概述
MAC地址(MAC Address)
MAC(Medium/Media Access Control)地址,用來表示網際網路上每一個站點的標識符,採用十六進制數表示,共六個位元組(48位)。其中,前三個位元組是由IEEE的註冊管理機構RA負責給不同廠家分配的代碼(高位24位),也稱為“編制上唯一的標識符”(Organizationally Unique Identifier),後三個位元組(低位24位)由各廠家自行指派給生產的適配器接口,稱為擴展標識符(唯一性)。一個地址塊可以生成2個不同的地址。MAC地址實際上就是適配器地址或適配器標識符EUI-48。
解釋
MAC(Media Access Control,介質訪問控制)地址,也叫硬體地址,長度是48比特(6位元組),由16進制的數字組成,分為前24位和後24位:
前24位叫做組織唯一標誌符(Organizationally Unique Identifier,即OUI),是由IEEE的註冊管理機構給不同廠家分配的代碼,區分了不同的廠家。
後24位是由廠家自己分配的,稱為擴展標識符。同一個廠家生產的網卡中MAC地址後24位是不同的。
MAC地址對應於OSI參考模型的第二層數據鏈路層,工作在數據鏈路層的交換機維護著計算機MAC地址和自身連線埠的資料庫,交換機根據收到的數據幀中的“目的MAC地址”欄位來轉發數據幀。
其中第1位元組的第8Bit(如圖中00-50-BA-...對應的00000000-01010000-10111010-...,加粗字型的Bit)標識這個地址是組播地址還是單播地址。這是由乙太網的傳輸協定高位元組先傳,但每一位元組內低位先傳的特性所決定的,見IEEE 802.3 3.2.3 Address fields: “The first bit (LSB) shall be used in the Destination Address field as an address type designation bit to identify the Destination Address either as an individual or as a group address. If this bit is 0, it shall indicate that the address field contains an individual address. If this bit is 1, it shall indicate that the address field contains a group address that identifies none, one or more, or all of the stations connected to the LAN. In the Source Address field, the first bit is reserved and set to 0.”。事實上這傳輸的順序為000000000000101001011101...“The first bit (LSB)”即是前言的第8Bit。
網卡的物理地址通常是由網卡生產廠家燒入網卡的EPROM(一種快閃記憶體晶片,通常可以通過程式擦寫),它存儲的是傳輸數據時真正賴以標識發出數據的電腦和接收數據的主機的地址。
也就是說,在網路底層的物理傳輸過程中,是通過物理地址來識別主機的,它一定是全球唯一的。比如,著名的乙太網卡,其物理地址是48bit(比特位)的整數,如:44-45-53-54-00-00,以機器可讀的方式存入主機接口中。乙太網地址管理機構(除了管這個外還管別的)(IEEE)(IEEE:電氣和電子工程師協會)將乙太網地址,也就是48比特的不同組合,分為若干獨立的連續地址組,生產乙太網網卡的廠家就購買其中一組,具體生產時,逐個將唯一地址賦予乙太網卡。
形象地說,MAC地址就如同我們身份證上的身份證號碼,具有全球唯一性。
地址運用
MAC地址綁定就是利用三層交換機的安全控制列表將交換機上的連線埠與所對應的MAC地址進行捆綁。
基本意義
由於每個網路適配卡具有唯一的MAC地址,為了有效防止非法用戶盜用網路資源,MAC地址綁定可以有效的規避非法用戶的接入。以進行網路物理層面的安全保護。
基本運用
由於MAC地址綁定的安全性能,所以被大多數的終端用戶所運用,以保證網路非法用戶從非法途徑進入網路,盜用網路資源。這個技術被廣泛運用電信,一些OA辦公的網路系統。
更改方法
一般MAC地址在網卡中是固定的,當然也有網路高手會想辦法去修改自己的MAC地址。修改自己的MAC地址有兩種方法,一種是硬體修改,另外一種是軟體修改。
硬體修改
硬體的方法就是直接對網卡進行操作,修改保存在網卡的EPROM裡面的MAC地址,通過網卡生產廠家提供的修改程式可以更改存儲器里的地址。那么什麼叫做EPROM呢?EPROM是電子學中一種存儲器的專業術語,它是可擦寫的,也就是說一張白紙你用鋼筆寫了一遍以後就不能再用橡皮擦去了,而EPROM這張白紙用鉛筆寫後可以再擦去,可以反覆改變其中數據的存儲器。
軟體修改
當然軟體修改的方法就相對來說要簡單得多了,在Windows中,網卡的MAC保存在註冊表中,實際使用也是從註冊表中提取的,所以只要修改註冊表就可以改變MAC。Windows 9x中修改:打開註冊表編輯器,在HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\
Service\Class\Net\下的0000,0001,0002。
Windows 2000/XP中的修改:同樣打開註冊表編輯器,HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\
