《计网试验ipandtcpprotocoalanalysiswith.docx》由会员分享,可在线阅读,更多相关《计网试验ipandtcpprotocoalanalysiswith.docx(9页珍藏版)》请在三一文库上搜索。
1、IP and TCP Protocoal Analysis withWireSharkLearning ObjectivesAt completion of this lab, you will be able to:1. Understand the IP protocol, IP fragmentation and re-assembly2. Understand TCP 3-way handshake for connection setup and termination, as well as data exchange3. Understand ICMP protocol and
2、how the ping program works4. Understand how tracert (traceroute) program worksReport and Feedback on this labThis lab should be done individually.If you do not want to capture the live packets in this lab, you can downloadmy data files for analysis .Answer all questions with supporting screenshots.
3、Please also fill in the following feedback form and append it to the report. Your feedback is valuable to us so that we can improve this lab, and make the lab better.For each task, please rate the following in the scale of 1 through 5:The degree of difficulty: 1 = too easy; 5 = too difficultThe lear
4、ning experience: 1 = learned nothing; 5 = learned a lotYour interest: 1 = no interest; 5= high interestTime used for the task: in minutesTask DifficultyLearning (1 InterestTime ( min)(1 5)5)(1 5)backgroun dTask 1Task 2Task 3Your suggestion/comment:BackgroundYou need to read and answer the questions
5、in this background part before the lab.Read Lectures on IP and ICMP protocols. Read Lectures on TCP protocol.Question 1: In IP header, there is a field called"protocol (type) ” . What isit used for?用来规范数据传输方法,使不同电脑之间可以通信Question 2: How an ICMP message is transported (encapsulation)?ICMP信息封装在IP报
6、文当中。Question 3: Which ICMP messages are used to implement the Ping program?Echo request and echo response 。Ping 使用 type 8 requests 和 type 0 replies 。Question 4: Use a figure to show the 3-way handshake to establish a connection in the TCP protocol.第一次握手:主机 A发送位码为syn = 1,随机产生seq number=1234567的数据包 到服
7、 务器,主机B由SYN=1知道,A要求建立联机;第二次握手:主机B收到请求后要确认联机信息,向 A发送ack number=(主机A的seq+1),syn=1,ack=1,随机产生 seq=7654321的包 第三次握手:主机 A收到后检查ack number是否正确,即第一次发送 的seq number+1,以及位码ack是否为1,若正确,主机 A会再发送ack number=(主机B的 seq+1),ack=1 ,主机B收到后确认seq值与ack=1则连接建立成功。完成三次握手,主机A与主机B开始传送数据Traceroute (tracert) is an important and us
8、eful utility tool for network testing and debugging. Read more on it and learn how to use it:MS Windows tracert command,Task 1 Study Windows tracert program and how to find a routeIn MS Windows, tracert can be used to find a route from the source host, via routers, to destination host. This task is
9、about how tracert works and how we can use it for. Follow the steps to start up the programs and capture the packets.(1) Start up a command windowClick Start on the left corner of your desktop, and choose Run. Then type cmd to start up a DOS command window. In this window, you can also type command
10、"tracert /?” to learn more on the command, or read more via the link above.(2) Start up the WireShark programStart up Wireshark and begin packet capture.(3) Run the tracert programType the following command to find a route to tracert(4) Stop the WireShark capturingWhen tracert ends, stop the ca
11、pturing, and save the data to a file (you canopen the file to analyze the packets later).(5) Copy the output of tracert to the lab report file.By analyzing the output, we can learn a route from the source to the destination, and how about the response time between the source and intermediate routers
12、. Question 5: How many routers are on the route from your computer to What are their IP addresses?1、6: Based on the output from the tracert, draw the map of thenetworks based on the output. Show the IP addresses for the source computer, destination computer, and routers.Now look at the captured data
13、.source : 、(6) analyze the first ICMP messageSince tracert uses ICMP messages to trace the route to the destination computer, you can use “ icmp and = as the display filer in WireShark to only display ICMP messages, where should be your computer IP address. Then select the first ICMP Echo Request me
14、ssage sent by your computer, and expand the Internet Protocol and ICMP headers of the packet in the packet details window (as I did below, too view better, you can use zooming).Question 7: What is the value in the protocol type field of IP packet? Why it is this value? What is the type value in ICMP
15、 header? What does it mean? How many bytes are there in the IP header? How many bytes are there in the payload of the IP packet? Explain how you determined the number of payload bytes.IP 数据包的协议种类是ICMP。 The value in the protocol type field of IP packet isICMP(1)意味着无法连接到主机Header length : 20The tpye va
16、lue in ICMP header is 1. bytes 。 Payload length : 64bytes 。Question 8: Has this IP packet been fragmented? Explain how you determined whether or not the packet has been fragmented. What is the Identification for this IP packet?IP 数据包的总长度是92字节, payload 长度是 64字节,所以没有被分成片段。Identification : 0x66f1 ( 263
17、53)Question 9: What is the TTL value for this IP packet?Why this value is set?Time to live is 3。这个数字可以被认为是网络系统中数据包的数字,TTL电平随着传输的距离增大会降低,当通过3 个路由器后,数据被丢弃。(7) Select the first ICMP Time exceeded message, and expand the IP protocol header (as I did below)Question 10: What is the source IP address of th
18、is IP packet?And what is thedestination IP address of this packet? What is the value in the protocol type field (in IP header) ?source IP address :Destination IP address :Protocol type : ICMPQuestion 11: What is the ICMP message type carried in the packet? What is the sender of this message?Type 8 。
