北郵 計(jì)算機(jī)網(wǎng)絡(luò)實(shí)驗(yàn) 網(wǎng)絡(luò)層數(shù)據(jù)分組捕獲

計(jì)算機(jī)網(wǎng)絡(luò)課程設(shè)計(jì)實(shí)驗(yàn)二：網(wǎng)絡(luò)層數(shù)據(jù)分組的捕獲和解析1、實(shí)驗(yàn)類別協(xié)議分析型2、實(shí)驗(yàn)內(nèi)容和實(shí)驗(yàn)?zāi)康谋敬螌?shí)驗(yàn)內(nèi)容：1）捕獲在連接Internet過程中產(chǎn)生的網(wǎng)絡(luò)層分組：DHCP分組，ARP分組，IP數(shù)據(jù)分組，ICMP分組。2）分析各種分組的格式，說明各種分組在建立網(wǎng)絡(luò)連接過程中的作用。3）分析IP數(shù)據(jù)分組分片的結(jié)構(gòu)實(shí)驗(yàn)?zāi)康模和ㄟ^本次實(shí)驗(yàn)了解計(jì)算機(jī)上網(wǎng)的工作過程，學(xué)習(xí)各種網(wǎng)絡(luò)層分組的格式及其作用，理解長(zhǎng)度大于1500字節(jié)IP數(shù)據(jù)組分片傳輸?shù)慕Y(jié)構(gòu)。4）分析TCP建立連接，拆除連接和數(shù)據(jù)通信的流程。3、實(shí)驗(yàn)學(xué)時(shí)4學(xué)時(shí)4、實(shí)驗(yàn)組人數(shù)1人5、實(shí)驗(yàn)設(shè)備環(huán)境1臺(tái)裝有WindowsXP操作系統(tǒng)的pc機(jī)，能夠連接到Internet，并安裝WireShark軟件。6、學(xué)習(xí)難點(diǎn)重點(diǎn)分析網(wǎng)絡(luò)層分組的格式，掌握各種分組在網(wǎng)絡(luò)通信中的應(yīng)用，了解整個(gè)上網(wǎng)的工作過程。發(fā)送ICMP分組，并分析其結(jié)構(gòu)和功能。制作長(zhǎng)度大于1500字節(jié)的IP數(shù)據(jù)分組，發(fā)送并分析其分片傳輸?shù)倪^程。7、實(shí)驗(yàn)步驟1、啟動(dòng)計(jì)算機(jī)，連接網(wǎng)絡(luò)確保能夠上網(wǎng)，安裝WireShark軟件。2、第一步：開啟WirkShark監(jiān)控，設(shè)置捕獲過濾器，僅捕獲UDP報(bào)文Capture==>Interfrace==>選中所用網(wǎng)卡==>點(diǎn)擊Start第二步：設(shè)置WirkShark顯示過濾器，在工作畫面Filter設(shè)置udp.port==68，這樣在捕獲的報(bào)文中，僅顯示UDP端口號(hào)68的報(bào)文（DHCP報(bào)文）第三步：在DOS窗口執(zhí)行命令ipconfig/release先釋放已經(jīng)申請(qǐng)的IP地址，再執(zhí)行ipconfig/renew，就可以在WireShark上看到DHCP的四次握手獲得IP地址，缺省路由DNS等參數(shù)的過程。第四步：重新設(shè)置WireShark的捕獲選項(xiàng)和顯示選項(xiàng)（這些選項(xiàng)的設(shè)置方法可以參照軟件自帶手冊(cè)）。執(zhí)行一個(gè)ping命令，觀察ARP和PING命令的執(zhí)行過程。關(guān)于捕獲過濾器的手冊(cè)：Help==>Contents，找到4.9節(jié)：Filteringwhilecapturing關(guān)于顯示過濾器的手冊(cè)：Help==>Contents，找到6.3節(jié)：Filteringpacketswhileviewing3、分析數(shù)據(jù)分組的分片傳輸過程制作大于8000字節(jié)的IP數(shù)據(jù)分組并發(fā)送，捕獲后分析其分片傳輸?shù)姆纸M結(jié)構(gòu)。使用Windows中ping命令的-l選項(xiàng)，例如：ping-l80004、分析TCP通信過程WireShark的Filter項(xiàng)填為tcp.port==21（僅觀察FTP的TCP通信，F(xiàn)TP端口號(hào)為21）。捕獲所有下面通信過程的TCP報(bào)文進(jìn)行分析。1）觀察TCP建立連接的三次握手和粗暴方式拆除連接的流程。執(zhí)行命令ftp連接建立后直接按下Ctrl-C中止程序運(yùn)行。2）觀察TCP建立連接的三次握手，數(shù)據(jù)通信和優(yōu)雅方式拆除連接的流程。執(zhí)行命令ftp用戶名輸入anonymous口令輸入a@b執(zhí)行成功后輸入命令bye3）（選作）執(zhí)行下面的操作，觀察TCP連接斷開的流程與2）有何區(qū)別。執(zhí)行命令ftp用戶名輸入anonymous口令輸入a@b執(zhí)行成功后輸入命令bye8、實(shí)驗(yàn)分析捕獲ICMP協(xié)議數(shù)據(jù)運(yùn)行ping命令（例如：c>ping），遠(yuǎn)程主機(jī)地址可以是本機(jī)地址、網(wǎng)關(guān)路由器地址，也可以是域名（如）。將捕獲到的數(shù)據(jù)保存為文件。使用Windows中ping命令的-l選項(xiàng)（例如：c>ping-l8000），制作大于8000字節(jié)的IP包并發(fā)送，捕獲后分析其分段傳輸?shù)陌Y(jié)構(gòu)。捕獲DHCP協(xié)議數(shù)據(jù)使用ipconfig命令釋放計(jì)算機(jī)的IP地址（c>ipconfig-release）；使用ipconfig命令重新申請(qǐng)IP地址（c>ipconfig-renew）。此時(shí)wireshark窗口中可以捕獲到完整的DHCP地址分配的流程，將捕獲到的數(shù)據(jù)保存為文件。捕獲ARP協(xié)議數(shù)據(jù)采用與捕獲DHCP協(xié)議數(shù)據(jù)相同的方法釋放IP地址并重新申請(qǐng)，在wireshark窗口中可以捕獲到ARP請(qǐng)求和響應(yīng)消息，保存為文件。捕獲TCP協(xié)議數(shù)據(jù)

