Windows網(wǎng)絡(luò)操作命令的使用(實(shí)驗(yàn)報(bào)告)4

實(shí)驗(yàn)三IP報(bào)文的捕獲與分析實(shí)驗(yàn)?zāi)康模?掌握IP數(shù)據(jù)報(bào)格式。.理解IP協(xié)議的工作原理及工作過(guò)程。.掌握使用wireshark捕獲IP等數(shù)據(jù)報(bào)并分析。二、實(shí)驗(yàn)環(huán)境：以太網(wǎng)。三、實(shí)驗(yàn)內(nèi)容：.熟悉WinPcap的體系構(gòu)架和提供的函數(shù)。.學(xué)習(xí)IP數(shù)據(jù)報(bào)校驗(yàn)和計(jì)算方法。.掌握使用wireshark捕獲IP等數(shù)據(jù)報(bào)。.對(duì)捕獲的IP數(shù)據(jù)報(bào)進(jìn)行分析。四、實(shí)驗(yàn)步驟：1.在PING之前先運(yùn)行wireshark熟悉頁(yè)面并進(jìn)行一些設(shè)置

a.單擊CaptureFilter過(guò)濾器：可以設(shè)置捕捉一些特殊規(guī)則的數(shù)據(jù)報(bào)。b.在選中Capturepacketsinpromiscuousmode: 可以設(shè)置為混合全處理模式。c.可以點(diǎn)擊Start開(kāi)始捕捉。過(guò)一段時(shí)間后，點(diǎn)擊Stop停止，觀察捕捉到的數(shù)據(jù)報(bào)，并進(jìn)行分析。2.使用wireshark捕獲和分析IP數(shù)據(jù)包。a.打開(kāi)wireshar并開(kāi)始捕獲數(shù)據(jù)包。b.然后在系統(tǒng)的“開(kāi)始”一“運(yùn)行”一輸入“CMD命令，進(jìn)入DO階令窗口，并輸入“ping”命令測(cè)試網(wǎng)絡(luò)的情況.c.如“pingXDacmRFBntsandGettiiogsXc23*^11in192?1GB?0.1Pingringrwith32bytesofdata：ReplyironR巴plyFirofi區(qū)中口1ReplyironR巴plyFirofi區(qū)中口1卞fronReplyfiron：：192alGS.a.l：=bytes=32Jj?/tesa32s32bytes=32tine=3mstimc,24片txne=lmstime=1fisTTL-255TTL-255TTL-255TTL=255Pingstatisticsfor=Packets：Sent=4,Received三4,Lost三B<0X1口右￡>#Hppiraximate1*ouridtriptimcsinmllli"SecDnd@-Mioivnum=Ins?Maximvuini=3ms?Aver1呂1ge=InaG：\DocmnrentsandSettiogrs\czr>ping-13000192.168.0,1Pinkingwith30&&bytes口Fd&ta-peplyReplyReplyKeplyfr*nnfironfronfrom192,168,0.1：bytes=3000192.168.0,1：bytes=3000：bytes=3000：bytes=3WW0tiiw-Gfi?tine=2mstime=2nstine-2msTTL=255TTL=255TTL=255TTL=255Plng[stat:ist：icsfar192*168.0.1oPackets￡Sent=4.Received=4.Lost=0C0^[口耳Approxinateroundtriptimesinmilli-seconds：Minimum=2ms,Naxinuvi=6ms,Auer^ge=3ms|Ce\D口心UM/nts：and8。Ct:Ingsy七臚）Ping命令的使用d.再回到wireshar點(diǎn)擊停止后查看捕獲到的數(shù)據(jù)，雙擊打開(kāi)“ping

后的數(shù)據(jù)包，分析數(shù)據(jù)包的內(nèi)容。