЩ��δʵ�֣��ǵ��ɱ��ܣ��ܶ�ʱ��·��ʵ�ֵġ�
��Ž��Internet�ļ��Ĳ��IP��ַ��ԴҲ��Ե�׽��⡣��ʵ�ϣ��й��Ϳ��м��(CERNET)�⣬һ��û��벻��ε�C��IP��ַ��ISP����ʹ��ӵ�м��̨��Ĵ��;��û��IP��ַʱ��ĵ�ַҲ��ֻ�м��ʮ��IP��ַ��Ȼ��ٵ�IP��ַ��޷��û��Ҳ�Ͳ��NAT��
l.NAT��
��NAT��˽��(��)��ַ��"�ڲ�"��ͨ��·��ݰ�ʱ��˽�е�ַ��ת��ɺϷ��IP��ַ��һ��ֻ��ʹ��IP��ַ(��1��)��ʵ��˽�е�ַ��м��Internet��ͨ��
NAT��Զ��޸�IP��ͷ��ԴIP��ַ��Ŀ��IP��ַ��p��ַУ��NAT��Զ��ɡ��ЩӦ�ó��ԴIP��ַǶ�뵽IP��ĵ��ݲ��У��Ի��Ҫͬʱ�Ա��Ľ��޸ģ��ƥ��IPͷ��Ѿ��޸Ĺ��ԴIP��ַ��ڱ��ݶ��ֱ�Ƕ��IP��ַ��Ӧ�ó��Ͳ��ź��ǣ��NAT��Cisco�汾��Դ��Ӧ�ã��Ͼ�Ҳ��ܵģ�һЩӦ�û��޷��֧�֡��4һ2һ1�о��Cisco NAT֧�ֵĺͲ�֧�ֵ�Ӧ�á�
2.NATʵ�ַ�ʽ
NAT��ʵ�ַ�ʽ��֣��̬ת��̬ת��˿ڶ�·��á�
��̬ת��ָ��ڲ��˽��IP��ַת��Ϊ��IP��ַʱ��IP��ַ��һ��--�ģ��һ�ɲ��ģ�ĳ��˽��IP��ַֻת��Ϊĳ��IP��ַ��ھ�̬ת��ʵ��ⲿ��ڲ��ĳЩ�ض��豸(��)�ķ��ʡ� ��̬ת��ָ��ڲ��˽��IP��ַת��Ϊ��IP��ַʱ��IP��ַ��ǲ�ȷ��ģ��ģ��б��Ȩ��ternet��˽��IP��ַ��ת��Ϊ�κ�ָ��ĺϷ�IP��ַ��Ҳ��˵��ֻҪָ��Щ�ڲ��ַ��Խ��ת��Լ��Щ�Ϸ��ַ��Ϊ�ⲿ��ַʱ��Ϳ��Խ��ж�̬ת��̬ת��ʹ�ö��Ϸ��ⲿ��ַ��ISP�ṩ�ĺϷ�IP��ַ��ڲ��ļ��ʱ��δ�ö�̬ת��ķ�ʽ��
�˿ڶ�·��ָ�ı��ݰ��Դ�˿ڲ��ж˿�ת��˿ڵ�ַת��(FAT��Port Address Translation).��ö˿ڶ�·��÷�ʽ��ڲ��ɹ��һ��Ϸ��ⲿIP��ַʵ�ֶ�Internet�ķ��ʣ��Ӷ��޶ȵؽ�ԼIP��ַ��Դ��ͬʱ��ֿ��ڲ��Ч��internet�Ĺ��"��ˣ�Ŀǰ��Ӧ��ľ��Ƕ˿ڶ�·��÷�ʽ�ˡ�
��ַת��(NAT)��ʵ��
��ַת��Ĺ��֮ǰ��ȱ��ڲ��ӿں��ⲿ�ӡ��Լ��ĸ��ⶼ�ӿ��NAT��ͨ��£��ӵ��û��ڲ��Ľӿ��NAT�ڲ��ӿڣ��ӵ��ⲿ��(��Internet)�Ľӿ��NAT�ⲿ�ӡ��
1.��̬��ַת��ʵ��
��ڲ��ʹ�õ�lP��ַ��Ϊ192.168.100.1~192.168.100.254��·��ˡ�(��Ĭ��)��IP��ַΪ192.168.100"1��Ϊ255.255.255.0��ĺϷ�IP��ַ��ΧΪ61.159.62.128~61.159.62.135��·��ڹ��е�IP��ַΪ61.159.62.129��Ϊ255.255.255.248��ת��IP��ַ��ΧΪ61.159.63.130~61.159.62.134��Ҫ��ڲ��ֹ192.168.100.2~192.168.100.6�ֱ�ת��Ϊ�Ϸ�IP��ַ61.159.62.130~61.159.62.134��
��һ��ⲿ�˿ڡ�
interface serial 0
ip address 61.159.62.129.255.255.255.248
ip nat outside
�ڶ��ڲ��˿ڡ�
interface ethernet 0
ip address 192.168.100.1.255.255.0
ip nat inside
