Misiyano pakati peTCP neUDP ports uye nguva yekushandisa imwe neimwe

Kana isu tikapinda munyika yenetwork, munguva pfupi kana gare gare mubvunzo wakajairika unomuka: Ndeupi misiyano chaiyo pakati peTCP neUDP ports? uye kana zviri nani kushandisa imwe kana imwe. Kunyangwe pekutanga kuona tinongoona manhamba echiteshi (80, 443, 3389, 53…), pasi pane nzira mbiri dzakasiyana dzekufambisa data paInternet dzinokanganisa kumhanya. kuvimbika uye kunyange mukuchengetedzeka.

Munyaya ino tichaiputsa zvakadzikama Maitiro eTCP neUDP anoshanda sei, ndeapi madoko anoita, uye ndeapi maprotocol anoshandisa.mabatiro avanoita zvinhu zvemazuva ese sekubhurawuza, kutamba mitambo yepamhepo, kuita mafoni evhidhiyo kana kubatanidza nedesktop iri kure, uye zvinorehwa nepi maererano nekuita, cybersecurity uye firewall configuration.

TCP uye UDP: nzira mbiri dzakasiyana dzekutakura data

Tisati takurukura nezvezviteshi, zvakakosha kuti unzwisise izvozvo TCP (Transmission Control Protocol) uye UDP (User Datagram Protocol) zviteshi zvekutakura yeTCP/IP modhi, uye vanotsanangura maitiro ekutaurirana pakati penzvimbo nenzvimbo.

TCP inoenderana-inotungamirwa protocolIsati yatumira data, inogadza chiteshi chine musoro pakati peanotumira uye anogamuchira achishandisa inozivikanwa "nzira nhatu kubata ruoko" (SYN, SYN-ACK, ACK). Kubva ipapo, inoverengera zvikamu, inoita kuti isvike zvakarongeka, inoona zvikanganiso, inokumbira kudzoreredzwa, uye inogadzirisa kumhanya kwekutapurirana zvinoenderana netiweki uye inogamuchira huwandu.

UDP, kune rumwe rutivi, iprotocol isina kubatanaHapana chikamu chekugadzwa; mutumi anongotumira datagrams kunzvimbo yekuenda pasina kumirira kusimbiswa kana kuronda. Iyo haiodha mapaketi, vimbiso yekuendesa, kana kushandisa kuyerera kana kusangana kwekudzora nzira. Mukudzoka, inoderedza zvakanyanya kumusoro uye latency.

Kubva pane izvi, musiyano mukuru unoshanda ndewokuti TCP inokoshesa kuvimbika kwedata uye kuenderanapanguva UDP inotarisa kumhanya uye nyorekubvuma kuti mamwe mashoko anogona kurasika munzira.

Chii chaizvo chinonzi TCP kana UDP chiteshi?

Chiteshi, mune zvese TCP uye UDP, zviri nyore nhamba kubva pa0 kusvika 65535 inotaridza kuti ndeipi sevhisi kana application iyo data stream inofanira kusvika mukati memudziyo. Pamwe chete neiyo IP kero, inoumba yakakurumbira "socket" (IP: port) iyo maapplication anoshandisa kuteerera uye kutumira traffic.

Kana tichitaura nezve "TCP port" kana "UDP port," hatisi kutaura nezve nhamba dzakasiyana, asi pane kudaro mhando dzakasiyana dzekutakura dzakabatana nenhamba imwechete yechiteshiSemuyenzaniso, 53/TCP uye 53/UDP dziripo paDNS, kana 3389/TCP uye 3389/UDP yeRDP kubva kune dzimwe shanduro zvichienda mberi.

