Umehluko phakathi kwezimbobo ze-TCP ne-UDP nokusetshenziswa okunconyiwe

Ama-Mundobytes » IT » I-inthanethi namanethiwekhi » Umehluko phakathi kwezimbobo ze-TCP ne-UDP nokuthi kufanele usetshenziswe nini ngayinye

I-TCP inikeza ukuthutha okuthembekile nokuhlelekile ngokugeleza nokuminyana, ilungele iwebhu, i-imeyili, nokudluliswa kwamafayela.
I-UDP inciphisa i-overhead nokubambezeleka, ikwenze kube ukhiye wemidlalo ye-inthanethi, i-VoIP, Ukusakaza namaphrothokholi afana ne-DNS noma i-DHCP.
Amasevisi amaningi asebenzisa inombolo yembobo efanayo ngezokuthutha ezihlukene (isb., i-DNS ku-53/TCP kanye ne-53/UDP noma i-RDP ku-3389/TCP naku-3389/UDP).
Ukukhetha phakathi kwezimbobo ze-TCP noma ze-UDP kunomthelela ekusebenzeni, ukusetshenziswa kwedatha, nendawo yokuhlasela, okwenza ukuphathwa kwayo kuma-firewall kube bucayi.

I-TCP vs UDP Port Comparison

Uma singena emhlabeni wamanethiwekhi, ngokushesha noma kamuva umbuzo ojwayelekile uyaphakama: Yimuphi umehluko wangempela phakathi kwamachweba we-TCP ne-UDP? futhi lapho kungcono ukusebenzisa eyodwa noma enye. Nakuba uma uthi nhlá sibona izinombolo zembobo kuphela (80, 443, 3389, 53…), ngaphansi kunezindlela ezimbili ezihluke kakhulu zokuhambisa idatha ku-inthanethi ezithinta isivinini. ukuthembeka ngisho nasekuvikelekeni.

Kulesi sihloko sizokwephula ngomoya ophansi Isebenza kanjani i-TCP ne-UDP, iyiphi indima edlalwa amachweba, nokuthi iyiphi iphrothokholi ngayinye eyisebenzisayo.ukuthi zithinta kanjani izinto zansuku zonke ezifana nokuphequlula, ukudlala imidlalo ye-inthanethi, ukwenza amakholi evidiyo noma ukuxhuma ngedeskithophu ekude, nokuthi imiphi imithelela enakho mayelana nokusebenza, ukuphepha kwe-cyber kanye nokucushwa kwe-firewall.

I-TCP ne-UDP: izindlela ezimbili ezihlukene zokuthutha idatha

Ngaphambi kokuxoxa ngamachweba, kubalulekile ukukuqonda lokho I-TCP (Iphrothokholi Yokulawula Ukudlulisa) kanye ne-UDP (Iphrothokholi Yedatha Yomsebenzisi) ziyizivumelwano zongqimba lwezokuthutha yemodeli ye-TCP/IP, futhi ichaza isitayela sokuxhumana phakathi komthombo nendawo.

I-TCP iyiphrothokholi egxile ekuxhumekeniNgaphambi kokuthumela idatha, isungula isiteshi esinengqondo phakathi komthumeli nomamukeli kusetshenziswa indlela eyaziwayo "yokuxhawula izindlela ezintathu" (SYN, SYN-ACK, ACK). Ukusuka lapho, ifaka izinombolo zezigaba, iqinisekisa ukuthi ifika ngokulandelana kwayo, ithola amaphutha, icele ukudluliswa kabusha, futhi ivumelanise isivinini sokudlulisa ngokuya ngenethiwekhi namandla owamukelayo.

I-UDP, ngakolunye uhlangothi, iyiphrothokholi engaxhumekiAsikho isigaba sokusungulwa; umthumeli umane athumele ama-datagram lapho uya khona ngaphandle kokulinda ukuqinisekiswa noma ukulandelela. Ayi-odi amaphakethe, ayiwaqinisekisi ukulethwa, noma isebenzise izindlela zokulawula ukugeleza noma ukuminyana. Ngokubuyisela, kunciphisa kakhulu i-overhead kanye ne-latency.

Ngokusekelwe kulokhu, umehluko omkhulu ongokoqobo yilokho I-TCP ibeka phambili ukuthembeka kwedatha nokungaguquguqukingenkathi I-UDP igxile esivinini kanye nobululaukwamukela ukuthi olunye ulwazi lungase ilahleke endleleni.

Iyini ngempela ichweba le-TCP noma le-UDP?

Ichweba, kukho kokubili i-TCP ne-UDP, ilula inombolo esuka ku-0 kuye ku-65535 ekhomba ukuthi iyiphi isevisi noma uhlelo lokusebenza okufanele lufinyelelwe ukusakazwa kwedatha ngaphakathi kwedivayisi. Kanye nekheli le-IP, kwakha "isokhethi" (IP:port) edumile esetshenziswa izinhlelo zokusebenza ukulalela nokuthumela ithrafikhi.

