学院计算机学院专业网络工程指导教师黄杰

学生姓名学号实验日期11.6

一、以太帧格式的分析

1.抓取方法描述

先在命令窗口下输入ipconfig查看本地的ip地址，得到的结果如下：

可以得到本地的IP地址为10.66.126.254，默认网关为10.66.64.1，物理地址为3C-77-E6-6E-92-85，然后打开wireshark软件开始抓包，找到可以建立连接的IP地址来进行ping。这里选择的目的ip地址为119.90.37.235，将wireshark之前抓取的包清空重新打开进行抓取。

在命令窗口下输入ping 119.90.37.235.

2.记录抓取的过程

关闭wireshark，在过滤器中输入icmp,可以找到发送并接受的8个icmp协议下的数据包。

选择其中一个数据包对以太帧格式进行分析。

3.抓取数据的内容

抓取数据内容如下：

这里面包括了发送数据包的源MAC地址和接受数据包的目的MAC地址，以太帧类型以及数据内容等等。

4.抓取数据的格式解释（可直接在抓取数据的内容旁边标注）

●源MAC地址：3C-77-E6-6E-92-85

●目的MAC地址：00-00-54-00-01-02

●类型：协议类型为ICMP类型

●长度:IP包总长度为60

●校验和

●以太帧类型：0x0800

帧内封装的上层协议类型为IP,十六进制码为0800

5.补充说明（如果有需要补充的内容写在这）

ICMP的以太帧中数据内容为32字节，这里可以看到里面的内容是：abcdefghijklmn opqrstuvwabcdefg hi 。

二、ARP协议的分析

1.抓取方法描述

首先查看本地的IP地址：

这里是192.168.1.7，目的主机是室友的电脑，IP地址为192.168.1.4。

首先清除arp缓存

2.记录抓取的过程

在wireshark中选择arp过滤，在过滤规则中设置host 192.168.1.4，然后点击开始抓包。接下来在命令窗口中输入ping 192.168.1.4。

成功ping通后在wireshark中找到arp请求数据包和arp响应数据包。

3.抓取数据的内容

保存为抓包文件并导出为文本文件,文本文件内容如下：

No. Time Source Destination Protocol Length Info

3 11.896476000 HonHaiPr_6e:92:85 Broadcast ARP 42 Who has 192.168.1.4? Tell 192.168.1.7

Frame 3: 42 bytes on wire (336 bits), 42 bytes captured (336 bits) on interface 0 Interface id: 0 (\Device\NPF_{3D0F013B-07F2-4556-90A3-C7EBFBDCBCE0})

Encapsulation type: Ethernet (1)

Arrival Time: Nov 6, 2015 17:55:46.028454000 中国标准时间

[Time shift for this packet: 0.000000000 seconds]

Epoch Time: 1446803746.028454000 seconds

[Time delta from previous captured frame: 10.975678000 seconds]

[Time delta from previous displayed frame: 0.000000000 seconds]

[Time since reference or first frame: 11.896476000 seconds]

Frame Number: 3

Frame Length: 42 bytes (336 bits)

Capture Length: 42 bytes (336 bits)

[Frame is marked: True]

[Frame is ignored: False]

[Protocols in frame: eth:ethertype:arp]

[Coloring Rule Name: ARP]

[Coloring Rule String: arp]

Ethernet II, Src: HonHaiPr_6e:92:85 (3c:77:e6:6e:92:85), Dst: Broadcast (ff:ff:ff:ff:ff:ff) Destination: Broadcast (ff:ff:ff:ff:ff:ff)

Address: Broadcast (ff:ff:ff:ff:ff:ff)

.... ..1. .... .... .... .... = LG bit: Locally administered address (this is NOT the factory default)

.... ...1 .... .... .... .... = IG bit: Group address (multicast/broadcast)

Address: HonHaiPr_6e:92:85 (3c:77:e6:6e:92:85)

.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)

.... ...0 .... .... .... .... = IG bit: Individual address (unicast)

Type: ARP (0x0806)

Address Resolution Protocol (request)

Hardware type: Ethernet (1)

Protocol type: IP (0x0800)

Hardware size: 6

Protocol size: 4

Opcode: request (1)

Sender MAC address: HonHaiPr_6e:92:85 (3c:77:e6:6e:92:85)

Sender IP address: 192.168.1.7 (192.168.1.7)

Target MAC address: 00:00:00_00:00:00 (00:00:00:00:00:00)

Target IP address: 192.168.1.4 (192.168.1.4)

No. Time Source Destination Protocol Length Info

4 11.981481000 HonHaiPr_25:f7:56 HonHaiPr_6e:92:8

5 ARP 42 192.168.1.4 is at 3c:77:e6:25:f7:56

Frame 4: 42 bytes on wire (336 bits), 42 bytes captured (336 bits) on interface 0 Interface id: 0 (\Device\NPF_{3D0F013B-07F2-4556-90A3-C7EBFBDCBCE0})

Encapsulation type: Ethernet (1)

Arrival Time: Nov 6, 2015 17:55:46.113459000 中国标准时间

[Time shift for this packet: 0.000000000 seconds]

Epoch Time: 1446803746.113459000 seconds

[Time delta from previous captured frame: 0.085005000 seconds]

[Time delta from previous displayed frame: 0.085005000 seconds]

[Time since reference or first frame: 11.981481000 seconds]

Frame Number: 4

Frame Length: 42 bytes (336 bits)

Capture Length: 42 bytes (336 bits)

[Frame is marked: True]

[Frame is ignored: False]

[Protocols in frame: eth:ethertype:arp]

[Coloring Rule Name: ARP]

[Coloring Rule String: arp]

Ethernet II, Src: HonHaiPr_25:f7:56 (3c:77:e6:25:f7:56), Dst: HonHaiPr_6e:92:85 (3c:77:e6:6e:92:85)

Destination: HonHaiPr_6e:92:85 (3c:77:e6:6e:92:85)

Address: HonHaiPr_6e:92:85 (3c:77:e6:6e:92:85)

.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)

.... ...0 .... .... .... .... = IG bit: Individual address (unicast)