Nhamba dzakarongwa mukati nhanho nhatu nemashandisirwo akapatsanurwa akagovaniswa neTCP neUDP:

• Zviteshi zvinozivikanwa (0-1023): zvakachengeterwa neIANA kuitira masevhisi akajairwa akadai seHTTP (80/TCP), HTTPS (443/TCP), FTP (21/TCP), SSH (22/TCP), DNS (53/TCP uye 53/UDP), nezvimwewo.
• Registered ports (1024-49151): yakagoverwa kune chaiwo maapplication, akadai se3306/TCP yeMySQL kana 1194/UDP mune akawanda OpenVPN deployments.
• Dynamic kana zvakavanzika zviteshi (49152-65535): inoshandiswa kwenguva pfupi nevatengi kune ephemeral sessions; vanopihwa panhunzi neiyo inoshanda sisitimu.

Nekuda kwesangano iri, imwe sevha inogona Teerera pamasevhisi akawanda panguva imwe chete (webhu, email, dhatabhesi, VPN…) pasina iyo data inoyerera ichisanganiswa, sezvo imwe neimwe inogara pachiteshi chayo.

Zvinhu zvakakosha zveTCP: kuvimbika kupfuura zvese

TCP yakagadzirwa zvakadaro iyo data inosvika yakakwana, isina zvikanganiso, uye nenzira imwechete iyo yakatumirwakunyangwe pamusoro peiyo IP network iyo, nedhizaini, iri "yakanyanya kuedza" uye haivimbisi chinhu.

Kuti uite izvi, TCP inoshandisa nzira dzinoverengeka dzakaoma kunzwisisa:

• Segment manhamba uye ACKChikamu chimwe nechimwe chinotakura nhamba yekutevedzana, uye anogamuchira anotumira kubvuma (ACKs). Iwe unogona kushandisa anosarudza ACKs kusimbisa akawanda masegment kamwechete.
• checksum: zvikamu zvose zvinotakura checksum kuti zvione uori hwe data; kana ikakundikana, chikamu chinoraswa uye chinokumbirwa zvakare.
• NguvaKana imwe nguva ikapfuura pasina kugamuchira ACK kubva muchikamu, mutumi anotora kurasikirwa uye otozvitumira zvakare.
• Duplicate sefaKana chikamu chimwe chete chikasvika kaviri, TCP inoona kopi nekuverenga kwayo uye inoirasa.

Mukuwedzera, TCP inoshandisa kudzora kuyerera zvichibva pahwindo rinotsvedza: mugamuchiri anozivisa kuti mangani mabhaiti aanogona kuchengeta mubuffer ayo uye mutumiri haagone kudarika iwo muganho kusvikira agamuchira maACK matsva "anotsvedza" hwindo.

Mukufanana, TCP inosanganisira a congestion control nehwindo rayo (congestion window), iro rinoedza kudzivirira network kuti isazara. Kana ikaona kurasikirwa kwepaketi (chiratidzo chekusangana mu router), inoderedza kufamba kwayo; kana mugwagwa wakajeka, unoiwedzera zvakare nenzira inodzorwa (inononoka kutanga, kudzivirira kusangana uye kugadzikana kwezvikamu).

Con el tiempo zvave kuoneka kuwedzera kwepamusoro congestion algorithms, saTahoe naReno mumazuva avo ekutanga, Vegas, CUBIC (inonyanya kushandiswa mukati Linux) kana BBR, yakagadzirwa na Google kushandisa zvirinani bandwidth iripo pasina kuwandisa network.

Imwe bhenefiti yakakosha ndeyekuti TCP yakazara-duplex uye inobvumira kuwandaDhata inogona kutumirwa uye kugamuchirwa panguva imwe chete pamusoro peiyo chiteshi, uye muenzi anogona kuchengetedza akawanda akavhurika soketi kunzvimbo dzakasiyana kana masevhisi panguva imwe chete.

