计网实验IPandTCPProtocoalAnalysiswithWireShark.docx
《计网实验IPandTCPProtocoalAnalysiswithWireShark.docx》由会员分享,可在线阅读,更多相关《计网实验IPandTCPProtocoalAnalysiswithWireShark.docx(16页珍藏版)》请在冰豆网上搜索。
计网实验IPandTCPProtocoalAnalysiswithWireShark
IPandTCPProtocoalAnalysiswithWireShark
LearningObjectives
Atcompletionofthislab,youwillbeableto:
1.UnderstandtheIPprotocol,IPfragmentationandre-assembly
2.UnderstandTCP3-wayhandshakeforconnectionsetupandtermination,aswellasdataexchange
3.UnderstandICMPprotocolandhowthepingprogramworks
4.Understandhowtracert(traceroute)programworks
ReportandFeedbackonthislab
Thislabshouldbedoneindividually.
Ifyoudonotwanttocapturethelivepacketsinthislab,youcandownloadmydatafilesforanalysis(lab4.zip).
Answerallquestionswithsupportingscreenshots.Pleasealsofillinthefollowingfeedbackformandappendittothereport.Yourfeedbackisvaluabletoussothatwecanimprovethislab,andmakethelabbetter.
Foreachtask,pleaseratethefollowinginthescaleof1through5:
∙Thedegreeofdifficulty:
1=tooeasy;5=toodifficult
∙Thelearningexperience:
1=learnednothing;5=learnedalot
∙Yourinterest:
1=nointerest;5=highinterest
∙Timeusedforthetask:
inminutes
Task
Difficulty(1—5)
Learning(1—5)
Interest(1—5)
Time(min)
background
Task1
Task2
Task3
Yoursuggestion/comment:
Background
Youneedtoreadandanswerthequestionsinthisbackgroundpartbeforethelab.
ReadLecturesonIPandICMPprotocols.ReadLecturesonTCPprotocol.
Question1:
InIPheader,thereisafieldcalled“protocol(type)”.Whatisitusedfor?
用来规范数据传输方法,使不同电脑之间可以通信
Question2:
HowanICMPmessageistransported(encapsulation)?
ICMP信息封装在IP报文当中。
Question3:
WhichICMPmessagesareusedtoimplementthePingprogram?
Echorequestandechoresponse。
Ping使用type8requests和type0replies。
Question4:
Useafiguretoshowthe3-wayhandshaketoestablishaconnectionintheTCPprotocol.
第一次握手:
主机A发送位码为syn=1,随机产生seqnumber=1234567的数据包到服务器,主机B由SYN=1知道,A要求建立联机;第二次握手:
主机B收到请求后要确认联机信息,向A发送acknumber=(主机A的seq+1),syn=1,ack=1,随机产生seq=7654321的包第三次握手:
主机A收到后检查acknumber是否正确,即第一次发送的seqnumber+1,以及位码ack是否为1,若正确,主机A会再发送acknumber=(主机B的seq+1),ack=1,主机B收到后确认seq值与ack=1则连接建立成功。
完成三次握手,主机A与主机B开始传送数据
Traceroute(tracert)isanimportantandusefulutilitytoolfornetworktestinganddebugging.Readmoreonitandlearnhowtouseit:
∙MSWindowstracertcommand,
Task1StudyWindowstracertprogramandhowtofindaroute
InMSWindows,tracertcanbeusedtofindaroutefromthesourcehost,viarouters,todestinationhost.Thistaskisabouthowtracertworksandhowwecanuseitfor.Followthestepstostartuptheprogramsandcapturethepackets.
(1) Startupacommandwindow
ClickStartontheleftcornerofyourdesktop,andchooseRun.ThentypecmdtostartupaDOScommandwindow.Inthiswindow,youcanalsotypecommand"tracert/?
"tolearnmoreonthecommand,orreadmoreviathelinkabove.
(2)StartuptheWireSharkprogram
StartupWiresharkandbeginpacketcapture.
(3) Runthetracertprogram
Typethefollowingcommandtofindarouteto :
tracert
(4)StoptheWireSharkcapturing
Whentracert ends,stopthecapturing,andsavethedatatoafile(youcanopenthefiletoanalyzethepacketslater).
(5)Copytheoutputoftracerttothelabreportfile.
Byanalyzingtheoutput,wecanlearnaroutefromthesourcetothedestination,andhowabouttheresponsetimebetweenthesourceandintermediaterouters.
Question5:
Howmanyroutersareontheroutefromyourcomputerto?
WhataretheirIPaddresses?
1、192.168.156.254
2、210.32.39.250
3、60.191.32.65
4、218.75.123.233
5、61.130.127.249
6、220.191.142.49
7、115.239.209.18
8、115.239.210.27
Question6:
Basedontheoutputfromthetracert,drawthemapofthenetworksbasedontheoutput.ShowtheIPaddressesforthesourcecomputer,destinationcomputer,androuters.
Nowlookatthecaptureddata.
source:
192.168.156.57
Destination:
115.239.210.27
Routers:
1、192.168.156.254
2、210.32.39.250
3、60.191.32.65
4、218.75.123.233
5、61.130.127.249
6、220.191.142.49
7、115.239.209.18
8、115.239.210.27
(6)analyzethefirstICMPmessage
SincetracertusesICMPmessagestotracetheroutetothedestinationcomputer,youcanuse“icmpandip.addr==192.168.x.x”asthedisplayfilerinWireSharktoonlydisplayICMPmessages,where192.168.x.xshouldbeyourcomputerIPaddress.ThenselectthefirstICMPEchoRequestmessagesentbyyourcomputer,andexpandtheInternetProtocolandICMPheadersofthepacketinthepacketdetailswindow(asIdidbelow,tooviewbetter,youcanusezooming).
Question7:
WhatisthevalueintheprotocoltypefieldofIPpacket?
Whyitisthisvalue?
WhatisthetypevalueinICMPheader?
Whatdoesitmean?
Howmanyb
升级会员 