计算机网络6.docx
《计算机网络6.docx》由会员分享,可在线阅读,更多相关《计算机网络6.docx(12页珍藏版)》请在冰豆网上搜索。
计算机网络6
杭州电子科技大学
《计算机与网络实验》
课程实验报告
实验六:
DNS,DataEncapsulationandFrameExamination
学院通信工程
班级14083415
学号14081515
姓名何必锋
指导教师冯维
LearningObjectives
Atcompletionofthislab,youwillbeableto:
1.UseWiresharktocaptureandanalyzeDNSmessage
2.UnderstandhowDNSworks
3.usenslookupandipconfigcommands
4.ExplaintheheaderfieldsinanEthernetIIframe.
5.understanddataencapsulation
6.ReportandFeedbackonthislab
Answerallquestionswithsupportingscreenshots.Pleasefillinthefollowingfeedbackformandappendittothereport.Yourfeedbackisvaluabletoussothatwecanimprovethislab,andmakethecoursewelcome.
Background
Whenupperlayerprotocolscommunicatewitheachother,dataatthesendinghost flowsdowntheTCP/IPprotocollayersandisencapsulatedintoaprotocoldataunitatlowerlayer,andfinallyencapsulatedinaLayer2frame.Forexample,DNSmessageisoftentransportedbyUDPprotocolonlayer4.SoDNSmessageatthesendinghostisencapsulatedinaUDPsegment; theUDPsegmentisthenencapsulatedinanIPpacket,andtheIPpacketisencapsulatedfinallyinalayer2frame.Theframecompositionisdependentonthemediaaccesstype,orthenetwork.Forexample,ifthemediaaccessisEthernet,thentheLayer2frameencapsulationwillbeEthernetII.
Whenlearningaboutdataencapsulationandprotocoloperations,itishelpfultoanalyzetheheaderinformationfoundintheprotocoldataunits.TheDNSprotocoloperation,ipconfigcommand,andEthernetIIframeheaderwillbeexaminedinthislab.EthernetIIframescansupportvariousupperlayerprotocols.
Tasks
Task0 ProtocolLayersandDataEncapsulation
AswehavediscussedinLecture02,Internetisinter-connectednetworksbasedonTCP/IPprotocols.Readtheslidesortextbooktolearnhowdatagoesthroughprotocollayersandhowdataisencapsulatedintheprotocoldataunits.Thereareconventionalnamesfortheprotocoldataunitsfordifferentlayerprotocols.
Question1. Whatarenamesfortheprotocoldataunits(PDUs)forlayer4,layer3,andlayer2protocolsinTCP/IPreferencemodelbyfillingthefollowform:
对协议数据单元(PDU)的名字都是什么4层、3层和2层协议,TCP/IP参考模型填充下列表格:
nameforPDUoflayer4protocols:
segment
nameforPDUoflayer3protocol:
packet
nameforPDUoflayer2protocol:
frame
Task1 DNSandnslookup
Aswediscussed,IPaddressisusedtoidentifyahostuniquelyontheInternet.ButIPaddressisnotuser-friendlyandthatiswhydomainnamewasintroduced.TheDomainNameSystem(DNS)translateshostnamestoIPaddresses,providingacriticalroleintheInternetinfrastructure.
Inthistask,wepracticethenslookuptool,whichisavailablebothinLinux/UnixandMSWindows.TorunnslookupinMSWindows,youneedtoopenthecommandlinewindowbystartingthecommand"cmd.exe". Withnslookup,youcanqueryanyspecifiedDNSserver(bydefault,yourlocalconfiguredDNSserver)foraDNSrecord.Toaccomplishthistask,nslookupsendsaDNSquerytothespecifiedDNSserver,receivesaDNSreplyfromthatsameDNSserver,anddisplaystheresult.
Typethecommand"nslookup www.MIT.edu",andcapturetheoutput,asIdidandshowedbelow:
Question2:
WhatistheDNSserverIPaddressthatisusedtoqueryandfindIPaddressforwww.MIT.edu?
AndIPaddressforwww.MIT.edu?
Question3:
WhataredomainnameserversforandtheirIPaddresses?