TCP musoro, MSS uye kuwandisa

Chimwe nechimwe cheTCP chikamu chinotakura musoro uyo, zvishoma, unogara 20 bytes (dzimwe sarudzo kana dziripo)Mariri tinowana:

• Port yekwakabva uye kwekuenda (Kunobva Chiteshi, Nzvimbo Yekuenda).
• Kutevedzana nhamba y nhamba yekubvuma (ACK).
• Flags akadai seSYN, ACK, FIN, RST, URG, nezvimwe.
• Saizi yekugamuchira hwindoyakakosha pakudzora kuyerera.
• checksum uye zvingasarudzwa zvingasarudzwa (somuenzaniso, kuyera hwindo).

Iyo yakakura chikamu saizi inotarwa neiyo MSS (Maximum Segment Size), inotsanangurwa pamwero wekutakura. Kazhinji inoverengwa se: MSS = MTU − IP musoro - TCP musoroMune yakajairwa Ethernet network (MTU 1500) uye mashoma misoro, tiri kutaura nezve 1460 bytes yedata inobatsira.

Kunyangwe uyu musoro wakakura unowedzera kumusoro, unobvumira TCP batanidza ese aya maitiro ekudzora iyo inopa iyo yakakwirira yepamusoro yekuvimbika.

Kugadzira uye kuvhara TCP kubatana: 3-nzira kubata ruoko uye END

Kutanga kuchinjana data neTCP, iwe unofanirwa kutanga waita Gadzira kubatana kunonzwisisika pakati pemutengi nesevaIyo yekirasi maitiro ndeye 3-nzira kubata ruoko:

1. Mutengi anotumira chikamu ne mureza SYN uye nhamba yekutanga yekutevedzana.
2. Sevha inopindura ne SYN-ACK, zvichiratidza nhamba yavo yekutevedzana uye kusimbisa yemutengi.
3. Mutengi anotumira chikamu chekupedzisira nacho ACK Kubva ipapo, mativi ese ari maviri anogona kutanga kutumira data bidirectionally.

Uku kutaurirana kwenhamba dzekutevedzana kunoita kuti zviome kune anorwisa kubva kunze kuenda nyore kukanganisa yakatosimbiswa TCP yekubatanidzaNekudaro, kana iri pakati (MitM) inogona kuramba ichibata traffic.

Kuvhara musangano, mumwe wemapato anotumira chikamu ne FINRimwe divi rinopindura neACK uye rinowanzotumirawo FIN yayo, iyo inofanirwa kubvumwa. Mune zvimwe zviitiko, "hafu-yakavhurika" yekubatanidza inogona kuramba iripo, apo rimwe divi rakavhara kubatana asi rimwe rinoramba richitumira data.

TCP-inoenderana nekurwiswa uye kusasimba

Chaizvoizvo nekuda kwekubatana ikoko, TCP inotapukirwa neSYN mafashama ekuramba-kwe-sevhisi kurwiswaAnorwisa anotumira nhamba hombe yemanyepo eSYN zvikamu, achisiya sevha ine yakawanda hafu-yakavhurika yekubatanidza iyo inoshandisa zviwanikwa.

Kuderedza kurwiswa uku, matanho akadai seanotevera anowanzo shandiswa: kuderedza nhamba yekubatanidza panguva imwe chete (pasi rose kana neIP), sefa nemakero akavimbika kana kushandisa matekiniki akadai SYN makuki, iyo inononoka kuchengetwa chaiko kwezviwanikwa kusvikira kusimbiswa kwakavimbika kwawanikwa.

Imwe yemhando yekurwisa ndeye TCP sequence nhamba kufanotauraKana munhu anorwisa achigona kufungidzira hunhu huchashandiswa neanotambira zviri pamutemo, vanogona kubaya mapaketi emanyepo anoita sechikamu chekubatanidza. Kuti uite izvi, ivo vanowanzo tarisa patraffic pakati pemakomputa maviri akavimbika, vanofungidzira maitiro ezviverengero, uye dzimwe nguva vanotanga kurwisa-kwe-sevhisi kurwiswa nemugamuchiri chaiye kuti "anyarare" ivo vachikanganisa chikamu chayo.