打開瀏覽器，輸入一個(gè)頁面內(nèi)容較簡(jiǎn)單網(wǎng)頁URL,^口；網(wǎng)頁全部顯示后關(guān)閉瀏覽器。9、實(shí)驗(yàn)結(jié)果1）捕獲DHCP分組DHCPHeaderDHCP:-Etiotrecordtype=1(Request)HardTrareadd3?esetype=1(1DMbEthernet)Ha.rdMareDHCPHeaderDHCP:-Etiotrecordtype=1(Request)HardTrareadd3?esetype=1(1DMbEthernet)Ha.rdMareaddress：length=EbytesHops=0Transactionid=J452357DElapaedboottine=0secondsDHC?DHC?DHC?DHC?DHC?DHCP..成粉..E..頷.....D.C.H航....DRb}狂馥....匚糠匚5..-....：：和贛富.；皿欄..IEM-99B13S2513f9Q...IBM-93B13925139.<.MSFT5.07..._u-twit000000000000001203fo.ib00000000000000040305f*400000000000000793114fT0000000000000004130ooooooooooooooooodflsbooooo-u_uoooooo_u00030530Ou-urboooooooooooooo3c9oi7ooooo-u_uoooooo_uooooo333co1ocoooooooooooo183Q-o600060000000000000b333_u01000000000000005013ebooob_uooooooo_uooo3c3322s4_u2ooooooo_uoooo3o515fa6o4_uooooooooooo64333f2?■o5ooooooo_uoooo3b22ob2f0o2n-ooooooooooo533422110oloooooooooooo2d-A-9d-911401O_uoooooo_uooo0o335f_u0100000000000000323961o8ooo-u_uoooooo_uooo633342f09000000000000000Cld3ff0400000000000000063251foooooooooooooooooo2ddff_uooo-u_uoooooo_uoooob4442fC40000000000000002928ef0400000000000000043402f_.b0000000000000000599ccf4000_uoooo0000000023432fcf5f1foooooooooooooooooooooooooQoooo_uoooooooooooooooQooooo1do已6012020oodo-y3Qo4o3Q00000000000000100000002000000030000000400000005000000060000000700000003000000090OOOOOOaOOOOOOObOOOOOOOc.0OOOOOOdOOOOOOOeOOOOOOOfO00000100000001100000012000000130000001400000015000000160DHCFDHCFDHCFDHCF匚尸DHCFDHCPDHCFDHCFDHCPDHCPDHCFDHCFDHCFDHCFDHCFDHCF□H匚尸DHCFDHCPDHCFDHCFDHCPDHCPDHCFDHCFDHCFEncode分析如下:DHCPHeaderBootrecor-dtype=1(Request)Ho.jrdwax'eo.ddiress-type*1(1UMbEth-smet)Hardwar-eaddresslength=6bytesHops=□Transactionid-44523G7DElapsedtioott.line=0seccmdsF1ags=0000□=NobroadcastClisntse1f—assignsdIPSLddres?=[]CllentIFaddress二[]NestServertousembocitstrap=[0.0.□.0]RelayAgent=[0.0.□.0]Clienthmirdwmzrmaddr-eas=00112542B06CHostna.iite=""Bootfilenaine=""Vendor-In￡ox-mat-iontag-—G302G363MessageType=3(DHCFRequest)CllentidentifierOpticmClientha.rdixraretype=EthernetClisnthe.rdTTSirsaddress=00112542BUbCRequestspecific：IFaddress二[84]HostName=MIBM-99B13925139_JDHCP:Bootfilenanie=11"_JDHCP:1DHCP:VendorInformationtag=638253631DHCP:MessageType=3（DHCPRequest）1DHCP:ClientidentifierOptionDHCP:Clienthardwaretype=EthernetrDlDHCP:Clienthardwareaddress=00112542B06CrD^DHCP:RequestspecificIPaddress=[59.G4.192.184]DHCP:HostWane=,1IBM-99B13925139"iQDHCP:Unidentifiedtag81DHCP:Classidentifier=4D53465420352E30以DHCP:ParameterRetiuestList:11entriesQDHCP:1=Client'ssubnetna.skDHCP:15=Domain,nameDHCP:2=Routersontheclient1ssubnet[JjDHCP:白=Domain,nameserver[劇DHCP:44=NetBIOSoverTCPzIPnajuieserverDHCP:46=NetBIOSoverTCPzIPncdetype[劇DHCP:47=NetBIOSoverTCPzIPscope_DHCP:91=PerEormrowten?discovery*}DHCP:33=Statici^oute_3DHCP:249=irnknovnOptioil_DHCP:49-VendorspecificinformationQDHCP:由捕獲的數(shù)據(jù)包可見，其IP頭部的目的域地址為ffffffff,即表明該包圍一個(gè)廣播包，同時(shí)可以看到其源地址為00000000。