Uma sikhuluma "ngembobo ye-TCP" noma "imbobo ye-UDP," asikhulumi ngezinombolo ezihlukene, kodwa kunalokho izinhlobo ezahlukene zokuthutha ezihlobene nenombolo yembobo efanayoIsibonelo, i-53/TCP ne-53/UDP kuhlangana ndawonye ku-DNS, noma i-3389/TCP ne-3389/UDP ye-RDP kusukela ezinguqulweni ezithile kuye phambili.

Izinombolo zihlelwe ngo izigaba ezintathu ngokusetshenziswa okuhlukaniswe ngokucacile okwabiwe yi-TCP ne-UDP:

Izikebhe ezaziwa kakhulu (0-1023): kugcinwe i-IANA kumasevisi ajwayelekile afana ne-HTTP (80/TCP), HTTPS (443/TCP), FTP (21/TCP), ssh (22/TCP), DNS (53/TCP kanye 53/UDP), njll.
Izimbobo ezibhalisiwe (1024-49151): yabelwe izinhlelo zokusebenza ezithile, njenge-3306/TCP ye-MySQL noma i-1194/UDP ekusetshenzisweni okuningi kwe-OpenVPN.
Izimbobo ezinamandla noma ezizimele (49152-65535): isetshenziswe okwesikhashana amaklayenti ngezikhathi zesikhashana; banikezwa ngokuphazima kweso yisistimu yokusebenza.

Ngenxa yale nhlangano, iseva eyodwa ingakwazi Lalela ezinsizeni eziningi ngesikhathi esisodwa (iwebhu, i-imeyili, isizindalwazi, i-VPN…) ngaphandle kokuthi idatha igeleza ixubane, njengoba ngayinye ithatha ichweba layo.

Izici ezibalulekile ze-TCP: ukwethembeka ngaphezu kwakho konke

I-TCP yakhelwe ngendlela yokuthi idatha ifika iphelele, ngaphandle kwamaphutha, futhi ngokulandelana okufanayo lapho ithunyelwe khonanaphezu kwenethiwekhi ye-IP, ngokuklama, "imizamo engcono kakhulu" futhi ayiqinisekisi lutho.

Ukufeza lokhu, i-TCP isebenzisa izindlela ezimbalwa eziyinkimbinkimbi:

Izinombolo zesegimenti kanye ne-ACKIsegimenti ngayinye iphethe inombolo yokulandelana, futhi umamukeli uthumela i-acknowledgement (ACKs). Ungasebenzisa ama-ACK akhethiwe ukuze uqinisekise amasegimenti amaningi ngesikhathi esisodwa.
I-Checksum: wonke amasegimenti aphethe isheke ukuze kutholwe ukonakala kwedatha; uma ihluleka, ingxenye iyalahlwa bese icelwa futhi.
IsilinganisoUma isikhathi esithile sidlula ngaphandle kokuthola i-ACK evela engxenyeni, umthumeli uthatha ukulahlekelwa futhi akuthumele kabusha ngokuzenzakalelayo.
Isihlungi esiyimpindaUma ingxenye efanayo ifika kabili, i-TCP ithola impinda ngezinombolo zayo bese iyilahla.

Ngaphezu kwalokho, i-TCP iyasebenza isilawuli sokugeleza ngokusekelwe kuwindi elislayidayo: umamukeli umemezela ukuthi mangaki amabhayithi angakwazi ukuwagcina kusigcinalwazi saso futhi umthumeli akakwazi ukweqa lowo mkhawulo kuze kube yilapho ethola ama-ACK amasha "ashelela" iwindi.

Ngokuhambisanayo, i-TCP ihlanganisa a ukulawula ukuminyana ngewindi layo (iwindi lokuminyana), elizama ukuvimbela inethiwekhi ukuthi ingagcwali. Uma ithola ukulahleka kwephakethe (inkomba yokuminyana ku-a router), inciphisa ijubane layo; lapho umgwaqo ucacile, uyawukhulisa futhi ngendlela elawulwayo (ukuqala kancane, ukugwema ukuminyana kanye nezigaba ezizinzile).

cunt el tiempo belokhu bevela ama-algorithms wokuminyana athuthukile, njengoTahoe noReno ezinsukwini zabo zokuqala, iVegas, CUBIC (eyasetshenziswa kakhulu ku Linux) noma i-BBR, eklanywe ngu -Google ukusebenzisa kangcono i-bandwidth etholakalayo ngaphandle kokulayisha ngokweqile inethiwekhi.