Kana iyo yekubatanidza yasimbiswa, anorwisa anogona pinza data risingaiteIzvi zvinogona kutungamira mukugumiswa kwesesheni kana maitiro asingatarisirwe mune chinangwa chekushandisa. Ekare, asina kuvharwa masisitimu nemidziyo kazhinji ndiyo yakareruka kunangwa kwehunyanzvi uhu.

Chii chinonzi UDP uye nei ichikurumidza kudaro?

UDP yakagadzirwa nehuzivi hwakasiyana: tumira datagrams ine zvishoma zvinogoneka pamusoroachisiya anenge ese kutonga kune epamusoro akaturikidzana. Izvo hazvigadzirise pre-kubatanidza, kurongazve, kutumirazve, kana kudzora mwero wekutapurirana.

Iye anotumira anongotumira UDP datagrams kuchiteshi chezvikepe, tichifunga kuti mugamuchiri ane socket yakavhurika yekuteerera. Kana paine kusangana, kana mugamuchiri achinonoka, kana kana router ikafunga kudonhedza mapaketi, UDP haiiti chero chinhu kuigadzirisa.

Headboard yayo idiki kwazvo, chete 8 bytes, ine minda ina yakakosha:

• Port of origin.
• Port kwekuenda.
• Datagram urefu.
• checksum (yemusoro uye data).

Nekuda kwekureruka uku, Yakawanda yepakeji yakatsaurirwa kubhadhara.Izvi zvinovandudza zvakanyanya kushanda zvakanaka, kunyanya munhaurirano dzenguva-chaiyo uye munzvimbo umo kuderedza latency kuri pamberi.

Nekudaro, sezvo pasina kuyerera kana congestion control, kana transmitter yakakurumidza kupfuura inogamuchira kana networkDatagrams ichatanga kurasika, uye basa rekutarisira kurasikirwa uku rinowira zvachose pachikumbiro.

Kubatsira kwakanakira uye kuipa kweTCP uye UDP

Muchidimbu, tinogona kutaura izvozvo TCP inononoka asi yakavimbika kwazvouye UDP inokurumidza asi isina kuvimbikaNgatiuyei izvi pasi kune-chaiyo-nyika dzekushandisa kesi.

TCP ndiyo yakanakira sarudzo kana kuvimbika kwedata kuchikosha: email, kubhurawuza pawebhu, kufambisa faira, kure kure kutonga, dhatabhesi… Muzviitiko zvese izvi, hazvina musoro kugashira ruzivo rwakaora kana rusina kukwana, kunyangwe zvikatitorera mamilliseconds mashoma.

UDP inopenya munzvimbo umo nekukurumidza ndiko kuri pamberi, senge online mitamboVoIP, mavhidhiyo ekufona, live streaming, DNS, DHCP… Pano zviri nani kurasikirwa nepakiti uye kuva nevhidhiyo pixelate kwekanguva, pane kumbomira kutamba kuti umirire kutapuriranazve.

Panyaya yekushandisa data, TCP ine zvakare yakawanda kupfuura UDP.Misoro yayo yakakura uye inogadzira imwe traffic kubva mukubvuma uye kudzoreredza. Mumiyedzo yepasirese ne VPN Zvinoonekwa kuti OpenVPN pamusoro peTCP inogona kushandisa akati wandei muzana mapoinzi data kupfuura pamusoro peUDP kune imwecheteyo ruzivo ruzivo.

Panyaya yekuchengetedzwa kwakachena, hapana protocol yakagadzirirwa encrypt kana kutendesa yega, kunyangwe Chimiro cheTCP chinoita kuti jekiseni rakashata rinyanye kuoma Kutenda nekutevedzana kwekutevera uye maACKs. Mukuita, kana isu tichishandisa TLS, VPNs, kana encrypted tunnels, zvese TCP neUDP zvinotsamira pamazinga epamusoro kuchengetedza zvirimo.

