用Layman的术语解释数据如何在Internet上移动 (Explaining How Data Moves Around the Internet in Layman’s Terms)

Imagine, for a moment, that you are a spy. And not only that: you are a spy who just hit the jackpot. You just overheard the conversation of the century between two of your targets of interest. And you’ve rushed back to your secret spy office to dispatch a memo right away to your superiors. How do you get your message to them?

想象一下，你是一个间谍。 不仅如此：您是间谍，刚中了大奖。 您只是忽略了两个感兴趣的目标之间的世纪对话。 您已经赶回秘密间谍办公室，立即向上级发送备忘录。 您如何向他们传达信息？

We’re going to walk through an imaginary spy message process, and it turns out it’s a pretty good approximation of how data is moved across the internet, too. Our internet counterpart to the spy memo, is, of course, a cat video. So how does the spy get their message to headquarters? And how does the cat video get to your phone? Here’s how:

我们将经历一个虚构的间谍消息过程，事实证明，它也是对如何在Internet上移动数据的一种很好的近似。 我们与间谍备忘录相对应的互联网视频当然是猫视频。 那么，间谍如何将其信息传达给总部？ 猫视频如何进入您的手机？ 这是如何做：

在发送方：应用程序层 (On the Sender’s Side: Application Layer)

So we’ve gotten back to our office with this incredible spy scoop of the century. The first thing we’re going to do is write out the content of our message. What are we reporting? What did we actually overhear? Get it down on paper as soon as possible. Of course, since your’e a spy, the original draft is probably on burn paper, but still, you need this out of your head and on some medium you can work with.

因此，我们带着本世纪不可思议的间谍消息回到了办公室。 我们要做的第一件事是写出消息的内容。 我们要报告什么？ 我们实际上偷听了什么？ 尽快将其记录下来。 当然，由于您是间谍，因此原始草稿可能在烧纸上，但是仍然需要您的头脑和某种可以使用的介质。

On the web, this message — the actual content we want to send — is the “data” and the data comes from the source “application.” Whatever program it is that houses that cat video we want to see, that’s the application. And it has a video it wants to send to us, that’s the data. So the first step in this whole process is gathering the actual content that’s going to be sent. In technical speak, we call this the “Application Layer.”

在网络上，此消息(我们要发送的实际内容)是“数据”，数据来自源“应用程序”。 无论使用什么程序存储我们想要观看的猫视频，即是该应用程序。 它有一个视频要发送给我们，那就是数据。 因此，整个过程的第一步是收集将要发送的实际内容。 从技术上讲，我们称其为“应用层”。

发件人方面：表示层 (Sender’s Side: Presentation Layer)

Now, we wouldn’t be a very good spy if we just sent this scoop of the century message in plain English for all the world to see. So of course, once we’ve figured out what we’re going to say, the very next thing we’re going to do is put it into a secret code that only we and our handler know how to decipher. For the purposes of this example, we’re going to ignore the complexities of how such a code might work (that’ll be a future article) and we’re just going to leave this at “we put the message into our secret code.” Step two done.

现在，如果我们仅以简单的英语发送本世纪独家新闻让全世界看到，我们将不是一个很好的间谍。 因此，当然，一旦我们弄清楚了要说的话，我们接下来要做的就是将其放入一个秘密代码中，只有我们和处理程序才能知道如何解密。 就本示例而言，我们将忽略这种代码可能如何工作的复杂性(这将是以后的文章)，而我们将其保留为“我们将消息放入我们的秘密代码中” 。” 第二步完成。

Similarly, the application that’s sending our cat video probably isn’t going to just dump the data onto the internet in “plaintext” for everyone. There might be various reasons why it wants to “encode” its content: maybe they are good netizens (net citizens) and believe strongly in security. Maybe they know that Google downgrades sites that don’t use HTTPS, and they want to maintain their cat video search ranking. Maybe they specialize in NSFW (not safe for work) cat videos and know their customers don’t want to be snooped on. Whatever the reason, they probably use some form of “encryption,” and the next step in the process is encoding the data into that encrypted form.

同样，发送猫视频的应用程序可能不会只是将所有人的数据以“明文”形式转储到互联网上。 它想要“编码”其内容的原因可能多种多样：也许他们是优秀的网民(网民)并坚信安全性。 也许他们知道Google将不使用HTTPS的网站降级了，他们希望维持其猫视频搜索排名。 也许他们专门研究NSFW(不安全的工作)猫视频，并且知道他们的客户不想被窥探。 无论出于何种原因，他们都可能使用某种形式的“加密”，并且该过程的下一步是将数据编码为该加密形式。

Note that there might be other kinds of “encoding” that needs to happen here beyond encryption (for a variety of technical reasons that you probably don’t care about), so this isn’t the only thing that might be happening at this step. But collectively, all those various encoding processes are called the “presentation layer.”

