cisco思科网络技术教程第十一章.ppt

* * Purpose: This figure explains what is contained in a TCP segment. Emphasize: Source Port and Destination Port are the connections to the upper-layer protocol. Sequence and Acknowledgment numbers are the position in the user’s byte stream of this segment. Sequence numbers are used for establishing reliability. HLEN is the header length. It tells us where the data begins. Six bits are reserved for future use. Code Bits distinguish session management messages from data. Window is a term we will come back to in a few slides. For now, consider it the size of the receivers buffers. Checksum is a cyclic redundancy check (CRC). It verifies that the datagram arrived intact. Urgent Pointer is used to signify out-of-band data. Options are used by vendors to enhance their protocol offering. The data portion of the frame contains the upper-layer protocol data. * Purpose: This graphic explains the format of UDP. Emphasize: UDP is simple and efficient but not reliable. The UDP segment format includes a source port, a destination port, a length field, and an optional checksum field. It has no sequencing, acknowledgments, or windowing. Example: TFTP uses a checksum. At the end of the transfer if the checksum does not match then the file did not make it. The user is notified and must type in the command again. As a result, the user has become the reliability mechanism. Transition: The next section discusses the network layer of the OSI model and how it corresponds to the TCP/IP internet layer. * 发布日期：2004-05-01影响系统：Windows 2000, Windows Server 2003, Windows XP蠕虫别名：W32/Sasser.worm [McAfee] 震荡波[瑞星]蠕虫信息：? ? W32.Sasser蠕虫是一个利用微软操作系统的Lsass缓冲区溢出漏洞（ MS04-011漏洞信息请参见/announce/show.php?handle=101 ）进行传播的蠕虫。由于该蠕虫在传播过程中会发起大量的扫描，因此对个人用户使用和网络运行都会造成很大的冲击。详细信息：蠕虫感染系统后会做以下操作：? ? 1.在系统中创建一个互斥体以保证系统中在任何时候有且只有一个蠕虫进程在运行。? ? ? ? 2.将自身拷贝为%Windir%\avserve.exe或者%Windir%\avserve2.exe（注意%windir%是个变? ? ? 量，它根据系统版本和安装路径不同而有所不同，通常情况是c:\windows或者c:\winnt）? ? ? ? 3.修改注册表，在HKEY_LOCAL_MAC