IP 协议分析
the first ICMP Echo Request message sent by your computer, and expand
the Internet Protocol part of the packet in the packet details is the IP address of your computer
2. Within the IP packet header, what is the value in the upper layer protocol field
上层协议区域的值为ICMP(1)
3. How many bytes are in the IP header How many bytes are in the payload of the
IP datagram Explain how you determined the number of payload bytes.
4. Has this IP datagram been fragmented Explain how you determined whether or
not the datagram has been fragmented
该数据包没有被分割,在Flags 标记中,More fragments 被置为0,所以,说明后面没有被分段。
5. Which fields in the IP datagram always change from one datagram to the next
within this series of ICMP messages sent by your computer
能
6. Which fields stay constant Which of the fields must stay constant Which fields
must change Why
必须改变的:Identification(标识)、Header checksum(头部检验和)
标识是源主机赋予IP数据报的标识符、头部校验和用于保证IP数据报报头的完整性。
必须保持不变的:Version(版本)、Header length(头部长度)、Differentiated Services Field(区分服务)、Flags(标记)、Fragment offset(片偏移)、Protocol(协议)、Destination(目地地址)
7. Describe the pattern you see in the values in the Identification field of the IP Datagram
Next (with the packets still sorted by source address) find the series of ICMP TTLexceeded replies sent to your computer by the nearest (first hop) router.
8. What is the value in the Identification field and the TTL field
9. Do these values remain unchanged for all of the ICMP TTL-exceeded replies sent
to your computer by the nearest (first hop) router Why
由上图可知,TTL值不变。
10. Find the first ICMP Echo Request message that was sent by your computer after
you changed the Packet Size in pingplotter to be 2000. Has that message been
fragmented across more than one IP datagram [Note: if you find your packet has
not been fragmented, you should download the zip file
and extract the ipethereal-
trace-1packet trace. If your computer has an Ethernet interface, a packet
size of 2000 should cause ]
该消息传送多于一个IP数据包的分段,More fragment被置为1;Fragment offset:0,说明为第一个片段;Total length:1500。第二个片段Total length:548, 两个片段总长度相加为2048 bytes,减去IP头部20 bytes,等于2028 bytes。
11. Print out the first fragment of the fragmented IP datagram. What information in
the IP header indicates that the datagram been fragmented What information in
the IP header indicates whether this is the first fragment versus a latter fragment
How long is this IP datagram
Fragment offset:1480,说明不是第一个片段;More fragment被置为0,说明没有更多片段;
头部有20字节,总共有548字节,该IP 的数据包是548 – 20 =528 字节。
12. Print out the second fragment of the fragmented IP datagram. What information in
the IP header indicates that this is not the first datagram fragment Are the more
fragments How can you tell
Fragment offset:1480,说明不是第一个片段;More fragment被置为0,说明没有更多片段
13. What fields change in the IP header between the first and second fragment
Total length、Flags中的More fragment、Fragment offset、Header checksum改变
Now find the first ICMP Echo Request message that was sent by your computer after you changed the Packet Size in pingplotter to be 3500.
14. How many fragments were created from the original datagram
从原始数据包中,产生了两个分段,片偏移分别为:0 , 1480 。
15. What fields change in the IP header among the fragments
Total length、Flags中的More fragment、Fragment offset、Header checksum改变