19、(百度服务器)(8) Read some other captured packets, and answer the questions:Question 12: What are the values in the Identification field and the TTL fieldin the ICMP Echo request messages ? Why are TTL values set like this?TTL: 64。原始的TTL value 是由我们自己的操作系统决定的。Task 2 IP fragmentationThis task is to learn ho
20、w IP fragmentation and re-assembly work.(9) Start the WireShark packet capturing(10) In the command window run the command ping to check ifis alive, sendthe ICMP message of size 128 bytes (using length option -l 128):ping -l 128you will get the output as follows:(11) stop the packet capturing and sa
21、ve the data to a file (my fileNow read the captured packets and do the analysis:(12) First, use Filter“ icmp” to display only ICMP messages, as follows:Question 13: calculate the round trip delays for 4 ICMP Echo request and Echo reply messages, find the minimum, maximum, and average delays. Compare
22、 them with the values given in the output of the ping program.相差 7ms相差 5ms相差 16ms相差 7ms比较之后,易得相同Question 14: what is the value in the Identification field of frame 74? Why are the length 170 byts?1360/8=170Next we analyze the fragmentation.(13) Start the WireShark packet capturing(14) In the command
23、 window run the command ping to check ifis alive, sendthe ICMP message of size 3000 bytes (using length option -l 3000):ping -l 3000you will get the output as follows:(15) In the captured first ICMP Echo request message packet, expands IP protocol header, you will find IP Fragments as I showed below
24、. This ICMP Echo request message was carried in 3 IP packets (fragments). These fragments are found in the packet number 71, 72 and 73, in my example.Question 15: what is the value in the Identification field? On the line "IP Fragments (3008 bytes):". Why the payload data is of 3008 bytes?
25、Now analyze these fragments. Remove the display filter, and locate the packet numbers.Question 16: Fill in the following table based on IP headers in these fragments:Packet numberIPIdentificationMore fragment bitFragment offset in bytesFragment offset in 8-bytesHead lengthTotal length1297910x1454Not
26、 set296037020681298980x145fNot set296037020681299980x1465Not set29603702068Question 17: How do you know if an IP fragment is the first fragment, and an IP fragment is the last fragment?If the value of Fragment offset is 0 and more fragment is set to 1, it means that this IP fragment is the first fra
27、gment. If more fragment is set to 0, it means that this IP fragment is the last fragment.Task 3 TCP operationsIn this task, you will capture packets from HTTP application. Follow the steps to capture packets.(16) Terminate your web browser program.(17) Start the WireShark to capture the packets.(18)
28、 Fill in the address and click the link to view some pages.(19) End the packet capturing, and save the data to a file (my file is .(20) Use “ http and = as the filter to only display the HTTP data unit,Question 18: What is the IP address for your computer, and what is the IP address for ?我的电脑IP:杭电IP
29、:you only need to read and analyze the data communications between yourcomputer and (19) 3-way handshake to set up a TCP connection.nd find the 3 TCPUse “ tcp and = as the display filter (as shown below), a segments that perform the connection set up.Question 19: What are port numbers for and your w
30、eb browser applications?Question 20: what are the 3 packet numbers for connection setup?1由客户端向服务器送一个请求链接:包含 ACK=0 SYN=1序列号是客户端的当前序列号;2服务器接受请求,返回一个确认:包含ACK=1,SYN=1序列号是服务器的当前的序列号,确认号是来自客户端的序列号+1;3 客户端接受到确认,再次返回一个数据,包含ACK=1, SYN=0, 序列号是之前的序列号加1,确认号是服务器发过来的序列号+1。Question 21: What is the sequence number
31、of the TCP SYN segment that is sent from the client computer? What are the sequence number andacknowledgment number of the TCP SYN segment that is sent from the server?What are the window sizes on both sides?thesequence number and acknowledgmentnumber ofthat is sent from the server : 7840Thewindow s
32、ize on the client side is63397thewindow size on the server side is65535the sequence number of the TCP SYN segment that ient computer: 1206is sent from the clthe TCP SYN segmentQuestion 22: what is the sequence number of the TCP segment that contains the first HTTP GET command to download the small h
33、ome page And what are the sequence number and the acknowledgment number of the TCP segment that positively acknowledges the segment? How to interpret the acknowledgment number?The sequence number is (relative number).Syn=0(21) TCP data exchange and how TCP is used to transport HTTP messagesQuestion
34、23 : How many TCP segment is used for the client to send the"getcommand to the moodle server (for downloading ? How many TCP segments are used for the hdu server to send the home page ?2:1Question 25: How many TCP segments are used for the hdu server to send the home page?1Check the sequence nu
35、mbers and acknowledgment numbers in the TCP segments, they are given in relative sequence numbers, that is, data bytes are numbered 1,2, 3, and so on. In real situation, the numbers starts with a random 32-bit integer value. In the following question, you can just use relative numbers.Question 26: g
36、ive the sequence of one of TCP segments with info on packet number(given in the first column in WireShark, it is not part of protocol data unit), sequence number, acknowledgment number, length, and window size.Question 27: Why the acknowledgement number in TCP segment is 1715?In real situation, the numbers starts with a random 32-bit integer is not part of protocol data unit.