TCP/IP Protocol Suite
TCP/IP Nədir?
TCP/IP (Transmission Control Protocol/Internet Protocol) - internetin və əksər müasir şəbəkələrin əsasını təşkil edən protokol yığınıdır. 1970-ci illərdə ARPANET üçün hazırlanmışdır.
Xüsusiyyətlər:
- 4 qatlı layer modeli
- Platform-independent
- Açıq standartlar (RFC - Request for Comments)
- Scalable və robust
- End-to-end connectivity
TCP/IP Model Qatları
graph TD
A[Application Layer<br/>HTTP, FTP, SMTP, DNS] --> B[Transport Layer<br/>TCP, UDP]
B --> C[Internet Layer<br/>IP, ICMP, ARP]
C --> D[Network Access Layer<br/>Ethernet, WiFi]
style A fill:#e1f5ff
style B fill:#fff4e1
style C fill:#ffe1e1
style D fill:#f0e1ff
1. Network Access Layer (Şəbəkə Giriş Qatı)
Funksiya: Physical network-ə giriş və frame transmission.
Əhatə edir:
- Physical addressing (MAC)
- Frame formatting
- Error detection
- Media access control
Texnologiyalar:
- Ethernet (802.3)
- WiFi (802.11)
- PPP (Point-to-Point Protocol)
- Token Ring
2. Internet Layer (İnternet Qatı)
IP (Internet Protocol)
Funksiya: Paketlərin routing və logical addressing.
IPv4 (Internet Protocol version 4)
Xüsusiyyətlər:
- 32-bit address space (4,294,967,296 address)
- Dotted decimal notation: 192.168.1.1
- Address exhaustion problemi
IPv4 Header Structure:
graph TD
A[IPv4 Header] --> B[Version: 4 bits]
A --> C[Header Length: 4 bits]
A --> D[Type of Service: 8 bits]
A --> E[Total Length: 16 bits]
A --> F[Identification: 16 bits]
A --> G[Flags: 3 bits]
A --> H[Fragment Offset: 13 bits]
A --> I[TTL: 8 bits]
A --> J[Protocol: 8 bits]
A --> K[Header Checksum: 16 bits]
A --> L[Source IP: 32 bits]
A --> M[Destination IP: 32 bits]
A --> N[Options: variable]
style A fill:#FFD700
IP Address Classes:
| Class | First Octet | Default Mask | Network/Host bits | İstifadə |
|---|---|---|---|---|
| A | 1-126 | 255.0.0.0 | 8/24 | Large networks |
| B | 128-191 | 255.255.0.0 | 16/16 | Medium networks |
| C | 192-223 | 255.255.255.0 | 24/8 | Small networks |
| D | 224-239 | - | - | Multicast |
| E | 240-255 | - | - | Reserved |
Private IP Ranges:
- Class A: 10.0.0.0 - 10.255.255.255
- Class B: 172.16.0.0 - 172.31.255.255
- Class C: 192.168.0.0 - 192.168.255.255
IPv6 (Internet Protocol version 6)
Xüsusiyyətlər:
- 128-bit address space (340 undecillion addresses)
- Hexadecimal notation: 2001:0db8:85a3:0000:0000:8a2e:0370:7334
- Simplified header
- Built-in security (IPSec)
- No NAT required
IPv6 Address Format:
graph LR
A[2001:0db8:85a3:0000:0000:8a2e:0370:7334] --> B[8 groups]
B --> C[Each group: 16 bits]
C --> D[Total: 128 bits]
style A fill:#90EE90
IPv6 Address Types:
- Unicast: Single interface
- Multicast: Multiple interfaces
- Anycast: Nearest interface
ICMP (Internet Control Message Protocol)
Funksiya: Error reporting və diagnostic.
İstifadə sahələri:
- Ping - host reachability test
- Traceroute - path discovery
- Error messages (destination unreachable, time exceeded)
sequenceDiagram
participant A as Host A
participant B as Router
participant C as Host B
A->>C: ICMP Echo Request (ping)
Note over C: Host reachable?
C->>A: ICMP Echo Reply
A->>B: Packet with TTL=1
B->>A: ICMP Time Exceeded
A->>C: Packet to unreachable port
C->>A: ICMP Destination Unreachable
ARP (Address Resolution Protocol)
Funksiya: IP address-dən MAC address-ə mapping.