Class\4D36E970-E325-11CE-BFC1-08002BE10318 中的0000,0001,0002中的DriverDesc,如果在0000找到,就在0000下面添加字元串變數,命名為“NetworkAddress”,值為要設定的MAC地址,例如:000102030405
完成上述操作後重啟就好了。一般網卡發出的包的源MAC地址並不是網卡本身寫上去的,而是應用程式提供的,只是在通常的實現中,應用程式先從網卡上得到MAC地址,每次傳送的時候都用這個MAC作為源MAC而已,而註冊表中的MAC地址是在Windows安裝的時候從網卡中讀入的,只要你的作業系統不重新安裝應該問題不大。
安全問題
MAC地址過濾
從上面的介紹可以知道,這種標識方式只是MAC地址基於的,如果有人能夠更改MAC地址,就可以盜用IP免費上網了,目前網上針對小區寬頻的盜用MAC地址免費上網方式就是基於此這種思路。如果想盜用別人的IP位址,除了IP位址還要知道對應的MAC地址。舉個例子,獲得區域網路內某台主機的MAC地址,比如想得到區域網路內名為TARGET主機的MAC地址,先用PING命令:PING TARGET,這樣在我們主機上面的ARP表的快取中就會留下目標地址和MAC映射的記錄,然後通過ARP A命令來查詢ARP表,這樣就得到了指定主機的MAC地址。最後用ARP -s IP 網卡MAC地址,命令把網關的IP位址和它的MAC地址映射起來就可以了。
如果要得到其它網段內的MAC地址,那么可以用工具軟體來實現,我覺得Windows最佳化大師中自帶的工具不錯,點擊“系統性能最佳化”→“系統安全最佳化”→“附加工具”→“集群Ping”,可以成批的掃出MAC地址並可以保存到檔案。
相關知識:
ARP(Address Resolution Protocol)是地址解析協定,ARP是一種將IP位址轉化成物理地址的協定。從IP位址到物理地址的映射有兩種方式:表格方式和非表格方式。ARP具體說來就是將網路層(IP層,也就是相當於OSI的第三層)地址解析為數據連線層(MAC層,也就是相當於OSI的第二層)的MAC地址。ARP協定是通過IP位址來獲得MAC地址的。
ARP原理:某機器A要向主機B傳送報文,會查詢本地的ARP快取表,找到B的IP位址對應的MAC地址後就會進行數據傳輸。如果未找到,則廣播A一個ARP請求報文(攜帶主機A的IP位址Ia——物理地址Pa),請求IP位址為Ib的主機B回答物理地址Pb。網上所有主機包括B都收到ARP請求,但只有主機B識別自己的IP位址,於是向A主機發回一個ARP回響報文。其中就包含有B的MAC地址,A接收到B的應答後,就會更新本地的ARP快取。接著使用這個MAC地址傳送數據(由網卡附加MAC地址)。因此,本地高速快取的這個ARP表是本地網路流通的基礎,而且這個快取是動態的。ARP表:為了回憶通信的速度,最近常用的MAC地址與IP的轉換不用依靠交換機來進行,而是在本機上建立一個用來記錄常用主機IP-MAC映射表,即ARP表。
解決方案
設定MAC地址
我們可以將IP位址和MAC地址捆綁起來來解決這個問題。進入“MS-DOS方式”或“命令提示符”,在命令提示符下輸入命令:ARP -s 10.88.56.72 00-10-5C-AD-72-E3,即可把MAC地址和IP位址捆綁在一起。這樣,就不會出現IP位址被盜用而不能正常使用網路的情況,可以有效保證小區網路的安全和用戶的套用。
注意:ARP命令僅對區域網路的上網代理伺服器有用,而且是針對靜態IP位址,如果採用Modem撥接或是動態IP位址就不起作用。
不過,只是簡單地綁定IP和MAC地址是不能完全的解決IP盜用問題的。作為一個網路供應商,他們有責任為用戶解決好這些問題之的後,才交給用戶使用,而不是把安全問題交給用戶來解決。不應該讓用戶來承擔一些不必要盜用的損失。
作為網路供應商,最常用也是最有效的解決方法就是在IP、MAC綁定的基礎上,再把連線埠綁定進去,即IP-MAC-PORT三者綁定在一起,連線埠(PORT)指的是交換機的連線埠。這就需要在布線時候做好連線埠定時管理工作。在布線時應該把用戶牆上的接線盒和交換機的連線埠一一對應,並做好登記工作,然後把用戶交上來的MAC地址填入對應的交換機連線埠,進而再和IP一起綁定,達到IP-MAC-PORT的三者綁定。這樣一來,即使盜用者擁有這個IP對應的MAC地址,但是它不可能同樣擁有牆上的連線埠,因此,從物理通道上隔離了盜用者。
獲取方法
單擊開始,點擊運行,輸入cmd,進入後輸入ipconfig /all 即可。(或者輸入ipconfig -all)(如圖1所示)
Physical Address. . . . . . . . . : 00-23-5A-15-99-42
單擊開始,點擊運行,輸入cmd,進入後輸入getmac即可。
另外,還可以通過查看本地連線獲取MAC地址:依次單擊“本地連線”→“狀態”——“常規”→“詳細信息”。 即可看到MAC地址(實際地址),如圖2所示。
linux/unix
在命令行輸入ipconfig即可看到MAC地址,如圖3所示:
攻擊方法
ARP欺騙技術已經很成熟了,這裡也不再闡述。此次重點講解如何不用ARP欺騙進行嗅探以及會話劫持的技術原理,實際的攻擊方法是進行MAC欺騙的原理,亦即根據附近共享的資源和自帶的資源裡帶有BK,然後取得一些客戶資料,算是商業間諜吧,只是這個更隱蔽具有很高的安全性。平常的ID和address都是可以不加密。
原理:在開始之前我們先簡單了解一下交換機轉發過程:交換機的一個連線埠收到一個數據幀時,首先檢查該數據幀的目的MAC地址在MAC地址表(CAM)對應的連線埠,如果目的連線埠與源連線埠不為同一個連線埠,則把幀從目的連線埠轉發出去,同時更新MAC地址表中源連線埠與源MAC的對應關係;如果目的連線埠與源連線埠相同,則丟棄該幀。
