wireshark抓包分析實驗報告

Wireshark抓包分析試驗假設(shè)惜年一、試驗?zāi)康模? wireshark軟件，能在電腦上抓包。二、試驗內(nèi)容：使用抓包軟件抓取協(xié)議通信的網(wǎng)絡(luò)數(shù)據(jù)和DNS通信的網(wǎng)絡(luò)數(shù)據(jù)，分析對應(yīng)的、TCP、IPDNS.UDP.IP協(xié)議。三、試驗正文：IP報文分析：sInternetProtocol,Src:119.75.222.18(119.75.222.18),Dst:192.168.1.108(192.168.1.1Version:4Headerlength:20bytes?DifferentiatedServicesField:0x00(DSCP0x00:Default;ECN:0x00)TotalLength:40Identification:0xd74b(55115)?Flags:0x02(Don”tFragment)Fragmentoffset:0Timetolive:48Protocol:TCP(6)?Headerchecksum:0x5cl2[correct]Source:119.75.222.18(119.75.222.18)Destination;19168.1.108(192.168.1.108)?TransmissionControlProtocol,SrcPort:(80),DstPort:56670(56670),Seq:1,Ack:從圖中可以看出：IP報文版本號為：IFV4首部長度為:20bytes數(shù)據(jù)包長度為：40標(biāo)識符：0xd74b標(biāo)志:0x02比特偏移：0壽命：48上層協(xié)議：TCP首部校驗和:0x5cl2源IP地址為：目的IP為:UDP:0UserDatagramProtocol^SrcPort:childkey-notif(1891),DstPort:irdmi(Sourceport:childkey-notif(1891)Destinationport:irdmi(8000)Length:280Checksum:0x58d7[validationdisabled]□Data(20bytes)Data:64f53d0094cc7ce5f65e475037002ca792bdc44b□Data(20bytes)從圖中可以看岀：源端口號:1891U的端口號：8000udp報文長度為:28檢驗和：0x58d7數(shù)據(jù)長度：20bytesUDP協(xié)議是一種無需建立連接的協(xié)議，它的報文格式很簡潔。當(dāng)主機中的DNS應(yīng)用程序想要驚醒一次查詢時，它構(gòu)造一個DNS查詢報文段并把它給UDP,不需要UDP之間握手，UDP為報文加上首部字段，將報文段交給網(wǎng)絡(luò)層。TCP:第一次握手:sTransmissionControlProtocol,SrcPort:56770(56770),DstPort:(80)fSeq:0,號:56770(56770)目的端□號:(80)[Streamindex:17]Sequencenumber:0Headerlength:32bytes

(relativesequencenumber)□ Flags:0x02(SYN)000.............=□ Flags:0x02(SYN)???0......二Nonce:Notset....0.............=CongestionWindowReduced(CWR):Notset........0........=ECN-Echo:Notset........0........=Urgent:Notset0????=Acknovvledgement:Notset...........0…=Push:Notset.............0??=Reset:Notseta 1. =Syn:Set.................0 =Fin:NotsetWindowsize:8192□ Checksum;0xf734[validationdisabled][GoodChecksum:False][BadChecksum:False]rc rIi、從圖中看出：源端口號：56770II的端口號：80序列號為：0首部長為：32bytesSYN1表示建立連接成功當(dāng)fin1時表示刪除連接。其次次握手:源端口號:(8O)56770(56770)[Streamindex:17]Sequeneenumber:0(relativesequeneenumber)Acknowledgementnumber:1(relativeacknumber)Headerlength:24bytes日醞s:0x12(SYNZACK)000......... =Reserved:Notset...0.......... =Nonce:Notset....0…… =CongestionWindowReduced(CWR):Notset?….0??? =ECN-Echo:Notset? =Urgent:Notset.......0...1..0?