请注意，除了加密之外，这里可能还需要进行其他类型的“编码”(由于您可能并不在意的各种技术原因)，因此这并不是在此步骤中唯一发生的事情。 但总的来说，所有这些各种编码过程都称为“表示层”。

发件人方面：会话层 (Sender’s Side: Session Layer)

Ok, our incredibly important spy message is written and put into our super secret code. Now, we need to prep it for sending. The first step in that process is deciding how to categorize it in the pantheon of spy conversations we have with headquarters (because, after all, we are very productive spy with lots of open conversations/threads/topics of inquiry running at once). Do we want to put this into an existing conversation as a “reply” message? Or do we want to start a whole new conversation with a unique subject line to catch everyone at HQ’s attention: HUUUGE NEW THING, PLEASE READ?

好吧，我们非常重要的间谍消息将被写入并放入我们的超级密码中。 现在，我们需要准备发送。 该过程的第一步是确定如何在与总部进行的间谍对话的万神殿中对其进行分类(因为毕竟毕竟我们是非常有效率的间谍，它同时运行许多开放的对话/线程/询问主题)。 我们是否要将其作为“回复”消息放入现有对话中？ 还是我们要以一个独特的主题开始全新的对话，以引起总部的所有人的注意： HUUUGE NEW THING，请阅读 ？

Similarly, our cat video application that’s now packed up and encoded a video it wants to send us needs to decide if this is part of an existing “session” (ie, you’re already browsing the site and just clicked a new link) or a new one. On the web, it’s almost always the case that an application that is sending data is sending it as part of an already established session/conversation. If you stop to think about this, you can probably see why: you don’t usually just “get” data from the web sent to you, it’s normally something you “request.” You open a web page or app on your phone, you click a link in an email or text message, you type something into the search bar or pull down to refresh in a social media feed. It’s in response to these sorts of actions that data gets sent. In all of those cases, you have (behind the scenes) already established a connection to the app/site, setting up a session that the data will be sent through.

同样，我们已经打包并编码了要发送给我们的视频的猫视频应用程序需要确定这是否是现有“会话”的一部分(即，您已经在浏览该网站，只是单击了一个新链接)，或者一个新的。 在网络上，发送数据的应用程序通常将其作为已建立的会话/对话的一部分发送。 如果您停止考虑这一点，您可能会明白为什么：通常您不只是从网络上“获取”发送给您的数据，通常是您“要求”的东西。 您在手机上打开网页或应用程序，单击电子邮件或短信中的链接，在搜索栏中键入内容，或下拉菜单以刷新社交媒体源。 发送数据是对这些操作的响应。 在所有这些情况下，您都已经(在幕后)建立了与应用程序/站点的连接，并设置了将通过其发送数据的会话。

An aside: it’s because of this that most firewalls (especially the ones built-into personal computers/home WiFi routers, etc) default to blocking all “incoming” connections. This is because 99.9% of the time, you as the user are the one initiating sessions through an “outgoing” request to get something from an app or a website. Once you’ve established those connections, the data will flow through the opened session. So if data shows up addressed to you that isn’t part of such an already existing session (in other words, data you’ve never requested), your firewall can reasonably assume that it’s at the very least suspicious and should be blocked just in case.

顺便说一句：正是由于这个原因，大多数防火墙(尤其是内置在个人计算机/家庭WiFi路由器等中的防火墙)默认都阻止所有“传入”连接。 这是因为99.9％的时间中，您(作为用户)是通过“传出”请求从应用程序或网站获取内容的会话。 建立这些连接后，数据将流经打开的会话。 因此，如果显示给您的数据不是此类现有会话的一部分(换句话说，您从未请求过的数据)，则您的防火墙可以合理地认为它至少是可疑的，应仅在案件。

发件人方面：传输层 (Sender’s Side: Transport Layer)

We’ve written our amazing spy scoop, we’ve put it into our secret code, and we’ve determined how to categorize/flag it for HQ. Now we have to decide how to send it. Do we put a letter in the mail (and if we do, will it ever arrive?)? Do we take out a coded advertisement in the classifieds of the local paper? Do we initiate a dead drop on a bridge? Send a message over a secret satellite communication device? So many options, how’s a spy to choose?

我们已经编写了令人惊叹的间谍独家新闻，将其放入我们的秘密代码中，并且确定了如何将其分类/标记为总部。 现在我们必须决定如何发送它。 我们是否在邮件中放了一封信(如果这样做， 它会到达吗？ )？ 我们是否会在当地报纸的分类广告中删除编码广告？ 我们会在桥上引发死角吗？ 通过秘密的卫星通信设备发送消息？ 这么多的选择，有什么间谍可供选择？

Our cat video has to similarly decide how to send the data. On the web, these “methods” of sending the data are called “protocols.” There’s a few different options, and they matter because they have different features. For example, some “guarantee” delivery (by sending you a confirmation message, for example) while others make a “best attempt”: just sending the data and hoping it arrives.