209IP-00zh.gT70'00.000044RT5Ji5ec=4794^Dst-ii554：210XPIP-192-16B-0-1151800.091067PINGReqEcho:192,168,0」211XPIP-l51a0C.DQ5739IPrc^giient212XPIP-19Zb16B.D.1日60口.D0D41SIPFragBent.213IP^192.168.O.1XPisia00.001575FIMGReplyEchoReply:XP2141P-192.16S.0.1■isia00.001043Iffragaent215IP-XP86:00.000138iIPrraoBent216zh*/罰乂.com,cn.IP-192,168,0B100151000-Q74866rtst"jWrc=一SCBQ”彳河匚分片的數(shù)據(jù)包（以下圖片全部通過(guò)wireshark捕獲數(shù)據(jù)包，然后用QQ^的截圖功能截取）EiFrarre1bytesonv.irej7Sbytescaptured)ArrivalTime:Dec8,201012:33,20S28600C'Tinedeltafron-pre^.iouspacket:0.000000000seconds]|；Times-ineereferenceorfirstframe:0<000000000seconds]FrameNumber:1PacketLength:78bytesCaptureLength:7fibytes;Protocgl5inframe:eth:ip：tep]^Coloringru1eName:TCP]I'coloringRuleString:tep]EthernetII,Src:00:lf:d0:c9:b3:c7(00:lf:d0:c9:b3:c7),Ost:Cisco_12:93:fc[00:0b:60:12:93:fc)日Destination:ciscoj.2:93:fc(00:0b:60:12:93:fc)address：d5CO_12:93：fc(00:0b:60;12:93jfc) 0 □ multicast:Thisisaunicastframe 0 = Locally^dniinisrratedAddress:ThisisafactoryD￡FWltaddress3SourcerOQ:lf：dO;c9:b3:c?(00:lf;d0:c9：b3:c7)Address:00:lf:d&it9:b3:c7(QO:lf:d0:c9:K：€7) 0 = multicast:Thisisaunicastframe 0. = LocallyAdirnnistratedAddress:ThisisafactorydefaultaddressType;IP(0x0800)IP協(xié)議節(jié)點(diǎn)EinternetProtocol,src：192,168,^,124(192.16S,S,124),osr:1,59,22.255(1.59,22.255)versions4Headerlength:20bytesrDifferentiatedS電Fi€ld:CxOO(D5CP0x00:Default;ECN：0x00)000000,,=Differentiatedservicescodepolnt:Default(0x00) 0.=ECN<apableTransport(ECT):0 0=ECN-CE：0TotalLength:64identification:0xa949(43337)□Flags:0x000.4.=Reservedbit：Motset.0..=Don'tfragment:NotsetT,0.=Morefragments;NotsetFragmentoffset:0Timetolive;64Protocol:TCP0x06)EHeaderchecksum:OxfOlO[correct][Good:True][Bad：False]Source:192,166,5,124(192,168^,124)Destination:1*59.22,255(1.5^22.255)IP協(xié)議節(jié)點(diǎn)上面節(jié)點(diǎn)說(shuō)明如下:樹(shù)節(jié)點(diǎn)名稱說(shuō)明VersionIP版本，IPv4HeaderLength20個(gè)字節(jié)的IP頭，沒(méi)有其他選項(xiàng)TotalLength該IP包攜帶的64字節(jié)Flags不分片標(biāo)志被設(shè)置沒(méi)有被設(shè)置，該IP在通過(guò)各種類型的網(wǎng)絡(luò)時(shí)可以分片傳輸；如果該網(wǎng)絡(luò)的最大數(shù)據(jù)包小于該IP包的長(zhǎng)度，該數(shù)據(jù)包將被分片傳輸；TimetoliveTTL值為64,最多數(shù)據(jù)傳輸64個(gè)節(jié)點(diǎn)就被拋棄。Protocol該數(shù)據(jù)包是TCPB議的Headerchecksum頭的校驗(yàn)和，通過(guò)該字段可以知道數(shù)據(jù)是否啟錯(cuò)誤。Source,Destionation該數(shù)據(jù)包的網(wǎng)絡(luò)層源和目標(biāo)地址。

