《计算机网络实验报告网络数据包协议分析.docx》由会员分享,可在线阅读,更多相关《计算机网络实验报告网络数据包协议分析.docx(6页珍藏版)》请在taowenge.com淘文阁网|工程机械CAD图纸|机械工程制图|CAD装配图下载|SolidWorks_CaTia_CAD_UG_PROE_设计图分享下载上搜索。
1、实验一网络数据包协议分析实验内容掌握Ethereal的基本使用方法,利用Ethereal捕获ICMP, TCP协议数据包,并 对其进行分析。掌握ICMP, TCP协议数据包头部各个数据位的意义。加深对ICMP, TCP 协议原理的理解。实验步骤1. Ethereal 的使用安装好Ethereal,然后开始捕获数据包。选择菜单上的Capture-interfaces, 如图选择好网卡点击Capture,如图正在抓包点击Stop然后主界面得到抓包情况如图: (lint it led)Kt hr rm 1EHo Edrt yicw Go Qapturo &iatyzo Statistics Uelp
2、Ei(gxprofifiion C*oar pptySourceDestinationas.lOF707,4Q707.4Q093 5nC4,40 Lon。Destination port: 2654 ,q,0 AVL,0l -Protocol InfoTUP 6QM5Time 0.000000- Frdme 7 (354 bytes on wire, 3 54 bytes captured), Etharnttt 11. rc : 1c :OB: 59 :af : La (1c : 71: OH: 3 5 : af : 14. DBt : tiroadcatt (ff :f f :f f :f
3、 f ;ff : f f )m internet Protocol, src: 122.207.49.241 (122.207.49.241), ost: 255,255.255.255 (255.255.255.255) Uar Dataqram Protocol. Src Port: 5C942 (5C942e Port: 254 (2C54oaxa (312 Oyxes)uoqu rr rr rr0010 01 54 700020 ff ff do03006130040 5e t3 rcT*4 -c ,vFIM: ADOCMME * 1 oadfu. Toolb U8:b)屈I6A.rd
4、color? X40290 ro Cb6 r o 5 Q 6 fioUlf-z-14olnc Q29.4US :5cMlzlrlVU32O M arlzdrllIcaor V33 r art-6 70d ?另8 s” 17 f0 4r fc 05 6F 6 452344 KB 00 0,g九 人fY. . . .O1E4108 D 41 9B M 0 Drops 0随便选取一个包进行分析即可。2. ICMP协议进入dos界面使用Ping命令,过程中会有ICMP包传输,这时翻开Ethereal的 抓包工具进行抓包即可。如图:Pinging 122.207.49.13 with 32 bytes
5、of data:fron 122: bytes=32 tine=114ns TTL=64fron 122.207.49.13: bytes=32 tine=3ms TTL=64fron 122.207.49.13: bytes=32 time=3ms TTL=64fron 122.207.49.13: bytes=32 tine=2ms TTL=64Peply Keply KeplsF KeplyOPing statistics f or 122.207.49.13 :0 .Packets: Sent = 4, Receiued = 4, LostApproximate round trip
6、times in milli-seconds: Minimum = 2ms Maximum = 114ns, Average = 30nsEthereal抓到的包如图filter: |icmp Expression. Qlear Apply3rotocol InfoNo. Time SourceDestination678 15. 548972703 16.502136704 16.504083 741 17.503153 742 17.505183 837 18.503188 838 18.505307icmpEcho(ping)replyICMPEcho(ping)requestICMPE
7、cho(ping)replyicmpEcho(ping)requesticmpEcho(ping)replyICMPEcho(ping)requestICMPEcho(ping)reply分析:随便选择一个数据包,然后中间的窗口如图显示 Frame 6/4 (/4 Dytes on wire, /4 Dytes captured)t Ethernet II, Src: Bplan_56:87:89 (00:0b:2f:56:87:89), DST: 00:26:82:48:04:6d (00:26:82:48:04:6d)+ internet Protocol, Src: 122,207.49
8、.15 (122.207.49.15), Dst: 122.207.49.13 (122.207.49.13)+ internet control Message Protocol分成四层,物理层,MAC层,网络层,ICMP协议。下面逐步分解: 如下列图为物理层: d Frame 674 (74 bytes on wire, 74 byres captured)Arrival Time: Nov 23, 2012 23:44:26.190102000Time delta from previous packet: 15.543936000 secondsTime since reference
9、 or first frame: 15.543936000 secondsFrame Number: 674Packet Length: 74 bytescapture Length: 74 bytesProtocols in frame: eth:ip:icmp:datacoloring Rule Name: icmpcoloring Rule string: icmp显示包的大小为74字节,捕获74字节,包括到达时间,包序号,整个包包含的协议层 为eth, ip, icmp,还有数据。如下列图为MAC层:-Ethernet II, Src: Bplan_56:87:89 (00:0b:2f