Pakupedzisira, UDP inogonesa multicasting uye kutepfenyura zvakasikwa, izvo zvinoita kuti zvive nyore kutumira kuyerera kwakafanana kune vakawanda vanogamuchira panguva imwe chete (videoconferences, kutenderera kune vakawanda vatengi, kuwanikwa kweprotocol), chimwe chinhu icho TCP, ichinyatso-point-to-point, haigoni kuita.

Kuti TCP neUDP zvinokwana sei mumaVPN

VPN masevhisi anovimba neTCP kana UDP kugadzira iyo yakavharidzirwa mugero pakati pemutengi neseva. Mukuita, Mazhinji emazuva ano VPN mapuroteni anofarira UDP nekuti inoderedza latency uye zvirinani inotsigira mamiriro epakati pekurasikirwa kwepaketi.

Mu OpenVPN, semuenzaniso, unogona kusarudza pakati TCP kana UDP mugeroPaunenge uchishandisa UDP, kuvimbika kwakawanda kunopihwa kune maapplication ari mukati memugero (kazhinji TCP zvakare, seHTTP/HTTPS), ichidzivirira yakapetwa kaviri yekukanganisa kutonga iyo inongowedzera kunonoka.

Izvi zvinoreva kuti mugero weOpenVPN pamusoro peUDP Inogona kurasikirwa nemamwe mapaketi, asi kana HTTP traffic (iyo inoshandisa TCP) ichifamba mukati, ichave iyo yemukati TCP inokumbira kutapurirana kana zvichidikanwa. Mhedzisiro inoshanda ndeye yakachengeteka kubatana, yakavimbika padanho rekushandisa, asi nekukurumidza zvakanyanya padanho rekutakura.

WireGuard inoenda nhanho mberi uye Inoshandisa UDP chete senzira yayo yekufambisa.Zvese zvakaoma zvinofambiswa kune yayo yega cryptographic uye yekudzora mantiki, kuwana ishoma nguva yekuseta uye nekukurumidza kutenderera patinochinja network (semuenzaniso, kubva paWi-Fi kuenda ku4G) pasina VPN ichionekwa.

Nekudaro, munzvimbo dzine firewall dzinodzivirira zvakanyanya neUDP (mamwe makambani network), maVPN mazhinji anomanikidzwa kuita. Kudonhedza kuTCP kunzvenga mafirita uye proxies, pamutengo wekuwedzera zvishoma latency.

TCP vs UDP pawebhu uye shanduko yakananga kuQUIC

Nhasi, HTTP neHTTPS dzinenge dzichitsamira paTCPClassic HTTP inowanzo shandisa port 80/TCP uye HTTPS inoshandisa 443/TCP, ichiwedzera TLS encrypt communications.

Kusvikira kuHTTP/2 mufananidzo wacho wakanga wakajeka: Webhusaiti yese yakamhanya pamusoro peTCP, ine kuvimbika kwayo mabhenefiti asi ichikwevera pamwe nemamwe matambudziko e latency uye musoro kuvharira mune yakanyanya-kurasikirwa kubatana.

HTTP/3 inopinda muchiitiko QUIC, chirongwa chekufambisa chakavakirwa pamusoro peUDP Iyo inobatanidza maficha eTCP (congestion control, kukanganisa kukanganisa, kuyerera kwekuraira) uye TLS (encryption inodiwa). QUIC inobvumira kuwanda kwakati wandei kwakazvimiririra hova pamusoro pekubatanidza kumwe chete, kuderedza kukanganisa kwekurasikirwa kwepaketi pane chero chikamu chekutaurirana.

Kutenda izvo, HTTP/3 pamusoro peQUIC inowanzopa kukurumidza kurodha nguvakunyanya mukati nharembozha kana high-jitter connections. Uyezve, nekushandisa UDP, inokunda zvirinani mamwe mabhodhoro mune zvenhaka zvivakwa zvakagadzirirwa chete TCP.

