TCPIP课程实验报告.docx-淘文阁

资源描述

《TCPIP课程实验报告.docx》由会员分享，可在线阅读，更多相关《TCPIP课程实验报告.docx（37页珍藏版）》请在taowenge.com淘文阁网|工程机械CAD图纸|机械工程制图|CAD装配图下载|SolidWorks_CaTia_CAD_UG_PROE_设计图分享下载上搜索。

1、TCP/IP协议族分析课程设计File Edit View Go Capture Analyze Statistics Telephony Tools Help郡第雪以第曰国货e昌、孝瞬森不生0。四日3国明舞&Filter: arp Expression. Clear ApplyNo.TimeSourceDestinationProtocolInfo120.217616Hangzhou_80:59:04Micro-St_78:12:8fARP-Whohas10.128.94.10?Tell171215.245469Hangzhou_80:59:04Micro-St_78:12:8fARPwho

2、has10.128.94.10?TellEti Frame 12: 60 bytes on wire (480 bits), 60 bytes captured (480 bits) Ethernet II, Src: Hangzhou_80:59:04 (00:0f:e2:80:59:04), Dst: Micro-St_78:12:8f (00:24:21:78:12:8f) a Address Resolution Protocol (request)Hardwaretype:Ethernet(0x0001)Protocoltype:IP(0x0800)Hardwaresize:6Pro

3、tocolsize:4Opcode: request (0x0001) is gratuitous: False Sender MAC address: Hangzhou_80:59:04 (00:0f:e2:80:59:04) sender IP address: 10.128.94.1 (10.128.94.1)Target MAC address: 00:00:00_00:00:00 (00:00:00:00:00:00)Target IP address: 10.128.94.10 (10.128.94.10)00000010002000300000001000200030f f o

4、o 0 0 8 0 o o a o o o o o f loo 8 0 0 0 2 0 0 0 1 o o o 8 4 0 0 7 0 0 0 1EO o2 o 4 0 0 0 2 0 0 0 0 8 0 0 o o o ono o o o o e o0 5 06 0 00 8 08 a o ooo4 4 0 0o o o o9 9 0 05 5 0 0o o a o8 8 0 02 260 ee5 o2.4.4. 协议长度(Protocol size)一个1字节的字段，指出发送端硬件地址和目标硬件地址字段中的协议地址长度(以字节计)。对于IP协议，IP地址的长度是4字节。如图2-5所示。a

5、rp.pcap - WiresharkFile Edit View Go Capture Analyze Statistics Telephony Tools Help辟黑客第第旦届& 旦金卷嗓a不必直叵 o R 凹 4/配当 &Filter: arp Expression. Clear ApplyNo.TimeSourceDestinationProtocolInfo120.217616Hangzhou_80:59:04Micro-St_78:12:8fARPwhohas10.128.94.10?Tell171215.24 5469Hangzhou_80:59:04Micro-St_78

6、:12:8fARPWhohas10.128.94.10?Tell1 Frame 12: 60 bytes on wire (480 bits), 60 bytes captured (480 bits)S Ethernet II, Src: Hangzhou_80:59:04 (00:0f:e2:80:59:04), Dst: Micro-St_78:12:8f (00:24:21:78:12:8f) Address Resolution Protocol (request)Hardware type: Ethernet (0x0001)Protocol type: IP (0x0800)Ha

7、rdware size: 6Protocol size: 4 opcode: request (0x0001) is gratuitous: False Sender MAC address: Hangzhou_80:59:04 (00:0f:e2:80:59:04) sender IP address: 10.128.94.1 (10.128.94.1)Target MAC address: 00:00:00_00:00:00 (00:00:00:00:00:00)Target IP address: 10.128.94.10 (10.128.94.10)000000100020003000

8、00001000200030f f o o 0 0 8 0 o o a o o o o o f 1 o o 8 0 0 0 2 0 0 0 1 o o o 810 o 7 ao o 16 0 0 2 0 0 0 4 0 0 0 2 0 0 0 0 8 0 0 o o o o11 oo o o o e o0 5 06 0 00 8 08 a oo o o4 4 0 0o o o o9 9 0 05 5 0 0o o a o8 8 0 02 2eo ee5 o5 -2 图2.4.5. 操作(Opcode)一个2字节的字段，指出ARP帧的类型。如图2-6所示。ARP本身支持两种基本操作: 请求与某一

