开始浏览时发送的第一个数据包
想象一下用户坐在一台连接以太网的电脑前。 他打开了浏览器。 他在地址栏中输入“www.google.com”并按回车键。
现在告诉我以太网上出现的第一个数据包是什么。
我在这里找到了这个问题:有关套接字编程和多线程的面试问题< /a>
由于我不是网络专家,我想听到答案(我认为它是“这取决于”;))。
使用像 Wireshark 这样的工具,我显然可以检查自己的计算机行为。 我想知道我看到的数据包(例如 ARP、DNS、VRRP)在每个以太网配置中是否相同(是否取决于操作系统?驱动程序?甚至浏览器:)?)以及哪些条件他们出现了。 在数据链路层上,它甚至可能依赖于物理网络(连接到集线器/交换机/路由器)吗?
Imagine a user sitting at an Ethernet-connected PC. He has a browser open. He types "www.google.com" in the address bar and hits enter.
Now tell me what the first packet to appear on the Ethernet is.
I found this question here: Interview Questions on Socket Programming and Multi-Threading
As I'm not a networking expert, I'd like to hear the answer (I'd assume it is "It depends" ;) ).
With a tool like Wireshark, I can obviously check my own computers behaviour. I'd like to know whether the packets I see (e.g. ARP, DNS, VRRP) are the same in each ethernet configuration (is it dependent on the OS? the driver? the browser even :)?) and which are the conditions in which they appear. Being on the data-link layer, is it maybe even dependent on the physical network (connected to a hub/switch/router)?
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(6)
关于使用 ARP 查找 DNS 服务器的答案通常都是错误的。
特别是,网外 IP 地址的 IP 地址解析永远不会使用 ARP 完成,并且路由器没有责任回答此类 ARP 查询。
离网路由是由客户端机器知道哪些IP地址位于其所连接的本地子网上来完成的。 如果请求的 IP 地址不是本地的,则客户端计算机将参考其路由表来查找将数据包发送到哪个网关。
因此,在大多数情况下,发出的第一个数据包将是一个 ARP 请求,用于查找默认网关的 MAC 地址(如果该地址尚未在 ARP 缓存中)。
只有这样它才能通过网关发送 DNS 查询。 在这种情况下,发送的数据包的 IP 目标字段中包含 DNS 服务器的 IP 地址,但以太网数据包上包含网关的 MAC 地址。
The answers that talk about using ARP to find the DNS server are generally wrong.
In particular, IP address resolution for off-net IP addresses is never done using ARP, and it's not the router's responsibility to answer such an ARP query.
Off-net routing is done by the client machine knowing which IP addresses are on the local subnets to which it is connected. If the requested IP address is not local, then the client machine refers to its routing table to find out which gateway to send the packet to.
Hence in most circumstances the first packet sent out will be an ARP request to find the MAC address of the default gateway, if it's not already in the ARP cache.
Only then can it send the DNS query via the gateway. In this case the packet is sent with the DNS server's IP address in the IP destination field, but with the gateway's MAC address on the ethernet packet.
您可以随时下载 wireshark 并查看。
虽然破坏了乐趣。
假设主机的IP地址没有被缓存,DNS服务器的MAC地址也没有被缓存,那么首先发送的将是广播ARP 消息试图找出 DNS 服务器的 MAC 地址(路由器将使用其自己的地址进行响应)。
接下来,将使用 DNS 解析主机名。 然后返回的 IP 地址将使用 ARP 进行解析(路由器将再次使用自己的地址进行响应),最后,HTTP 消息将被实际发送。
You can always download wireshark and take a look.
Though to spoil the fun.
Assuming, the IP address of the host is not cached, and the MAC address of the DNS server is not cached, the first thing that will be sent will be a broadcast ARP message trying to find out the MAC address of the DNS server (which the router will respond to with its own address).
Next, the host name will be resolved using DNS. Then the returned IP address will be resolved using ARP (again the router will respond with its own address), and finally, the HTTP message will actually be sent.