根據(jù)DHCP的數(shù)據(jù)包部分的譯碼輸出，我們可以得到BootRecordtype域?yàn)?（表明是申請(qǐng)IP地址），以及硬件地址類型和硬件地址長(zhǎng)度等等信息，并且最終申請(qǐng)的IP地址為84。之后可以看到網(wǎng)關(guān)會(huì)發(fā)來一個(gè)DHCPACK數(shù)據(jù)包，用來確認(rèn)IP地址的分配（由于版面所限，未添加相應(yīng)截圖）2）捕獲IP數(shù)據(jù)分組：00000000:001731ecf0b400lb545b3b4108004500..1^?,T[;A..E.00000010:00308a8340006巳0689117d26809c3b40.口嬸虬n.?}宓？。00000020:cO30lad40050aOfa6991000000007002..p.00000030;ffff6444000002040501010402dD?…IP分組格式為：?32Bits?VersionIHLTypeofserviceTotallengthIdentification?pFragmentoffsetTimetoliveProiocolHeaderchecksumSourceaddressDestinationaddressOptions（0ormorewords）二分析IP數(shù)據(jù)分組:

其相應(yīng)的分析如下表字段報(bào)文（16進(jìn)制）內(nèi)容報(bào)頭長(zhǎng)度45報(bào)頭長(zhǎng)20字節(jié)服務(wù)類型00正常時(shí)延，正常吞吐量，正?？煽啃钥傞L(zhǎng)度0030分組長(zhǎng)度48字節(jié)標(biāo)識(shí)8a83標(biāo)識(shí)為35459標(biāo)志40DF=1，MF=0，不允許分片偏移值00偏移量為0生存周期6e每跳生存周期為110s協(xié)議06攜帶的數(shù)據(jù)來自TCP協(xié)議頭部校驗(yàn)和8911頭部校驗(yàn)和為8911源地址7d26809c源地址為56目的地址3b40c030目的地址為8FFFFFFFbFFFF-FFFFPFFEFFzpVWWWWWIPHeaderVersionTypeofserviceODOFFFFFFFbFFFF-FFFFPFFEFFzpVWWWWWIPHeaderVersionTypeofserviceODO.―一u.lengthTotalIdentiflcation4.headerlength=20bytes=00=routine=noriaaldi=lay=noTTiia.lthrcughDut=noTTitalreliability=ECTbit一transportprotocolwillignoretheCEbit二CEbit一noo=inge：E：tion=48bytes=35459Flags.1..―一FragmentoffsetTimetoliveProtocolHeaderchtc：ksuiiLSourceaddress=4K=don1tfra.gnent=lastfragiiLent=0bytes=lluseconds^hops=6(TCP)=8911(correct)=[12E.38.128.158]Destinationaddress-[0]Nooptions首先通過廣播的方式向默認(rèn)的網(wǎng)關(guān)（我這里是）發(fā)送一個(gè)DHCPREQUEST報(bào)文，以申請(qǐng)獲得動(dòng)態(tài)的IP地址，里面包括的內(nèi)容如實(shí)驗(yàn)結(jié)果1示網(wǎng)關(guān)受到報(bào)文后，會(huì)回送一個(gè)DHCPACK報(bào)文，以告訴申請(qǐng)方已經(jīng)將IP地址分配過去，本次實(shí)驗(yàn)分配的地址是8之后本機(jī)還要廣播自己的地址映射關(guān)系，用ARP數(shù)據(jù)報(bào)。其形式是這樣的：本機(jī)發(fā)送ARP請(qǐng)求查找它自己的IP地址，這樣就會(huì)使每臺(tái)主機(jī)在ARP緩存中加入一個(gè)映射表象，即讓其他主機(jī)知道了當(dāng)前本機(jī)的地址，相應(yīng)的數(shù)據(jù)報(bào)如下圖示

1序號(hào)1在衣||甘標(biāo)曲址時(shí)|Lrn目neLI3D.D040CA7D3552:FFrrrrF7F7FFEU:ruuE:E=d二FD〕[匚印blj□4[][5DHCP:Request,Messagetype:DHCPReqiiEstiIrnnTrnrmooruciqurinn■tttui-jt口口ctteftt1■■iflIIn-n-n-n-n-n?n-n__J--I---I--PLppn-n-n-n-n?n-n-n-n-n-n?n-n__J--I---I--PLppn-n-n-n-n?n-n-n_..-■■IIIIIIIIIIIIIIIIIIIIIIP?IrJI_l疽_lmTTTTT_lJI_l疽，331了域■r5:1..0....=narnaa.ldel*....0...=nnrmalthroughput0..二normalre2lability......D.-ECTbit-traiiEpzirtprotocolT-ril1ignoretheCEbit0=CEbit-nocongestlqd.Totallength■340bytesIden匕i￡ic-s.tion-G74Flags=0K.[I..一三noyfragnEnt.0.一三lostfragnentFragnentoffset-0bytesTinetoliwe二128semnds^hopaProtccDl=17(HD?)Headerchezhsun=3￡F0(corTECtJSouxceaddress=[Q.0.0.0]testina.t.ionaddress=[255.255.255.Z55]Nooptions000DOLItlLI：DOODODIOIJ00D0LI2O:D00D0D3Ormnnnnjn-offo000DOLItlLI：DOODODIOIJ00D0LI2O:D00D0D3Ormnnnnjn-offo-II-uEu□nsEdonf9口rloooo-nDDoDn9fl..h-flnoooo-Mco1o?6floQ/_ofl1fl-nbDDD■:!」