3.進(jìn)制數(shù)據(jù)包窗口16進(jìn)制數(shù)據(jù)包窗口將數(shù)據(jù)包的所有內(nèi)容以 16進(jìn)制的形式顯示出來(lái)，如下所示:obom03105obom03105ioo4oboOC4OO7)73sfss2b200061--s323c-a707—30505bc1o190138cIfocOoes7—df300r6b13100/07ooc15七4ao1coaoa尸ofo03oso5902002930114cdoQ9_7e16aofoboffdo4fffoo6fcooIfrjC-L'?心。0030004016進(jìn)制數(shù)據(jù)包窗口該窗口包括3部分，分別是：16進(jìn)制的序號(hào)，單位為字節(jié)；最左邊部分。16進(jìn)制的數(shù)據(jù)內(nèi)容：16個(gè)字節(jié)一行；中間部分ASCII碼數(shù)據(jù)內(nèi)容，最右邊部分。五、實(shí)驗(yàn)小結(jié)：通過(guò)以上學(xué)習(xí)，基本掌握了wireshark軟件的運(yùn)用。如何捕獲數(shù)據(jù)包、怎樣分析數(shù)據(jù)包以及如何過(guò)慮數(shù)據(jù)包。我也理解了在現(xiàn)實(shí)生活中，捕獲數(shù)據(jù)報(bào)的用途。例如在一家企業(yè)中，網(wǎng)管可以通過(guò)查看每臺(tái)主機(jī)流過(guò)數(shù)據(jù)報(bào)的一些情況，可以判斷員工上網(wǎng)行為是否合理。但學(xué)習(xí)wireshark的使用不是最終目的，wireshark只是輔助工具，真正需要掌握的是IPTCP等包的格式，以及各個(gè)字段的含義及作用。通過(guò)分析，更加加深了本人對(duì) TCP/IP協(xié)議簇的理解。實(shí)驗(yàn)四TCP報(bào)文的捕獲與分析一、實(shí)驗(yàn)?zāi)康模?）掌握 TCP建立連接的工作機(jī)制。（2）掌握借助 Wireshark捕捉TCP三次握手機(jī)制。（3）掌握 SYN、ACK標(biāo)志的使用。二、實(shí)驗(yàn)內(nèi)容用Wireshark軟件捕捉 TCP三次握手機(jī)制。三、實(shí)驗(yàn)原理TCP報(bào)文段格式如圖 1所示。

比特08162431比特081624314口節(jié)定部T2字固首圖1TCP報(bào)文段格式三次握手機(jī)制實(shí)驗(yàn)原理如圖2所示。圖2三次握手機(jī)制工作示意圖四、實(shí)驗(yàn)環(huán)境交換式網(wǎng)絡(luò)、windows操作系統(tǒng)、Wireshark軟件注意:在做這個(gè)實(shí)驗(yàn)的過(guò)程中，例如從打開(kāi)某一網(wǎng)頁(yè)獲得TCP包從而分析TCP的三次握手機(jī)制過(guò)程中，容易犯先打開(kāi)網(wǎng)頁(yè)再開(kāi)始抓包的錯(cuò)誤，正確的做法是先在 Whireshark軟件中設(shè)置TCP抓包，然后再打開(kāi)一個(gè)網(wǎng)頁(yè)。

五、實(shí)驗(yàn)內(nèi)容與步驟(1)開(kāi)啟Wireshark軟件在捕捉接口對(duì)話框中選中網(wǎng)卡接口，然后點(diǎn)擊 "Optinos進(jìn)行包過(guò)濾。Wireshark：CaptureOptionsCaptureInterface:Local7Microsoft:\Device\NPFJ34EFDD&4*BB6B*4A5F-BC0B-F7FC1B5Bl[vIPaddress:fe&tbd18ax87c:efa3c5b12409;88a&876；Hl925h1013&122J7&Link-layerheadertype:Ethernet7Link-layerheadertype:Ethernet7@Capturepacketsinpromiscuausmade|_Capturepacketsinpcap-ngiormat|.Limiteachpacketto65535 :byte?Capturefilter:WirelessSettingsRemoteSettingsBuffer?ize：1 :meg^bytefs)CompileBPFCaptureFilefs]Files Brows&h.*匚IUsemultiplefilesvNextfileevery1:megabyte(s)NextfileeveryCaptureFilefs]Files Brows&h.