英文資料
In computer networking a Media Access Control address (MAC address) or Ethernet Hardware Address (EHA) or hardware address or adapter address is a quasi-unique identifier attached to most network adapters (NIC or Network Interface Card). It is a number that serves as an identifier for a particular network adapter. Thus network cards (or built-in network adapters) in two different computers will have different MAC addresses, as would an Ethernet adapter and a wireless adapter in the same computer, and as would multiple network cards in a router. However, it is possible to change the MAC address on most of today's hardware, often referred to as MAC spoofing.
Most layer 2 network protocols use one of three numbering spaces managed by the Institute of Electrical and Electronics Engineers (IEEE): MAC-48, EUI-48, andEUI-64, which are designed to be globally unique. Not all communications protocols use MAC addresses, and not all protocols require globally unique identifiers. The IEEE claims trademarks on the names "EUI-48" and "EUI-64" ("EUI" stands for Extended Unique Identifier).
MAC addresses, unlike IP addresses and IPX addresses, are not divided into "host" and "network" portions. Therefore, a host cannot determine from the MAC address of another host whether that host is on the same layer 2 network segment as the sending host or a network segment bridged to that network segment.
ARP is commonly used to convert from addresses in a layer 3 protocol such as Internet Protocol (IP) to the layer 2 MAC address. On broadcast networks, such as Ethernet, the MAC address allows each host to be uniquely identified and allows frames to be marked for specific hosts. It thus forms the basis of most of the layer 2 networking upon which higher OSI Layer protocols are built to produce complex, functioning networks.
Contents [hide]
1 Notational conventions
2 Address details
2.1 Individual address block
3 Bit-reversed notation
4 See also
5 References
6 External links
[edit] Notational conventions
The standard (IEEE 802) format for printing MAC-48 addresses in human-readable media is six groups of two hexadecimal digits, separated by hyphens (-) in transmission order, e.g. 01-23-45-67-89-ab. This form is also commonly used forEUI-64. Other conventions include six groups of two separated by colons (:), e.g. 01:23:45:67:89:ab; or three groups of four hexadecimal digits separated by dots (.), e.g. 0123.4567.89ab; again in transmission order.
