计网实验IP and TCP Protocoal Analysis with WireSharkWord下载.docx
《计网实验IP and TCP Protocoal Analysis with WireSharkWord下载.docx》由会员分享,可在线阅读,更多相关《计网实验IP and TCP Protocoal Analysis with WireSharkWord下载.docx(16页珍藏版)》请在冰豆网上搜索。
inminutes
Task
Difficulty(1—5)
Learning(1—5)
Interest(1—5)
Time(min)
background
Task1
Task2
Task3
Yoursuggestion/comment:
Background
Youneedtoreadandanswerthequestionsinthisbackgroundpartbeforethelab、
ReadLecturesonIPandICMPprotocols、ReadLecturesonTCPprotocol、
Question1:
InIPheader,thereisafieldcalled“protocol(type)”、Whatisitusedfor?
用来规范数据传输方法,使不同电脑之间可以通信
Question2:
HowanICMPmessageistransported(encapsulation)?
ICMP信息封装在IP报文当中。
Question3:
WhichICMPmessagesareusedtoimplementthePingprogram?
Echorequestandechoresponse。
Ping使用type8requests与type0replies。
Question4:
Useafiguretoshowthe3-wayhandshaketoestablishaconnectionintheTCPprotocol、
第一次握手:
主机A发送位码为syn=1,随机产生seqnumber=1234567的数据包到服务器,主机B由SYN=1知道,A要求建立联机;
第二次握手:
主机B收到请求后要确认联机信息,向A发送acknumber=(主机A的seq+1),syn=1,ack=1,随机产生seq=7654321的包第三次握手:
主机A收到后检查acknumber就是否正确,即第一次发送的seqnumber+1,以及位码ack就是否为1,若正确,主机A会再发送acknumber=(主机B的seq+1),ack=1,主机B收到后确认seq值与ack=1则连接建立成功。
完成三次握手,主机A与主机B开始传送数据
Traceroute(tracert)isanimportantandusefulutilitytoolfornetworktestinganddebugging、Readmoreonitandlearnhowtouseit:
∙MSWindowstracertcommand,、microsoft、com/resources/documentation/windows/xp/all/proddocs/en-us/tracert、mspx?
mfr=true
Task1StudyWindowstracertprogramandhowtofindaroute
InMSWindows,tracertcanbeusedtofindaroutefromthesourcehost,viarouters,todestinationhost、Thistaskisabouthowtracertworksandhowwecanuseitfor、Followthestepstostartuptheprogramsandcapturethepackets、
(1)
Startupacommandwindow
ClickStartontheleftcornerofyourdesktop,andchooseRun、ThentypecmdtostartupaDOScommandwindow、Inthiswindow,youcanalsotypecommand"
tracert/?
"
tolearnmoreonthecommand,orreadmoreviathelinkabove、
(2)StartuptheWireSharkprogram
StartupWiresharkandbeginpacketcapture、
(3)
Runthetracertprogram
Typethefollowingcommandtofindarouteto
、com:
tracert
、com
(4)StoptheWireSharkcapturing
Whentracert
ends,stopthecapturing,andsavethedatatoafile(youcanopentheanalyzethepacketslater)、
(5)Copytheoutputoftracerttothelabreportfile、
Byanalyzingtheoutput,wecanlearnaroutefromthesourcetothedestination,andhowabouttheresponsetimebetweenthesourceandintermediaterouters、
Question5:
Howmanyroutersareontheroutefromyourcomputerto、com?
WhataretheirIPaddresses?
1、192、168、156、254
2、210、32、39、250
3、60、191、32、65
4、218、75、123、233
5、61、130、127、249
6、220、191、142、49
7、115、239、209、18
8、115、239、210、27
Question6:
Basedontheoutputfromthetracert,drawthemapofthenetworksbasedontheoutput、ShowtheIPaddressesforthesourcecomputer,destinationcomputer,androuters、
Nowlookatthecaptureddata、
source:
192、168、156、57
Destination:
115、239、210、27
Routers:
(6)analyzethefirstICMPmessage
SincetracertusesICMPmessagestotracetheroutetothedestinationcomputer,youcanuse“icmpandip、addr==192、168、x、x”asthedisplayfilerinWireSharktoonlydisplayICMPmessages,where192、168、x、xshouldbeyourcomputerIPaddress、ThenselectthefirstICMPEchoRequestmessagesentbyyourcomputer,andexpandtheInternetProtocolandICMPheadersofthepacketinthepacketdetailswindow(asIdidbelow,tooviewbetter,youcanusezooming)、
Question7:
WhatisthevalueintheprotocoltypefieldofIPpacket?
Whyitisthisvalue?
WhatisthetypevalueinICMPheader?
Whatdoesitmean?
HowmanybytesarethereintheIPheader?
HowmanybytesarethereinthepayloadoftheIPpacket?
Explainhowyoudeterminedthenumberofpayloadbytes、
IP数据包的协议种类就是ICMP。
ThevalueintheprotocoltypefieldofIPpacketisICMP
(1)
ThetpyevalueinICMPheaderis1、意味着无法连接到主机Headerlength:
20bytes。
Payloadlength:
64bytes。
Question8:
HasthisIPpacketbeenfragmented?