*匚IUsemultiplefilesvNextfileevery1:megabyte(s)Nextfileevery1▼minirte(sjRingbufferwith2二files□Stopcaptureafter1Cfllets)StopCapture...after1工▼megabytefs)□after1Tnriinute(s)□after1 :packet(s)HelpDisplayOptions0Updatelistofpacketsinrealtime回AutomaticscrollinginlivecaptureyHidecaptureinfodialogmeResolution@EnableMACnameresolutionEnablenetworknameresolutionYEnabletransportnameresolution魚(yú)art Cancel(2)過(guò)濾TCP數(shù)據(jù)包在隨后出現(xiàn)的的下列對(duì)話框中， 在“CaptureFilter處填寫(xiě)TCP,從而捕捉到TCP包，進(jìn)而獲得TCP三次握手的建立機(jī)制，然后點(diǎn)擊 “Start。"(3)(3)TCP三次握手機(jī)制生成與分析訪問(wèn)某一網(wǎng)站，則Whireshark捕捉到的TCP三次握手的信息，如圖4所示，以前三行為例解析一下。第一行對(duì)應(yīng)的是第一次握手，其中 [SYN]出現(xiàn)表明為三次握手的開(kāi)始的標(biāo)志。Liapturingfrc<pMkrosoft也pj[Wirrslwk(SVNRevA1973from/trunk-1.■6)]hhj-EdiMm曼o工衲吹點(diǎn)AnaljMiiainKi 中；[Ws Mb匕6川*主用*春41歸H◎，眸0I一笆N鶯?Fhir: E^prnaien-.Cnar加"曲Ne%Tanw &B?ro? C.idrwt^n NolixdLingithIri^-1G.jKHHHiO14.3fi.122.i7tLil.ILIM.MtopMS271T>hrcps[?]“qH*IH?2Ltiin-Diwi<i前ws-254s?K._nm-i12%M2百k13-i?iQ4ZW913dQMMFIS?.MWIC0LO6BU714.35.1ZE.17*lA.3i3.lZZ.17W10.IQ.177.17Y1j9l12%M2百k13-i?iQ4ZW913dQMMFIS?.MWIC0LO6BU714.35.1ZE.17*lA.3i3.lZZ.17W10.IQ.177.17Y1j9lAfi.iU.i?tlCi.i6-122.i7SHL.ia.lQQ.Dl311.13.10Q91m.ia.iN.n131.1J.lUtl.Olvldpp-bpsrcTtnTrTL645271T>htcps[mCa]^fl-213Mk-4321win-15414L<en-DmeTFGI爾T瑁三5J5ZT17>https[?k]5?]-Z13acK^323HJjMMLen-0IW-Cl-I^TtK"E?i：hRng￥aChangeClpH4rSpec.*】T@Requrrt.M^llptpcpwt14M[TCP￡*^?鵬t?f1iJ*UitirLlfrdPOJj912Appli￡.iTlong【m17Q.Q759B510.3fi.122^17tlUi.a3.4-5.55ISO.Q7BBSF111.13.1W.-9T419Q."M59Id34.123,171上口o.st白白a。in.ii.ida.-nid.M.i應(yīng)Hiu.i9.iaa.fiipPEVPrTCKTlTrl;64152716>htcp[STM]yT*1n-635J5LdFAME。r3-25t5*CKFCRJ^lXhccpi>52717[?.)3?q-G3Z3Mk-339m5-LdfEncryptH.nri3h?k皆PHMqdChfrr]R<iph?jrSpf%ErKrypt^NaMiiy^EiM昆33HgpmHeEpi>SifiT[ack]±*可=白，也4 lbitCjihrr^.r_ET747ra^urlircn-UUUE**」-。冷二"7 HF**i2弧41F9Sill.13.100.^110.W.1122.171TCPeshccpj-52717L5e.4M￡?1-：?Mk-lr1ri-Bl?Len-D喳弘1-，口rS-124XK_PE”ii他Q1M歌1弧孫1212LU.19.1PQ91RP51*7口>hrtps[*<i(]5?q-lift-1戟HE*4口.口1胃？*ID.1A.17T.I?Arii.ii.inrLa]Tl.SmJ.F rl-lipath?11Iq-R力.口*111.i3.idd.-5a10.TCP54hELpS，52717[ACK]±44-1寓LdllpO￡O.iUiSi?iii.ia.iW.W.10.3*.122.1FETL5wl.』M'Xnumi-ttlla-70.0^1313Ill,13.1W.-974TUPNX[TCrS4中麗<?班*re-usserbltdKuj息0.IH13W111.13UJ0.-91Id.Miil22.17BTL5V1.c ￡ertifRaie1D3.-RLTCP