Enye inzuzo ebalulekile ukuthi I-TCP iyi-duplex egcwele futhi ivumela ukuphindaphindaIdatha ingathunyelwa futhi yamukelwe ngesikhathi esisodwa esiteshini esifanayo, futhi umsingathi angagcina amasokhethi amaningi avulekile ezindaweni noma amasevisi ahlukene ngesikhathi esisodwa.

Gcwalisa umhlahlandlela namathiphu ochwepheshe okuthumela amakhophi angaboni emehlweni ku-Outlook

Iheda ye-TCP, i-MSS kanye nokulayisha ngokweqile

Ingxenye ngayinye ye-TCP iphethe unhlokweni, okungenani, ohlala kuyo 20 bytes (izinketho eziningi uma zikhona)Kuyo sithola:

Ichweba lemvelaphi nendawo oya kuyo (Imbobo yomthombo, Ichweba Lendawo).
Inombolo yokulandelana y inombolo yokuvuma (I-ACK).
Amafulegi njenge-SYN, ACK, FIN, RST, URG, njll.
Usayizi wewindi lokwamukelakubalulekile ekulawuleni ukugeleza.
I-Checksum kanye nezinketho ezingenzeka (isibonelo, ukukala kwewindi).

Umkhawulo kasayizi wesegimenti unqunywa yi- I-MSS (Usayizi Wesegimenti Ephezulu), echazwe ezingeni lezokuthutha. Ngokuvamile kubalwa ngokuthi: MSS = MTU − IP unhlokweni − TCP unhlokweniKunethiwekhi evamile ye-Ethernet (MTU 1500) kanye nezihloko ezincane, sikhuluma ngamabhayithi angu-1460 wedatha ewusizo.

Nakuba lesi sihloko esikhulu kakhulu sikhuphuka phezulu, sivumela i-TCP hlanganisa zonke lezo zindlela zokulawula okuyinikeza izinga layo eliphezulu lokwethembeka.

Ukusungula nokuvala ukuxhumana kwe-TCP: Ukuxhawula okunezindlela ezi-3 kanye ne-END

Ukuze uqale ukushintshanisa idatha nge-TCP, udinga kuqala Sungula ukuxhumana okunengqondo phakathi kweklayenti nesevaInqubo yakudala ukuxhawulana ngezindlela ezi-3:

Iklayenti lithumela ingxenye ne- hlaba umkhosi SYN kanye nenombolo yokuqala yokulandelana.
Iseva iphendula ngokuthi I-SYN-ACK, ebonisa inombolo yabo yokulandelana futhi iqinisekisa eyekhasimende.
Iklayenti lithumela ingxenye yokugcina nge I-ACK Ukusuka lapho, izinhlangothi zombili zingaqala ukuthumela idatha ngokuphindwe kabili.

Lokhu kuxoxisana kwezinombolo zokulandelana kwenza kube nzima kumhlaseli osuka ngaphandle ukuya konakalisa kalula uxhumo lwe-TCP oseluvele lusunguliweNokho, uma imaphakathi (MitM) isengakhohlisa ithrafikhi.

Ukuvala iseshini, omunye wamaqembu uthumela ingxenye nge FINOlunye uhlangothi luphendula nge-ACK futhi ngokuvamile luthumela i-FIN yalo, okufanele kuvunywe. Kwezinye izimo, ukuxhumana "okuvulwe uhhafu" kungasala, lapho uhlangothi olulodwa luvale khona uxhumo kodwa olunye luqhubeke nokuthumela idatha.

Ukuhlaselwa okuhlobene ne-TCP nokuba sengozini

Hlola uxhumano lwenethiwekhi nge-TCPView

Impela ngenxa yalokho kuxhumana, I-TCP isengozini yokuhlaselwa kwe-SYN yokunqatshelwa kwesevisiUmhlaseli uthumela inombolo enkulu yamasegimenti angamanga we-SYN, eshiya iseva inoxhumano oluningi oluvuleke uhhafu oludla izinsiza.

Ukuze kuncishiswe lokhu kuhlasela, izilinganiso ezinjengalezi ezilandelayo zivame ukusetshenziswa: khawulela inombolo yokuxhumana kanyekanye (ngomhlaba wonke noma nge-IP), hlunga ngobubanzi bamakheli athembekile noma usebenzise amasu anjengala SYN amakhukhi, okubambezela ukubhukha kwangempela kwezinsiza kuze kutholakale ukuqinisekiswa okuthembekile.

Okunye ukuhlasela kwakudala yi- Ukubikezela inombolo yokulandelana kwe-TCPUma umhlaseli ekwazi ukuqagela amanani ozosetshenziswa umsingathi osemthethweni, angajova amaphakethe mbumbulu abonakala eyingxenye yoxhumo. Ukuze kuzuzwe lokhu, ngokuvamile baqala ngokulalela ithrafikhi phakathi kwamakhompyutha amabili athenjwayo, balinganisele iphethini yokufaka izinombolo, futhi ngezinye izikhathi baqalise ukuhlasela kokuphikwa kwesevisi kumsingathi wangempela ukuze "ayithulise" kuyilapho yonaka isikhathi sayo.