Question4:
WhichDNSserverisusedtoqueryandfornameresolution?
YoucanalsousenslookuptofindthemappingfromIPaddressestothehostnames.Typethecommands“nslookup192.168.156.101”and“nslookup”,andcapturetheoutput,asIdidandshowedbelow
Question5:
Canahosthavemultiplehostnames?
WhatistheIPaddressformoodle.tec.hkr.se?
HowmanynamesdoyoufindforthisIPaddress?
可以有,IP:
194.47.35.25有且只有moodle.tec.hkr.se
Task2DNSandipconfig
ipconfig(forWindows)andifconfig(forLinux/Unix,interfaceconfiguration)areamongthemostusefultoolsfordebuggingnetworkissues.
ipconfigcanbeusedtoshowyourcurrentTCP/IPinformation,includingyouraddress,DNSserveraddresses,adapter(networkinterfacecard)typeandsoon.Forexample,ifyouwanttofindallthisinformationaboutyourhost,simplyenterthecommand“ipconfig/all”inthecommandline.
Question6:
WhatistheIPaddressforyourcomputer,andwhatisthelocalDNSserverIPaddress?
ipconfigisalsoveryusefulformanagingtheDNSinformationstoredinyourhost.Toimprovethenetworkingperformance,ahostcancacheDNSrecordsitrecentlyobtained.Toviewthesecachedrecords,youcanusethecommand“ipconfig/displaydns”.EachentryshowstheremainingTimetoLive(TTL)inseconds.Toclearthecache,enterthecommand“ipconfig/flushdns”.FlushingtheDNScacheclearsallentriesandreloadstheentriesfromthehostsfile.
Task3DNSProtocolAnalysiswithWireShark
NowitistimetocaptureDNSprotocoldataanddotheanalysiswithWireShark.FollowthestepstocapturetheDNSpackets:
∙closeallotherInternetapplicationstoreducethecaptureddata
∙startawebbrowser
∙useipconfigtoemptytheDNScacheinyourcomputer
∙startWireSharkprogram,andenterthedisplayfilter“ip.addr==10.66.127.1anddns”,wheretheIPaddress192.168.0.100shouldbetheIPaddressforyourcomputer.Youfinditinquestion6.
∙StartpacketcaptureinWireShark
∙Entertheurladdresshttp:
//www.ietf.orgtoyourwebbrowsertoviewthepage.
∙Stopthepacketcapture.
Question7:
LocatetheDNSqueryandresponseforresolvingwww.ietf.org.AretheysentoverUDPorTCP?
找到解决www.ietf.orgDNS查询和响应。
他们是通过UDP或TCP发送?
UDP
Question8:
WhatisthedestinationportfortheDNSquerymessage?
Whatisthesourceport
ofDNSresponsemessage?
DNS查询消息的目的端口是什么?
什么是源端口
DNS响应消息?
目的端口:
210.32.32.1
源端口:
10.66.127.1
Question9:
TowhatIPaddressistheDNSquerymessagesent?
UseipconfigtodeterminetheIPaddressofyourlocalDNSserver.ArethesetwoIPaddressesthesame?
发送DNS查询消息的IP地址是什么?
使用ipconfig来确定你的本地DNS服务器的IP地址。
这两个IP地址是一样的吗?
是一样的
Question10:
ExaminetheDNSquerymessage.What“Type”ofDNSqueryisit?
Doesthe
querymessagecontainany“answers”?
检查DNS查询消息。
DNS查询的“类型”是什么?
做
查询消息包含任何“答案”?
没有类型为‘A’
Question11:
ExaminetheDNSresponsemessage.Howmany“answers”areprovided?
What
doeachoftheseanswerscontain?
检查DNS响应消息答案”提供的是多少
ForinfoonMACaddresses,readslide26(Lecture10).ForfindingNICmanufacturer,usetheonlineserverat.
InWireSharkwiththecapturedDNSpacketsdoneinthelasttask,expandtheframeinformation,asyoucouldseemyexample:
FortheEthernetframecontainingDNSquerymessageforresolvingwww.ietf.org,answerthefollowingquestions:
它表明,在以太网帧中包含的数据是一个IP数据包,在IP数据包中包含的数据是UDP段,UDP段中的数据是DNS消息!