ecwcfg向http發(fā)送一個(gè)標(biāo)志為SYN=1且含有初始化序列值seq=0的數(shù)據(jù)包，開(kāi)始建立會(huì)話，在初始化會(huì)話過(guò)程中，通彳t雙方還在窗口大小 Win、最大報(bào)文段長(zhǎng)度MSS等方面進(jìn)行協(xié)商。同時(shí)Sourceport為2263,Destinationport為80,打開(kāi)編號(hào)為1所示的下拉菜單，會(huì)出現(xiàn)對(duì)應(yīng)項(xiàng)的更加詳細(xì)的解析，如圖所示。■Frarw：后6byt*s口nwir< p毋6byt”sptur.d(52?1Mt*)￡lEtherwtIIPSrc；B0；19；34；c4；3dH9(B0；19i34；c4；3di；49)BD3t；IETF-WW-VRID_OZ(QQ；OOi5-e；QQ；01；02)kiinterwrProracoliversion4,srcs36.122.17B(10.J6a122.173),Ost:111.13,100.91(111-13：.10GB91)BTransmissioncorirr^lprotocol.srcFort:52717￡52717)fedstportehrrps￡443)(seqs213：Acki4321s.Lend0sourcepart^52717(52717)&?5t1nationport:http?(^4J)[Strewnindejc;0]Sequencenurrta.er:2L3(relarIvesequencenunber)AcknoHiledgerwenrnuniber:>4321(relativeacknumber)Hn￡d4rlength：:32byt?sisFlJigs;OxOlG(ACkJrnndowslzevilyeTTil[Calculated size:156116][irlrKlkMsizescalingfacror:256](3Chefkiwi:口乳航1bd[wAl1d^Eifirtd1±abled]OOID OO 羽 M 12 =。0口 40。6 b2 73 Oa 24 7a b2 肝Od .4Q.吼巾..QOZQ 64 Sb cd ed 如 bb ffi。 ed 12 9B 4f 9f 3b SBBE d[.PB..a，:￡>.；?0030 00 3d b7 be 00 00 01 01 05 oa 9B 4f ad db §S4f ，■…………口…白0O4Da?fid -?FIe肌?FIe肌p.Ragn2b加E口加”?3M：睡］、片：黑打，1二第二行對(duì)應(yīng)的［SYN,ACK］表明為二次握手，是對(duì)建立的確認(rèn)。http向ecwcfg發(fā)送包含確認(rèn)值的數(shù)據(jù)段，如圖總TransmissionControlProtocol(TCP)所示，其值等于所收到的序列值加一， 即ACK=1，其自身的序列號(hào)為0;并對(duì)MSS更改為1452。源端口號(hào)SrcPort為80,目的端口號(hào)DstPort為2263。.inter-rwtpremc】vt^anJ,sr?：10,36.122,173do.招。v：m.i3,iMrqi(in.19,1M.91)sTransmisafariCantrollProtocol?SrcPart;52717(52717)aDstPort;https<443)B5eq;213PAcki4321aLen;Sourcepart;5271?C5S717?Destinationpart:https(4^3)[Streuiindex:D]Sequencenumber:WIM (relarivesequencenuaber)息EkgH】心的西餐mriuaber4321(rtlarivticknuffiber)Headerlength;32bytesitiFlags：GxOlO〔AC?Owindowsizevalue:61[Calculatedwind加size:15616][windowsizescalingfactor1256]isctncluum:[windowsizescalingfactor1256]isctncluum:Oxbzbt[validationdlsabled]rr-n-AV<A-* HlEheK0010002000300040第三行對(duì)應(yīng)的是第三次握手ecwcfg向http發(fā)送確認(rèn)值Seq=1、Ack=1(