常見協(xié)議解碼詳解_第1頁
常見協(xié)議解碼詳解_第2頁
常見協(xié)議解碼詳解_第3頁
常見協(xié)議解碼詳解_第4頁
常見協(xié)議解碼詳解_第5頁
已閱讀5頁,還剩8頁未讀, 繼續(xù)免費閱讀

下載本文檔

版權(quán)說明:本文檔由用戶提供并上傳,收益歸屬內(nèi)容提供方,若內(nèi)容存在侵權(quán),請進行舉報或認領(lǐng)

文檔簡介

1、常見協(xié)議解碼詳解數(shù)據(jù)包封包分層DataLinkLayerWetworkLayer數(shù)據(jù)鏈路層DataLinkLayer如:設(shè)備驅(qū)動網(wǎng)絡(luò)層NetworkLayer如:IP,ICMP,IGMP等TransportLayer傳輸層TransportLayer女口:TCP,UDPLApplicationLayer應(yīng)用層ApplicationLayer如:FTP,HTTP,Email等F圖是對數(shù)據(jù)包的解碼圖,其中對數(shù)據(jù)包中的每一層協(xié)議分別進行了解碼分析:H-,H-H-a-a-s-:Num:54E:415PktLan:84CapLenzBOTime:ZQ0507Z410:E9:53.573thern.Des

2、:00:OA:IE:DA:7F:36Src:00:EO:4C:AO:S6:BDPro:OkOSOOVer:4HLen:5T03:00000000TLen:GGID:121Flags:000.Src:302:lres:E3Len:4Suhl:0k24SSID;41F;QwOiaaQD;1AM;口AU;0AB;0QS;FCS:0kB8A8106這里面,我們可以看到協(xié)議由外向內(nèi)封裝,分別是:數(shù)據(jù)鏈路層對應(yīng)“EthernetII”協(xié)議;網(wǎng)絡(luò)層對應(yīng)“IP”協(xié)議;傳輸層對應(yīng)“UDP”協(xié)議;應(yīng)用層對應(yīng)“DNS”協(xié)議。F面我們就分別對這四層協(xié)議做詳細解釋。以太網(wǎng)數(shù)據(jù)包結(jié)構(gòu)協(xié)議結(jié)構(gòu)為:7166246-1500b

3、ytes4PreSFDDASALengthTypeDataunit+padFCSF圖是EthernetII協(xié)議解碼后的內(nèi)容,利用此實例進行說明:-A-Jacket-l-Ii.uik1巳r:Iacket.Lemt-h:Capt.ureL:limest.tLDipzEtlueriuetIIHeaderE1estinat.ionAiiiress:SourceAddress:1=P衛(wèi)rutCinul:IP-InternetProtocolOVersion:8480Z005-07-Z410:29z0000目標(biāo)MAC:573086地址0/140:OAzEBzDA:7F:960/60:EO:4CzAO:S6

4、:BD.源“AC12/21OkOSOOL4/Z04上層協(xié)議地址.1F0CIO0AEBDA7F9G00E04CA086ED08001500SO118646匚CiAS010ZCOAS01010 x0800(IP協(xié)議)118S0024OOZA002901000001000000000000037777770C70726F74003FF636F6C61736503EE657400000101E_.Bl.-.J5.-.)linijTr.ILaslist-再目D已st-inationAddress:00:OA:EB:DA:7F:960/6目標(biāo)MAC地址0位開始/6bytes長邑SourceAdireszQ

5、O:E0:4C:AO:S6:BD6/6源MAC地址6位開始/6bytes長1=FPrut-cicuL:QkOSOO上層協(xié)議12位開始/2bytes長字段說明DestinationaddressDA,目標(biāo)MAC地址6字節(jié)SourceaddressesSA,源MAC地址6字節(jié)ProtocolLengthType,承載的上層協(xié)議類型Dataunit+pad,數(shù)據(jù)字段(46-1500bytes)FCS檢驗(4bytes)MAC地址:MAC地址為16進制編碼,在解碼中可以將前3bytes代表廠商的字段翻譯出來,方便定位問題,如網(wǎng)絡(luò)上有兩臺設(shè)備IP地址沖突,可以通過廠商信息方便的將故障設(shè)備找到,如00e0

6、4C為TP-LINK,OOOAKB為迅捷,00A0C9為Intel等等,上層協(xié)議:EthernetII承載的上層協(xié)議主要包括0 x800為IP協(xié)議和0 x806為ARP協(xié)議。IP協(xié)議結(jié)構(gòu)IP頭的結(jié)構(gòu)如下:48161932bitsVerIHLTypeofserviceTotallengthIdentificationFlagsFragmentoffsetTimetoliveProtocolHeaderchecksumSourceaddressDestinationaddressOption+PaddingDataF圖是IP層解碼后的內(nèi)容,利用此實例進行說明:白IP-InternetPirotom