口dDcl-fdo/I63oE232o_n110fl111.4o1DD1Dnosofl-n￡Q3flnffl4flAfooflnfon-oIIf24onfa4-flnt2ofl-n-tDDDn-tc_t7rl￡5￡dnf1fo_u.tflXIn.unDHCPREQUEST數(shù)據(jù)報(bào)序號(hào)[狀戀|(zhì)謝里處Ittg|目標(biāo)姓址收迫9次皿口_食4頁DU::[LLECALBFDU匹9叫Jl芝JI]|I旺1址跖139DHCP:E=]iLcnf^ReimI1200:00:00?p=-DHCPick353D：00：flfl□'□'Dr.inn■nnnnppppppppppfppfpppffppp:■■IIIIZIIIrIIIlIIIrIIIII_lr-LrJJa2*_*__3_3_3_342_3*_j_j_j口344一J\_IPHead.BrVer-sionTypeofservice三''000…...0-TotalLength■Ident□.fi_u凸tican三F1agx?Fragnsnt.□￡￡set=TinetoLius二Protcccl二Headerchecksum■SouToe-addressDestznatinnaddressHnoptions4.headerLength-20b7t?00三roubinencixnaldela^ncixnalthroughputnomalrBliabilit-yECThit一transjKTtprotcBoIvilligtiorethsCEbitCEbit-tiocongestion339byteE53BB5OXjusyfraqnBntIs.stEragnent-0bytes255sscan.[iB-,_hops17真DF)F0DD(correct)[E9.S4.1921J[59.6J.192L04]..I日H-99日L39%139DHCPACK數(shù)據(jù)報(bào)UL?」J.Ut.J..-L」UL?」J.Ut.J..-L」J-J-ll"」—」」JJ-?」J￡,rJL■」ARP:(:口彩［59.41.1龍.1虱］詢一9皿：392沁9困3：|i—IiTrsr-h.r-i—P-hhni—■hi~irtt^t—h——jiRF/RaRFtrameHardwaret^ipe=1(LOMbEthernet.)Protocoltype=OBOLI(IP)Length口fhardvareaddress=Gbytes：Lstigthofprotoco1mddresw=AbytesOpcode1(ARPrequest)Sender-1shaidvareaddress=00112542B06CSender'sprotocoladdress=[E9hi.192.184]..IBH-99BL392E139Tar-gethardTf-are-D.ddress-00000000U000Targetprotocolo.ddress-[59.b4.192.164]..IBM-99DL992E139]]3D3O2O]]3D3O3O8oobnDoDoco..h-n-oo4osbe030二coo_.b6_uoon-oobboo23044bDG5on.2zcolion.1140c_ubcn-D3_uf1o-ufn-oo-tn-oofn-oof4o_u-tn-DDf6ooXIn-n-.tn-_ufn-o-ufH-oo-tn-oo分組一00000000:00ii2542tiO6c00lb545b4108oaell00000010:00■Xs2ade0000ff0198ee40cO014000000020:□0b803'03'tif73000000000000■3.1a?00000030:no000111t.f6t.■3b40cLIbS40cLI01fa00000040:07Ge00;8d7d95相應(yīng)ICMP譯碼輸出Hit[■-[：9.1捉]Z：-[：9.：.4.1!：21]IE--：：:逍ICMP:ICMPhBeJBi-圈ICWP:rOjTCMP-Type=3(Destinationunreachable)ICMP-Code=3(Portunreachable]ICMP-Checksum=BF73(correct)昌ICMP:>ICMP.[Nccrmalend口f"ICHPMader，]蠲ICMP.囹ICMP:IPheaderoforigina匕3口日message(descripticaifollnv-s)?ICMP:"■幽ICNP:IPHeader—-昌ICNP:網(wǎng)ICHP-Version=A.,headerLength=20bytesICMP-Tvreofser\rio==0CICNP:000=routine黝I(lǐng)CNP:..JJ....=nomaldelay隔ICNP.....Q...-Horna1throughput暨ICHF.0..號(hào)nizirnoLreliabilityICNP:0.-ECTbit-transpzirtprotocolwillignoretheCEbiti麟ICNP:0=CEhit-nocongestion,0^ICNP:Totallength=161bytesTCNP-Identificatinn=34JiICMP-Flags=OX蹙IICNP:.Q=nayfragmentICNP:..0=LastfragmentrBjICNP.Fragmentoffset=0bytesICNP.Timetolive號(hào)1seconds■"'hopsMICNP:Protocol-17(UDP)腐ICNP:Readsrchsckswi-EF&B(ocirre^t]ICNP:SDiurceaddress=[94],IBM-99B13925L39ICNP:Dsstinatianaddress=[]網(wǎng)ICMP-NooptionsBICNF:ICNP:[FirstBb7te(s)□!dataoforiginatingmessage]BICNP.

