IP 协议分析

the first ICMP Echo Request message sent by your computer, and expand

the Internet Protocol part of the packet in the packet details is the IP address of your computer

2. Within the IP packet header, what is the value in the upper layer protocol field

上层协议区域的值为ICMP（1）

3. How many bytes are in the IP header How many bytes are in the payload of the

IP datagram Explain how you determined the number of payload bytes.

4. Has this IP datagram been fragmented Explain how you determined whether or

not the datagram has been fragmented

该数据包没有被分割，在Flags 标记中，More fragments 被置为0，所以，说明后面没有被分段。

5. Which fields in the IP datagram always change from one datagram to the next

within this series of ICMP messages sent by your computer

能

6. Which fields stay constant Which of the fields must stay constant Which fields

must change Why

必须改变的：Identification(标识)、Header checksum(头部检验和)

标识是源主机赋予IP数据报的标识符、头部校验和用于保证IP数据报报头的完整性。

必须保持不变的：Version(版本)、Header length(头部长度)、Differentiated Services Field(区分服务)、Flags(标记)、Fragment offset(片偏移)、Protocol(协议)、Destination(目地地址)

7. Describe the pattern you see in the values in the Identification field of the IP Datagram

Next (with the packets still sorted by source address) find the series of ICMP TTLexceeded replies sent to your computer by the nearest (first hop) router.

8. What is the value in the Identification field and the TTL field

9. Do these values remain unchanged for all of the ICMP TTL-exceeded replies sent

to your computer by the nearest (first hop) router Why

由上图可知，TTL值不变。

10. Find the first ICMP Echo Request message that was sent by your computer after

you changed the Packet Size in pingplotter to be 2000. Has that message been

fragmented across more than one IP datagram [Note: if you find your packet has

not been fragmented, you should download the zip file

and extract the ipethereal-

trace-1packet trace. If your computer has an Ethernet interface, a packet

size of 2000 should cause ]

该消息传送多于一个IP数据包的分段，More fragment被置为1；Fragment offset：0，说明为第一个片段；Total length:1500。第二个片段Total length:548, 两个片段总长度相加为2048 bytes，减去IP头部20 bytes，等于2028 bytes。

11. Print out the first fragment of the fragmented IP datagram. What information in

the IP header indicates that the datagram been fragmented What information in

the IP header indicates whether this is the first fragment versus a latter fragment

How long is this IP datagram

Fragment offset：1480，说明不是第一个片段；More fragment被置为0，说明没有更多片段；

头部有20字节，总共有548字节，该IP 的数据包是548 – 20 =528 字节。

12. Print out the second fragment of the fragmented IP datagram. What information in

the IP header indicates that this is not the first datagram fragment Are the more

fragments How can you tell

Fragment offset：1480，说明不是第一个片段；More fragment被置为0，说明没有更多片段

13. What fields change in the IP header between the first and second fragment

Total length、Flags中的More fragment、Fragment offset、Header checksum改变

Now find the first ICMP Echo Request message that was sent by your computer after you changed the Packet Size in pingplotter to be 3500.

14. How many fragments were created from the original datagram

从原始数据包中，产生了两个分段，片偏移分别为：0 , 1480 。