=Acknowledgement:Set=Push:Notset=Reset:Notset=Syn:Set...1...1?...0Fin:NotsetWindowsize:146000Checksum:0x5781[validationdisabled][GoodChecksum:False][BadChecksum:False]從圖中看出：源端口號是：800ack為:1Acknowledgement1表示包含確認的報文Syn1表示建立連接。第三次握手:0TransmissionControlProtocol*SrcPort:56770(56770)*DstPort:(80),Seq:1,Ack源端口號:56770(56770)目的端口號:(80)[Streamindex:17]Sequencenumber:1(relativesequencenumber)Acknowledgementnumber:1(relativeacknumber)Headerlength;20bytes□Flags:0x10(ACK)000...............= Reserved:Notset.0......... =Nonce:Notset??0…?????0….???????

=CongestionWindowReduced(CWR):Notset=ECN-Echo:Notset=Urgent:Notset=Acknowledgement:Set=Push:Notset=Reset:Notset=Syn:Notset......0=......0=Fin:Notset□Checksum:0xf728[validationdisabled]從圖中看出：源端口：56770目的端口：80序列號為：1ACK為：1首部長為：20bytesAcknowledgement1表示包含確認的報文所以，看岀來這是TCP連接成功了Tcp是因特網(wǎng)運輸層的面對連接的可幕的運輸協(xié)議，在一個應(yīng)用進程可以開始段，建立確保傳輸?shù)膮?shù)。發(fā)送報文:SGET//l.l\r\nHost:vw^v.baidu\r\nConnection:keep-alive\r\nAccept:text/htmlzapplication/xhtml+xmlzapplicatbn/xml;q=0.9zrnage/webpz*/*;q=0.8\r\nUser-Agent:Mozilla/5.0(WindowsNT10.0;WOW64)AppleWebKit/537.36(KHTML,likeGeelReferer:s://wvAv.baidu/lhk7urk8g4CZsXFGvv4ZyiP3z6IO2XIyRmgtObIvvMopZPOwJ-Accept-Encoding:gzip,deflate,sdch\r\nAccept-Language:zh-CN,zh;q=0.8\r\n[truncated]Cookie:BAIDUID=07F68A3D8A6E54DlE754230DA462EF2C:FG=l;BIDUPSID=O\r\nGET//：是懇求一個頁面文件HOST：是懇求的主機名Connection：持續(xù)連接Accept：收到的文件User-Agent:掃瞄器的類型Accept-encoding：gzipdeflatesdeh限制回應(yīng)中可以承受的內(nèi)容編碼值,指示附加內(nèi)容的解碼方式為gzip,deflate,sdeh。Accept-language:申請的語言種類是中文響應(yīng)報文：□|HypertextTransferProtocolE/1.1200OK\r\nServer:nginx\r\nDate:Monz07Dec201514:23:27GMT\r\nContent-Type:text/plain;charset=UTF-8\r\n?Content-Length:118\r\nConnection:keep-alive\r\nssLine-basedtextdata:text/plain[truncated]\032p\242\272s\225\037\241\313\250\207\360\264\201\314\02/200OK:表示版懇求成功Server:表示報文是nginx效勞器產(chǎn)生的Date：表示效勞器產(chǎn)生并發(fā)送報文的時間和日期Contenttype:表示文件類型是plain,charset是字符集Contentlength：表示發(fā)送的字節(jié)數(shù)Connection：長久連接Dns:UserDatagramProtocol,SrcPort:domain(53),DstPort:52069(52069)0DomainNameSystem(response)〔RequestIn:227]aFlags:0x8180(Standardqueryresponse^NoaFlags:0x8180(Standardqueryresponse^Noerror)Questions:1AnswerRRs;2AuthorityRRs:7AdditionalRRs:7Queries?ss2.baidu:typeAfclassINAnswers日ss2.baidu:typeCNAMEfclassINrcnamesslbaidu.jomodnsName:ss2?baiduType:CNAME(Canonicalnameforanalias)Class:IN(0x0001)Timetolive:5minutes,51secondsDatalength:19Primaryname:sslbaidu.jomodnssslbaidu.jomodns:typeA,classIN，addr123.138.46.33DNS使用的是UDP協(xié)議Question1AnswersRRs2:發(fā)岀