10、:56:87:89), Dst: 00:26:82:48:04:6d (00:26:82:48:04:6d)1- Destination: 00:26:82:48:04:6d (00:26:82:48:04:6d)Address: 00:26:82:48:04:6d (00:26:82:48:04:6d) 0=Multicast: This is a unicast frame 0=Locally Administrated Address: This is a factory default addressU Source: Bplan_56:87:89 (00:0b:2f:56:87:89
11、)Address: Bplan_56:87:89 (00:0b:2f:56:87:89) 0=Mullkdil: This is d UNICAST frame 0=Locally Administrated Address: This is a factory default addressType: IP (0x0800)主要信息有MAC层的MAC源地址,目的地址,可以看出地址为6字节48位,还说明了 上层协议。如下列图为网络层:interneT Protocol, Src: 122,207.49.15 (122.207.49.15), Dst: 122,207.49.13 (122.20
12、7.49.13)version: 4Header length: 20 bytes2 Different!axed services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) Total Length: 60Identification: Ox2aO3 (10755) Flags: 0x00Fragnent offset: 0Time to live: 64protocol: icmp (0x01) Header checksum: 0xf903 correct Source: 122,207.49.15 (122.207.49.15) Desti
13、nation: 122,207.49.13 (122.207.49,13)分析可知,网络层IP协议层包括版本号(IPV4),首部长度,服务类型,数据长度,标识,标志,寿命,还有上层协议为ICMP。如下列图为ICMP协议:=internet control Message PrcrtocolType: 8 (Echo (ping) request)Code: 0Checksum: 0x445c correctIdentifier: 0x0400Sequence number: 0x0500 Data (32 bytes)首先是服务类型(请求包),代码号,检验和(正确),标识,序列号,数据。问题回
14、答:1. What is the IP address of your host? What is the TP address of the destinationhost?答:由网络层分析可知本机IP为122. 207. 49. 15,目的主机IP为122. 207. 49. 13 如图 internet Protocol, Src: 1222074915 (12220749.15), D5t: D2220749.13 (12220749.13)2. Why is it that an ICMP packet does not have source and destination por
15、t numbers?答:它是一种过失和控制报文协议,不仅用于传输过失报文,还传输控制报文。它是控 制协议,不需要端口号。3. Examine one of the ping request packet s sent by your host. What are the ICMPtype and code numbers? What other fields does this ICMP packet have? How many bytes are the checksum, sequence number and identifier fields? 答:如图- I nr er net c
16、ont r ol Mes sage Pr or oco-l Type: 8 (Echo (pi ng) request) code: O check s um: 0x44 5 c cor r ect I dent n -Fi er : 0x04 OO Sequence number: 0x0 5OO Dat a (3 2 byres)类型为8,请求类型,code numbers为0,还包括检验和,序列号,数据包等,检验 和为 0x445C,序列号为 0x0500, identifier 为 0x0400。4. Examine the corresponding ping reply packe
17、t. What are the ICMP type and codenumbers? What other fields does this ICMP packet have? How many bytes are the checksum, sequence number and identifier fields?答:如图 I nt en mex uociz 厂 o-l Mes s aige F*l ox ozo-I Type : O C三zho Cp 1 mg) n ep-l y) code: O checks i_jm : O xa z 5 z 匚 uollrup I dent T -
18、Fn er* : OxO-4 OO se(qi_jenze nLumber :0x0500O31Z3 (3 2 bye es 2)Type % 0,回复类型,code为0,检验和为0x4c5c, identifier为0x0400,序列号为 0x0500o5. Examine the ICMP echo packet in your sc reenshot. Is this different from theICMP ping query packets in the first ha If of this lab? If yes, how so? 答:不同 如图比照二 Inr er ner
19、 conr r ol Mes sage Pr or ocol Type: 8 (Echo (pi ng) r equest) Gode: O Check s um: Ox3d57 Qcor r ect I denr i -T-i er : 0x04 OO sequence number: OxOcO5 Dara (32 byres)i- I nr er ner conrr ol Message Protocol Type: O (Echo (pi ng) r eply) Code: 0 checksum: Ox3e57 Qcorrect identifier: 0x0400 Sequence