实际上,这取决于您未指定的各种初始条件。
假设 PC 运行的操作系统包含本地 DNS 缓存解析器(我的就是这样),发送任何数据包之前发生的第一件事就是在缓存中搜索 IP 地址。 这很复杂,因为“www.google.com”不是一个完全限定的域名,即它缺少尾随点,因此 DNS 解析器将首先接受其缓存中与其搜索域列表匹配的任何记录。 例如,如果您的搜索域列表是“example.com”。 其次是“yoyodyne.com”。 然后缓存与名称“www.google.com.example.com”匹配的资源。 “www.google.com.yoyodyne.com”。 最后是“www.google.com”。 如果可用的话将被使用。 另请注意:如果 Web 浏览器是最流行的浏览器之一,并且 PC 运行的是最新的操作系统,并且主机至少有一个分配了全局范围 IPv6 地址的网络接口(并且主机位于网络上)其中 www.google.com 在其 DNS 范围内有 AAAA 记录),那么服务器的远程地址可能是 IPv6 而不是 IPv4。 这在以后很重要。
如果 Google 网络服务器的远程地址本地缓存在 DNS 中,并且 ARP/ND6 缓存包含默认路由器的 IPv4/IPv6 地址(分别)的条目,则第一个传输的数据包将是 TCP SYN 数据包源自连接到路由器的接口地址,目的地为缓存的远程 IPv4/IPv6 地址。 或者,可以通过某种第 2 层或第 3 层隧道访问默认路由器,在这种情况下,SYN 数据包将被适当封装。
如果 Google 网络服务器的远程地址未本地缓存,则主机首先需要在 DNS 域搜索列表中依次查询 A 和/或 AAAA 记录,直到找到得到积极回应。 如果解析器配置中的第一个 DNS 解析服务器地址位于本地 IPv4 子网范围之一中,或者位于本地连接的 IPv6 前缀中(在路由器通告中设置了 L=1 位),并且 ARP/ND6 缓存已包含条目对于有问题的地址,那么主机将发送的第一个数据包是直接 DNS 查询,以查找与域搜索列表中第一个完全限定域名匹配的 A 记录或 AAAA 记录。 或者,如果第一个 DNS 服务器无法在线寻址,并且默认路由器已经有 ARP/ND6 缓存条目,则 DNS 查询数据包将发送到默认路由器以转发到 DNS 服务器。
如果本地链接 DNS 服务器或默认路由器(分别如上述情况)在 ARP/ND6 缓存中没有条目,则主机将发送的第一个数据包是 ARP 请求或相应地址的 ICMP6 邻居请求。
哦,但是等等……这更可怕。 有一些奇怪的边缘情况,其中主机发送的第一个数据包可能是 LLMNR 查询、IKE 启动,或者...或者...或者...您真正关心这一切吗,buckaroo?
Actually, it depends on a variety of initial conditions you left unspecified.
Assuming the PC is running an operating system containing a local DNS caching resolver (mine does), the first thing that happens before any packets are sent is the cache is searched for an IP address. This is complicated, because "www.google.com" isn't a fully-qualified domain name, i.e. it's missing the trailing dot, so the DNS resolver will accept any records already in its cache that match its search domain list first. For example, if your search domain list is "example.com." followed by "yoyodyne.com." then cached resources matching the names "www.google.com.example.com." "www.google.com.yoyodyne.com." and finally "www.google.com." will be used if available. Also note: if the web browser is one of the more popular ones, and the PC is running a reasonably current operating system, and the host has at least one network interface with a global scope IPv6 address assigned (and the host is on a network where www.google.com has AAAA records in its DNS horizon), then the remote address of the server might be IPv6 not IPv4. This will be important later.
If the remote address of the Google web server was locally cached in DNS, and the ARP/ND6 cache contains an entry for the IPv4/IPv6 address (respectively) of a default router, then the first transmitted packet will be a TCP SYN packet sourced from the interface address attached to the router and destined for the cached remote IPv4/IPv6 address. Alternatively, the default router could be reachable over some kind of layer-2 or layer-3 tunnel, in which case, the SYN packet will be appropriately encapsulated.
If the remote address of the Google web server was not locally cached, then the host will first need to query for the A and/or AAAA records in the DNS domain search list in sequence until it gets a positive response. If the first DNS resolving server address in the resolver configuration is in one of the local IPv4 subnet ranges, or in a locally attached IPv6 prefix with the L=1 bit set in the router advertisement, and the ARP/ND6 cache already contains an entry for the address in question, then the first packet the host will send is a direct DNS query for either an A record or a AAAA record matching the first fully-qualified domain name in the domain search list. Alternatively, if the first DNS server is not addressable on-link, and a default router has an ARP/ND6 cache entry already, then the DNS query packet will be sent to the default router to forward to the DNS server.
In the event the local on-link DNS server or a default router (respectively, as the case above may be) has no entry in the ARP/ND6 cache, then the first packet the host will send is either an ARP request or an ICMP6 neighbor solicitation for the corresponding address.
Oh, but wait... it's even more horrible. There are tweaky weird edge cases where the first packet the host sends might be a LLMNR query, an IKE initiation, or... or... or... how much do you really care about all this, buckaroo?
是否正确。 例如,本地 DNS 缓存是否包含该地址? 如果没有,那么 DNS 查找可能是第一件事。
Got that right. E.g. does the local DNS cache contain the address? If not then a DNS lookup is likely to be the first thing.
如果主机名不在 DNS 缓存中或主机文件中,则第一个数据包将转到 DNS。
否则,第一个数据包将为 HTTP GET。
If the host name is not in DNS cache nor in hosts file, first packet will go to DNS.
Otherwise, the first packet will be HTTP GET.
好吧,无论您尝试做什么,首先发生的是一些与以太网协议相关的数据。 值得注意的是,以太网适配器必须决定以太网总线是否可用(因此这里会进行一些冲突检测)
很难回答您的问题,因为这在很大程度上取决于您所使用的以太网网络的类型。 有关以太网传输的更多信息,请参阅此处和此处
Well, whatever you try to do, the first thing happening is some Ethernet protocol related data. Notably, Ethernet adapters have to decide whether the Ethernet bus is available (so there's some collision detection taking place here)
It's hard to answer your question because it depends a lot on the type of ethernet network you're using. More information on Ethernet transmission can be found here and here