9、协议地址相关联的硬件地址，响应早些时候的请求。同样，RARP也支持请求和响应操作的概念，这和反转ARP是一样的。表23列出了常用的ARP操作值。消息类型类型说明1ARP请求2ARP响应3RARP请求4RARP响应8反转ARP请求9反转ARP响应表2-3 ARP操作值arp.pcap - WiresharkFile Edit View Go Capture Analyze Statistics Telephony Tools Help口翻盘僦叙白国汉0旦Q拳嗓豆殳直向&瓮闻胭舞3Filter: arp Expression., Clear ApplyNo.|Time Source Destin

10、ationProtocol Info12 0.217616 Hangzhou_80:59:04 Micro-St_78:12:8f ARP1712 15.245469 Hangzhou_80:59:04 Micro-St_78:12:8f ARP Frame 12: 60 bytes on wire (480 bits), 60 byres captured (480 bits)S Ethernet II, Src: Hangzhou_80:59:04 (00:Of:e2:80:59:04), Dst: Micro-St_78:12:8f (00:24:21:78:12:8f) Address

11、 Resolution Protocol (request)Hardwaretype:Ethernet (0x0001)Protocoltype:IP (0x0800)Hardwaresize:6Protocol size: 4opcode: request (0x0001)is gratuitous: FalseSender MAC address: Hangzhou_80:59:04 (00:0f:e2:80:59:04)sender IP address: 10.128.94.1 (10.128.94.1)Target MAC address: 00:00:00_00:00:00 (00

12、:00:00:00:00:00)Target IP address: 10.128.94.10 (10.128.94.10)000000100020003000000010002000308 4 0 07 0 0 016 0 02 0 0 04 0 0 02 0 0 00 8 0 0 o o o of f o o 0 0 8 0 oo ao o o o o4 4 0 0o o o o9 9 0 05 5 0 0o o a o8 8 0 02 2 e o ee5 oo e o0 5 06 0 00 8 08 a o o o o0101002-62.4.6. 发送端硬件地址(Sender Mac

13、address)该字段的长度与硬件地址长度字段的值相同，包含发送ARP帧的节点的硬件或数据链路层地址。对于以太网和令牌环，该字段包含发送ARP节点的MAC地址。如图2-7所示。File Edit View Go Capture Analyze Statistics Telephony Tools HelpFilter:部*再 20总。昌i q ，谷* 叵直 0 q q巧国明器i Expression. Clear ApplyNo.TimeSourceDestinationProtocol120.217616Hangzhou_80:5 9:04Micro-St_78:12:8fARP1712

14、15.245469Hangzhou_80:5 9:04Micro-St_78:12:8fARPi Frame 12: 60 bytes on wire (480 bits), 60 bytes captured (480 bits)S Ethernet II, Src: Hangzhou_80:59:04 (00:0f:e2:80:59:04), Dst: Micro-St_78:12:8f (00:24:21:78:12:8f) 0 Address Resolution Protocol (request)Hardware Protocol Hardware ProtocolHardware

15、 Protocol Hardware Protocoltype: type: size: size:Ethernet (0x0001)IP (0x0800)64Opcode: request (0x0001)is gratuitous: FalseSender mac address: Hangzhou_80:59:04 (00:Of:e2:80:59:04)Sender IP address: 10.128.94.1 (10.128.94.1)Target MAC address: 00:00:00_00:00:00 (00:00:00:00:00:00)Target IP address:

16、 10.128.94.10 (10.128.94.10)00000010002000300000001000200030o o o o f loo 8 0 0 0 2 0 0 0 1 o o o 8 4 0 0 7 0 0 0 16 0 0 2 0 0 0 4 0 0 0 2 0 0 0 0 8 0 0 o o o ollo o o o o e o0 5 06 0 0 0 8 08 a o o o oo o o o o o o o2-图每个ARP交换过程都包含两个独立的包：源包和对这个包的请求的响应。发送端硬件地址类型字段说明了这个ARP包的发送者。如果这个包是一个请求，那么该字段包含的是发