Uma uxhumano selumisiwe, umhlaseli angakwazi faka idatha engafaneleLokhu kungaholela ekunqanyulweni kweseshini noma ekuziphatheni okungalindelekile kuhlelo lokusebenza oluqondiwe. Amasistimu namadivaysi amadala, anganamathiselwenga ngokuvamile yikona okuqondiwe okulula kulawa masu.

Iyini i-UDP futhi kungani ishesha kangaka?

I-UDP yaklanywa ngefilosofi ehlukile: thumela ama-datagram anesihloko esincane kakhulu esingakhonaishiya cishe konke ukulawula izendlalelo ezingaphezulu. Ayisunguli ukuxhuma kwangaphambilini, ukuhlela kabusha, ukuthumela kabusha, noma ukulawula izinga lokudlulisela.

Umthumeli umane athumele ama-datagram e-UDP endaweni okuyiwa kuyo, kucatshangwa ukuthi umamukeli unesokhethi evulekile yokulalela. Uma kukhona ukuminyana, uma umamukeli ehamba kancane, noma uma umzila unquma ukuwisa amaphakethe, i-UDP ayenzi lutho nhlobo ukuyilungisa.

I-headboard yayo incane kakhulu, kuphela Amabhayithi we-8, enezinkambu ezine eziyisisekelo:

Ichweba lemvelaphi.
Ichweba lendawo.
Ubude bedathagram.
I-Checksum (yesihloko nedatha).

Ngenxa yalokhu kulula, Iningi lephakheji linikezelwe ekulayisheni.Lokhu kuthuthukisa kakhulu ukusebenza kahle, ikakhulukazi ezokuxhumana ngesikhathi sangempela nasezindaweni lapho ukunciphisa ukubambezeleka kubaluleke kakhulu.

Nokho, njengoba kungekho ukugeleza noma ukulawula ukuminyana, uma isidlulisi sishesha kakhulu kunomamukeli noma inethiwekhiAma-Datagrams azoqala ukulahleka, futhi umthwalo wokuphatha lokho kulahlekelwa uwela ngokuphelele kuhlelo lokusebenza.

Izinzuzo ezingokoqobo kanye nokubi kwe-TCP ne-UDP

Ngamafuphi, singakusho lokho I-TCP ihamba kancane kodwa ithembekile kakhulu, futhi I-UDP iyashesha kodwa ithembekile kancaneAke sehlise lokhu emacaleni okusetshenziswa komhlaba wangempela.

I-TCP iyindlela efanelekile uma ubuqotho bedatha bubalulekile: i-imeyili, ukuphequlula iwebhu, ukudluliswa kwefayela, ukuphatha okukude, yolwazi… Kuzo zonke lezi zimo, akuwenzi umqondo ukuthola ulwazi olonakele noma olungaphelele, ngisho noma kusithatha ama-millisecond ambalwa ubude.

I-UDP ikhanya ezindaweni lapho ukushesha kuyinto ehamba phambili, njenge Juegos onlineI-VoIP, amakholi wevidiyo, ukusakaza bukhoma, i-DNS, i-DHCP… Lapha kungcono ukulahlekelwa iphakethe futhi ube ne-pixelate yevidiyo isikhashana, kunokumisa ukudlalwa ukuze ulinde ukudluliswa kabusha.

Mayelana nokusetshenziswa kwedatha, I-TCP futhi ine-overhead engaphezulu kune-UDP.Izihloko zayo zinkulu futhi zikhiqiza ithrafikhi eyengeziwe kusukela ekuvumeni nasekudluliseleni kabusha. Ezivivinyweni zomhlaba wangempela nge i-VPN Kuyaqapheleka ukuthi i-OpenVPN phezu kwe-TCP ingadla amaphesenti ambalwa wamaphuzu wedatha kune-UDP ngolwazi olufanayo oluwusizo.

Ngokuphathelene nokuphepha okumsulwa, ayikho iphrothokholi eklanyelwe ukubethela noma ukugunyaza ngokwayo, nakuba Isakhiwo se-TCP senza umjovo wethrafikhi enonya ube nzima nakakhulu Sibonga ukulandela ngomkhondo kanye nama-ACK. Empeleni, uma sisebenzisa i-TLS, i-VPNs, noma imigudu ebethelwe, kokubili i-TCP ne-UDP kuncike ezendlalelo eziphezulu ukuze kuvikelwe okuqukethwe.