[edit] Address details
The original IEEE 802 MAC address comes from the original Xerox Ethernet addressing scheme. This 48-bit address space contains potentially 248 or 281,474,976,710,656 possible MAC addresses.
All three numbering systems use the same format and differ only in the length of the identifier. Addresses can either be "universally administered addresses" or "locally administered addresses."
A universally administered address is uniquely assigned to a device by its manufacturer; these are sometimes called "burned-in addresses" (BIA). The first three octets (in transmission order) identify the organization that issued the identifier and are known as the Organizationally Unique Identifier (OUI). The following three (MAC-48 and EUI-48) or five (EUI-64) octets are assigned by that organization in nearly any manner they please, subject to the constraint of uniqueness. The IEEE expects the MAC-48 space to be exhausted no sooner than the year 2100;EUI-64s are not expected to run out in the foreseeable future.
A locally administered address is assigned to a device by a network administrator, overriding the burned-in address. Locally administered addresses do not contain OUIs.
Universally administered and locally administered addresses are distinguished by setting the second least significant bit of the most significant byte of the address. If the bit is 0, the address is universally administered. If it is 1, the address is locally administered. The bit is 0 in all OUIs. For example, The most significant byte is 02h. The binary is 00000010 and the second least significant bit is 1. Therefore, it is a locally administered address.
If the least significant bit of the most significant byte is set to a 0, the packet is meant to reach only one receiving NIC. This is called unicast. If the least significant bit of the most significant byte is set to a 1, the packet is meant to be sent only once but still reach several NICs. This is called multicast.
MAC-48 and EUI-48 addresses are usually shown in hexadecimal format, with each octet separated by a dash or colon. An example of a MAC-48 address would be "00-08-74-4C-7F-1D". If you cross-reference the first three octets with IEEE's OUI assignments,you can see that this MAC address came from Dell Computer Corp. The last three octets represent the serial number assigned to the adapter by the manufacturer.
The following technologies use the MAC-48 identifier format:
Ethernet
802.11wireless networks
Bluetooth
IEEE 802.5token ring
most other IEEE 802 networks
FDDI
ATM (switched virtual connections only, as part of an NSAP address)
Fibre Channel and Serial Attached SCSI (as part of a World Wide Name)
The distinction between EUI-48 and MAC-48 identifiers is purely semantic: MAC-48 is used for network hardware; EUI-48 is used to identify other devices and software. (Thus, by definition, an EUI-48 is not in fact a "MAC address", although it is syntactically indistinguishable from one and assigned from the same numbering space.)
The IEEE now considers the label MAC-48 to be an obsolete term which was previously used to refer to a specific type of EUI-48 identifier used to address hardware interfaces within existing 802-based networking applications and should not be used in the future. Instead, the term EUI-48 should be used for this purpose.
EUI-64 identifiers are used in:
FireWire
IPv6 (as the low-order 64 bits of a unicast network address when temporary addresses are not being used)
ZigBee /802.15.4wireless personal-area networks
The IEEE has built in several special address types to allow more than one Network Interface Card to be addressed at one time:
Packets sent to the broadcast address, all one bits, are received by all stations on a local area network. In hexadecimal the broadcast address would be "FF:FF:FF:FF:FF:FF".
Packets sent to a multicast address are received by all stations on a LAN that have been configured to receive packets sent to that address.
Functional addresses identify one of more Token Ring NICs that provide a particular service, defined in IEEE 802.5.
These are "group addresses", as opposed to "individual addresses"; the least significant bit of the first octet of a MAC address distinguishes individual addresses from group addresses. That bit is set to 0 in individual addresses and 1 in group addresses. Group addresses, like individual addresses, can be universally administered or locally administered.
In addition, the EUI-64 numbering system encompasses both MAC-48 and EUI-48 identifiers by a simple translation mechanism. To convert a MAC-48 into an EUI-64, copy the OUI, append the two octets "FF-FF", and then copy the organization-specified part. To convert an EUI-48 into an EUI-64, the same process is used, but the sequence inserted is "FF-FE". In both cases, the process can be trivially reversed when necessary. Organizations issuing EUI-64s are cautioned against issuing identifiers that could be confused with these forms. The IEEE policy is to discourage new uses of 48-bit identifiers in favor of the EUI-64 system.