17、送该请求的设备的硬件地址。如果ARP包是一个响应，那么这个字段包含的是发送该响应的设备的硬件地址。24.7.发送端协议地址(SenderIPaddress)该字段的长度与协议地址长度字段的值相同，包含发送ARP帧的节点的协议地址。对于IP,发送端协议地址字段包含发送ARP帧的节点的IP地址。如图28所示。File Edit View Go Capture Analyze Statistics Telephony Tools Help雪觎碰掌白届8旦Q孕嗓哥虫直叵0。凹回胭熊回Filter: arpExpression. Clear ApplyNo.TimeSourceDestinatio

18、nProtocol Info120.217616Hangzhou_80:59:04Micro-St_78:12:8fARP Who has 10.128.94.10?Tell171215.245469Hangzhou_80:5 9:04Mlcr o-St _78:12:8fARP Who has 10.128.94.10?TellS Frame 12: 60 bytes on wire (480 bits), 60 bytes captured (480 bits)ii Ethernet II, Src: Hangzhou_80:59:04 (00:0f:e2:80:59:04), Dst:

19、Micro-St_78:12:8f (00:24:21:78:12:8f) Address Resolution Protocol (request)Hardware type: Ethernet (0x0001)Protocol type: IP (0x0800)Hardware size: 6Protocol size: 4Opcode: request (0x0001) is gratuitous: FalseSender MAC address: Hangzhou 80:59:04 (00:0f:e2:80:59:04)Sender IP address: 10.128.94.1 (1

20、0.128.94.1)Target MAC address: 00:00:00_00:00:00 (00:00:0Target IP address: 10.128.94.10 (10.128.94.10)000000100020003000000010002000302 0 0 01 o o o8 4 0 07 0 0 016 0 02 0 0 04 0 0 02 0 0 00 8 0 0o o o of f o o0 0 8 0o o a oo o o o4 4 0 0o o o o9 9 0 05 5 0 0o o a o8 8 0 02 2 e o e e 5 o图2-8每个ARP交换

21、过程都包含两个独立的包：源包和对这个包的请求的响应。发送端协议地址类型字段说明了这个ARP包的发送者的IP地址。如果这个包是一个请求，那么该字段包含的是发送该请求的设备的IP地址。如果ARP包是一个响应，那么这个字段包含的是发送该响应的设备的IP地址。arp.pcap - WiresharkNo. kime|5our8Destinationprotocol |lnfo12 0.217616Hangzhou_80:59:04 Micro-St_78:12:8f ARPwho has 10.128.94.10?1712 15.245469 Hangzhou_80:59:04 Micro-St

22、_78:12:8f ARP田 Frame 12: 60 bytes on wire (480 bits), 60 bytes captured (480 bits)S Ethernet II, Src: Hangzhou_80:59:04 (00:0f:e2:80:59:04), Dst: Micro-St_78:12:8f (00:24:21:78:12:8f) Address Resolution Protocol (request)Protocol size: 4Hardware type:Ethernet (0x0001)Protocoltype:IP (0x0800)Hardware

23、size:6opcode: request (0x0001)is gratuitous: FalseSender MAC address: Hangzhou_80:59:04 (00:0f:e2:80:59:04)Sender IP address: 10.128.94.1 (10.128.94.1)Target MAC address: 00:00:00_00:00:00 (00:00:00:00:00:00)Target IP address: 10.128.94.10 (10.128.94.10)图292.4.8. 目标硬件地址(Target Mac address)该字段的长度与硬件地

24、址长度字段的值相同，包含发送ARP帧的节点的硬件或数据链路层地址。对于以太网和令牌环，目标硬件地址字段中的ARP请求帧的值是0x00-00-00-00-0 0- 00, ARP答复帧那么被设成ARP请求帧的MAC地址。如图2-9所示。图2-9中的目标硬件地址设为十六进制的00:00:00:00:00:00,这说明发送者不知道目的地系统的硬件地址(说明 ARP请求一个IP地址对应的硬件地址)。2.4.9. 目标协议地址(Target IP address)该字段的长度与协议地址长度字段的值相同，包含发送ARP帧的节点的协议地址。对于IP,目标协议地址字段中的ARP请求帧被设成被解析的IP地