Ungakhubaza kanjani i-adaptha yenethiwekhi ku Windows 10 Amaphoyinti okugcina

Ekugcineni, I-UDP inika amandla ukusakaza okuningi nokusakaza ngokwemvelo, okwenza kube lula ukuthumela ukugeleza okufanayo kubamukeli abaningi ngesikhathi esisodwa (izinkomfa zevidiyo, ukusakaza kumakhasimende amaningi, izivumelwano zokuthola), into i-TCP, engenakukwazi ukuyenza.

I-TCP ne-UDP zingena kanjani kuma-VPN

Izinsizakalo ze-VPN zithembele ku-TCP noma i-UDP ukuze zenze umhubhe obethelwe phakathi kweklayenti neseva. Empeleni, Izivumelwano eziningi zesimanje ze-VPN zikhetha i-UDP ngoba yehlisa ukubambezeleka futhi isekela kangcono izimo zokulahleka kwephakethe okumaphakathi.

Ku-OpenVPN, isibonelo, ungakhetha phakathi TCP noma UDP umhubheUma usebenzisa i-UDP, ukwethembeka okuningi kuthunyelwa ezinhlelweni zokusebenza ezingaphakathi emhubheni (imvamisa i-TCP futhi, njenge-HTTP/HTTPS), ukugwema ungqimba oluphindwe kabili lokulawula amaphutha olungangeza nje ukubambezeleka.

Lokhu kusho ukuthi umhubhe we-OpenVPN phezu kwe-UDP Ingase ilahlekelwe amaphakethe athile, kodwa uma ithrafikhi ye-HTTP (esebenzisa i-TCP) ihamba ngaphakathi, kuzoba yileyo TCP yangaphakathi ecela ukudluliselwa kabusha lapho kudingeka. Umphumela osebenzayo uwukuxhumana okuphephile, okuthembekile ezingeni lesicelo, kodwa ngokushesha kakhulu ezingeni lezokuthutha.

I-WireGuard iqhubekela phambili futhi Isebenzisa i-UDP kuphela njengendlela yayo yokuthutha.Bonke ubunkimbinkimbi buthuthelwa kumqondo wayo we-cryptographic nokulawula, ukufeza izikhathi zokusetha ezincane nokuzulazula okusheshayo lapho sishintsha amanethiwekhi (ngokwesibonelo, ukusuka ku-Wi-Fi kuya ku-4G) ngaphandle kokuthi i-VPN ibonakale.

Kodwa-ke, ezindaweni lapho izindonga zomlilo zikhawulela kakhulu i-UDP (amanye amanethiwekhi ezinkampani), ama-VPN amaningi aphoqeleka ukuthi Yehlela ku-TCP ukuze udlule izihlungi nama-proxies, ngezindleko zokubambezeleka okwanda kancane.

I-TCP iqhudelana ne-UDP kuwebhu kanye nokuvela ku-QUIC

Namuhla, I-HTTP ne-HTTPS cishe zihlala zithembele ku-TCPI-HTTP yakudala ivamise ukusebenzisa imbobo engu-80/TCP futhi i-HTTPS isebenzisa i-443/TCP, yengeza i-TLS ukuze ibethele ukuxhumana.

Kuze kufike ku-HTTP/2 isithombe besicacile: Iwebhusayithi yonke isebenze phezu kwe-TCP, ngezinzuzo zayo zokwethembeka kodwa idonsa nezinkinga ezithile zokuthi ubambezeleke kanye nokuvinjwa kwesihloko ekuxhumekeni kokulahlekelwa okukhulu.

I-HTTP/3 ingena esigcawini I-QUIC, iphrothokholi yezokuthutha eyakhelwe phezu kwe-UDP Ihlanganisa izici ze-TCP (ukulawula ukuminyana, ukulungisa amaphutha, ukuhleleka kokugeleza) kanye ne-TLS (ukubethela kuyadingeka). I-QUIC ivumela ukuphindaphinda ukusakaza okuzimele okumbalwa ngoxhumano olufanayo, inciphisa umthelela wokulahleka kwephakethe kunoma iyiphi ingxenye eyodwa yokuxhumana.

Ngiyabonga ngalokho, I-HTTP/3 ngaphezulu kwe-QUIC ivamise ukunikeza izikhathi zokulayisha ngokusheshaikakhulukazi ku amanethiwekhi weselula noma izixhumanisi eziphezulu ze-jitter. Ngaphezu kwalokho, ngokusebenzisa i-UDP, inqoba kangcono izingqinamba ezithile kungqalasizinda yefa eyenzelwe i-TCP kuphela.