İş prinsipi:
sequenceDiagram
participant H1 as Host 1<br/>IP: 192.168.1.10<br/>MAC: AA:BB:CC:DD:EE:11
participant SW as Switch
participant H2 as Host 2<br/>IP: 192.168.1.20<br/>MAC: AA:BB:CC:DD:EE:22
Note over H1: Need MAC for 192.168.1.20
H1->>SW: ARP Request (Broadcast)<br/>Who has 192.168.1.20?
SW->>H2: Forward broadcast
H2->>H1: ARP Reply (Unicast)<br/>192.168.1.20 is at AA:BB:CC:DD:EE:22
Note over H1: Cache ARP entry
3. Transport Layer (Nəqliyyat Qatı)
TCP (Transmission Control Protocol)
Xüsusiyyətlər:
- Connection-oriented
- Reliable delivery
- Ordered data transfer
- Flow control
- Congestion control
- Error checking
TCP Header:
graph TD
A[TCP Header] --> B[Source Port: 16 bits]
A --> C[Destination Port: 16 bits]
A --> D[Sequence Number: 32 bits]
A --> E[Acknowledgment Number: 32 bits]
A --> F[Data Offset: 4 bits]
A --> G[Flags: 9 bits]
A --> H[Window Size: 16 bits]
A --> I[Checksum: 16 bits]
A --> J[Urgent Pointer: 16 bits]
A --> K[Options: variable]
style A fill:#87CEEB
TCP Flags:
- SYN - Synchronize (connection başlat)
- ACK - Acknowledgment
- FIN - Finish (connection bağla)
- RST - Reset
- PSH - Push
- URG - Urgent
Three-Way Handshake (Connection Establishment)
sequenceDiagram
participant Client
participant Server
Note over Client,Server: Connection Establishment
Client->>Server: 1. SYN (seq=x)
Note over Client: SYN_SENT state
Server->>Client: 2. SYN-ACK (seq=y, ack=x+1)
Note over Server: SYN_RECEIVED state
Client->>Server: 3. ACK (seq=x+1, ack=y+1)
Note over Client,Server: ESTABLISHED state
Note over Client,Server: Data Transfer
Client->>Server: Data
Server->>Client: ACK
Four-Way Handshake (Connection Termination)
sequenceDiagram
participant Client
participant Server
Note over Client,Server: Connection Termination
Client->>Server: 1. FIN (seq=x)
Note over Client: FIN_WAIT_1
Server->>Client: 2. ACK (ack=x+1)
Note over Client: FIN_WAIT_2
Note over Server: CLOSE_WAIT
Server->>Client: 3. FIN (seq=y)
Note over Server: LAST_ACK
Client->>Server: 4. ACK (ack=y+1)
Note over Client: TIME_WAIT
Note over Client,Server: Connection Closed
TCP States:
stateDiagram-v2
[*] --> CLOSED
CLOSED --> LISTEN: passive open
CLOSED --> SYN_SENT: active open
LISTEN --> SYN_RECEIVED: receive SYN
SYN_SENT --> ESTABLISHED: receive SYN-ACK
SYN_RECEIVED --> ESTABLISHED: receive ACK
ESTABLISHED --> FIN_WAIT_1: close
ESTABLISHED --> CLOSE_WAIT: receive FIN
FIN_WAIT_1 --> FIN_WAIT_2: receive ACK
FIN_WAIT_2 --> TIME_WAIT: receive FIN
CLOSE_WAIT --> LAST_ACK: close
LAST_ACK --> CLOSED: receive ACK
TIME_WAIT --> CLOSED: timeout
UDP (User Datagram Protocol)
Xüsusiyyətlər:
- Connectionless
- Unreliable delivery
- No flow control
- No congestion control
- Lightweight (8-byte header)
- Fast
UDP Header:
graph TD
A[UDP Header - 8 bytes] --> B[Source Port: 16 bits]
A --> C[Destination Port: 16 bits]
A --> D[Length: 16 bits]