TCP uye UDP ports mumasevhisi epasirese: mienzaniso uye tafura

Iko kusanganiswa kwerudzi rwekutakura uye nhamba yechiteshi inotsanangura iyo application layer protocol iri kushandiswaMimwe mienzaniso yakajairika:

• 80 / TCPHTTP (webhu isina kunyorwa).
• 443 / TCP: HTTPS (web encrypted neTLS).
• 21/TCP uye 20/TCPFTP (kutonga uye data).
• 22 / TCP: SSH uye SFTP.
• 25/TCP, 587/TCPSMTP yekutumira email.
• 110/TCP, 995/TCPPOP3 uye POP3S.
• 143/TCP, 993/TCP: IMAP uye IMAPS.
• 53/UDP uye 53/TCPDNS (yekukurumidza mibvunzo kuburikidza neUDP, zone inotamiswa kuburikidza neTCP).
• 67/UDP uye 68/UDPDHCP mutengi/sevha.
• 123/UDPNTP, kuwiriranisa nguva.
• 161/UDP: SNMP.
• 445 / TCPMicrosoft SMB/CIFS yekugovera faira.
• 554/TCP/UDP: RTSP yekutonga kwerukova.
• 631/TCP/UDP: IPP (network printing).

Rondedzero yakazara yezviteshi zvinozivikanwa uye zvakanyoreswa yakakura kwazvo, asi inoshanda kuratidza izvozvo TCP inowanzo tonga mune zvakakosha uye zvekutengeserana-zvakanangana nekushandisapanguva UDP inotonga mukutsvaga, kutenderera, kana kureruka kudzora mapuroteni..

RDP: TCP, UDP, kana zvese?

El Remote Desktop Protocol (RDP) Sevhisi yeMicrosoft inokutendera kuti ubatanidze kune imwe komputa sekunge wakagara pamberi pechidzitiro chayo. Mukati, inotumira mufananidzo wedesktop yakamanikidzwa kubva kune iri kure inotambira kune mutengi uye inogamuchira kiibhodhi uye mbeva yekuisa kune yakatarisana.

Sechinyakare, RDP yakashandisa iyo port 3389/TCP seyekutanga chekufambisa, ichisimudzira kuvimbika kweTCP kuona kuti skrini yega yega, kudzvanya, uye kutonga pakiti inosvika nemazvo uye zvakarongeka.

Sezvo RDP 8.0, iyo protocol inogona zvakare kushandisa 3389/UDP kukwenenzvera kuitaKazhinji, mutengi anotanga kuedza kumisa chiteshi cheUDP (nekuda kwekuderera kwayo uye yakakwirira bandwidth) uye, kana izvi zvisingabviri nekuda kwezvirambidzo zvetiweki, inowira kumashure pane yekare TCP chiteshi.

Iyi nzira yakasanganiswa inobvumira RDP tumira iyo yakawanda yeiyo graphic data kuburikidza neUDPuko kurasikirwa kwemafuremu mashoma kusingaonekwe, uye TCP inogona kuchengeterwa ruzivo rwakasimba kana zvichidikanwa. Mune network ine yakanyanya latency kana kurasikirwa kwechiratidzo, kuvandudzwa kwekuita kunogona kuve kwakakosha.

Maitiro ekuvhura TCP uye UDP ports yeRDP paWindows

Pamusangano weRDP kubva kunze kuenda kubasa, firewall yemuenzi inofanira bvumira traffic inouya pachiteshi 3389Zvose TCP neUDP zvakakosha kana tichida kutora mukana wekugadzirisa kwemazuva ano; kana paine matambudziko, zvinokurudzirwa kuongorora network mitemo inovhara RDP.