7、l.14/20Q14/1Oku口F口Versicn:iOHeaderLength.:520hT.rr.P514/1OxOLiOF0OTypeofSerir已:OOLIU00001-5/1Precedence:00LIroutinginf口ruiat-iuii16/10 x00E0:QDelay:-.0NurraaLielay16/1OkOOIO:QTlirougliput.:0.Normalthroughput16/10 x0008OB.pliatiilit.yz.0.Normalreliotiility16/10m0004Tut-llILct114t.il:13116/Z;-旨1Id&nti

8、ficatl已n:1040218/20Fi:ati_c-nFlag蘭:00LI20/1OwOOEO-:UResetwed:20/1LIkOOSO:UFraiipieiit:-0.MayfrairiLLent2.0/1Uz0040:UHereFr亠尹匹n匕:-a.LasttrELiiriiietit20/丄LIz0020-FraijTiieiitUtts己七:u2ij/2UkIFFFTiiiieTcLiwe:U2271:包Prc-tcicc1z17UI:I23/1:ClieckSi-iriizOxCE73Correct-24/EJSourceIF:L9Z16S.11MH寸IP:L9Z16S.1Z

9、30/JHqIPOptions:3/0-1TDFUserDatagram.Protocol:34/8:bourcppnrt:5334fl芒1F面是IP協(xié)議解碼的對應(yīng)字段解釋:字段說明Version:4版本號為4,即IPv4協(xié)議,HeaderLength:5頭部長度20字節(jié),5bitsTypeofservice:0000000服務(wù)提供類型,顯示參數(shù)摘要。Precedenee優(yōu)先路由信息Delay遲延Throughput吞吐量Reliability可靠性TotalLength:131總長131(單位字節(jié),取長為65535字節(jié))Identifieation:10403標(biāo)識FragmentationF

10、lags:000標(biāo)志Reserved:保留Fragment:片斷MoreFragment:最后片斷FragmentOffset:0偏移量TimetoLive:TTL,科來網(wǎng)絡(luò)分析系統(tǒng)5.0將丟棄TTL=0的數(shù)據(jù)包Protocol:17是哪種協(xié)議,1ICMP,6TCP,17UDP,89OSPFCheekSum:0 xCE73對IP協(xié)議頭的校驗合,0 xCE73為正確SourceIP:源IP地址DestinationIP:目標(biāo)IP地址ARP協(xié)議結(jié)構(gòu)以下是ARP協(xié)議結(jié)構(gòu):81632bitsHardwareTypeProtocolTypeHardwareaddresslengthProtocoladd

11、resslengthOpcodeSenderHardwareAddressSenderProtocolAddressTargetHardwareAddressTargetProtocolAddressF圖是對ARP協(xié)議進行解碼視圖:-)AKP-AddressResolut-lonProtocol1-ocntarHF*咽咽U翊-1翊-lFC!IP14/28114/E0 x080016/E61S/L419/1120/Z00:AO:C9:BB:21:2A22/G152.1S.1.32S/400:00:00:00:00:0032/5192.16B.1.13B/4OkCGTEOEEFGalcnlated

12、|FFFFFFFFFF00AO匚9EEZLZAOB060001080006040000150100AOC9BE212ACOkS010200000000COASCil010000我們對上圖中的ARP字段進行詳細說明:字段說明HardwareType:1(硬件類型)占16bits,用來定義運行ARP的網(wǎng)絡(luò)類型,每一個局域網(wǎng)基于其類型被指定一個整數(shù),例如,以太網(wǎng)是類型1,ARP可以使用在任何網(wǎng)絡(luò)上。ProtocolType:0 x0800(協(xié)議類型)占16bits,用來定義協(xié)議的類型。如:0 x0800代表IP協(xié)議,ARP可用于任何咼層協(xié)議。HardwareLength:6(硬件長度)占8bits,

13、用來定義物理地址和長度。以太網(wǎng)值為6。ProtocolLength:4(協(xié)議長度)占8bits,用來定義物理地址和長度。IPv4值為4。Type:1(操作類型)占16bits,用來定義操作類型,請求為1,回答為2。SourcePhysics:00:A0:C9:BB:21:2A源MAC地址SourceIP:SourceIp源IP地址DestinationPhysics:00:00:00:00:00:00目標(biāo)MAC地址,對于ARP請求數(shù)據(jù)包,此值全為0,因為請求主機并不知道目標(biāo)主機的MAC地址DestinationIP:目標(biāo)IP地址TCP協(xié)議結(jié)構(gòu)以下是TCP協(xié)議的結(jié)構(gòu):1632bitsSource