我们的猫视频必须同样地决定如何发送数据。 在网络上，这些发送数据的“方法”称为“协议”。 有几种不同的选择，它们之所以重要，是因为它们具有不同的功能。 例如，某些“保证”交付(例如，通过向您发送确认消息)，而另一些则做出“最佳尝试”：仅发送数据并希望其到达。

Now, in reality on the web, this isn’t much of a choice. The application sending the data has almost certainly been programmed to always use a particular protocol, so when you get to this step there’s no decision to be made, the protocol just needs to be “activated.” Sometimes, however, different steps in an application’s process may use different protocols. For example, when you browse to a website your web browser uses one protocol to look up the location of the server and a different one to actually request the data from the server.

现在，实际上在网络上，这并不是很多选择。 几乎可以肯定，发送数据的应用程序已被编程为始终使用特定的协议，因此，当您执行此步骤时，无需做任何决定，只需“激活”该协议即可。 但是，有时，应用程序过程中的不同步骤可能会使用不同的协议。 例如，当您浏览到网站时，您的Web浏览器使用一种协议来查找服务器的位置，而使用另一种协议来实际从服务器请求数据。

发件人方面：网络和链接层 (Sender’s Side: Network and Link Layers)

Message written and put into secret code, “conversation”/“thread” chosen, and we’ve decided how we’re transmitting it. Now, the next thing we have to do is actually “address” our spy message. There are probably two levels to this address, which we’ll call “external” and “internal.” To visualize this, imagine you’re dispatching your super secret message to your handler, who works out of an office in another city. Of course, the office is a “cover” where they manage a fake travel agency or something. But the address actually exists and it’s convenient enough to send messages to. Addressing messages to this office, you need to both put the street address for the building and the suite number. In this case, the street address is the “external” part and the suite number is the “internal” part. You may have done this in your not-imaginary-spy-life whenever you mail something to a business with multiple internal departments (and needed to put a suite number or “ATTENTION: Billing” on it) or if you’ve sent mail to someone who lives in a large apartment building and needed to specify not just the building address but their apartment number.

编写消息并将其放入秘密代码中，选择“对话” /“线程”，然后我们决定了如何传输它。 现在，我们要做的下一步实际上是“解决”我们的间谍消息。 该地址可能有两个层次，我们将其称为“外部”和“内部”。 为了直观地看到这一点，想象一下您正在将超级机密消息分发给您的处理程序，该处理程序在另一个城市的办公室外工作。 当然，办公室是他们管理假旅行社之类的“掩护”。 但是该地址确实存在，并且足够方便地向其发送消息。 在向该办公室发送邮件时，您需要同时输入建筑物的街道地址和套房编号。 在这种情况下，街道地址是“外部”部分，而套房号是“内部”部分。 每当您将邮件邮寄给具有多个内部部门的公司(并且需要在上面加上套件号或“注意：账单”)时，或者您已经将邮件发送给住在大型公寓大楼中的人，不仅需要指定大楼地址，还需要指定公寓号。

Similarly, on the web, there’s two levels to addressing messages. This comes about because our devices don’t directly connect to the internet. Instead, they connect to your WiFi Router (or Ethernet Router if you’re hard-wired into the network), which then connects to the internet (with perhaps some additional in-between steps like a firewall or modem, especially if you’re in a business/corporate environment). So the router/modem (whichever device is actually directly connected to the internet) is the “external” or “IP” address, connected to what we call the “network layer.” Then, all the devices in your home/office have their own “internal” address, which operates on what we call the “link layer.” For our cat video app to send us the data it’s packaged up for us, it has to address it to both, basically saying “send the data to this device on this network” in the same way you might say “deliver to this apartment number inside this building.”

同样，在网络上，有两种处理消息的方法。 这是因为我们的设备没有直接连接到互联网。 相反，它们会连接到您的WiFi路由器(如果您硬连接到网络，则连接到以太网路由器)，然后再连接到Internet(可能还有一些其他步骤，例如防火墙或调制解调器，尤其是当您使用在企业/公司环境中)。 因此，路由器/调制解调器(实际上实际上直接连接到Internet的任何设备)都是“外部”或“ IP”地址，连接到我们称为“网络层”的地址。 然后，您家中/办公室中的所有设备都有其自己的“内部”地址，该地址在我们称为“链路层”的地址上运行。 为了让我们的猫视频应用程序将打包后的数据发送给我们，它必须同时解决这两个问题，基本上就是说“将数据发送到此网络上的此设备”，就像您说“传递到该公寓号”一样在这座大楼内。”

“物理”层 (The “Physical” Layer)

Ok, so now we’ve written our super-important message about the spy scoop of the century, we’ve put it into our secret code, classified it into the right conversation, chosen the right method to transmit it, and addressed it. Now we’re ready to actually send the message! We hand it off to the courier/postal worker or feed it into our special transmitter and away it goes.