IPv6—one of the most prominent standards that usesEUI-64—applies these rules inconsistently. Due to an error in the appendix to the specification of IPv6 addressing, it is standard practice to extend MAC-48 addresses (such as IEEE 802 MAC address) to EUI-64 using "FF-FE" rather than "FF-FF."
[edit] Individual address block
An Individual Address Block comprises a 24-bit OUI managed by the IEEE Registration Authority, followed by 12 IEEE-provided bits (identifying the organization), and 12 bits for the owner to assign to individual devices. An IAB is ideal for organizations requiring fewer than 4097 unique 48-bit numbers (EUI-48).
[edit] Bit-reversed notation
The standard transmission order notation for MAC addresses, as seen in the output of the ifconfig command for example, is also called canonical format.
However, sinceIEEE 802.3(Ethernet) and IEEE 802.4 (Token Bus) send the bits over the wire with least significant bit first, while IEEE 802.5 (Token Ring) and IEEE 802.6 send the bits over the wire with most significant bit first, confusion may arise where an address in the latter scenario is represented with bits reversed from the canonical representation. So for instance, an address whose canonical form is 12-34-56-78-9A-BC would be transmitted over the wire as bits 01001000 00101100 01101010 00011110 01011001 00111101 in the standard transmission order (least significant bit first). But for Token Ring networks, it would be transmitted as bits 00010010 00110100 01010110 01111000 10011010 10111100 in most significant bit first order. If care is not taken to translate correctly and consistently to the canonical representation, the latter might be displayed as 482C6A1E593D, which could cause confusion. This would be referred to as "Bit-reversed order", "Non-canonical form", "MSB format", "IBM format", or "Token Ring format" as explained by RFC 2469. Canonical form is preferred[who?].
[edit] See also
NSAP address, another endpoint addressing scheme.
Cisco Hot Standby Router Protocol or standard alternative VRRP Virtual router redundancy protocol, which allows multiple routers to share one IP address and MAC address to provide router redundancy. The OpenBSD project has an open source alternative, the Common Address Redundancy Protocol (CARP).
FAQ
介紹:這個實例用IP-乙太網說明組播和太網組播的關係,及乙太網組播的細節過程。
什麼是IP組播?協定層常需要和組群打交道,進行發現、通知、查詢等工作。IP用組播IP位址在第三層組播,一個multicast IP address 可以有多個成員,組播數據包會被IP層路由器轉發到組群成員所在的路由器,然後用乙太網的組播功能把數據包送到組播成員的網卡接口。例,OSPF 用Hello來發現區域網路中的OSPF鄰居,HSRP傳送Hello組播包把自己的狀態通知其它的HSRP路由器,組播的路由器可以從一個技術終端發到任何的連線點,成為共享資源,其中一些被禁止的信息參數就有可能不被加密而被後面的連線點所共享,並且有收藏及著作權,因為這些的流通的數據電腦是不會記錄數據傳輸及瀏覽痕跡,正所謂有利就有弊。
乙太網怎么組播 (multicast)的?乙太網具有廣播屬性,一個節點傳送的數據包會被乙太網洪泛,導致每一個乙太網網卡接口都會收到這個數據包,有的時候會造成數據的泛濫和垃圾資源的共享,這樣的就造成了大量的BK的攜帶更加方便與隱蔽,我的建議是給自己的IP設定一個禁止的功能或是設定一定的訪問許可權,安裝類似防火牆的POB,對於外界即使是可以共享的資源軟體具備篩選的功能。接口收到數據包後,並不馬上交給節點CPU處理,而是進行MAC地址比較,如果數據包的目的MAC,這樣有的人會覺得麻煩,只是個溫暖的建議,地址和接口的MAC地址一樣,它才接受,把數據包交給計算機,否則就把數據包丟棄。組群成員的網卡接口除了硬體MAC地址 (unicast MAC),還有組播MAC地址 (multicast MAC)。接口收到組播包,會把此包的目的MAC地址 (是個組播MAC)和自己的MAC地址比較,如果組播地址相同,就會接受此包。這樣,局網內這個組群的所有成員,都會收到送往該組群的組播包。但是,IP的組播地址和乙太網接口的組播MAC地址是什麼關係呢?