Izimbobo ze-TCP ne-UDP kumasevisi omhlaba wangempela: izibonelo nethebula

Ungawabuka kanjani amachweba wenethiwekhi avuliwe Windows 11

Inhlanganisela yohlobo lwezokuthutha kanye nenombolo yembobo iyachaza iyiphi iphrothokholi yesendlalelo sohlelo lokusebenza esetshenziswayoEzinye izibonelo ezivame kakhulu:

80 / TCPI-HTTP (iwebhu engabetheliwe).
443 / TCP: I-HTTPS (iwebhu ibethelwe nge-TLS).
21/TCP kanye ne-20/TCPI-FTP (ukulawula kanye nedatha).
22 / TCP: I-SSH ne-SFTP.
25/TCP, 587/TCPI-SMTP yokuthumela i-imeyili.
110/TCP, 995/TCP: I-POP3 ne-POP3S.
143/TCP, 993/TCP: I-IMAP ne-IMAPS.
53/UDP kanye ne-53/TCP: I-DNS (imibuzo esheshayo nge-UDP, ukudluliselwa kwendawo nge-TCP).
67/UDP kanye 68/UDPIklayenti/iseva ye-DHCP.
123/UDPI-NTP, ukuvumelanisa isikhathi.
161/UDP: I-SNMP.
445 / TCPI-Microsoft SMB/CIFS yokwabelana ngamafayela.
554/TCP/UDP: I-RTSP yokulawula ukusakaza.
631/TCP/UDP: IPP (ukuphrinta kwenethiwekhi).

Uhlu oluphelele lwamachweba aziwayo futhi abhalisiwe luningi kakhulu, kodwa lusebenza ukukhombisa lokho I-TCP ivamise ukubusa ezinhlelweni ezibucayi nezigxile ekuhwebeningenkathi Imithetho ye-UDP ekutholeni, ekusakazeni, noma kumaphrothokholi okulawula angasindi..

I-RDP: TCP, UDP, noma kokubili?

El I-Remote Desktop Protocol (RDP) Isevisi ye-Microsoft ikuvumela ukuthi uxhume kwenye ikhompuyutha njengokungathi uhlezi phambi kwesikrini sayo. Ngaphakathi, ithumela isithombe sedeskithophu esicindezelwe ukusuka kumsingathi wesilawuli kude kuya kuklayenti futhi ithola okokufaka kwekhibhodi negundane ngakolunye uhlangothi.

Ngokwesiko, i-RDP isebenzise i- port 3389/TCP njengezokuthutha eziyinhloko, okusebenzisa ukwethembeka kwe-TCP ukuze kuqinisekiswe ukuthi isibuyekezo ngasinye sesikrini, ukuchofoza, kanye nephakethe lokulawula lifika ngendlela efanele nangendlela efanele.

Kusukela ku-RDP 8.0, iphrothokholi nayo ingasebenzisa 3389/UDP ukuze uthuthukise ukusebenzaNgokuvamile, iklayenti lizozama kuqala ukusungula isiteshi se-UDP (ngenxa ye-latency ephansi kanye nomkhawulokudonsa ophezulu) futhi, uma lokhu kungenakwenzeka ngenxa yemikhawulo yenethiwekhi, izobuyela emuva esiteshini se-TCP sakudala.

Le ndlela ye-hybrid ivumela i-RDP thumela inqwaba yedatha eyisithombe nge-UDPlapho ukulahleka kwamafreyimu ambalwa kungabonakali, futhi i-TCP ingagcinelwa ulwazi olubucayi kakhulu uma kunesidingo. Kumanethiwekhi ane-latency ephezulu noma ukulahleka kwesignali, ukuthuthukiswa kokusebenza kungase kubaluleke kakhulu.

Uzivula kanjani izimbobo ze-TCP ne-UDP ze-RDP ku-Windows

Ukuze uthole iseshini ye-RDP kusukela ngaphandle ukuya emsebenzini, i-firewall yomsingathi kufanele vumela ithrafikhi engenayo ku-port 3389Kokubili i-TCP ne-UDP iyadingeka uma sifuna ukusizakala ngokulungiselelwa kwesimanje; uma kunezinkinga, kuyancomeka ukuthi ubuyekeze izinqubomgomo zenethiwekhi ezivimba i-RDP.

En Windows, lo ukusetha okuyisisekelo kusuka ku-Firewall ye Windows Defender siqukethe:

Ngena Iphaneli Yokulawula > Uhlelo Nokuphepha > Windows Defender Firewall bese uvule izilungiselelo ezithuthukile.
Dala umthetho omusha ongenayo wohlobo "Port", khetha i-TCP futhi ucacise i-3389 njengechweba lasendaweni elithile.
Khetha "Vumela ukuxhumeka", sebenzisa kumaphrofayela adingekayo (isizinda, esiyimfihlo, esidlangalaleni) bese unikeza igama elichazayo, isibonelo "RDP TCP 3389".
Phinda inqubo ukuze I-UDP ethekwini elifanayo 3389, nelinye igama njengokuthi "RDP UDP 3389".
Qinisekisa ukuthi yomibili imithetho inikwe amandla futhi uhlole uxhumano kusuka kuklayenti elikude.