20、number: 0x1305 Dar a (32 bytes)Type字段分别为8和0.6. Examine the ICMP error packet in your sc reenshot. It has more fields than theICMP echo packet. What is included in those fields?答:internex controlage protoco1如图为错误包(请求超时)Type: 3 (Destlnatn unreachable)Code: 3 (Port unreachable) checksum: OxeOdb correct
21、 internet Protocolt Src: 122.207.49.15 (122.207.49.15), Dst: 119,188.15.5 (119.188.15.5) user Datagram Protocol. Src Port: 22069 (22069). Dst Port: 17879 (17879) Data (38 bytes)由图可以看出多出了如下:internet Protocol, Src: 122.207.49.15 (122.207.49.15), Dst: 119,188.15.5 (119.188.15.ffi user Datagram Protocol
22、, src Port: 22069 (22069), Dst Port: 17879 (17879) Data (38 bytes)都出了 IP 字段和 UDP (user Datagram protocol)协议字段。3. TCP协议如图为截取的TCP数据包:日lt.r: |tcp0 日 Won Qlr Apply ramo cq” (76 oyx。, on wire, zocapcureap Gthornot XI, Src: OO:la:43:b9:ad (OO:1d:43:b9:ad). Dsx: Bplan.56:87:8O . Dst: 122.207.49.15 (122.207
23、.49.15 Transmission control protocol src Port: 10500 (10500). DSt Port: 2295 (2295), seq: 157, Ack: 177, uens 2246524 04 7 4049207.49 2074940544Q55n-1728 uen-02083137489 222.64.236.:149067 183.136.156.rg*$sbRd Pou12?.207.49. 15JUUU UW UU uu xoO1O 00 39 50 40 40 00 75 06 0020 31 or 29 04 08 f7 a9 ce
24、0030 rr At 8c 2b oo oo 8c ac 0go 24 97 3a 48 61 44 2d 04uf 8d o C12 402 475c B 2 8 r Oli uc: U989- U8b42 48; e 971bd Ub6e9 3037 a 41 Ab e M-6ob2 4b887File GADOCUMfe-1UlV20U-OCAL8-nTompthorXXXX8S8GOW 3730 KB 00 00 41 |P 57U4 D 4693 M 0 Drops 0如图为其中一个包的组成: Frame 325 (60 bytes on wire, 60 bytes caprure
25、d)t Ethernet II, Src: 00:la:a9:43:b9:ad (00:la:a9:43:b9:ad), Dst: Bplan_56:87:89 (00:0b:2f:56:87:89)+ internet Protocol, Src: 36.231.196.65 (36.231.196,65), Dst: 122.207.49.15 (122.207.49.15) Transmission control Protocol, src Port: 40898 (40898), Dst Port: 1265 (1265), Seq: 0, Ack: 82220, Len: 0 主要
26、有物理层,MAC层,网络层的IP协议,传输层的TCP协议。下载分析一下TCP协议组成:如图为TCP协议字段:a Transmission control Protocol, 5rc Port: 40898 (40898), Dst Port: 1265 (1265), 5eq: 0, A4: 82220, Len: 0Source port: 40898 (40898)Destination port: 1265 (1265)Sequence number: 0 (relative sequence number)Acknowledgement number: 82220 (relative
27、ack number)Header length: 20 bytesit Flags: 0x0010 (ack)Window size: 65535checksum: 0x749d correct主要有源端口号,目的端口号,序列号,头部长度,标志(ACK, SYN等),窗口大小, 检验和。问题回答:1. What is the IP address and TCP port number used by your client computer (source) to transfer the file to gaia. cs. umass. edu? What is the IP addre
28、ss and portnumber used by gaia. cs. umass. edu to receive the file.答:如图ffl internet Protocol, Src: 122.207.49.15 (122.207.49.15), Dst: 128.119.245.12 (128.119.245,12) ffl Transmission control Protocol, src Port: 3647 (3647), Dst Port: (80), Seq: 0, Len: 0可以看出我的IP和端口分别为122. 207. 49. 15, 3647;gaia. cs