25、址，ARP答复帧被设成ARP 请求帧的IP地址。如图2-10所示。arp.pcap - WiresharkFile Edit View Go Capture Analyze Statistics Telephony Tools HelpFilter:期堂徐霸叔白后解旦二卷今写生y国邈器3Expression. Clear ApplyNo. TimeSourceDestinationProtocolInfo12 0.217616Hangzhou_80:59:04Micro-St_78:12:8fARPWhohas10.128.94.10?Tell1712 15.245469Hangzhou_8

26、0:59:04Micro-St_78:12:8fARPwhohas10.128.94.10?Tell10.128.94.1 Frame 12: 60 byres on wire (480 bits), 60 bytes captured (480 bits) Ethernet II, Src: Hangzhou_80:59:04 (00:0f:e2:80:59:04), Dst: Micro-St_78:12:8f (00:24:21:78:12:8f) -3 Address Resolution Protocol (request)Hardware type: Ethernet (0x000

27、1)Protocol type: IP (0x0800)Hardware size: 6Protocol size: 4Opcode: request (0x0001) is gratuitous: False Sender MAC address: Hangzhou_80:59:04 (00:0f:e2:80:59:04) Sender IP address: 10.128.94.1 (10.128.94.1)Target MAC address: 00:00:00_00:00:00 (00:00:00:00:00:00)Target IP address: 10.128.94.10 (10

28、.128.94.10) 对原发送主机如何处理收到的错误没有要求。直到实施TCP/IP后，源发送主机才开始解释收到的错误并对自己的行为作相应调整。0000001000200030图210第三章因特网控制消息协议(ICMP)网络层3.1 ICMP协议简介因特网协议(IP)为IP数据报提供了端对端的数据报传送能力。然而，IP不提供任何工具报告IP数据报在从源端到目的端的传输过程中所遇到的路由错误和传送错误，而是由 ICMP代替IP报告错误情况和控制情况。当协议遇到不能在信息包处理过程中恢复的错误时，它可以废弃有问题的信息包并向源发送主机发送错误通知。这种处理方式称为有提示废弃。ICMP为特定

29、类型的IP路由错误和传送错误提供有提示废弃服务。ICMP是一个可扩展的协议，它也为自动主机配置提供IP连通性检查和帮助功能。ICMP并不使IP变得更可靠。IP和ICMP中都没有工具提供排序或重发出错的IP数据报的功能。ICMP消息以IP数据包形式发送出去并不可靠，并且尽管ICMP会报告错误，但2 0 0 01 o o o8 4 0 07 0 0 016 0 02 0 0 04 0 0 02 0 0 00 8 0 0o o o o005e00o e o0 5 06 0 00 8 08 a o o o o010100ICMP消息只为IP数据报的第一个帧发送。对于ICMP错误消息遇到的问题或广播

30、数据报或多路广播数据报遇到的问题那么不发送ICMP消息。3.2 ICMP消息结构ICMP Echo Request （Reply）报文结构如图3-1所示，它包括类型、代码、校验和、标识符和序号（亦称序列号），后面是ICMP的数据。其中类型占8位，校验和占16位，这三个字段共32位，在任何ICMP报文中是不变的，后面字段结构根据不同的ICMP类型和代码有所不同，如图3-2所示，为ICMP通用格式。类型（0或g）代码（0）检验和标织符序号3115 1607 8选项数据8字节131图3115 168位类型8位类型8位代码16位检验和（不同类型和代码有不同的内容）图3-23.3 Echo Re

31、quest 和 Echo Reply 查询消息ICMP提供了两个查询消息Echo Request和Echo Reply,这两个查询消息放在一起以测试网络上的某远程系统是否在工作。ICMP Echo Request查询消息是用户发送到目的主机的探测包，并由ICMP Echo Reply查询消息来响应。图3-3和图3-4显示互联网络上两个主机之间一个简单的ping。其中主机113.14.63.144 在 ping 主机 220.181.111.147,它们之间通过发送 ICMP Echo Request 和 ICMP Echo Reply 来完成。iring froriver (Micros

