這是用戶在 2025-7-30 19:53 為 https://www.coursera.org/learn/networks-and-network-security/supplement/IRnxH/components-of-network-... 保存的雙語快照頁面,由 沉浸式翻譯 提供雙語支持。了解如何保存?
Skip to main content

Components of network layer communication
網路層通訊的組成部分

In the reading about the OSI modelOpens in a new tab, you learned about the seven layers of the OSI model that are used to conceptualize the way data is transmitted across the internet. In this reading, you will learn more about operations that take place at layer 3 of the OSI model: the network layer.
在有關 OSI 模型的閱讀中,您了解了用於概念化數據如何在互聯網上傳輸的 OSI 模型的七層。在這篇閱讀中,您將進一步了解 OSI 模型第三層的操作:網路層。

Operations at the network layer
網路層的操作

Functions at the network layer organize the addressing and delivery of data packets across the network from the host device to the destination device. This includes directing the packets from one router to another router across the internet, till it reaches the internet protocol (IP) address of the destination network. The destination IP address is contained within the header of each data packet. This address will be stored for future routing purposes in  routing tables along the packet’s path to its destination.
網路層的功能負責組織數據包的地址分配和傳遞,從主機設備到目的地設備。這包括將數據包從一個路由器引導到另一個路由器,直到到達目的地網路的網際網路協定(IP)地址。目的地 IP 地址包含在每個數據包的標頭中。這個地址將被儲存在路由表中,以便在數據包到達目的地的路徑上進行未來的路由。

All data packets include an IP address. A data packet is also referred to as an IP packet for TCP connections or a datagram for UDP connections. A router uses the IP address to route packets from network to network based on information contained in the IP header of a data packet. Header information communicates more than just the address of the destination. It also includes information such as the source IP address, the size of the packet, and which protocol will be used for the data portion of the packet. 
所有數據封包都包含一個 IP 地址。對於 TCP 連接,數據封包也被稱為 IP 封包;對於 UDP 連接,則稱為數據報。路由器使用 IP 地址根據數據封包的 IP 標頭中包含的信息,將封包從一個網路路由到另一個網路。標頭信息不僅傳達目的地的地址,還包括來源 IP 地址、封包的大小以及將用於封包數據部分的協議等信息。

Format of an IPv4 packet
IPv4 封包的格式

An IP packet divided into two parts: a section on the left marked “header,” and section on the right marked “data”

Next, you can review the format of an IP version 4 (IPv4) packet and review a detailed graphic of the packet header. An IPv4 packet is made up of two sections, the header and the data:
接下來,您可以查看 IP 版本 4(IPv4)封包的格式,並查看封包標頭的詳細圖示。IPv4 封包由兩個部分組成,分別是標頭和數據:

  • An IPv4 header format is determined by the IPv4 protocol and includes the IP routing information that devices use to direct the packet. The size of the IPv4 header ranges from 20 to 60 bytes. The first 20 bytes are a fixed set of information containing data such as the source and destination IP address, header length, and total length of the packet. The last set of bytes can range from 0 to 40 and consists of the options field.
    IPv4 標頭格式由 IPv4 協議決定,並包含設備用來引導封包的 IP 路由信息。IPv4 標頭的大小範圍從 20 到 60 字節。前 20 字節是固定的信息集,包含來源和目的地 IP 地址、標頭長度和封包的總長度等數據。最後一組字節範圍從 0 到 40,包含選項欄位。

  • The length of the data section of an IPv4 packet can vary greatly in size. However, the maximum possible size of an IPv4 packet is 65,535 bytes. It contains the message being transferred over the internet, like website information or email text.
    IPv4 封包的數據部分長度可以有很大的變化。然而,IPv4 封包的最大可能大小是 65,535 字節。它包含在互聯網上傳輸的消息,如網站信息或電子郵件文本。

Diagram of an IPv4 packet header, 13 fields, and bit size

There are 13 fields within the header of an IPv4 packet:
IPv4 封包的標頭中有 13 個欄位:

  • Version (VER): This 4 bit component tells receiving devices what protocol the packet is using. The packet used in the illustration above is an IPv4 packet.
    版本(VER):這個 4 位元的組件告訴接收設備封包使用的是什麼協議。上圖中使用的封包是 IPv4 封包。

  • IP Header Length (HLEN or IHL): HLEN is the packet’s header length. This value indicates where the packet header ends and the data segment begins. 
    IP 標頭長度(HLEN 或 IHL):HLEN 是封包的標頭長度。此數值表示封包標頭結束及資料段開始的位置。

  • Type of Service (ToS): Routers prioritize packets for delivery to maintain quality of service on the network. The ToS field provides the router with this information.
    服務類型(ToS):路由器會優先處理封包的傳送,以維持網路的服務品質。ToS 欄位提供路由器這些資訊。

  • Total Length: This field communicates the total length of the entire IP packet, including the header and data. The maximum size of an IPv4 packet is 65,535 bytes.
    總長度:此欄位傳達整個 IP 封包的總長度,包括標頭和數據。IPv4 封包的最大尺寸為 65,535 字節。

  • Identification: IPv4 packets can be up to 65, 535 bytes, but most networks have a smaller limit. In these cases, the packets are divided, or fragmented, into smaller IP packets. The identification field provides a unique identifier for all the fragments of the original IP packet so that they can be reassembled once they reach their destination.
    識別:IPv4 封包最大可達 65,535 字節,但大多數網路的限制較小。在這些情況下,封包會被分割或分段成較小的 IP 封包。識別欄位為原始 IP 封包的所有分段提供一個唯一的識別碼,以便它們到達目的地後可以重新組合。

  • Flags: This field provides the routing device with more information about whether the original packet has been fragmented and if there are more fragments in transit.
    標誌:此欄位為路由設備提供更多資訊,說明原始封包是否已被分段以及是否有更多分段正在傳輸中。

  • Fragmentation Offset: The fragment offset field tells routing devices where in the original packet the fragment belongs.
    分段偏移:分段偏移欄位告訴路由設備該分段在原始封包中的位置。

  • Time to Live (TTL): TTL prevents data packets from being forwarded by routers indefinitely. It contains a counter that is set by the source. The counter is decremented by one as it passes through each router along its path. When the TTL counter reaches zero, the router currently holding the packet will discard the packet and return an ICMP Time Exceeded error message to the sender. 
    存活時間(TTL):TTL 防止數據包被路由器無限期地轉發。它包含一個由源設置的計數器。當數據包經過每個路由器時,計數器會減一。當 TTL 計數器減至零時,當前持有數據包的路由器將丟棄該數據包,並向發送者返回一個 ICMP 時間超過錯誤訊息。

  • Protocol: The protocol field tells the receiving device which protocol will be used for the data portion of the packet.
    協議:協議欄位告訴接收設備數據包的數據部分將使用哪種協議。

  • Header Checksum: The header checksum field contains a checksum that can be used to detect corruption of the IP header in transit. Corrupted packets are discarded.
    標頭校驗和:標頭校驗和欄位包含一個校驗和,可用於檢測 IP 標頭在傳輸過程中的損壞。損壞的封包會被丟棄。

  • Source IP Address: The source IP address is the IPv4 address of the sending device.
    來源 IP 地址:來源 IP 地址是發送設備的 IPv4 地址。

  • Destination IP Address: The destination IP address is the IPv4 address of the destination device.
    目的地 IP 地址:目的地 IP 地址是目的設備的 IPv4 地址。

  • Options: The options field allows for security options to be applied to the packet if the HLEN value is greater than five. The field communicates these options to the routing devices.
    選項:如果 HLEN 值大於五,選項欄位允許將安全選項應用於封包。該欄位將這些選項傳達給路由設備。