En Windowsla setup yekutanga kubva kuFirewall ye Windows Defender inosanganisira:

1. Pinda Control Panel> System uye Chengetedza> Windows Defender Firewall uye vhura zvigadziriso zvepamberi.
2. Gadzira imwe mutemo mutsva unopinda werudzi rwe "Port", sarudza TCP uye tsanangura 3389 seyakananga chiteshi chenzvimbo.
3. Sarudza "Bvumira kubatana", shandisa kune anodiwa profiles (domain, private, public) uye ipa zita rinotsanangura, semuenzaniso "RDP TCP 3389".
4. Dzokorora maitiro kuti UDP pachiteshi chimwe chete 3389, nerimwe zita rakadai se "RDP UDP 3389".
5. Wona kuti mitemo yese iri miviri inogoneswa uye edza kubatana kubva kune ari kure mutengi.

Panyaya yekuchengeteka, kunze kwekuvhura madoko, zvakakosha Shandisa mapassword akasimba, Activate Network Level Authentication (NLA) kuve nechokwadi chekuti vashandisi vakatenderwa chete ndivo vanogona kupinda muchikamu chegraphical, ganhura kuti maakaundi ane mvumo yekuwana kure, uye chengetedza sisitimu nguva dzose iri-up-to-date kudzivirira kusakuvara mubasa reRDP.

TCP ports: chengetedzo, njodzi uye maitiro akanaka

Chero chiteshi cheTCP chakafumurwa kuInternet chinova inogona kurwisa vectorAttackers automate scans ezere IP renji vachitsvaga madoko akavhurika (vachishandisa maturusi akaita seNmap) uye, kana angoonekwa, edza kusaziva kusazvibata kana kurwiswa nechisimba.

Masevhisi ane hunyanzvi akadai se SSH (22/TCP), RDP (3389/TCP), SMB (445/TCP) kana dhatabhesi Izvi ndizvo zvinonyanya kutariswa, sezvo kutadza ikoko kwaigona kupa yakananga kuwana kune yemukati network kana yakakosha data.

Kuderedza nzvimbo yekurwisa, zvinokurudzirwa kushandisa nheyo ye ropafadzo shoma mumadoko: vhura chete izvo zvakanyanya kudikanwa, rambidza kupinda neIP kana VPN pazvinogoneka, uye kuvhara kana kusefa zvese zvisina kushandiswa.

Ipfungwa yakanaka zvakare patsanura network mumazoni (mushandisi LAN, server DMZ, manejimendi network, nezvimwewo) uye shandisa yemukati firewall mitemo kuparadzanisa akakosha masevhisi. Nenzira iyi, kunyangwe munhu anorwisa akakanganisa muchina mumwe chete, zvichanyanya kuoma kwavari kuti vafambe nechemberi kune mamwe masisitimu anonetsa.

Kushandiswa kwe maturusi ekutarisa uye ekutema matanda Iyo inobvumira kuwonekwa kwemaitiro asinganzwisisiki mumachiteshi (scans, kuedza kukuru kwakakundikana, kubatana kubva kunyika dzisina kujairika), zvichikonzera chenjedzo chiitiko chisati chawedzera.

Pakupedzisira, zvinokurudzirwa kuita periodic port audits Shandisa zvekunze uye zvemukati scanner uye gwaro rinoteerera sevhisi pane imwe neimwe. Izvi zvinobatsira kuona maapplication akasakara, masevhisi akakanganwa, kana zvigadziriso zvine njodzi zvinofanirwa kudzimwa.

Kuita misiyano pakati peTCP neUDP ports

Kana tichienzanisa traffic inofamba pamusoro peTCP ports inopesana neUDP, izvo zvatiri kuyera chaizvo maitiro eese maprotocol ekutakura pasi peakasiyana network mamiriro.

TCP, ine kukanganisa kwayo uye congestion control, inoda inonokera kana yaona kurasikirwa kana kuzarakukoshesa kuti zvese zvinosvika nemazvo kwete nekukurumidza. Mumanetiweki akatsvikinyidzana kana ane high latency, izvi zvinogona kuturikira kuita nguva refu yekurodha kana downloads zvishoma agile.