Izinhlobo Eziyi-10 Ezibucayi Kakhulu Zokuhlaselwa Kwekhompyutha

Mayelana nokuphepha, ngaphezu kokuvula amachweba, kubalulekile Sebenzisa amaphasiwedi aqinile, Yenza kusebenze Ukuqinisekiswa Kwezinga Lenethiwekhi (NLA) ukuze uqinisekise ukuthi abasebenzisi abaqinisekisiwe kuphela abangangena kusikhathi sokuqhafaza, babeke umkhawulo wokuthi imaphi ama-akhawunti anemvume yokufinyelela kude, futhi ugcine isistimu ihlala inolwazi lwakamuva ukuze kuvinjwe ubungozi kusevisi ye-RDP.

Izimbobo ze-TCP: ukuphepha, ubungozi kanye nemikhuba engcono kakhulu

Noma iyiphi imbobo ye-TCP evezwe ku-inthanethi iba i-vector yokuhlasela okungenzekaAbahlaseli benza ukuskena ngokuzenzakalelayo kwawo wonke ububanzi be-IP befuna izimbobo ezivulekile (besebenzisa amathuluzi afana ne-Nmap) futhi, uma sebetholiwe, bahlole ubungozi obaziwayo noma ukuhlasela kwe-brute-force.

Izinkonzo ezibucayi kakhulu njenge I-SSH (22/TCP), i-RDP (3389/TCP), i-SMB (445/TCP) noma isizindalwazi Lokhu okuhlosiwe okubalulekile, njengoba ukwehluleka lapho kunganikeza ukufinyelela okuqondile kunethiwekhi yangaphakathi noma idatha ebalulekile.

Ukunciphisa indawo yokuhlasela, kuhle ukusebenzisa isimiso se ubuncane belungelo emachwebeni: vula kuphela lezo ezidingekayo ngokuqinile, khawula ukufinyelela nge-IP noma i-VPN uma kungenzeka, futhi uvale noma uhlunge yonke into engasetshenziswa.

Kungumqondo omuhle futhi hlukanisa inethiwekhi ezindaweni (i-LAN yomsebenzisi, iseva ye-DMZ, inethiwekhi yokuphatha, njll.) futhi usebenzise imithetho yangaphakathi yokuvikela umlilo ukuze uhlukanise izinsiza ezibalulekile. Ngale ndlela, ngisho noma umhlaseli ebeka engcupheni umshini owodwa, kuzoba nzima kakhulu kuwo ukuthi asuke eceleni aye kwamanye amasistimu abucayi.

Ukusetshenziswa kwe ukuqapha nokugawula amathuluzi Ivumela ukutholwa kwamaphethini angaqondakali ezimbobeni (izikena, imizamo ehlulekile enkulu, uxhumo olusuka emazweni angajwayelekile), icupha izexwayiso ngaphambi kokuba isigameko sishube.

Ekugcineni, kuhle ukufeza ukuhlolwa kwechweba ngezikhathi ezithile Sebenzisa izikena zangaphandle nezangaphakathi bese ubhala ukuthi iyiphi isevisi elalelayo ngakunye. Lokhu kusiza ukuhlonza izinhlelo zokusebenza eziphelelwe yisikhathi, izinsizakalo ezikhohliwe, noma izilungiselelo ezizenzakalelayo eziyingozi okufanele zikhutshazwe.

Umehluko wokusebenza phakathi kwezimbobo ze-TCP ne-UDP

Uma siqhathanisa ithrafikhi ehamba ngamachweba e-TCP iqhathaniswa ne-UDP, esikukalayo ngempela ukuziphatha kwawo womabili amaphrothokholi ezokuthutha ngaphansi kokuhlukile izimo zenethiwekhi.

I-TCP, nephutha layo nokulawula ukuminyana, ijwayele yehlisa ijubane lapho ithola ukulahleka noma ukugcwalaukubeka phambili ukuthi yonke into ifika ngendlela efanele kunokuba ngokushesha. Kumanethiwekhi aminyene noma ngokubambezeleka okuphezulu, lokhu kungahumushela ezikhathini ezinde zokulayisha noma i-ascargas ukushesha kancane.

I-UDP ayikuvumeli ukuminyana kukuvimbe: Uma indlela iminyene, ama-routers avele awise amaphaketheNjengoba kungekho okudluliswayo okuzenzakalelayo, ukuxhumana kuhlala kumanzi, kepha kunezikhala zolwazi uhlelo okufanele zilawuleke (isibonelo, ngokubhafa noma ukulungisa amaphutha alo).