分析ICMP分組:字段報(bào)文（16進(jìn)制）內(nèi)容類型03終點(diǎn)不可達(dá)代碼03端口不可達(dá)校驗(yàn)和bf73頭部校驗(yàn)和為bf73此ICMP報(bào)文是差錯(cuò)報(bào)文，報(bào)告差錯(cuò)為終點(diǎn)不可達(dá)中的端口不可達(dá)。通過ping命令產(chǎn)生ICMP報(bào)文oeoe66O56753554d67-ono44ob678o33oc67co22_.b467oTn-11Tn-36720009_u_lI76o1fs036611o671oo66oo3d6o8o66locc50566bo9b40166beoa3&o664_y8_y255_u66bc4-no113￡66o0077□096700000000000000LQ000000200000003000000040相應(yīng)的ICMP譯碼輸出184]LEN=40ID=23Q22JjTC:Ethen?type=0800,srize=：74bytesIF:184]LEN=40ID=23Q22ICMF:ICMPheaderICKP:ICKP:T尋口宕=BfEcho)-;ICKP::'Qode=0ICKP:yChecks^um=L95C(correct^；ICKP:Identifier=76BICKP:SequencenumbEi-=12544ICKP:[3^bytesofdata]ICKP:ICKP:[Normalendof"ICMPheader"ICKP:分析ICMP分組:字段報(bào)文（16進(jìn)制）內(nèi)容類型08問一臺(tái)機(jī)器是否仍處于活動(dòng)狀態(tài)代碼00校驗(yàn)和195c頭部校驗(yàn)和為195c此ICMP為用來判斷指定目標(biāo)是否可達(dá)以及是否活著的報(bào)文，是ping命令中常用的5）制作一個(gè)8000字節(jié)的IP數(shù)據(jù)分組，發(fā)送后捕獲分析。由于分組長(zhǎng)度大于1500字節(jié)，因此需要分片傳輸。按照2）中的方法分析所有分片的結(jié)構(gòu)。IP分組一00000000:00000010:00000020:lb545b3b41de0bfee2000640800cef50000000000:00000010:00000020:lb545b3b41de0bfee2000640800cef500112542bO8001f73b0300la00616cOS00450040cOb8d35e62&3&46566■■■r

-1?止，1?1?止^*1?均^1?1?止^1?1?比^1?*比卜VersionTypeofser-vice0JO0.length=Toutine=noTTitaldelay=noTTiia.lthrijughput-noTiiLD.lre1lo.bility=ECTbit一transportprotocolwillignoretheCEbit=CEbit一nocongestion=1￡U0bytes■2926=2X=mayfragment=TiiorefxagiiLents-0bytes=128sBconda/hops=1(ICMP)=A9F7(correct)[59.G4192.104]TotalITotalIdentifLco.tionFlags.DFr-agiiientoffsot-Timeto1iveProtncoLHeadercheskauiiLSourcoa.diir-essDes：tinationaddress：Nooptions字段報(bào)文（16進(jìn)制）內(nèi)容報(bào)頭長(zhǎng)度45報(bào)頭長(zhǎng)20字節(jié)服務(wù)類型00正常時(shí)延，正常吞吐量，正?？煽啃钥傞L(zhǎng)度05dc分組長(zhǎng)度1500字節(jié)標(biāo)識(shí)0b6e標(biāo)識(shí)為2926標(biāo)志20DF=0，MF=1，允許分片，當(dāng)前片不是最后片偏移值00偏移量為0生存周期80每跳生存周期為128s協(xié)議01攜帶的數(shù)據(jù)來自ICMP協(xié)議頭部校驗(yàn)和A9F7頭部校驗(yàn)和為A9F7源地址3b40c0b8源地址為84目的地址d35e9064目的地址為00T7其相應(yīng)的分析如下表□□□□□□DO00000030oe&71rlo56&rl□□□□□□DO00000030oe&71rlo56&rl53d&4d6..h-rlo8I:-!□■■L_ub6-h-rlnootd4i_uc6..h-nI:一od--Jd_.b46-h-rl_ub_4-2b36..h-rl26no1d36-h-rl-y7-7—2A-67—rl1±1±_.b..h-.11o67—_uo匚.I5o8..b7..s44!b67bo332..b7..be22—66?■-■b11o67..bc4-u1-11d67_u5n-f1-1_uo-H-6-習(xí)―IP:ContiTiuationoffranie&IP:IPHeader:FFFFFFFEPFFFFrpFFFFFPFFFIIIIIIIIIIIIIIIIIIIIIIII

_3_j_33_3_3_3_j_33_3_3_3_j_33_3_3_3_3_33_3_3Ver-sion-FFFFFFFEPFFFFrpFFFFFPFFFIIIIIIIIIIIIIIIIIIIIIIII