IP-Ethernet 的組播地址有什麼關係?許多MAC組播地址是從IP組播地址轉換而來,這就是所謂的資源共享,選擇的時候需謹慎。
例,OSPF IP組播地址是224.0.0.5, 轉換為相應的MAC組播地址如下:
把IP位址(32位)用二進制表現 11100000: 00000000: 00000000: 00000101
然後抽出最右邊的23叫做A 0000000: 00000000: 00000101
把IEE定義的組播01:00:5e作為B. B有24位 (二進制是 00000001:00000000:01011110)
合成相應的MAC組播地址如下:
連線 B,0,A: B有24位,在左邊; 0是一位,在中間,A有23位,在右邊。共48位。. 二進制是 00000001:00000000:01011110:00000000: 00000000: 00000101
十六進制是 01:00:5e:00:00:05
有多少個IP組播地址?答:IP協定把224.0.0.0 ~ 239.255.255.255之間的IP位址都用做IP組播地址。以下列出前幾個組播地址。 224.0.0.0 Base address (reserved) 224.0.0.1 The All Hosts multicast group that contains all systems on the same network segment 224.0.0.2 The All Routers multicast group that contains all routers on the same network segment 224.0.0.5 The Open Shortest Path First (OSPF) AllSPFRouters address. Used to send Hello packets to all OSPF routers on a network segment 224.0.0.6。The OSPF AllDRouters address. Used to send OSPF routing information to OSPF designated routers on a network segment 224.0.0.9 The RIP version 2 group address. Used to send routing information using the RIP protocol to all RIP v2-aware routers on a network segment 224.0.0.10 EIGRP group address. Used to send EIGRP routing information to all EIGRP routers 。 5) 有沒有乙太網專用的MAC組播地址?以下列出一些乙太網專用的組播地址 Ethernet multicast address Type Field Usage 01-00-0C-CC-CC-CC 0x0802 CDP (Cisco Discovery Protocol), VTP (VLAN Trunking ) 01-00-0C-CC-CC-CD 0x0802 Cisco Shared Spanning Tree Protocol Address 01-80-C2-00-00-00 0x0802 Spanning Tree Protocol (for bridges) IEEE 802.1D
傳遞
【注】為突出重點,本文只討論IP-乙太網的知識點。
IP-乙太網怎么配合傳送數據包? IP的任務是把原計算機傳送的數據包經路由器轉發到最後一站路由器,然後乙太網把數據包從路由器傳送給目的計算機。方法是使用數據包的報頭: - 把IP報頭的目的IP位址設為目的計算機的IP位址,路由器根據1這個地址查看路由表而把數據包轉發到 下一站。一站一站的發展,最後把數據包轉發到目的計算機所在的路由器。 - 把Link報頭的目的MAC地址設為目的計算機的MAC地址。乙太網洪泛,把數據包收到每一段網內的決定, 但只有目的計算機會接受,其它節點不會接受。
2)路由器怎么轉發數據包?路由協定計算出傳送路徑,存放在路由器的路由表里。路由器上的數據包時,抽出報頭裡的目的計算機的目的IP位址,路由查看路由表,找到下一站的接口,把數據包從這個接口轉發,抵達下一站。IP位址,路由器轉發。
乙太網怎么把數據包傳遞給目的計算機? 乙太網內的計算機用網卡連線到乙太網。一個網卡可以有幾個接口1。每個網卡接口都配置一個IP位址,和一個固定的硬體地址 (hardware address),也叫做單播MAC地址 (Unicast MAC)。 由於乙太網有廣播的屬性,數據包經路由器的乙太網接口轉發時,會被洪泛到乙太網中所有的接口,網卡接口在收到一個數據包時,把數據包的目的MAC地址和自己的unicast MAC地址比較,若相同,就接受此包,否則丟棄。這樣,只有接收方的技術會接收此包,其它接口會丟棄此包。
怎么配置數據包的報頭?計算機傳送信息前得先封裝報頭,把報頭和數據合起來,成為一個數據包,傳送時以數據包為單位。 - 數據 (payload) 是計算機所要傳遞的信息。 - 報頭(header) 包含網路設備、協定所需的控制信息,與OSI模式的layer相應。常見的報頭有link, IP, transport 等 (二,三,四層)。