14、portDestinationportSequencenumberAcknowledgementnumberOffsetReservedUAPRSFWindowChecksumUrgentpointerOption+PaddingDataF圖是對TCP協(xié)議進行解碼視圖:-一;1TCPTiraibspoi?七GoiiXhoIPirotoucjl34/SourcePort:DestinationPort-:Seigi.ienceWi-Uiitisr:AckMi-ULLtier:=|;=-1111=-1111=-111ll-JIInll-Jllnl-HeaderLerngt-h:Eleservedz

15、Flags:QUitireritpointge:OACktii-T.TlGdgTiiStit1i1.UllL:i總it:QPushFi-uict-ioti:QP.esettirecotiiie匚七i口1丄zOSaicliuc-ij-izesele11cezOEnd口dat-az:-lpWiiAllow::-ClieckSujiz:-lpUriLreiit-p口iiit-:=BT口TCPOptioixs:日冷Exx-aD-at-a.:8034/2340636/E416175993038/404Z/4SO20bytes46/1OhOOFO046/ZOmOFCO00OLOCI47/1OmOOSF0.

16、-48/1OkOOZO.0-48/1OkOOLO-0.48/1OkOOCiS-丄-48/10h00Ci4-.0.48/1OhOOCiZ048/1OhOOCH04S/2:OxASFBCorrect-EO/2Ox0000E2/2:54/U54/600000015002ALiUE04CAU86ED000AEBI?A7F360U3406Bl8F31:-7896IECOAS01000000000040000A9FE000008004500OLi2800LIU40OZOO50OD4EF3OFGAF6e.EAUSAAA4141_4.-.=z.AA我們對上圖中的TCP字段進行詳細說明:字段說明SourcePo

17、rt:80源端口,HTTP為80端口DestinationPort:3406目標(biāo)端口SequenceNumber:416175999032bits.Thesequencenumberofthefirstdataoctetinthissegment(exceptwhenSYNispresent).IfSYNispresent,thesequencenumberistheinitialsequencenumber(ISN)andthefirstdataoctetisISN+1.AckNumber:032bits.IftheACKcontrolbitisset,thisfieldcontainsth

18、evalueofthenextsequencenumberwhichthesenderofthesegmentisexpectingtoreceive.Onceaconnectionisestablished,thisvalueisalwayssent.DataOffset:80HeaderLength:804bits.Thenumberof32-bitwordsintheTCPheader.Thisindicateswherethedatabegins.ThelengthoftheTCPheaderisalwaysamultipleof32bits.Reserved:06bits.Reser

19、vedforfutureuse.Mustbeclearedtozero.Urgentpointer:Urgentpointerfieldsignificant.AcknowledgmentnumberAcknowledgmentfieldsignificant.PushFunction:Pushfunction.Resettheconnection:Resettheconnection.Synchronizesequence:Synchronizesequencenumbers.Endofdata:Nomoredatafromsender.Window16bits.Itspecifiesthe

20、sizeofthesendersreceivewindow,thatis,thebufferspaceavailableinoctetsforincomingdata.CheckSum:16bits.Thechecksumfieldisthe16bitone;-scomplementoftheonescomplementsumofall16-bitwordsintheheaderandtext.Ifasegmentcontainsanoddnumberofheaderandtextoctetstobechecksummed,thelastoctetispaddedontherightwithz

21、erostoforma16-bitwordforchecksumpurposes.Thepadisnottransmittedaspartofthesegment.Whilecomputingthechecksum,thechecksumfielditselfisreplacedwithzeros.UrgentPointer16bits.Thisfieldcommunicatesthecurrentvalueoftheurgentpointerasapositiveoffsetfromthesequencenumberinthissegment.Theurgentpointerpointsto

22、thesequencenumberoftheoctetfollowingtheurgentdata.ThisfieldcanonlybeinterpretedinsegmentsforwhichtheURGcontrolbithasbeenset.DNS協(xié)議結(jié)構(gòu)以下是DNS協(xié)議的結(jié)構(gòu):1617212223242526272832IdentificationQROpcodeAATCRDRAZADCDRcodeQuestioncountAnswercountAuthoritycountAdditionalcountF圖是對DNS協(xié)議進行解碼視圖:DcnftazLnNamePi?ol3CJC:ol工