��ڲ��ڲ��Ϸ��ַ֮�佨��̬��ַת��
ip nat inside source static �ڲ��ص�ַ�ڲ��Ϸ��ַ
ʾ��
ip nat inside source static 192.168.100.2 61.159.62.130//��ڲ��ַ192.168.100.2ת��Ϊ�Ϸ�IP��ַ61.159.62.130
ip nat inside source static 192.168.100.3 61.159.62.131//��ڲ��ַ192.168.100.3ת��Ϊ�Ϸ�IP��ַ61.159.62.131
ip nat inside source static 192.168.100.4 61.159.62.132//��ڲ��ַ192.168.100.4ת��Ϊ�Ϸ�IP��ַ61.159.62.132
ip nat inside source static 192.168.100.5 61.159.62.133//��ڲ��ַ192.168.100.5ת��Ϊ�Ϸ�IP��ַ61.159.62.133
ip nat inside source static 192.168.100.6 61.159.62.134//��ڲ��ַ192.168.100.6ת��Ϊ�Ϸ�IP��ַ61.159.62.134
��ˣ��̬��ַת��ϡ�
2.��̬��ַת��ʵ��
��ڲ��ʹ�õ�IP��ַ��Ϊ172.16.100.1~172.16.100.254,·��˿ڣ��Ĭ��أ��IP��ַΪ172.16.100.1,��Ϊ255.255.2585.0��ĺϷ�IP��ַ��ΧΪ61.159.62.128~61.159.62.191��·��ڹ��е�IP��ַΪ61.159.62.129,��Ϊ255.255.255.192,��ת��IP��ַ��ΧΪ61.159.62.130~61.159.62.190��Ҫ��ڲ��ַ172.16.100.1~172.16.100.254��̬ת��Ϊ�Ϸ�IP��ַ61.159.62.130~61.159.62.190��
��һ��ⲿ�˿ڡ�
��ⲿ�˿��﷨��£�
ip nat outside
ʾ��
interface serial 0//��봮�ж˿�serial 0
ip address 61.159.62.129 255.255.248//��IP��ַָ��Ϊ61.159.62.129,��Ϊ255.255.255.248
ip nat outside //��п�serial 0��Ϊ��˿�
ע�⣬��Զ��ⲿ�˿ڡ�
�ڶ��ڲ��˿ڡ�
��ڲ��ӿ��﷨��£�
ip nat inside
ʾ��
interface ethernet 0 //��̫��˿�Ethernet 0
ip address 172.16.100.1 255.255.255.0 // ��IP��ַָ��Ϊ172.16.100.1,��Ϊ255.255.255.0
ip nat inside //��Ethernet 0 ��Ϊ��˿ڡ�
ע�⣬��Զ��ڲ��˿ڡ�
��Ϸ�IP��ַ�ء�
��Ϸ�IP��ַ��﷨��£�
ip nat pool ��ַ�� ʼIP��ַ ��ֹIP��ַ ��
��У��ַ��ֿ��趨��
ʾ��
ip nat pool net 61.159.62.130 61.159.62.190 netmask 255.255.255.192//ָ��ַ��ص��Ϊnet,IP��ַ��ΧΪ61.159.62.130~61.159.62.190,��Ϊ255.255.255.192��Ҫע��ǣ��ʹ��Ϊ255.255.255.0��Ҳ��ʼIP��ַ��ֹIP��ַ��IP��ַ�ؽ��ơ�
��ip nat pool test 61.159.62.130 61.159.62.190 prefix-length 26
ע�⣬��ж��Ϸ�IP��ַ��Χ��Էֱ��ӡ��磬��һ�κϷ�IP��ַ��ΧΪ"211.82.216.1~211.82.216.254"��ô��ͨ����С�
ip nat pool cernet 211.82.216.1 211.82.216.254 netmask 255.255.255.0
��
ip nat pool test 211.82.216.1 211.82.216.254 prefix-length 24
��Ĳ��ڲ��Internet�ķ��б��
��ڲ��б��﷨��£�
access-listl �� permit Դ��ַ ͨ��У��Ϊ1~99֮��
access-listl permit 172.16.100.0 0.0.0.255 //��Internet��Ϊ172.16.100.0~172.16.100.255��Ϊ0.0.0.255��Ҫע��ǣ��õ��룬��롣��Ĺ�ϵΪ��+��=255.255.255.255��磬��Ϊ255.255.0.0��Ϊ0.0.255.255��Ϊ255.0.0.0,��Ϊ0.255.255.255;��Ϊ255.252.0.0,��Ϊ0.3.255.255;��Ϊ255.255.255.192��Ϊ 0.0.0.63��
��⣬��뽫��IP��ַ��ת��Ϊ�Ϸ�IP��ַ��Ӷ��б��磬��172.16.98.0~172.16.98.255��172.16.99.0~172.16.99.255ת��Ϊ�Ϸ�IP��ַʱ��Ӧ��
access-list2 permit 172.16.98.0~0.0.0.255
access-list2 permit 172.16.99.0~0.0.0.255
��岽��ʵ��ַת��
��ȫ��ģʽ�£��access-listָ��ڲ��ص�ַ��ָ��ڲ��Ϸ��ַ�ؽ��е�ַת��﷨��£�
ip nat inside source list ��б�� pool �ڲ��Ϸ��ַ��
ʾ��
ip nat inside source list 1 pool chinanet
��ж��ڲ��б��һһ��ӣ��ʵ��ַת��
ip nat insde source list 2 pool chinanet
ip nat insde source list 2 pool chinanet
��ж��ַ�أ�Ҳ��һһ��ӣ��ӺϷ��ַ�ط�Χ��
ip nat insde source list 2 pool cernet
ip nat insde source list 2 pool cernet
ip nat insde source list 2 pool cernet
��ˣ��̬��ַת��ϡ�
3.�˿ڸ��ö�̬��ַת��
�ڲ��ʹ�õ�IP��ַ��Ϊ10.100.100.1~10.100.100.254,·��˿ڣ��Ĭ��أ��IP��ַΪ10.100.100.1��Ϊ255.255.255.0��ĺϷ�IP��ַ��ΧΪ202.99.160.0~202.99.160.3,·��е�IP��ַΪ202.99.160.1,��Ϊ255.255.255.252��ת��IP��ַΪ202.99.160.2��Ҫ��ڲ��ַ10.100.100.1~10.100.100.254 ת��Ϊ�Ϸ�IP��ַ202.99.160.2��
��һ��ⲿ�˿ڡ�
interface serial 0
ip address 202.99.160.1 255.255.255.252
in nat outside
�ڶ��ڲ��˿ڡ�
interface ethernet 0
?ip address 1.100.100.1 255.255.255.0
?ip nat inside
��Ϸ�IP��ַ�ء�
in nat pool onlyone 202.99.160.2 202.99.160.2 netmask 255.255.255.252
