电子科技大学
信
息
网
络
技
术
实
验
报
告
政治与公共管理学院
2016-03-17
实验名称常见网络协议分析实验实验编号 6.3
姓名
学号
成绩
一、实验室名称
政管电子政务实验可视化办公室
二、实验项目名称
常见网络协议分析实验
三、实验原理
利用wireshark捕获发生在ping过程中的ARP报文,加强对ARP协议的理解,掌握ARP报文格式,掌握ARP请求报文和应答报文的区别;利用wireshark捕获一次网页打开的过程,通过观察整个网页获得全过程,加强对HTTP协议的理解,通过观察捕获分组分析和理解HTTP 协议细节和格式;通过追踪本地ping实验过程和远程ping实验过程,观察整个网页获得全过程,利用wireshark捕获实验记录,分析本地ping和远程ping的区别,加深对ICMP协议的理解;掌握FTP服务器软件的安装,使用FTP命令进行文件的上传、下载等操作。
四、实验目的
通过实验加深对数据包的认识,网络信息传输过程的理解,加深对协议的理解,并了解协议的结构与区别。
五、实验内容
实验3利用wireshark分析ping过程
Ping回顾:
What’s PING?
Ping程序目的是为了测试另一台主机是否可达。该程序发送一份ICMP回显请求报文给主机,并等待返ICMP回显应答.
一般而言(无路由器和防火墙限制),如果不能 Ping到某台主机,那么通常可以用Ping 程序来确定问题出在哪里。Ping程序还能测出到这台主机的往返时间,以表明该主机离我们有”多远”。
ICMP回显请求和回显应答报文格式
ICMP报文类型
利用wireshark捕获分组示例:
LAN Ping
ICMP和ARP报文分别为2个和1个,捕获后wireshark面板显示
然后执行ping 113.54.181.153
捕获结果如图:
分析报文
LAN Ping 请求,类型:8 代码:0,表示请求回显(ping 请求)
(1)
Frame 6632: 74 bytes on wire (592 bits), 74 bytes captured (592 bits) on interface 0
Interface id: 0 (\Device\NPF_{9A929778-1688-4150-82A0-C8F7FF2DDAD9})
Encapsulation type: Ethernet (1)
Arrival Time: Jun 16, 2016 21:45:45.658843000 �й���ʱ��
[Time shift for this packet: 0.000000000 seconds]
Epoch Time: 1466084745.658843000 seconds
[Time delta from previous captured frame: 0.000043000 seconds]
[Time delta from previous displayed frame: 0.000000000 seconds]
[Time since reference or first frame: 64.258432000 seconds]
Frame Number: 6632
Frame Length: 74 bytes (592 bits)
Capture Length: 74 bytes (592 bits)
[Frame is marked: False]
[Frame is ignored: False]
[Protocols in frame: eth:ethertype:ip:icmp:data]
[Coloring Rule Name: ICMP]
[Coloring Rule String: icmp || icmpv6]
6632号帧,线路74字节,实际捕获592字节
(2)
Ethernet II, Src: IntelCor_2f:09:e0 (d0:7e:35:2f:09:e0), Dst: HonHaiPr_ba:4e:17 (9c:d2:1e:ba:4e:17)
Destination: HonHaiPr_ba:4e:17 (9c:d2:1e:ba:4e:17)
Address: HonHaiPr_ba:4e:17 (9c:d2:1e:ba:4e:17)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
Source: IntelCor_2f:09:e0 (d0:7e:35:2f:09:e0)
Address: IntelCor_2f:09:e0 (d0:7e:35:2f:09:e0)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
目标MAC地址为HonHaiPr_ba:4e:17 (9c:d2:1e:ba:4e:17)、
源MAC地址为IntelCor_2f:09:e0 (d0:7e:35:2f:09:e0)
(3)
Type: IPv4 (0x0800)
Internet Protocol Version 4, Src: 113.54.182.53, Dst: 113.54.181.153
网络层IP包头部信息,源地址113.54.182.53目的地址113.54.181.153
0100 .... = Version: 4
.... 0101 = Header Length: 20 bytes
Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT)
0000 00.. = Differentiated Services Codepoint: Default (0)
.... ..00 = Explicit Congestion Notification: Not ECN-Capable Transport (0) Total Length: 60
Identification: 0x7ea1 (32417)