_3_j_33_3_3_3_j_33_3_3_3_j_33_3_3_3_3_33_3_3Ver-sion-4..header1ength■-2UbytesTypeofservice000...0........0...0..LI.0TotallengthIdentificationFlagsFragmentoffsetTimeto1iveProtocolHeaderchecksuiiLSourceaddress=DO=routine=nor-Tiid.1delay=norma.1throughput=nor-Tiid.1reliabilityECTbit—t-rams：piZiTtprotocolwillignoretlieCEbit=CEbit-nocongestion=1500bytes=2926=21(=inayrragiiLBiit-Tiior-efra.griLenta=1480bvtes：=128seconds/hops=1(ICMP)=A93E(correct)=[84]Destinationaddress=[00]Nooptions[1480bvtesijfcontinua.tionda.ta]其相應(yīng)的分析如下表字段報(bào)文（16進(jìn)制）內(nèi)容報(bào)頭長(zhǎng)度45報(bào)頭長(zhǎng)20字節(jié)服務(wù)類型00正常時(shí)延，正常吞吐量，正?？煽啃钥傞L(zhǎng)度05dc分組長(zhǎng)度1500字節(jié)標(biāo)識(shí)0b6e標(biāo)識(shí)為2926標(biāo)志20DF=0，MF=1，允許分片，當(dāng)前片不是最后片偏移值20B9偏移量為1480生存周期80每跳生存周期為128s協(xié)議01攜帶的數(shù)據(jù)來自ICMP協(xié)議頭部校驗(yàn)和A93E頭部校驗(yàn)和為A93E源地址3b40c0b8源地址為84目的地址d35e9064目的地址為00IP分組三□□lb54Eb3h4100112542ba&c：08□045□0□5dcClbbe217280013L0853b40cOb8d35e9064656a6b6c6d6e6f7071727374757600000030：77G163t46566676869Ga.Gb6dGe6￡「1「1「1「1「1「1H「1-nnT：'r.17匚7i：77l:1l:■:'l:。匚CQ-曠IF:Continuationoffra.Tiie6IF:IFHeaderIP：IP:Version=4..headerlength=20bytts：IP:Typeofservice=U0IP:000.....=routini=IP:...0....=ncirTita1delayIP:....0...=noriiLa1throughputIP:0..=ncirTita1reliabilityIP:......0.=ECTbit—tr-ansportpr-otoco1willignorethsCEbitIP:.......0=CEbit-nocongestionIP:Totallength=1500bytesIF:Identification=2926IP:Flags=21[IP:.U......=TiL.3.7fragTiientIP:..1.....=TiLorefragTiientsIP:FragiientoffBet-29G0bytee：IP:Timetolive=123seconds/liopsIP:Protocol=1(ICMP：iIP:Hea.derchecksum=ASS5(correct)IP:Sourceaddress=[5964.192184]IP:Desti.nationaddress=[00]IP:Noop110nsIP：IP:[1480bytes□fcontinuationda.ta]IP:其相應(yīng)的分析如下表字段報(bào)文（16進(jìn)制）內(nèi)容報(bào)頭長(zhǎng)度45報(bào)頭長(zhǎng)20字節(jié)服務(wù)類型00正常時(shí)延，正常吞吐量，正?？煽啃钥傞L(zhǎng)度05dc分組長(zhǎng)度1500字節(jié)標(biāo)識(shí)0b6e標(biāo)識(shí)為2926標(biāo)志2XDF=0，MF=1，允許分片，當(dāng)前片不是最后片偏移值2172偏移量為2960生存周期80每跳生存周期為128s協(xié)議01攜帶的數(shù)據(jù)來自ICMP協(xié)議頭部校驗(yàn)和A885頭部校驗(yàn)和為A885源地址3b40c0b8源地址為84目的地址d35e9064目的地址為00IP分組四TOC\o"1-5"\h\zQQ000000:cm比543b41皿口2542力D6匚DB叩00000010;05de0b6e222b6001簫cc3b40cObSd35e00000020:72737475'767761.&2636400000030:68￡96a6b6cfed6e6f70717金.7374757&77nnnnnn^n-p.1e匚?7匚口uq匚="uh7nContinuationofframe6I?.MyQQ3DDQContinuationofframe6I?.MyQQ3DDQQ3DD3Q3D33DaDD3DD--“■■■■■■“■■"---“-■■■■■■"■■--i-uooooooo；OLIULinOLO0000002000ULI0030rinrinrnun_uefllll-1o5_.b6A2e774d_.b_.b7_u8d_.bAob_.b678_Jc5LToc867cDb444-b&7oTn-3OHID3667392?16677noI12a_.b671I77-n1o_.b77_uo6-h-.to8_.b7Fh14EU-JRe-b7..hb244H267--.hb巳33n6..b7..hb22h□_.b7?.hJUC411=11d67..h_u5_uo-4n-□-M--7RIF:Version=headerlength=20bytesIP:Typeofservice=00IP:000=routineIP:...0....=norma.1'delayIP:....0...=normalthroughputIP:0..=norjiialreliabilityIP:0.=ECTbit一transportprotocolwillignoretheCEbitIP:D=CEbit一nocongestionIP:Totallength-1500bytesIP:Identification=2926IP:Flags=2KIP:.0=mayfragmentIP:..1=morefr-aquentsIP:Fragmentot￡set-4440bytesIP:Timetolive=128sezonds/hopsIP:Protocol=1(ICMP)IP:Headerchecksum=A7CC(correct)IP:Sourceaddress=[04]IP:Destino.tionaididress-[00]IP:NooptionsIP:IP:[1480bytesofcontinuationdata.]IP:其相應(yīng)的分析如下表字段報(bào)文（16進(jìn)制）內(nèi)容報(bào)頭長(zhǎng)度45報(bào)頭長(zhǎng)20字節(jié)服務(wù)類型00正常時(shí)延，正常吞吐量，正?？