A --> E[Checksum: 16 bits]
style A fill:#FFB6C1
UDP İstifadə sahələri:
- DNS queries
- DHCP
- Streaming video/audio
- Online gaming
- VoIP
- SNMP
TCP vs UDP Müqayisəsi
graph TD
subgraph TCP
A1[Connection-oriented]
A2[Reliable]
A3[Ordered]
A4[Flow control]
A5[Heavy overhead]
A6[Slow]
end
subgraph UDP
B1[Connectionless]
B2[Unreliable]
B3[No ordering]
B4[No flow control]
B5[Lightweight]
B6[Fast]
end
style TCP fill:#90EE90
style UDP fill:#FFB6C1
| Xüsusiyyət | TCP | UDP |
|---|---|---|
| Connection | Connection-oriented | Connectionless |
| Reliability | Reliable | Unreliable |
| Ordering | Ordered delivery | No ordering |
| Speed | Slower | Faster |
| Header size | 20-60 bytes | 8 bytes |
| Flow control | Yes | No |
| Error checking | Extensive | Basic checksum |
| Use case | Web, Email, File transfer | Streaming, Gaming, DNS |
4. Application Layer (Tətbiq Qatı)
HTTP/HTTPS
HTTP (HyperText Transfer Protocol):
- Port 80
- Stateless protocol
- Request/Response model
HTTPS (HTTP Secure):
- Port 443
- SSL/TLS encryption
- Certificate-based authentication
FTP (File Transfer Protocol)
Xüsusiyyətlər:
- Port 20 (data), 21 (control)
- File upload/download
- Directory listing
- Authentication required
SMTP (Simple Mail Transfer Protocol)
Funksiya: Email göndərmə
- Port 25, 587 (with TLS)
- Push protocol
- Text-based
DNS (Domain Name System)
Funksiya: Domain name-i IP address-ə çevirmə
- Port 53
- UDP for queries, TCP for zone transfers
- Hierarchical system
SSH (Secure Shell)
Funksiya: Secure remote access
- Port 22
- Encryption
- Authentication (password, key-based)
Complete TCP/IP Communication Flow
sequenceDiagram
participant App as Application<br/>(Browser)
participant TCP as Transport<br/>(TCP)
participant IP as Internet<br/>(IP)
participant Link as Network Access<br/>(Ethernet)
participant Physical as Physical Medium
App->>TCP: HTTP Request
Note over TCP: Add TCP Header<br/>Source/Dest Ports<br/>Seq/Ack numbers
TCP->>IP: TCP Segment
Note over IP: Add IP Header<br/>Source/Dest IPs<br/>TTL, Protocol
IP->>Link: IP Packet
Note over Link: Add Ethernet Header<br/>Source/Dest MACs<br/>Add Trailer (CRC)
Link->>Physical: Frame
Note over Physical: Convert to Signals<br/>Transmit
Physical->>Physical: Physical Transmission
NAT (Network Address Translation)
Funksiya: Private IP-ləri public IP-yə map etmək.
Növləri:
- Static NAT: 1-to-1 mapping
- Dynamic NAT: Many-to-many mapping
- PAT (Port Address Translation): Many-to-1 mapping
graph LR
A[Private Network] --> B[NAT Router]
B --> C[Internet]
subgraph Private IPs
D[192.168.1.10:5000]
E[192.168.1.11:5001]
F[192.168.1.12:5002]
end
subgraph Public IP
G[203.0.113.1:50000]
H[203.0.113.1:50001]
I[203.0.113.1:50002]
end
D --> G
E --> H
F --> I
style B fill:#FFD700
Subnetting
Məqsəd: Böyük network-u kiçik subnet-lərə bölmək.
Subnet Mask: Network və host hissələrini ayırır.