Explainhowyoudeterminedwhetherornotthepackethasbeenfragmented、WhatistheIdentificationforthisIPpacket?
IP数据包的总长度就是92字节,payload长度就是64字节,所以没有被分成片段。
Identification:
0x66f1(26353)
Question9:
WhatistheTTLvalueforthisIPpacket?
Whythisvalueisset?
Timetoliveis3。
这个数字可以被认为就是网络系统中数据包的数字,TTL电平随着传输的距离增大会降低,当通过3个路由器后,数据被丢弃。
(7)SelectthefirstICMPTimeexceededmessage,andexpandtheIPprotocolheader(asIdidbelow)
Question10:
WhatisthesourceIPaddressofthisIPpacket?
AndwhatisthedestinationIPaddressofthispacket?
Whatisthevalueintheprotocoltypefield(inIPheader)?
sourceIPaddress:
192、168、152、57
DestinationIPaddress:
115、239、210、27
Protocoltype:
ICMP
Question11:
WhatistheICMPmessagetypecarriedinthepacket?
Whatisthesenderofthismessage?
Type8。
115、239、210、27(XX服务器)
(8)
Readsomeothercapturedpackets,andanswerthequestions:
Question12:
WhatarethevaluesintheIdentificationfieldandtheTTLfieldintheICMPEchorequestmessages?
WhyareTTLvaluessetlikethis?
TTL:
64。
原始的TTLvalue就是由我们自己的操作系统决定的。
Task2IPfragmentation
ThistaskistolearnhowIPfragmentationandre-assemblywork、
(9)
StarttheWireSharkpacketcapturing
(10)Inthecommandwindowrunthecommandpingtocheckif
、com、cnisalive,sendtheICMPmessageofsize128bytes(usinglengthoption-l128):
ping
、com、cn-l
128
youwillgettheoutputasfollows:
(11)stopthepacketcapturingandsavethedatatoafile(my128、pcap)
Now
readthecapturedpacketsanddotheanalysis:
(12)First,useFilter
“icmp”todisplayonlyICMPmessages,asfollows:
Question13:
calculatetheroundtripdelaysfor4ICMPEchorequestandEchoreplymessages,findtheminimum,maximum,andaveragedelays、Comparethemwiththevaluesgivenintheoutputofthepingprogram、
相差7ms
相差5ms
相差16ms
比较之后,易得相同
Question14:
whatisthevalueintheIdentificationfieldofframe74?
Whyarethelength170byts?
1360/8=170
Nextweanalyzethefragmentation、
(13)
(14)Inthecommandwindowrunthecommandpingtocheckif
192、168、156、101isalive,sendtheICMPmessageofsize3000bytes(usinglengthoption-l3000):
192、168、156、101-l
3000
(15)InthecapturedfirstICMPEchorequestmessagepacket,expandsIPprotocolheader,youwillfindIPFragmentsasIshowedbelow、ThisICMPEchorequestmessagewascarriedin3IPpackets(fragments)、Thesefragmentsarefoundinthepacketnumber71,72and73,inmyexample、
Question15:
whatisthevalueintheIdentificationfield?
Ontheline"
IPFragments(3008bytes):
、Whythepayloaddataisof3008bytes?
Nowanalyzethesefragments、Removethedisplayfilter,andlocatethepacketnumbers、
Question16:
FillinthefollowingtablebasedonIPheadersinthesefragments:
Packetnumber
IPIdentification
Morefragmentbit
Fragmentoffsetinbytes
Fragmentoffsetin8-bytes
Headlength
Totallength
129791
0x1454
Notset
2960
370
20
68
129898
0x145f
129998
0x1465
Question17:
HowdoyouknowifanIPfragmentisthefirstfragment,andanIPfragmentisthelastfragment?
IfthevalueofFragmentoffsetis0andmorefragmentissetto1,itmeansthatthisIPfragmentisthefirstfragment、Ifmorefragmentissetto0,itmeansthatthisIPfragmentisthelastfragment、
Task3TCPoperations
Inthistask,youwillcapturepacketsfromHTTPapplication、Followthestepstocapturepackets、
(16)
Terminateyourwebbrowserprogram、
(17)
StarttheWireSharktocapturethepackets、
(18)
Fillintheaddresshttp:
//、edu、cnandclickthelinktoviewsomepages、
(19)
Endthepacketcapturing,andsavethedatatoafile(myhdu1、pcap)、
(20)
Use“httpandip、addr==192、168、159、52”asthefiltertoonlydisplaytheHTTPdataunit,
Question18:
WhatistheIPaddressforyourcomputer,andwhatistheIPaddressfor、edu、cn?
我的电脑IP:
192、168、1、106
杭电IP:
111、1、61、73
Next,youonlyneedtoreadandanalyzethedatacommunicationsbetweenyourcomputerand、edu、cn、
(19)3-wayhandshaketosetupaTCPconnection、
Use“tcpandip、addr==192、168、159、52”asthedisplayfilter(asshownbelow),andfindthe3TCPsegmentsthatperformtheconnectionsetup、
Question19:
Whatareportnumbersfor、edu、cnandyourwebbrowserapplications?
Question20:
whatarethe3packetnumbersforco
升级会员 