煽啃钥傞L(zhǎng)度05dc分組長(zhǎng)度1500字節(jié)標(biāo)識(shí)0b6e標(biāo)識(shí)為2926標(biāo)志2XDF=0，MF=1，允許分片，當(dāng)前片不是最后片偏移值222b偏移量為4440生存周期80每跳生存周期為128s協(xié)議01攜帶的數(shù)據(jù)來自ICMP協(xié)議頭部校驗(yàn)和A7CC頭部校驗(yàn)和為A7CC源地址3b40c0b8源地址為84目的地址d35e9064目的地址為00IP分組五:L.ontmuationotiramebIPIPIPIPIFIPIPIPIF:L.ontmuationotiramebIPIPIPIPIFIPIPIPIFIPIPIPIPIPIPIPIPIFIPHeaderVersionType：ofservice000._.....0一一....CL..0..0.[ITotallengthIdentificationFlags..1....FragnentoffsetTitilatoliveProtocolHeader-checksum.SourceaddressDestinationaddressNooptions4,headerLength=20bytes=00=routine=noTjna.1delay=normalthroughput=noriiialreliability=E匚Ttut一tr-scnsportpirotocolCEbit一nocongest-ion=1500bytes=2926=2X二mayfragment=morefragments=5920bytes=128seconds/hops=1(ICMFJA713(cor-r-cct)[84][0D]willignoretheLEtut字段報(bào)文（16進(jìn)制）內(nèi)容報(bào)頭長(zhǎng)度45報(bào)頭長(zhǎng)20字節(jié)服務(wù)類型00正常時(shí)延，正常吞吐量，正?？煽啃钥傞L(zhǎng)度05dc分組長(zhǎng)度1500字節(jié)標(biāo)識(shí)0b6e標(biāo)識(shí)為2926標(biāo)志2XDF=0，MF=1，允許分片，當(dāng)前片不是最后片偏移值22e4偏移量為5920生存周期80每跳生存周期為128s協(xié)議01攜帶的數(shù)據(jù)來自ICMP協(xié)議頭部校驗(yàn)和A713頭部校驗(yàn)和為A713源地址3b40c0b8源地址為84目的地址d35e9064目的地址為00IP分組六aaaaaooo：00lb545b3b410011"2548t.0beasaa450000000010;02740b6e03湄eo01弟q23b40cOd3'5eaaaaao2o：90646a.6bSc6dbeGf7071727J74757Gaaaaaoso：616263"646E666768696a6b6c&d6f70nrinrinndri?71727T7d7^77F.1A?AT2ARF.H其相應(yīng)的分析如下表字段報(bào)文（16進(jìn)制）內(nèi)容報(bào)頭長(zhǎng)度45報(bào)頭長(zhǎng)20字節(jié)服務(wù)類型00正常時(shí)延，正常吞吐量，正常可靠性總長(zhǎng)度0274分組長(zhǎng)度628字節(jié)標(biāo)識(shí)0b6e標(biāo)識(shí)為2926標(biāo)志03DF=0，MF=0，允許分片，當(dāng)前片是最后片偏移值039d偏移量為7400生存周期80每跳生存周期為128s協(xié)議01攜帶的數(shù)據(jù)來自ICMP協(xié)議頭部校驗(yàn)和C9C2頭部校驗(yàn)和為C9C2源地址3b40c0b8源地址為84目的地址d35e9064目的地址為00Continuationofframe6IPIPIFContinuationofframe6IPIPIFIPIPIPIPIPIPIPIFIPIPIPIPIPIPIPIFIPIFIPIPIPIPIPHeaderVenrsionType4/headex-length?20□fservice000.?一...0….....0..0..0.0Totd.llengthIdentificationFL己9巳FragnisntoffsetTimeto1ivePro匕eeddJ.Heo.derchecksumSourceaddressDestina.tionaddressNooptionsLIO=routinenornaldelaynorna1thraughputnornalreliabiLityECTbit—transportprotocolwil1CEbi匕一nac?z?3igestion620bytes2526OXmayfmgmentlastfragment7^00bytes128seconds/hops1(ICMP)C5C2d；'correct)[59.64.1921B4]L211.94.144.LOO][608bytesofcontinuaticmdata]ignoiretheCEbit上述便是將一個(gè)8000字節(jié)的分組劃分為六個(gè)分片的情形，我們不妨加以計(jì)算5個(gè)長(zhǎng)度為1500字節(jié)的IP分組，每個(gè)分組的凈荷域=1500-20=1480，第一個(gè)分組為表明是ICMP分組，又加了8個(gè)字節(jié)的長(zhǎng)度，故前五個(gè)分組組裝起來為1480*5-8=7392。加上最后一個(gè)分片，其總長(zhǎng)度為7392+628=8000Byte，證明結(jié)果是正確的。6）TCP協(xié)議分析Host23,位Host2E屹博堆號(hào)JMZ甘的裱U埠花伎序列94位西部長(zhǎng)度1RAfKPSirRT$￥%rIN|她胸口大小1癡也:校蜓和建立連接：在TCP/IP協(xié)議中，TCP協(xié)議提供可靠的連接服務(wù)，采用三次握手建立一個(gè)連接。