好的，所以现在我们写了关于本世纪间谍活动的超重要消息，将其放入我们的秘密代码中，将其分类为正确的对话，选择正确的方法进行传输并加以解决。 现在，我们准备好发送消息了！ 我们将其交给快递员/邮递员，或者将其送入我们的特殊发送器，然后将其丢弃。

Similarly, now that our cat video app has packed up and encoded the video for us, fed it into the right session, activated the protocol for delivering it, and addressed it to our external and internal address, it sends it on it’s way. All that data starts moving through the many wires and cables that make up the internet, heading it our direction!

同样，现在我们的猫视频应用程序已经为我们打包并编码了视频，将其输入到正确的会话中，激活了协议以进行传输，并将其寻址到我们的内部和内部地址，然后按原样发送。 所有这些数据开始通过构成互联网的许多电线和电缆移动，朝着我们的方向前进！

接收方：爬上梯子 (The Receiver’s Side: Climbing Back Up the Ladder)

Our spy message has been transmitted! Now what?

我们的间谍信息已经发送！ 怎么办？

Well, on the other side, something of a reversal of what we’ve described happens. The message arrives at the building we addressed it to (network layer) and gets sorted with other incoming messages to be delivered to the right office suite (link layer). If we requested confirmation of delivery, someone signs for it and we get a confirmation message (transport layer). Then someone in the office files the message into the appropriate “file” for review by the appropriate eyes — it’s highly sensitive spy material, right? (Session layer) Next, the intended recipient opens and decodes the message using their own special spy skills (presentation layer) and finally reads our spy scoop of the century (application layer)!

好吧，另一方面，我们所描述的事情发生了一些逆转。 消息到达我们寻址到的建筑物(网络层)，并与其他传入消息进行排序，以传递到正确的办公套件(链接层)。 如果我们要求确认交货，请有人签名，我们会收到一条确认消息(运输层)。 然后办公室里有人将消息归档到适当的“文件”中，以供适当的眼睛查看-这是高度敏感的间谍材料，对吗？ (会话层)接下来，预期的收件人使用他们自己的特殊间谍技能(表示层)打开并解码消息，最后阅读我们本世纪的间谍消息(应用程序层)！

Now how about that cat video? Well, after crossing all those cables and wires, it arrives at our router (network layer), which then delivers it to our device (link layer). Upon receiving the message, our device says “got it” and (if requested) sends confirmation of such back through across the web to the sender (transport layer). Then our device decides which app/web page this data corresponds to (session layer). The app is probably the one that decodes the data into something we can watch (presentation layer) and then it shows us the video (application layer). Cat videos for the win!

那猫视频呢？ 好吧，在将所有这些电缆和电线交叉之后，它到达了我们的路由器(网络层)，然后将其传送到我们的设备(链路层)。 收到消息后，我们的设备会说“明白了”，并(如果要求)通过网络将此类确认发送回发件人(传输层)。 然后，我们的设备确定该数据对应于哪个应用程序/网页(会话层)。 该应用程序可能是将数据解码为我们可以观看的内容(表示层)，然后向我们展示视频(应用程序层)的应用程序。 猫视频获胜！

更深入： (Going Deeper:)

Now, of course, everything we’ve written is somewhat simplified and there are lots of wrinkles that can happen along the way. The point of this article isn’t to make you an expert in all of that, it’s to give a broad overview of how data moves around on the web. If you’d like to dive deeper and really get into the weeds, here are some places you might look:

当然，现在，我们编写的所有内容都得到了简化，并且在此过程中可能会发生很多皱纹。 本文的目的并不是要使您成为所有这方面的专家，而是要对数据如何在网络上四处移动进行广泛概述。 如果您想更深入地潜水并真正进入杂草丛生，则可以在以下地方找到它们：

• Introduction to Computer Networking: Online Course (free on YouTube) from Stanford

  斯坦福大学计算机网络入门 ：在线课程(YouTube上免费)

• Cybrary Networking Courses: Catalog of courses focused on more practical/hands-on implementations of various networking technologies

  图书馆网络课程 ： 课程目录，侧重于各种网络技术的更实际/实际实施

• Free Books: A large collection of free books on various computer/tech related topics (link will take you to the “networking section”) for those who prefer to read and looking for more in-depth/technical information

  免费书籍 ：大量免费书籍，涉及与计算机/技术相关的各种主题(链接会将您带到“网络部分”)，适合那些喜欢阅读和寻找更深入/技术信息的人