计网实验IP and TCP Protocoal Analysis with WireShark

1IPandTCPProtocoalAnalysiswithWireSharkLearningObjectivesAtcompletionofthislab,youwillbeableto:1.UnderstandtheIPprotocol,IPfragmentationandre-assembly2.UnderstandTCP3-wayhandshakeforconnectionsetupandtermination,aswellasdataexchange3.UnderstandICMPprotocolandhowthepingprogramworks4.Understandhowtracert(traceroute)programworksReportandFeedbackonthislabThislabshouldbedoneindividually.Ifyoudonotwanttocapturethelivepacketsinthislab,youcandownloadmydatafilesforanalysis(lab4.zip).2Answerallquestionswithsupportingscreenshots.Pleasealsofillinthefollowingfeedbackformandappendittothereport.Yourfeedbackisvaluabletoussothatwecanimprovethislab,andmakethelabbetter.Foreachtask,pleaseratethefollowinginthescaleof1through5:Thedegreeofdifficulty:1=tooeasy;5=toodifficultThelearningexperience:1=learnednothing;5=learnedalotYourinterest:1=nointerest;5=highinterestTimeusedforthetask:inminutesTaskDifficulty(1—5)Learning(1—5)Interest(1—5)Time(min)backgroundTask1Task2Task3Yoursuggestion/comment:BackgroundYouneedtoreadandanswerthequestionsinthisbackgroundpartbeforethelab.ReadLecturesonIPandICMPprotocols.ReadLecturesonTCPprotocol.Question1:InIPheader,thereisafieldcalled“protocol(type)”.Whatisitusedfor?用来规范数据传输方法，使不同电脑之间可以通信Question2:HowanICMPmessageistransported(encapsulation)?ICMP信息封装在IP报文当中。Question3:WhichICMPmessagesareusedtoimplementthePingprogram?Echorequestandechoresponse。Ping使用type8requests和type0replies。Question4:Useafiguretoshowthe3-wayhandshaketoestablishaconnectionintheTCPprotocol.第一次握手：主机A发送位码为syn＝1,随机产生seqnumber=1234567的数据包到服务器，主机B由SYN=1知道，A要求建立联机；第二次握手：主机B收到请求后要确认联机信息，向A发送acknumber=(主机A的seq+1),syn=1,ack=1,随机产生seq=7654321的包第三次握手：主机A收到后检查acknumber是否正确，即第一次发送的3seqnumber+1,以及位码ack是否为1，若正确，主机A会再发送acknumber=(主机B的seq+1),ack=1，主机B收到后确认seq值与ack=1则连接建立成功。完成三次握手，主机A与主机B开始传送数据Traceroute(tracert)isanimportantandusefulutilitytoolfornetworktestinganddebugging.Readmoreonitandlearnhowtouseit:MSWindowstracertcommand,=trueTask1StudyWindowstracertprogramandhowtofindarouteInMSWindows,tracertcanbeusedtofindaroutefromthesourcehost,viarouters,todestinationhost.Thistaskisabouthowtracertworksandhowwecanuseitfor.Followthestepstostartuptheprogramsandcapturethepackets.(1)StartupacommandwindowClickStartontheleftcornerofyourdesktop,andchooseRun.ThentypecmdtostartupaDOScommandwindow.Inthiswindow,youcanalsotypecommandtracert/?tolearnmoreonthecommand,orreadmoreviathelinkabove.(2)StartuptheWireSharkprogramStartupWiresharkandbeginpacketcapture.4(3)RunthetracertprogramTypethefollowingcommandtofindarouteto(4)StoptheWireSharkcapturingWhentracertends,stopthecapturing,andsavethedatatoafile(youcanopenthefiletoanalyzethepacketslater).(5)Copytheoutputoftracerttothelabreportfile.Byanalyzingtheoutput,wecanlearnaroutefromthesourcetothedestination,andhowabouttheresponsetimebetweenthesourceandintermediaterouters.Question5:Howmanyroutersareontheroutefromyourcomputerto、192.168.156.2542、210.32.39.2503、60.191.32.654、218.75.123.2335、61.130.127.2496、220.191.142.497、115.239.209.188、115.239.210.27Question6:Basedontheoutputfromthetracert,drawthemapofthenetworksbasedontheoutput.ShowtheIPaddressesforthesourcecomputer,destinationcomputer,androuters.6Nowlookatthecaptureddata.source:192.168.156.57Destination:115.239.210.27Routers:1、192.168.156.2542、210.32.39.2503、60.191.32.654、218.75.123.2335、61.130.127.2496、220.191.142.4977、115.239.209.188、115.239.210.27(6)analyzethefirstICMPmessageSincetracertusesICMPmessagestotracetheroutetothedestinationcomputer,youcanuse“icmpandip.addr==192.168.x.x”asthedisplayfilerinWireSharktoonlydisplayICMPmessages,where192.168.x.xshouldbeyourcomputerIPaddress.ThenselectthefirstICMPEchoRequestmessagesentbyyourcomputer,andexpandtheInternetProtocolandICMPheadersofthepacketinthepacketdetailswindow(asIdidbelow,tooviewbetter,youcanusezooming).Question7:WhatisthevalueintheprotocoltypefieldofIPpacket?Whyitisthisvalue?WhatisthetypevalueinICMPheader?Whatdoesitmean?HowmanybytesarethereintheIPheader?HowmanybytesarethereinthepayloadoftheIPpacket?Explainhowyoudeterminedthenumberofpayloadbytes.IP数据包的协议种类是ICMP。ThevalueintheprotocoltypefieldofIPpacketisICMP(1)8ThetpyevalueinICMPheaderis1.意味着无法连接到主机Headerlength：20bytes。Payloadlength：64bytes。Question8:HasthisIPpacketbeenfragmented?Explainhowyoudeterminedwhetherornotthepackethasbeenfragmented.WhatistheIdentificationforthisIPpacket?IP数据包的总长度是92字节，payload长度是64字节，所以没有被分成片段。Identification：0x66f1（26353）Question9:WhatistheTTLvalueforthisIPpacket?Whythisvalueisset?Timetoliveis3。这个数字可以被认为是网络系统中数据包的数字，TTL电平随着传输的距离增大会降低，当通过3个路由器后，数据被丢弃。(7)SelectthefirstICMPTimeexceededmessage,andexpandtheIPprotocolheader(asIdidbelow)9Question10:WhatisthesourceIPaddressofthisIPpacket?AndwhatisthedestinationIPaddressofthispacket?Whatisthevalueintheprotocoltypefield(inIPheader)?sourceIPaddress：192.168.152.57DestinationIPaddress：115.239.210.27Protocoltype：ICMPQuestion11:WhatistheICMPmessa