CIDR Notation: 192.168.1.0/24
- /24 = 255.255.255.0
- 24 bit network, 8 bit host
- 254 usable host addresses
Subnetting Nümunəsi:
graph TD
A[192.168.1.0/24<br/>256 addresses] --> B[192.168.1.0/26<br/>64 addresses<br/>Subnet 1]
A --> C[192.168.1.64/26<br/>64 addresses<br/>Subnet 2]
A --> D[192.168.1.128/26<br/>64 addresses<br/>Subnet 3]
A --> E[192.168.1.192/26<br/>64 addresses<br/>Subnet 4]
style A fill:#e1f5ff
style B fill:#90EE90
style C fill:#90EE90
style D fill:#90EE90
style E fill:#90EE90
Subnet Hesablama:
| Network | First IP | Last IP | Broadcast | Usable Hosts |
|---|---|---|---|---|
| 192.168.1.0/26 | 192.168.1.1 | 192.168.1.62 | 192.168.1.63 | 62 |
| 192.168.1.64/26 | 192.168.1.65 | 192.168.1.126 | 192.168.1.127 | 62 |
| 192.168.1.128/26 | 192.168.1.129 | 192.168.1.190 | 192.168.1.191 | 62 |
| 192.168.1.192/26 | 192.168.1.193 | 192.168.1.254 | 192.168.1.255 | 62 |
Routing
Funksiya: Paketlərin source-dan destination-a ən yaxşı path ilə çatdırılması.
Routing Table Nümunəsi:
| Destination | Subnet Mask | Gateway | Interface | Metric |
|---|---|---|---|---|
| 192.168.1.0 | 255.255.255.0 | 0.0.0.0 | eth0 | 0 |
| 10.0.0.0 | 255.0.0.0 | 192.168.1.1 | eth0 | 10 |
| 0.0.0.0 | 0.0.0.0 | 192.168.1.254 | eth0 | 20 |
graph TD
A[Packet Arrival] --> B{Destination<br/>in routing table?}
B -->|Yes| C{Multiple<br/>matches?}
B -->|No| D[Use Default Route]
C -->|Yes| E[Choose longest<br/>prefix match]
C -->|No| F[Use matched route]
E --> G[Forward packet<br/>to next hop]
F --> G
D --> G
style A fill:#e1f5ff
style G fill:#90EE90
Quality of Service (QoS)
Məqsəd: Kritik traffic-ə prioritet vermək.
Texniklər:
- Traffic shaping
- Traffic policing
- Priority queuing
- Bandwidth reservation
graph LR
A[Incoming Traffic] --> B{QoS Classification}
B -->|Voice/Video| C[High Priority Queue]
B -->|Business Apps| D[Medium Priority Queue]
B -->|Best Effort| E[Low Priority Queue]
C --> F[Scheduler]
D --> F
E --> F
F --> G[Outgoing Interface]
style C fill:#FF6B6B
style D fill:#FFD93D
style E fill:#6BCB77
TCP/IP Security
Protokollar:
- IPSec: IP layer encryption
- SSL/TLS: Transport layer security
- SSH: Secure remote access
- VPN: Virtual Private Network
Təhlükələr:
- IP Spoofing
- SYN Flood attack
- Man-in-the-Middle
- DDoS attacks
- Port scanning
Performance Optimization
TCP Optimizasyon:
- Window scaling
- Selective acknowledgment (SACK)
- Fast retransmit
- Congestion avoidance algorithms (Reno, Cubic, BBR)
Latency Reduction:
- CDN usage
- Connection pooling
- HTTP/2, HTTP/3
- TCP Fast Open
Troubleshooting Commands
Linux/Mac:
# IP configuration
ifconfig / ip addr
# Routing table
route -n / ip route
# Test connectivity
ping 8.8.8.8
# Trace route
traceroute google.com
# DNS lookup
nslookup google.com
dig google.com
# Active connections
netstat -an
ss -tuln
# Packet capture
tcpdump -i eth0
Windows:
# IP configuration
ipconfig /all
# Routing table
route print
# Test connectivity
ping 8.8.8.8
# Trace route
tracert google.com
# DNS lookup
nslookup google.com
# Active connections
netstat -an
# DNS cache
ipconfig /displaydns
ipconfig /flushdns
Best Practices
-
Security:
- Firewall konfiqurasiyası
- VPN istifadəsi
- Regular security updates
- Network segmentation
-
Performance:
- QoS implementation
- Bandwidth management
- Connection optimization
- Caching strategies
-
Reliability:
- Redundancy
- Load balancing
- Monitoring və alerting
- Backup routes
-
Documentation:
- Network diagram
- IP address management
- Configuration documentation
- Change logs
Əlaqəli Mövzular
- OSI Model
- HTTP/HTTPS Protocol
- DNS System
- Network Security
- Routing Protocols
- Load Balancing