总帧长度为72字节(不包括CRC校验位)。
包含DNS查询报文的以太网帧,解决www.ietf.org,回答下列问题:
Question12:
WhatisthedestinationMACaddress?
WhatisitsNICmanufacturer,andwhatistheNICserialnumber?
目的地MAC地址是什么?
什么是它的NIC制造商,什么是NIC序列号?
00:
00:
5e:
00:
01:
02
00:
00:
5e
00:
01:
02
Question13:
WhatisthesourceMACaddress?
WhatisitsNICmanufacturer,andwhatistheNICserialnumber?
MAC地址的来源是什么?
什么是它的NIC制造商,什么是NIC序列号?
54:
35:
30:
84:
d1:
75
54:
35:
30
84:
d1:
75
Question14:
whatisthevalueinthetypefield?
Whatdoesthisvaluemean?
类型字段的值是多少?
这个值意味着什么?
MAC(MediaAccessControl,介质访问控制)地址,也叫硬件地址,长度是48比特(6字节),由16进制的数字组成,分为前24位和后24位:
前24位(也就是前3个字节)叫做组织唯一标志符(OrganizationallyUniqueIdentifier,即OUI),是由IEEE的注册管理机构给不同厂家分配的代码,区分了不同的厂家。
后24(后三个字节)位是由厂家自己分配的,称为扩展标识符。
同一个厂家生产
的网卡中MAC地址后24位是不同的。
Now,changethedisplayfilterto“arp”inWireShark,sothatonlyARPpacketsaredisplayed,forexample,Igot:
现在,改变显示过滤器“ARP”Wireshark,所以只有ARP数据包的显示
LocateabroadcastARPmessage,andexaminetheEthernetframeheader,answerthequestions:
找到广播ARP消息,并检查以太网帧头,回答问题:
Question15:
WhatisthedestinationMACaddress?
Isthisaddressspecial?
Whatdoesitmean?
目的地MAC地址是什么?
这个地址特别吗?
这是什么意思?
Ff:
ff:
ff:
ff:
ff:
ff
Question16:
WhatisthesourceMACaddress?
WhatisitsNICmanufacturer,andwhatistheNICserialnumber?
Isitauni-castaddress?
Why?
MAC地址的来源是什么?
什么是它的NIC制造商,什么是NIC序列号?
这是一个单独的地址吗?
为什么?
(1)MAC:
74:
25:
8a:
3a:
4d:
06
(2)NICmanufacturer:
74:
25:
8aNICserialnumber:
3a:
4d:
06
(3);Yes/。
IEEE802.3规定:
以太网的第48bit用于表示这个地址是组播地址还是单播地址。
如果这一位是0,表示此MAC地址是单播地址,如果这位是1,表示此MAC地址是多播地址
(4)
Question17:
whatisthevalueinthetypefield?
Whatdoesthisvaluemean?
类型字段的值是多少?
这个值意味着什么?
这是我在网上找到的相关的解答:
前同步码:
802.3协议的帧的第一个字段
长度:
7个字节,56比特
内容:
交替出现的0和1
作用:
提醒接收系统有帧到来,使帧与输入定时同步,由物理层添加进MAC帧
SFD:
又叫帧首定界符
长度:
1个字节
内容:
10101011
作用:
作为帧开始的信号,SFD提醒接收站,这是最后一次进行同步的机会,最后俩个比特提醒接收方,接下来的字段是目的地址,由物理层加入帧
DA:
目的地址
长度:
6个字节
内容:
要发往地方的物理地址
SA:
源地址
长度:
6个字节
内容:
发送方的物理地址
长度或类型:
长度:
2个字节
作用:
最初以太网将此字段用作类型字段,定义使用改MAC帧的上层协议,IEEE标准定义为长度字段,用来指明在数据字段中包含的字节数目
数据域:
长度:
46-1500字节
CRC
长度:
4个字节
内容:
差错检验信息
作用:
差错校验