第一次握手：建立連接時(shí)，客戶端發(fā)送syn包(syn=j)到服務(wù)器，并進(jìn)入SYN_SEND狀態(tài)，等待服務(wù)器確認(rèn)；第二次握手：服務(wù)器收到syn包，必須確認(rèn)客戶的SYN(ack=j+1)，同時(shí)自己也發(fā)送一個(gè)SYN包(syn=k)，即SYN+ACK包，此時(shí)服務(wù)器進(jìn)入SYN_RECV狀態(tài)；第三次握手：客戶端收到服務(wù)器的SYN+ACK包，向服務(wù)器發(fā)送確認(rèn)包ACK(ack=k+1)，此包發(fā)送完畢，客戶端和服務(wù)器進(jìn)入ESTABLISHED狀態(tài)，完成三次握手。完成三次握手，客戶端與服務(wù)器開始傳送數(shù)據(jù)Host1釋放連接：雖然TCP連接是全雙工的，但可將其視為一對(duì)單工連接，每個(gè)連接單獨(dú)釋放，兩個(gè)單工之間獨(dú)立。步驟：客戶端1發(fā)送一個(gè)FIN，用來關(guān)閉1到2的數(shù)據(jù)發(fā)送服務(wù)器2收到這個(gè)FIN，它發(fā)回一個(gè)ACK，確認(rèn)序號(hào)為收到的序號(hào)+1，和SYN一樣，一個(gè)FIN將占用一個(gè)序號(hào)服務(wù)器2關(guān)閉與客戶端1的連接，發(fā)送一個(gè)FIN給客戶端1客戶端1發(fā)回ACK報(bào)文確認(rèn)，并將確認(rèn)信號(hào)設(shè)置為收到序號(hào)+1Host1Hcst2Host1Hcst2每個(gè)TCP報(bào)文頭部都包含源端口號(hào)(sourceport)和目的端口號(hào)(destinationport),用于標(biāo)識(shí)和區(qū)分源端設(shè)備和目的端設(shè)備的應(yīng)用進(jìn)程。在TCP/IP協(xié)議棧中，源端口號(hào)和目的端口號(hào)分別與源IP地址和目的IP地址組成套接字(socket)，唯一的確定一條TCP連接。序列號(hào)(Sequencenumber)字段用來標(biāo)識(shí)TCP源端設(shè)備向目的端設(shè)備發(fā)送的字節(jié)流，它表示在這個(gè)報(bào)文段中的第一個(gè)數(shù)據(jù)字節(jié)。如果將字節(jié)流看作在兩個(gè)應(yīng)用程序間的單向流動(dòng)，則TCP用序列號(hào)對(duì)每個(gè)字節(jié)進(jìn)行計(jì)數(shù)。序列號(hào)是一個(gè)32bits的數(shù)。既然每個(gè)傳輸?shù)淖止?jié)都被計(jì)數(shù)，確認(rèn)序號(hào)(Acknowledgementnumber，32bits)包含發(fā)送確認(rèn)的一端所期望接收到的下一個(gè)序號(hào)。因此，確認(rèn)序號(hào)應(yīng)該是上次已成功收到的數(shù)據(jù)字節(jié)序列號(hào)加1。TCP的流量控制由連接的每一端通過聲明的窗口大小(windowssize)來提供。窗口大小用數(shù)據(jù)包來表示，例如Windowssize=3,表示一次可以發(fā)送三個(gè)數(shù)據(jù)包。窗口大小起始于確認(rèn)字段指明的值，是一個(gè)16bits字段。窗口大小可以調(diào)節(jié)。校驗(yàn)和(checksum)字段用于校驗(yàn)TCP報(bào)頭部分和數(shù)據(jù)部分的正確性。最常見的可選字段是MSS(MaximumSegmentSize，最大報(bào)文大小)。MSS指明本端所能夠接收的最大長(zhǎng)度的報(bào)文段。當(dāng)一個(gè)TCP連接建立時(shí)，連接的雙方都要通告各自的MSS協(xié)商可以傳輸?shù)淖畲髨?bào)文長(zhǎng)度。我們常見的MSS有1024(以太網(wǎng)可達(dá)1460字節(jié))字節(jié)。2)對(duì)照教材6-33圖，理解TCP狀態(tài)轉(zhuǎn)換的過程，按照你所捕獲的消息，畫出Client側(cè)的狀態(tài)轉(zhuǎn)換圖，并進(jìn)行解釋。10.00000000L92_lfi6.1.1GB119.75.21S.1LDTCP■6nnp>htip[syn]:seq-GLtfi-DNss-UfiDws-isjkk_pern-12fl.0004490010.00000000L92_lfi6.1.1GB119.75.21S.1LDTCP■6nnp>htip[syn]:seq-GLtfi-DNss-UfiDws-isjkk_pern-12fl.00044900L92_lfi6.1.10BLDTCP拓abcwice-pori>hicp[sum]id心1說leii-￡Ihss-14&1hs-4sacpL-Pe^-I1H.0DJ&36ODL92_lfiE.1.108119.71.215.HD7CP砥isfl-tp]5.>hltp[snu]Scq-J]tain-S192Len-ol￡-4SMlLPEMT1U.QDlZOZOflL92-LI%119.71.215.LLDTCP€6bin-fiar>top[5州]seq=Dwin=Big2Len=ahss=14$dus=4海心庠明二l5-0.00772500192.166.L.1QBU9.7i.215.LLOKP礪bfd-CDfTCrttl>ht中[5VH]&eq=OWiflTL如L碩FM5S=14WhS=4SA￡K_P￡R>l=L60.00915900ULIGBuL103119?，兄215?11。TCP66bfd-echo>http[SVN]^in=￡192L&l=om5S=UW1*5=45A￡K_PEM=17fl.3L92.16B.L.10BU9.71.215.IllTCP€6upsiriggarvsw>hrcp[SYN]Saq=nhin=3192LSl=aMSS=14.iMWS=4SA￡K_P￡B^L&{L0￡ia9待MLgLL6&LlOfi119.71.21^.IllTCP徒fintrx>http[切N]5eq=