Difference between IPv4 and IPv6
IPv4 與 IPv6 的差異

In an earlier part of this course, you learned about the history of IP addressing. As the internet grew, it became clear that all of the IPv4 addresses would eventually be depleted; this is called IPv4 address exhaustion. At the time, no one had anticipated how many computing devices would need an IP address. IPv6 was developed to mitigate IPv4 address exhaustion and other related concerns. 
在本課程的早期部分,你學習了 IP 位址的歷史。隨著互聯網的發展,很明顯所有的 IPv4 位址最終會被耗盡;這被稱為 IPv4 位址耗竭。當時,沒有人預料到有多少計算設備需要一個 IP 位址。IPv6 的開發是為了緩解 IPv4 位址耗竭和其他相關問題。

Some of the key differences between IPv4 and IPv6 include the length and the format of the addresses. IPv4 addresses are made up of four decimal numbers separated by periods, each number ranging from 0 to 255. Together the numbers span 4 bytes, and allow for up to 4.3 billion possible addresses. An example of an IPv4 address would be: 198.51.100.0. IPv6 addresses are made of eight hexadecimal numbers separated by colons, each number consisting of up to four hexadecimal digits. Together, all numbers span 16 bytes, and allow for up to 340 undecillion addresses (340 followed by 36 zeros). An example of an IPv6 address would be: 2002:0db8:0000:0000:0000:ff21:0023:1234.
IPv4 和 IPv6 之間的一些主要差異包括位址的長度和格式。IPv4 位址由四個用句點分隔的十進位數字組成,每個數字範圍從 0 到 255。這些數字總共佔 4 個位元組,允許最多 43 億個可能的位址。IPv4 位址的範例是:198.51.100.0。IPv6 位址由八個用冒號分隔的十六進位數字組成,每個數字由最多四個十六進位數字組成。所有數字總共佔 16 個位元組,允許最多 340 澗個位址(340 後面跟著 36 個零)。IPv6 位址的範例是:2002:0db8:0000:0000:0000:ff21:0023:1234。

Note: to represent one or more consecutive sets of all zeros, you can replace the zeros with a double colon "::", so the above IPv6 address would be "2002:0db8::ff21:0023:1234."
注意:要表示一個或多個連續的全零組合,可以用雙冒號 "::" 來替代這些零,因此上述的 IPv6 地址將會是 "2002:0db8::ff21:0023:1234"。

There are also some differences in the layout of an IPv6 packet header. The IPv6 header format is much simpler than IPv4. For example, the IPv4 Header includes the IHL, Identification, and Flags fields, whereas the IPv6 does not. The IPv6 header only introduces the Flow Label field, where the Flow Label identifies a packet as requiring special handling by other IPv6 routers. 
IPv6 封包標頭的佈局也有一些不同。IPv6 的標頭格式比 IPv4 簡單得多。例如,IPv4 標頭包含 IHL、識別和標誌欄位,而 IPv6 則沒有。IPv6 標頭僅引入了流標籤欄位,其中流標籤用於識別需要其他 IPv6 路由器特殊處理的封包。

Side by side diagrams of an IPv4 packet header and a simplified IPv6 packet

There are some important security differences between IPv4 and IPv6. IPv6 offers more efficient routing and eliminates private address collisions that can occur on IPv4 when two devices on the same network are attempting to use the same address. 
IPv4 和 IPv6 之間存在一些重要的安全差異。IPv6 提供更高效的路由,並消除了在 IPv4 中當同一網路上的兩個設備嘗試使用相同地址時可能發生的私人地址衝突。

Key takeaways  關鍵要點

Analyzing the different fields in an IP data packet can be used to find out important security information about the packet. Some examples of security-related information found in IP address packets are: where the packet is coming from, where it’s going, and which protocol it’s using. Understanding the data in an IP data packet will allow you to make critical decisions about the security implications of packets that you inspect.
分析 IP 數據包中的不同欄位可以用來找出有關該數據包的重要安全資訊。IP 地址數據包中與安全相關的資訊範例包括:數據包的來源地、目的地,以及所使用的協議。了解 IP 數據包中的數據將使您能夠對所檢查數據包的安全影響做出關鍵決策。