Ekuhlolweni ngama-VPN namabanga amakhulu ezindawo, kuyabonakala ukuthi I-OpenVPN phezu kwe-UDP imvamisa ishesha kakhulu kune-TCPUmehluko ubonakala kakhulu njengoba izimo zenethiwekhi ziba zimbi. Lokhu kungenxa kokubili kwekhanda elincane kanye nokungabikho kwama-ACK aqhubekayo kanye nokudluliswa kabusha.

Kuphinde kube nomthelela ku- ukusetshenziswa kwedathaPhakathi kwezihloko ezisindayo nemilayezo yokulawula eyengeziwe, i-TCP isebenzisa umkhawulokudonsa owengeziwe ku-MB ngayinye ewusizo edluliswayo. Ekuxhumekeni kweselula okunemikhawulo yegigabhayithi, lokhu kungenza umehluko ekupheleni kwenyanga.

Amanye amaphrothokholi ezokuthutha ngale kwe-TCP ne-UDP

Nakuba ekusebenzeni cishe yonke i-Intanethi isebenza nayo I-TCP ne-UDP njengesisekeloKunezinye izinqubo zokuthutha ezenzelwe izimo ezithile zokusetshenziswa.

Enye yazo I-SCTP (Iphrothokholi Yokulawula Ukusakaza)Ihlanganisa izici ze-TCP ne-UDP: inikeza ukudluliselwa okuthembekile noku-oda, kodwa ivumela ukugeleza okuzimele okuningi ngaphakathi koxhumano olufanayo. Isetshenziswa kabanzi ku ezokuxhumana ezithuthukile kanye nokusayina kwe-VoIP, lapho kunciphisa ukubambezeleka uma kuqhathaniswa ne-TCP yendabuko.

Enye futhi I-DCCP (Datagram Congestion Control Protocol), egcina isitayela se-UDP esingaxhunyiwe ku-inthanethi kodwa esihlanganisayo ukulawulwa kokuminyana okudidiyelweyakhelwe i-multimedia yesikhathi sangempela lapho ukulahlekelwa amaphakethe kungcono ukwethula ukubambezeleka okukhulu kakhulu.

Kunjalo futhi I-RDP (Reliable Data Protocol), ngokugxila ezindaweni zezempi nezesayensi, futhi, njengoba sekushiwo, I-QUIC, ethembele ku-UDP kodwa isebenzisa ukwethembeka, ukuphindaphinda nokubethela kusendlalelo esisodwa, okuyisisekelo se-HTTP/3.

Naphezu kwezinzuzo zayo zobuchwepheshe, iqiniso liwukuthi Ukwamukelwa ngobuningi kwezivumelwano ezintsha kuyinkimbinkimbi: yonke i-ecosystem yama-routers, izindonga zomlilo, izinhlelo ezisebenzayo Izicelo zenzelwe i-TCP ne-UDP, futhi ukushintsha leso sisekelo kuhilela umzamo, izindleko, nobungozi. Ngaphezu kwalokho, ama-firewall amaningi avimba izivumelwano ezingavamile ngokuzenzakalelayo, kuyilapho ithrafikhi ye-TCP 80/443 kanye nenani elibalulekile le-UDP cishe kuvunyelwe njalo.

Qonda kahle Indlela amachweba e-TCP ne-UDP asebenza ngayo, yiziphi izinsizakalo ezithembele kulelo nalelo, nokuthi linamiphi imiphumela ekusebenzeni nasekuvikelekeni. Yilokhu okusivumela ukuthi senze izinqumo eziphusile: uma kufaneleka ukudela isivinini esithile ukuze sizuze ukwethembeka, uma kunenzuzo ukusebenzisa i-UDP ukunciphisa ukubambezeleka, yiziphi izimbobo okufanele zivuleke noma zivalwe ku-firewall, noma yiziphi imingcele okufanele zilungiswe ku-VPN noma iseva ukuqinisekisa ukuthi inethiwekhi yethu isebenza kahle futhi ayivinjwanga ngangokunokwenzeka ukuhlasela.

Hlola uxhumano lwenethiwekhi nge-TCPView

I-athikili ehlobene:

Hlola ukuxhumana kwenethiwekhi ku-Windows nge-TCPView, TCPvcon, ne-Netstat

Isaka

Umbhali oshisekayo ngomhlaba wamabhayithi nobuchwepheshe ngokujwayelekile. Ngiyathanda ukwabelana ngolwazi lwami ngokubhala, futhi yilokho engizokwenza kule bhulogi, ngikubonise zonke izinto ezithakazelisayo kakhulu ngamagajethi, isofthiwe, ihadiwe, izitayela zobuchwepheshe, nokuningi. Inhloso yami ukukusiza ukuthi uzulazule emhlabeni wedijithali ngendlela elula nejabulisayo.