29、. umass. edu 的 IP 和端口为 128. 119. 245. 12, 80。2. What is the sequence number of the TCP SYN segment that is used to initiate theTCP connection between the client computer and gaia. cs. umass. edu? What is itin the segment that identifies the segment as a SYN segment?答:如图3 Transmission control Protoco
30、l, src Port: 3633 (3633), Dst Port: (80), seq: 0, Len: 0 Source port: 3633 (3633) Destination port: (80) Sequence number: 0 (relative sequence number) Header length: 32 byres三 Flags: 0x0002 (SYN)0 = Congestion window Reduced (cwr): Not ser.0= ECN-Echo: Not set.0- urgent: Not set.0 . = Acknowledcrnen
31、t: Not set.0. - Push: Not set0. = Reset: Not sec0 = Fin: Not set window size: 65535 Checksum: 0xab5e correct options: (12 byres)SYN=1 o3. What is the sequence number of the SYNACK segment sent by gaia. cs. umass. eduto the client computer in reply to the SYN? What is the value of theACKnowledgement
32、field in the SYNACK segment? How did gaia. cs. umass. edu determine that value? What is it in the segment that identifies the segmentas aSYNACK segment?答:如图Sequence number: 0 (relative sequence number)Acknowledgement number: 1 (relative ack number)Header length: 24 bytesFlags: 0x0012 (SYN, ACK)0 =Co
33、ngestion window Reduced (cwr): Not set.0=ECN-Echo: Not set.0=urgent: Not set.1 = Acknowledgment: set.0. = Push: Not set0. = Reset: Not set1.= syn: set0= Fin: Not setSYN=ACK=1 o ACKnowledgemen=l 。4. What is the sequence number of the TCP segment containing the POST command? Note that in order to find
34、 th e POST command, you 11 need to dig intothe packet content field at the bottom of the Ethereal window, looking forsegment with a “POST” within its DATA field.答:如图Source port: 3650 (3650)Destination port: (80)Sequence number: 1 (relative sequence nunber)(Next sequence number: 222 (relative sequenc
35、e nunber)Acknowledgement nunber: 1 (relative ack nunber)Header length: 20 bytes图 Flags: 0x0018 (psh, ack)Window size: 65535Request URI: /check-outchain.phpRequest version: /1.1content-Type: mult1part/form-data; boundary=User-Agent: Post_MultiparTrnHnr niirl f 26n rnrnRequest Method: post二 Hypertext
36、Transfer Protocol=post /check_outcha1n.php /l.lrn0030 rr rr0040 6b 5f0050 54 540060 2d 540070 2f 66AAAA ,,78 86 00 006f 75 74 63 50 2f 31 2e 79 70 65 3a 6f 72 6d 2d , r/S 、J ,Je 3 c 1J 6 4 6 6,9 3 CJ 4 J6 0 7 7、 缸Od6d6128 10 4 6 3 2 6c20 2T 632e 70 686f 6e 7474 69 703b 20 62、J - J706561 6f .i,:20 6e
37、 72 乃 r J3 8 4-4 p- J6 4 7 7 6、.x. m| /cnec k_outcha In.php h ttp/1.1. .content -Tyjae: m uh i part /form-da ta; boun7d83e2d7al41ern可以看出 sequence number=l ,当为 the POST Command 时,7. What is the minimum amount of available buffer space advertised at the receivedfor the entire trace? Does the lack of receiver buffer space ever throttle thesender?答:最小如图:window size: 6912 (sealed)一 id,一.r没有。三、实验总结与心得很完整的分析,开始是物理层,MAC层,网络层,传输层,有些包没有应用层。虽然课本对于ICMP的学习不多,但是通过这次实验加深了对ICMP协议的理解,也 对ping操作进行了一些实践,还分析了 ICMP协议,发现原来不难,后来做到TCP协议 的截取包时,ethereal对TCP协议的分析就像书上的一样,所以对课文知识进行了巩 固,也慢慢接触了物理层和MAC层的一些简要分析。