// ָ��ַ��ص��Ϊonlyone,IP��ַ��ΧΪ202.99.160.2,��Ϊ255.255.255.252��ڱ��ֻ��һ��IP��ַ��ã��ԣ��ʼIP��ַ��ֹIP��ַ��Ϊ202.99.160.2��ж��IP��ַ��Ӧ��ֱ��ֹ��IPֱַ��
��Ĳ��ڲ��С�
access-list 1 permit 10.100.100.0 0.0.0.255
��Internetr��Ϊ10.100.100.0~10.100.100.255��Ϊ255.255.255.0��Ҫע��ǣ��˳��ƽ��д��˳��෴��0.255.255.255��
��岽��ø��ö�̬��ַת��
��ȫ��ģʽ�£��ڲ��ı��ص�ַ��ڲ��Ϸ�IP��ַ�佨��ö�̬��ַת��﷨��£�
ip nat inside source list��б��pool�ڲ��Ϸ��ַ��overload
ʾ��
ip nat inside source list1 pool onlyone overload //�Զ˿ڸ��÷�ʽ��б�1�е�˽��IP��ַת��Ϊonlyone IP��ַ��ж��ĺϷ�IP��ַ��
��ˣ��˿ڸ��ö�̬��ַת��ɡ�
��ַת��(NAT)-ʵ��
ʾ��һ��ȫ��ö˿ڸ��õ�ַת��
��ISP��IP��ַ��٣��û��󣬼��ΪInternet�ṩ��ʱ��ɲ��ö˿��õ�ַת��ʽ��ʹ��ڵļ��ͬһIP��ַ��Internet��ڽ�ԼIP��ַ��Դ��ͬʱ��ֿ��Ч��ڲ��ļ��
��绷��Ϊ��
��10Mb/s��ˣ��Գ��ʽ��Internet��ͼ4-2-2��ʾ��·��ѡ��ӵ��2��10/100 Mb/s��Ӧ�˿ڵ�Cisco 2611��ڲ��ʹ�õ�IP��ַ��Ϊ192.168.100.1~192.101.254��˿�Ethernet 0��IP��ַΪ192.168.100.1,��Ϊ255.255.0.0��ĺϷ�IP��ַ��ΧΪ202.99.160.128~202.99.160.131,��ISP�Ķ˿�Ethernet 1��IP��ַΪ202.99.160.129,��Ϊ255.255.255.252��ת��IP��ַΪ202.99.160.130��Ҫ��ڲ��м��ɷ��Internet��
��
��Ȼֻ��һ��õĺϷ�IP��ַ��ͬʱ��ھ��ķ��ֻΪ��ṩ��񣬶��Internet�е��ʣ��ȫ��Բ��ö˿ڸ��õ�ַת��ʽʵ��NAT��ʹ��ڵ��м��ɶ��Internet��
��嵥��
interface fastethernet0/0
ip address 192.168.100.1 255.255.0.0 //��屾�ض˿�IP��ַ
duplex auto
speed auto
ip nat inside // ��Ϊ��ض˿�
!
interface fastethernet0/1
ip address 202.99.160.129 255.255.255.252
duplx auto
speed auto
ip nat outside
!
ip nat pool onlyone 202.99.160.130 202.99.160.130 netmadk 255.255.255.252 //��Ϸ�IP��ַ�أ��Ϊonlyone access-list 1 permit 192.168.100.0 0.0.0.255 //��屾�ط��б�
access-list 1 permit 192.168.100.0 0.0.0.255
ip nat inside source list1 pool onlyone overload //��ö˿ڸ��ö�̬��ַת��
ʾ��̬��ַ+�˿ڸ��õ�ַת��
��FTP��վ��ǵ��ܺ�Internet��Ӵ��ռ��⣬��ͬһIP��ַ�Ķ��̷��ʡ��ö˿ڸ��ַת��ʽ��ڵ��Լ��ͬһIP��ַ��Internet,��ô��˶��ֹ�Ը��վ�ķ��ʡ��ԣ��ṩ�ĺϷ�IP��ַ��Զ�ʱ��ͬʱ��ö˿ڸ��úͶ�̬��ַת��ʽ��Ӷ��ȿɱ�֤��û��ܹ��÷��Internet��Ȩ��ͬʱ��ֲ��¡�ĳЩ��ʹ��ͬһIP��ַ��Ȩ�ޡ��Ҫע��ǣ��м��ö�̬��ַת��ʽ��Internet�е��м��޷�ʵ�ֶ��ڲ��ķ��ʡ�
��绷��
��2Mb/s DNAר�߽��Internet��·��ѡ�ð�װ�˹��ģ��Cisco 2611,��ͼ4-2-2��ʾ��ڲ��ʹ�õ�IP��ַ��Ϊ172.16.100.1~172.16.102.254,��˿�Ethernet 0��IP��ַΪ172.16.100.1,��Ϊ255.255.0.0��ĺϷ�IP��ַ��ΧΪ202.99.160.128~202.99.160.129,��Ϊ255.255.255.192,��ת��IP��ַ��ΧΪ202.99.160.130~202.99.160.190��Ҫ��粿�ֵĲ��ּ��Բ��κ��Ƶط��Internet��ṩInternet��ʷ��
��
��ȻҪ��еĲ��ּ��Բ��κ��Ƶط��Internet,ͬʱ��ṩInternet��ʷ��ô��ֻ��ö�̬��ַת��+�˿ڸ��õ�ַת��ʽ��ʵ�֡��ļ��ö�̬��ַת��NAT��ʽ��ö˿ڸ��õ�ַת��NAT��ʽ��ˣ��ļ��ɲ��ڲ��ַ172.16.100.1~172.16.100.254��̬ת��Ϊ�Ϸ��ַ202.99.160.130~202.99.160.189��ڲ��ַ172.16.101.1~172.16.102.254,ȫ��ת��Ϊ202.99.160.190��
��嵥��
interface fastethernet0/1
ip address 10.100.100.1 255.255.255.0 //��˿�IP��ַ
duplex auto
speed auto
ip nat inside //��Ϊ��˿�
!
interface serial 0/0
ip address 202.99.160.129 255.255.255.192 //��˿�IP��ַ
!
duplex auto
speed auto
ip nat outside //��Ϊ��˿�
!
ip nat pool public 202.99.160.130 202.130.160.190 netmask 255.255.255.192 //��Ϸ�IP��ַ�أ��Ϊpublic
ip nat pool super 202.99.160.130 202.130.160.189 netmask 255.255.255.192 //��Ϸ�IP��ַ�أ��Ϊsuper
ip nat inside source list1 pool super //��б��1��ö�̬��ַת��
ip nat inside source list2 pool public overload? //��б�2��ö˿ڸ��õ�ַת��
access-list1 permit 172.16.100.0 0.0.0.255 //��屾�ط��б�1
access-list2 permit 172.16.102.0 0.0.0.255 //��屾�ط��б�2
access-list2 permit 172.16.102.0 0.0.0.255
ʾ��̬��ַת��+�˿ڸ��õ�ַת��
��ʵ�ںܶ�ʱ��еķ��Ϊ��ڲ��Ŀͻ��ṩ��ͬʱΪInternet�е��û��ṩ��ʷ��ˣ��ö˿ڸ��õ�ַת��̬��ַת��޷�ȷ��IP��ַ��Internet�û��޷�ʵ�ֶ��ڲ��ķ��ʡ��ʱ��Ӧ��þ�̬��ַת��+�˿ڸ��õ�ַת��NAT��ʽ��Ҳ��˵��Է��þ�̬��ַת��ȷ��ӵ�й̶��ĺϷ�IP��ַ��ͨ�Ŀͻ��ö˿ڸ��õ�ַת��ʹ��û��з��Internet��Ȩ��
��绷��Ϊ��
��10Mb/s��ˣ��Գ��ʽ��Internet��ͼ4-2-2��ʾ��·��ѡ��ӵ��2��10/100 Mb/s��Ӧ�˿ڵ�Cisco 2611��ڲ��ʹ�õ�IP��ַ��Ϊ10.18.100.1~10.18.104.254,��˿�Ethernet 0��IP��ַΪ10.18.100.1,��Ϊ255.255.0.0��ĺϷ�IP��ַ��ΧΪ211.82.220.80~211.82.220.87��ISP�Ķ˿�Ethernet 1��IP��ַΪ211.82.220.81,��Ϊ255.255.255.248��Ҫ��ڲ��м��ɷ��Internet��Internet��ṩWeb��E-mail��FTP��Media��4�ַ��
��
��Ȼ��ڵķ��Ҫ��ܹ��Internet��ʵ��ô��ⲿ��ӵ�кϷ��IP��ַ��Ҳ��˵��þ�̬��ַת��û��κ��ƣ��ԣ��ɲ��ö˿ڸ��õ�ַת��NAT��ʽ��ˣ��ɲ��ַ10.18.100.1~10.18.100.254��ֱ�ӳ��Ϊһ��Ϸ��IP��ַ��ڲ��ַ10.18.101.1~172.16.104.254,��ȫ��ת��Ϊһ��Ϸ��IP��ַ��
��嵥��
interface fastethernet0/0
ip address 10.18.100.1 255.255.0.0 //��IP��ַ
duplex auto
speed auto
ip nat inside //��
!
interface fastethernet0/1
ip address 211.82.220.81 255.255.255.248 //��IP��ַ
duplex auto
speed auto
ip nat outside //��
!
ip nat pool every 211.82.220.86 211.82.220.86 netmask 255.255.255.248 //��Ϸ�IP��ַ��
access-list 1 permit 10.18.101.0 0.0.0.255 //��屾�ط��б�1
access-list 1 premit 10.18.102.0 0.0.0.255
access-list 1 premit 10.18.103.0 0.0.0.255
access-list 1 premit 10.18.104.0 0.0.0.255
ip nat inside source list1 pool every overload //��б��1��ö˿ڸ��õ�ַת��
ip nat inside source static 10.18.100.10 211.82.220.82 //��徲̬��ַת��
ip nat inside source static 10.18.100.11 211.82.220.83
ip nat inside source static 10.18.100.12 211.82.220.84
ip nat inside source static 10.18.100.13 211.82.220.85
ʾ��ģ�TCP/UDP�˿�NATӳ��
��ISP�ṩ�ĺϷ�IP��ַ��϶࣬��Ȼ��Բ��þ�̬��ַת��+�˿ڸ��ö�̬��ַת��ķ�ʽ��ʵ�֡��ISPֻ�ṩ4��IP��ַ��2��Ϊ��ź͹㲥��ַ��ʹ�ã�1��IP��ַҪ��·��ΪĬ��أ� ��ô��ֻʣ��1��IP��ַ��á��Ȼ��Ҳ��һ��IP��ַ��ö˿ڸ��õ�ַת��Ӷ�ʵ��Internet��롣��ڷ��Ҳ��ö�̬�˿ڣ��ˣ�Internet�еļ��޷��ʵ��ڲ��ķ��û�кõĽ��ķ��أ��TCP/UDP�˿�NATӳ�䡣
��֪��ͬӦ�ó��ʹ�õ�TCP/UDP�Ķ˿��ǲ�ͬ�ģ��磬Web��ʹ��50��FTP��ʹ��21��SMTP��ʹ��25��POP3��ʹ��110��ȵȡ��ˣ��Խ��ͬ��TCP�˿ڰ��ͬ��ڲ�IP��ַ��Ӷ�ֻʹ��һ��Ϸ��IP��ַ��ڲ��з��Internet��ʵ�ͬʱ��ʵ��ڲ��Internet��ʡ�
��绷��
��10Mb/s��ˣ��Գ��ʽ��Internet��ͼ4-2-5��ʾ��·��ѡ��ӵ��2��10/100 Mb/s��Ӧ�˿ڵ�Cisco 2611��ڲ��ʹ�õ�IP��ַ��Ϊ192.169.1.1~192.168.1.254��˿�Ethernet 0��IP��ַΪ192.168.1.1,��Ϊ255.255.255.0��ĺϷ�IP��ַ��ΧΪ��211.82.220.128~211.82.220.131,��ISP�Ķ˿�Ethernet 1��IP��ַΪ211.82.220.129,��Ϊ255.225.255.252��ת��IP��ַΪ211.82.220.130��Ҫ��ڲ��м��ɷ��Internet��
��
��Ȼֻ��һ��õĺϷ�IP��ַ��Ȼֻ�ܲ��ö˿ڸ��÷�ʽʵ��NAT��ͬʱ��Ҫ��ڲ��ķ��Ա�Internet��ʵ��ˣ��ʹ��PAT��TCP/UDP�˿ڵ�NATӳ�䡣��Ҫע��ǣ�Ҳ��ֱ��ʹ�ù��˿ڴ��TCP/UDP�˿ڵ�NATӳ�䣬Ҳ��˵��ʹֻ��һ��IP��ַ��Ҳ��ʵ�ֶ˿ڸ��á��ںϷ�IP��ַλ��·��˿��ϣ��ԣ��Ҫ��NAT�أ�ֻ�򵥵�ʹ��inside source list��伴�ɡ�
��Ҫע��ǣ��ÿ��Ӧ�÷��Լ�Ĭ�ϵĶ˿ڣ��ԣ��NAT��ʽ�£��ڲ�ÿ��Ӧ�÷��ֻ�ܸ��һ̨��ΪInternet�е��磬ֻ��һ̨Web��һ̨E-mail��һ̨FTP��ܿ��Բ��øı�Ĭ�϶˿ڵķ�ʽ��̨Ӧ�÷��ַ��ڷ��ʱ�Ƚ��ѣ�Ҫ��û��˽�ĳ�ַ��õ��TCP�˿ڡ�
��嵥��
interface fastethernet0/0
ip address 10.18.100.1 255.255.0.0 //ָ��ڵ�IP��ַ
duplex auto
speed auto
ip nat inside //ָ��ӿ�
!
interface fastethernet0/1
ip address 211.82.220.129 255.255.255.248 //ָ��ڵ�IP��ַ
access-list 1 permit 192.168.1.0 0.0.0.255
!
ip nat inside source list1 interface fastethernet0/1 overload //��ö˿ڸ��õ�ַת��ֱ�Ӳ��fastethernet0/1��IP��ַ��
ip nat inside source static tcp 192.168.1.11 80 202.99.160.129.80
ip nat inside source static tcp 192.168.1.12 21 202.99.160.129.21
ip nat inside source static tcp 192.168.1.13 25 202.99.160.129.25
ip nat inside source static tcp 192.168.1.13 110 202.99.160.129 110
ʾ��壺��õ�ַת��ʵ�ָ��ؾ��
��ŷ��һ̨��ʤ��ʱ��ͱ��ø��ؾ��⼼��ķ��ʺ��ط��̨��ϡ��Ȼ��ʵ�ָ��ؾ��ֶ��֣��Բ��÷��Ⱥ��ؾ��⡢��ؾ��⡢DNS��ؾ��ȵȡ�
��ʵ��⣬Ҳ��ͨ��ַת��ʽʵ�ַ��ĸ��ؾ��⡣��ʵ�ϣ��Щ��ؾ��ʵ�ִ��ǲ��ѯ��ʽʵ�ֵģ�ʹÿ̨��ӵ��ƽ�ȵı��ʻ��ᡣ
��绷��
��2Mb/s DDNר��Internet,·��ѡ�ð�װ�˹��ģ��Cisco 2611,��ͼ4-2-6��ʾ��ڲ��ʹ�õ�IP��ַ��Ϊ10.1.1.1~10.1.3.254��˿�Ethernet 0��IP��ַΪ10.1.1.1,��Ϊ255.255.0.0��ĺϷ�IP��ַ��ΧΪ202.110.198.80~202.110.198.87,��ISP�Ķ˿�Ethernet 1��IP��ַΪ202.110.198.81,��Ϊ255.255.255.248��Ҫ��ڲ��м��ɷ��Internet��3̨Web��2̨FTP��ʵ�ָ��ؾ��⡣
��
��ȻҪ��м��Խ��Internet,��Ϸ�IP��ַ��ֻ��5��ã��Ȼ�ɲ��ö˿ڸ��õ�ַת��ʽ��Է��ͨ��þ�̬��ַת��Ϸ�IP��ַ��ɡ��ǣ��ڷ��ķ��̫�󣨻��Ƿ��̫���ò�ʹ�ö�̨��ؾ��⣬��ˣ��뽫һ��Ϸ�IP��ַת��ɶ��ڲ�IP��ַ��ѯ��ʽ��ÿ̨��ķ��ѹ��
��ļ��
interface fastethernet0/1
ip adderss 10.1.1.1 255.255.0.0 //��˿�IP��ַ
duplex auto
speed auto
ip nat inside //��Ϊ��˿�
!
interface serial 0/0
ip address 202.110.198.81 255.255.255.248 //��˿�IP��ַ
duplex auto
speed auto
ip nat outside //��Ϊ��˿�
!
access-list 1 permit 202.110.198.82 //��ѯ��ַ�б�1
access-list 2 permit 202.110.198.83
access-list 3 permit 10.1.1.0 0.0.255.255 //��屾�ط��б�3
!
ip nat pool websev 10.1.1.2 10.1.1.1 255.255.255.248 type rotary //��Web��IP��ַ�أ�Rotary�ؼ��ֱ�ʾ׼��ʹ��ѯ��Դ�NAT��ȡ��Ӧ��IP��ַ��ת��IP��ģ��202.110.198.82��η��͸�10.1.1.2��10.1.1.2��10.1.1.4
ip nat pool ftpsev 10.1.1.8 10.1.1.9 255.255.255.248 type rotary
ip nat pool normal 202.110.198.84 202.110.198.84 netmask 255.255.255.248 //��Ϸ�IP��ַ�أ��Ϊnormal
ip nat inside destination list 1 pool websev //inside destination list ��䶨��б�1��ƥ��IP��ַ�ı��Ľ�ʹ��ѯ��
ip nat inside destination list 2 pool ftpsev

ccna֮��

ping and Traceroute

Ping �� Traceroute �������

TCP/IP���ѧϰ�ʼ�(14)-TCP���ӵ�δ��������

TCP/IP���ѧϰ�ʼ�(13)-TCP��ֶ�ʱ����TCP���ʱ��

TCP/IP���ѧϰ�ʼ�(12)-TCP�ĳ�ʱ���ش�

TCP/IP���ѧϰ�ʼ�(10)-TCP���ӵĽ�������ֹ

TCP/IP���ѧϰ�ʼ�(9)-TCPЭ�����

TCP/IP���ѧϰ�ʼ�(8)-DNS����ϵͳ

TCP/IP���ѧϰ�ʼ�(7)-�㲥�Ͷಥ��IGMPЭ��

TCP/IP���ѧϰ�ʼ�(6)-UDPЭ��

TCP/IP���ѧϰ�ʼ�(5)-IPѡ·����̬ѡ·����һЩϸ��

TCP/IP���ѧϰ�ʼ�(4)-ICMPЭ�飬ping��Traceroute

TCP/IP���ѧϰ�ʼ�(3)-IPЭ�飬ARPЭ�飬RARPЭ��

Linux�����Ż����

ACL����

nat