TCPIP DNS 53tcp udp FTP 20 21tcp udp

常用的上层协议 DNS: 53/tcp, udp FTP: 20, 21/tcp, udp telnet: 23/tcp, udp HTTP: 80/tcp, udp

常用的网络具 Netstat Ipconfig/ifconfig Ping Tracert ……

Linux内核 2. 2中的包的流向 output input sys_write() sys_read() sock_write() sock_read() inet_sendmsg() inet_recvmsg() tcp_v 4_sendmsg() tcp_do_sendmsg()

网络层的处理流程传输层 Route table Demasq Ip_forward() Ip_local_deliver() forward Route table Ip_rcv() 链路层 masq input

Linux内核中的包过滤 Firewall_ops input In_Rule 1 forward Deny Reject output user Rule 1 In_Rule 2

Ipchains的用法示例 ipchains -A input -i eth 0 -s 192. 168. 1. 0/24 -j DENY

Ftp文件传输协议命令通道： 21端口 ftp server client 数据通道： 20端口 5151 5150 21 PORT 5151 OK

Ftp文件传输协议(续) 命令通道： 21端口 ftp server client 数据通道：>1023 5151 5150 21 20 PASV OK 3267

socks 应用 policy 传输层网络层 server 链路层 Socks server client

认证方案的协商 Client->Server: +----------+--------+ |VER | NMETHODS| METHODS | +----------+--------+ |1 | 1 to 255

服务器的应答 +-------+--------+---------------+ | VER| REP | RSV | ATYP | BND. ADDR | BND.

UDP客户的处理过程请求命令为“UDP associate” 客户->UDP relay server ->目标机器每一个UDP包包含一个UDP请求头 UDP packet +--------+--------------+-------+ |RSV | FRAG

参考资料书 William Stallings, Cryptography and network security: principles and practice, Second Edition 文章

Slides: 61

Download presentation

TCP/IP协议栈

常用的上层协议 DNS: 53/tcp, udp FTP: 20, 21/tcp, udp telnet: 23/tcp, udp HTTP: 80/tcp, udp NNTP: 119/tcp, udp SMTP: 25/tcp, udp POP 3: 110/tcp, udp 参考：IANA提供的port-numbers. txt

常用的网络具 Netstat Ipconfig/ifconfig Ping Tracert ……

Linux内核 2. 2中的包的流向 output input sys_write() sys_read() sock_write() sock_read() inet_sendmsg() inet_recvmsg() tcp_v 4_sendmsg() tcp_do_sendmsg() tcp_send_skb() tcp_transmit_skb() tcp_recvmsg() tcp_v 4_recv() ip_queue_xmit() ip_output() ip_finish_output() dev_queue_xmit() hard_start_xmit() ip_local_deliver() ip_rcv() net_bh() Netif_rx() Block_input() ei_receive() ei_interrupt()

网络层的处理流程传输层 Route table Demasq Ip_forward() Ip_local_deliver() forward Route table Ip_rcv() 链路层 masq input output Ip_output()

Linux内核中的包过滤 Firewall_ops input In_Rule 1 forward Deny Reject output user Rule 1 In_Rule 2 In_Rule 3 Accept Rule 2

Ipchains的用法示例 ipchains -A input -i eth 0 -s 192. 168. 1. 0/24 -j DENY ipchains -A input -p tcp -d 162. 105. 73. 192/26 any -y –i eth 0 -j DENY ipchains –A input –p tcp –d 162. 105. 73. 254 80 -i eth 0 –j ACCEPT

Ftp文件传输协议命令通道： 21端口 ftp server client 数据通道： 20端口 5151 5150 21 PORT 5151 OK 建立数据通道 OK 20

Ftp文件传输协议(续) 命令通道： 21端口 ftp server client 数据通道：>1023 5151 5150 21 20 PASV OK 3267 建立数据通道 OK 3267

Microsoft Proxy Server v 2管理示意图

socks 应用 policy 传输层网络层 server 链路层 Socks server client

认证方案的协商 Client->Server: +----------+--------+ |VER | NMETHODS| METHODS | +----------+--------+ |1 | 1 to 255 | +----------+--------+ Method: Server->Client +------------+ X’ 00: No Authentication require |VER | METHOD | X’ 01: GSSAPI +------------+ |1 | X’ 02: Username/password +------------+ X’FF: No Acceptable Methods

服务器的应答 +-------+--------+---------------+ | VER| REP | RSV | ATYP | BND. ADDR | BND. PORT | +-------+--------+---------------+ | 1　|　1　 | X‘ 00’ |　1 　 | Variable | 　　2　　 | +-------+--------+---------------+ REP 00: succeed 01: general SOCKS server failure 02: connection not allowed by ruleset 03: network unreachable 04: host unreachable 05: connection refused 06: TTL expired 07: Command not supported 08: address type not supported 09 -FF: not assigned BND. ADDR & BND. PORT: Specify the addr and port of the socks server which will accept an inbound connection

参考资料书 William Stallings, Cryptography and network security: principles and practice, Second Edition 文章 SOCKS Protocol Version 5, RFC 1928 其他关于防火墙技术的书籍