23、己已口匸ification:一古1Flags:OQuery/Resporis:OperatorCodsz:OAuthu匸itat.iLrsJuiswerzb-OTri-itinat-iuii:ORecursiondesiryii:bApprowep.pcurs1cui:P.eserv&ilRespondcode:QuestiOtis:Ai-Lsuers:Aij-t-horAddi_tianaliQi_ies七i二HI?oiiiain.ITaniez亭Type:=5Class:irFCS一FirameCheck.Sequerkce:步FCS:42/3E434Z/ZOKLIILILI44/Z0口e

24、ry44/10 x00800QUERY44/10 x00780Woaut-horitative44/1Oku0040Wotruncation44/1OxOOOZ1Recursion44/1LiKULiOl0Woapprove45/1OxLIOSO045/10 x00700Noerrcr45/10:-:i:ii:ii:iJ,146/204S/2050/2052/21-54/20t-tt-tt.t_ai.it口f:_匚匚1ILL.54/1G1A70/21Int-emet72/2A=UxAE1A09EACalculat-edZ.乂ACS6BE1OSUU45UU口03C:益X3OOOUIE0USO11

25、84ACOASU102COAS0101UE:CD003S0UZ8CO7C我們對上圖中的DNS字段進行詳細說明:字段說明Identification:43標(biāo)識,占16bitsFlags:Query/Response:1用于疋義疋Query還疋Responseo0為Query,1為ResponseoOperatorCode:0占4bits,其對應(yīng)代碼如下:0QUERY,Standardquery.IQUERY,Inversequery.STATUS,Serverstatusrequest.Reserved.Notify.Update.6-15Reserved.AuthoritativeAnswer

26、:01-bitfield.Whensetto1,identifiestheresponseasonemadebyanauthoritativenameserver.0Notauthoritative.1IsauthoritativeTruncation:01-bitfield.Whensetto1,indicatesthemessagehasbeentruncated.0Nottruncated.1MessagetruncatedRecursionDesired:1Recursiondesired:1-bitfield.Maybesetinaqueryandiscopiedintotheres

27、ponse.Ifset,thenameserverisdirectedtopursuethequeryrecursively.Recursivequerysupportisoptional.0Recursionnotdesired.1Recursiondesired.ApproveRecursion:11bitfield.Indicatesifrecursivequerysupportisavailableinthenameserver.0Recursivequerysupportnotavailable.1Recursivequerysupportavailable.Reserved:01b

28、itfield.Indicatesinaresponsethatalldataincludedintheanswerandauthoritysectionsoftheresponsehavebeenauthenticatedbytheserveraccordingtothepoliciesofthatserver.Itshouldbesetonlyifalldataintheresponsehasbeencryptographicallyverifiedorotherwisemeetstheserverslocalsecuritypolicy.Respondcode:00Noerror.Therequestcompletedsuccessfully.Formaterror.Thenameserverwasunabletointerpretthequery.Serverfailure.NameError.NotImplemented.Refused.YXDomain.NameExistswhenitshouldnot.YXRRSet.RRSetExistswhenitshouldnot.NXRRSet.RRSetthatshouldexistdoes

溫馨提示

  • 1. 本站所有資源如無特殊說明,都需要本地電腦安裝OFFICE2007和PDF閱讀器。圖紙軟件為CAD,CAXA,PROE,UG,SolidWorks等.壓縮文件請下載最新的WinRAR軟件解壓。
  • 2. 本站的文檔不包含任何第三方提供的附件圖紙等,如果需要附件,請聯(lián)系上傳者。文件的所有權(quán)益歸上傳用戶所有。
  • 3. 本站RAR壓縮包中若帶圖紙,網(wǎng)頁內(nèi)容里面會有圖紙預(yù)覽,若沒有圖紙預(yù)覽就沒有圖紙。
  • 4. 未經(jīng)權(quán)益所有人同意不得將文件中的內(nèi)容挪作商業(yè)或盈利用途。
  • 5. 人人文庫網(wǎng)僅提供信息存儲空間,僅對用戶上傳內(nèi)容的表現(xiàn)方式做保護處理,對用戶上傳分享的文檔內(nèi)容本身不做任何修改或編輯,并不能對任何下載內(nèi)容負責(zé)。
  • 6. 下載文件中如有侵權(quán)或不適當(dāng)內(nèi)容,請與我們聯(lián)系,我們立即糾正。
  • 7. 本站不保證下載資源的準(zhǔn)確性、安全性和完整性, 同時也不承擔(dān)用戶因使用這些下載資源對自己和他人造成任何形式的傷害或損失。

評論

0/150

提交評論