1 / 14

在 wireshark 中觀察 ICMP 中 ping 連線和 IP 協定

在 wireshark 中觀察 ICMP 中 ping 連線和 IP 協定. 實驗目的. 使用 wireshark 了解 ICMP 在 ping 的過程中所發出的封包。 使用 wireshark 擷取送出的封包來了解 Ipv4 中 Header 裡的各種欄位所代表的意義。. ICMP and Traceroute. 啟動 Wireshark 軟體 並開始抓取封包。 開始 => 執行 =>CMD 輸入 ”ping -n 10 www.ust.hk” 停止 Wireshark ,開始追蹤封包. ICMP and Traceroute.

bkimes
Download Presentation

在 wireshark 中觀察 ICMP 中 ping 連線和 IP 協定

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. 在wireshark中觀察ICMP中ping連線和IP協定

  2. 實驗目的 • 使用wireshark了解ICMP在ping的過程中所發出的封包。 • 使用wireshark擷取送出的封包來了解Ipv4中Header裡的各種欄位所代表的意義。

  3. ICMP and Traceroute • 啟動Wireshark軟體並開始抓取封包。 • 開始=>執行=>CMD • 輸入”ping -n 10 www.ust.hk” • 停止Wireshark,開始追蹤封包

  4. ICMP and Traceroute 1. What is the IP address of your host? What is the IP address of the destinationhost? 2. Why is it that an ICMP packet does not have source and destination portnumbers? 3. Examine one of the ping request packets sent by your host. What are the ICMPtype and code numbers? What other fields does this ICMP packet have? Howmany bytes are the checksum, sequence number and identifier fields? 4. Examine the corresponding ping reply packet. What are the ICMP type and codenumbers? What other fields does this ICMP packet have? How many bytes are thechecksum, sequence number and identifier fields?

  5. IP • 啟動Wireshark軟體並開始抓取封包。 • 啟動PingPlotter軟體 • ”Address to Trace”中輸入 ” gaia.cs.umass.edu” • ”# of time to trace”中輸入”3” • “Trace Interval”中輸入”1seconds” • “Samples to include”中輸入“11”

  6. IP • Edit=>Option=>Packet • Packer size(in bytes): 改為56=>OK • 按下”Trace” • 直到按鈕變成Resume • 再將Packer size(in bytes): 改為2000=>OK • 按下” Resume” • 再將Packer size(in bytes): 改為3500=>OK • 按下” Resume” • 停止Wireshark,開始追蹤封包

  7. IP Select the first ICMP Echo Request message sent by your computer, and expandthe Internet Protocol part of the packet in the packet details window. 5.What is the IP address of your computer? 6. Within the IP packet header, what is the value in the upper layer protocol field? 7. How many bytes are in the IP header? How many bytes are in the payload of theIP datagram? Explain how you determined the number of payload bytes.

  8. IP 8. Has this IP datagram been fragmented? Explain how you determined whether ornot the datagram has been fragmented. 9. Which fields in the IP datagram always change from one datagram to the nextwithin this series of ICMP messages sent by your computer? 10. Which fields stay constant? Which of the fields must stay constant? Which fieldsmust change? Why? 11. Describe the pattern you see in the values in the Identification field of the IPdatagram

  9. IP • Next (with the packets still sorted by source address) find the series of ICMP TTLexceeded replies sent to your computer by the nearest (first hop) router. 12. What is the value in the Identification field and the TTL field?

  10. IP • Find the first ICMP Echo Request message that was sent by your computer after you changed the Packet Size in pingplotter to be 2000. 13. Has that message been fragmented across more than one IP datagram? 14. Print out the first fragment of the fragmented IP datagram. What information in the IP header indicates that the datagram been fragmented? What information in the IP header indicates whether this is the first fragment versus a latter fragment? How long is this IP datagram?

  11. IP 15. Print out the second fragment of the fragmented IP datagram. What information in the IP header indicates that this is not the first datagram fragment? Are the more fragments? How can you tell? 16. What fields change in the IP header between the first and second fragment?

  12. IP • Now find the first ICMP Echo Request message that was sent by your computer after you changed the Packet Size in pingplotter to be 3500 17. How many fragments were created from the original datagram? 18. What fields change in the IP header among the fragments?

  13. 作業 Doc檔上,須說明:  1. 封面(班級、系級、姓名)2. 上列投影片的18個問題、答案和找到答案的截圖貼上 • p.s.請將問題、答案和圖示排版清楚,以便助教批改。 • 若有問題請e-mail 給助教.

  14. 作業 Doc檔上,須說明:  1. 封面(班級、系級、姓名)2. 上列投影片的18個問題、答案和找到答案的截圖貼上 • p.s.請將問題、答案和圖示排版清楚,以便助教批改。 • 若有問題請e-mail 給助教.

More Related