32、oFile Edit View Go Capture Analyze statistics Tetephony Tools Help出蒙矗修出囱国会0m q伞砂国不力画国 a d 0曰 4 M造舞 Filter: icmp Expression. Clear ApplyMo.|Sour8一 1OftsttnaHpQi| Protocol |lnfo3 0.060265ICMPEcho (ping) request(1d=0x0500, seq(be/le)=19712/77, 51=64)4 0.101581ICMPEcho (ping) reply(1d=0x0500, seq(be/l

33、e)=19712/77, Ttl=54) + Frame 3: 82 bytes on wire (656 bits), 82 bytes captured (656 bits)3 Ethernet II, src: Realteks_c3:cd:17 (00:e0:4c:c3:cd:17), Dst: unispher_a3:af:73 (00:90:la:a3:af:73) + ppp-over-Ethernet session田 Point-to-Point Protocol+ internet Protocol, Src: 113,14.63.144 (113.14.63.144),

34、Dst: 220,181.111.147 (220.181.111.147)T internet control Message ProtocolType: 8 (Echo (ping) request)code: 0checksum: Oxfb5b correct Identifier: 0x0500sequence number: 19712 (0x4d00)Sequence number (le): 77 (0x004d)Lt Data (32 bytes)00000090001022b30020804100304d0000406f700050686900000090001022b300

35、20804100304d0000406f7000506869la 00 71 61 71a33eOe6272af 00 3f 637373 00 eO2190647445 de 657500 b5 66 764c 00 6f 67 77c33c93686117 88 64 11 0098006a6300 fb6b64005b6c6540 05 6d6601006e67Id.!E.Aq. ?. o. .J.M.abcdef ghijklmn opqrstuv wabedefg hi图 3-3 ICMP Echo Requestriver (MicrosoFie Edit View Go Capt

36、ure Analyze statistics Tetephony Tools Help修飙嬴3阻困国 *0昌QQ或不当画国0Q触日胭芯3Filter: icmp Expression. Clear ApplyNo.TimeSourceDestinationProtocolInfo3 0.060265ICMPEcho(ping)request(1d-0x0500,seq(be/1e)-19712/77,ttl-64)4 0.101581ICMPEcho(ping)reply(id=0x0500,seq(be/le)=19712/77,ttl=54) + Frame 4: 82 bytes on

37、wire (656 bits), 82 bytes captured (656 bits)+ Ethernet II, src: unispher_a3:af:73 (00:90:la:a3:af:73), Dst: Realteks_c3:cd:17 (00:e0:4c:c3:cd:17) + ppp-over-Ethernet session+ Point-to-Point Protocolt internet Protocol, Src: 220,181.111.147 (220.181.111.147), Dst: 113.14.63.144 (113.14.63.144)-inter

38、net control Message ProtocolCode: 0checksum: OxO35c correct Identifier: 0x0500Sequence number: 19712 (0x4d00)Sequence number (le): 77 (0x004d) Data (32 bytes)ooooooooooco ell4 o d 6 70 0 6 6 69 0 0 6 70 5 15 50 4 7 6 77 13 4 412 9 6 7 d of 3 3 c o 6 6 73 e 5 2 2 c 3b 6 7f d19 2a f 136 63 c o 8 1 a 3

39、96 6 a of 7 710 3 6 70050 68 6973 88 64 11 0098 00 00 36 0100 03 5c 05 006a 6b 6c 6d 6e63 64 65 66 67.Ls.d.u.!E. .！ E. q .Aq. 7. . . o. .M. a bed ef ghi j kl mn qr stuvw abedef g hi0000 oo 90 la a3 af 73 DD eo 0010 22 b3 00 3e 00 21 45 00 002 0 80 41 71 Oe 3f 90 de bS 0030 4d 00 61 62 63 64 65 66 m

40、侬部 7,72 73 74 75 76图3-5E.ile 己 dit 义iew 女 a pture 8.na lie tatisticsTelephon:t. Io ols Belp邑织邕碰亨诩箕艺邑久七吟心了立巨耳 Q Q破句涵团巴冀 Expies sion. Clea r Ap 伪J Protocol _fuifoICMP Echo ( pi ng) requestICMP Ec ho ( pi ng) r epl y(i d=O)(0 500 , scq( be/ I c) =19712/77, u 1=64) (id -0)(0500 , scq( be/1 e) -1 971 2/77 , it 1-54)Filter: pempN

展开阅读全文