UDP haitenderi kusangana kumisa: Kana nzira yacho yakazara, ma router anongodonhedza mapaketiSezvo pasina otomatiki relay, kutaurirana kunoramba kuri kunyorova, asi nemazigapu eruzivo ayo iyo application ichafanirwa kubata (semuenzaniso, nebuffering kana yayo yekukanganisa kugadzirisa).

Mukuedzwa neVPNs uye kureba kwenzvimbo, zvinoonekwa izvozvo OpenVPN pamusoro peUDP inowanzokurumidza kukurumidza kupfuura pamusoro peTCPMusiyano unowedzera kujeka sezvo network mamiriro ekuwedzera. Izvi zvinokonzerwa zvese kune diki musoro uye kusavapo kwekuenderera ACKs uye retransmissions.

Panewo kukanganisa pane kushandiswa kwedathaPakati pemisoro inorema uye mamwe mameseji ekudzora, TCP inoshandisa yakawanda bandwidth kune yega yega inobatsira MB inotamiswa. Pamafambisirwo emafoni ane gigabyte miganhu, izvi zvinogona kuita mutsauko pakupera kwemwedzi.

Mamwe mapuroteni ekufambisa anopfuura TCP uye UDP

Kunyangwe mukuita zvinenge zvese zveInternet zvinoshanda nazvo TCP uye UDP sehwaroKune mamwe maprotocol ekufambisa akagadzirirwa nyaya dzekushandisa chaiyo.

Mumwe wavo akadaro SCTP (Stream Control Transmission Protocol)Iyo inosanganisa maficha eTCP uye UDP: inopa yakavimbika uye yakarairwa kutapurirana, asi inobvumira akawanda akazvimirira kuyerera mukati mekubatana kwakafanana. Inoshandiswa zvakanyanya mu telecommunication uye VoIP kusaina, kwainoderedza latency kana ichienzaniswa neyekare TCP.

Imwe ndiyo DCCP (Datagram Congestion Control Protocol), iyo inochengetedza UDP's offline style asi inobatanidza yakabatanidzwa congestion controlyakagadzirirwa chaiyo-nguva multimedia uko kurasikirwa mapaketi kuri nani kuunza yakawandisa latency.

Izvo zvakare RDP (Reliable Data Protocol), nekutarisisa nharaunda dzemauto nesainzi, uye, sezvatotaurwa, QUIC, iyo inotsamira paUDP asi inoshandisa kuvimbika, kuwanda uye encryption muchikamu chimwe chete, ichiva hwaro hweHTTP/3.

Pasinei nehunyanzvi hwayo hwehunyanzvi, chokwadi ndechekuti Kutorwa kwakawanda kwemaprotocol matsva kwakaoma: iyo yose ecosystem ye routers, firewalls, operating systems Zvishandiso zvakagadziridzwa zveTCP neUDP, uye kushandura iyo nheyo kunosanganisira kushanda nesimba, mutengo, uye njodzi. Uyezve, mafirewall mazhinji anovhara zvisingawanzo maprotocol nekukasira, nepo TCP 80/443 traffic uye yakakura huwandu hweUDP inotenderwa nguva dzose.

Nzwisisa zvakanaka Mashandisiro anoita TCP neUDP ports, ndeapi masevhisi anovimba neimwe neimwe, uye zvipi zvaanoreva pakuita nekuchengetedzeka. Izvi ndizvo zvinotibvumira kuita sarudzo dzine musoro: kana zvakakodzera kupira imwe kukurumidza kuwana kuvimbika, kana zvakanakira kushandisa UDP kuderedza latency, izvo zviteshi zvekuvhura kana kuvhara mufirewall, kana kuti maparamita ekugadzirisa muVPN kana sevha kuti ive nechokwadi chekuti network yedu inofamba zvakanaka uye haina kuvharika sezvinobvira kurwisa.