计算机网络实验4：Wireshark-Lab-ICMP

Lab4WiresharkLab:ICMPSTEPS•Let’sbeginthisadventurebyopeningtheWindowsCommandPromptapplication(whichcanbefoundinyourAccessoriesfolder).•StartuptheWiresharkpacketsniffer,andbeginWiresharkpacketcapture.•Thepingcommandisinc:\windows\system32,sotypeeither“ping–n10hostname”or“c:\windows\system32\ping–n10hostname”intheMS-DOScommandline(withoutquotationmarks),wherehostnameisahostonanothercontinent.Ifyou’reoutsideofAsia,youmaywanttoenter“-n10”indicatesthat10pingmessagesshouldbesent.ThenrunthePingprogrambytypingreturn.•WhenthePingprogramterminates,stopthepacketcaptureinWireshark.QUESTIONS1、WhatistheIPaddressofyourhost?WhatistheIPaddressofthedestinationhost?TheIPaddressofmyhostis172.18.40.131.TheIPaddressofthedestinationhostis143.89.14.2.2、WhyisitthatanICMPpacketdoesnothavesourceanddestinationportnumbers?BecausethattheICMPisaprotocolinnetworklayer,anditisdesignedtocommunicateinformationinnetworklayerbetweenhostsandrouters,ratherthanapplicationlayerprocesses.WehavetonoticethateachICMPpackethasa“Type”and“Code”field.Theywillidentifiesthemessagebeingreceived.NetworksoftwarecanunderstandtheICMPmessage.SoICMPpacketdoesnotneedtohavesourceanddestinationportnumbers.3、Examineoneofthepingrequestpacketssentbyyourhost.WhataretheICMPtypeandcodenumbers?WhatotherfieldsdoesthisICMPpackethave?Howmanybytesarethechecksum,sequencenumberandidentifierfields?TheICMPtypeis8,andthecodenumbersis0.ThisICMPpacketstillhaveChecksum、Identifier、Sequencenumberanddatafields.Checksumfieldhas2bytes.Sequencenumberfieldshas2bytes.Identifierfieldhas2bytes.4、Examinethecorrespondingpingreplypacket.WhataretheICMPtypeandcodenumbers?WhatotherfieldsdoesthisICMPpackethave?Howmanybytesarethechecksum,sequencenumberandidentifierfields?TheICMPtypeis0,andthecodenumbersis0.TheICMPpacketstillhaveChecksum、Identifier、Sequencenumberanddatafields.Checksumfieldhas2bytes.Sequencenumberfieldshas2bytes.Identifierfieldhas2bytes.STEPS•Let’sbeginbyopeningtheWindowsCommandPromptapplication(whichcanbefoundinyourAccessoriesfolder).•StartuptheWiresharkpacketsniffer,andbeginWiresharkpacketcapture.•Thetracertcommandisinc:\windows\system32,sotypeeither“tracerthostname”or“c:\windows\system32\tracerthostname”intheMS-DOScommandline(withoutquotationmarks),wherehostnameisahostonanothercontinent.(NotethatonaWindowsmachine,thecommandis“tracert”andnot“traceroute”.)Ifyou’reoutsideofEurope,youmaywanttoenter•WhentheTracerouteprogramterminates,stoppacketcaptureinWireshark.QUESTIONS5.WhatistheIPaddressofyourhost?WhatistheIPaddressofthetargetdestinationhost?TheIPaddressofmyhostis172.18.40.131.TheIPaddressofthetargetdestinationhostis128.93.162.846.IfICMPsentUDPpacketsinstead(asinUnix/Linux),wouldtheIPprotocolnumberstillbe01fortheprobepackets?Ifnot,whatwoulditbe?TheIPprotocolnumberwouldn’tstillbe01fortheprobepackets.Itwouldbe17.7.ExaminetheICMPechopacketinyourscreenshot.IsthisdifferentfromtheICMPpingquerypacketsinthefirsthalfofthislab?Ifyes,howso?TheICMPechopackethasthesamefieldsasthepingquerypacket.Butthedatafield’ssizeisdifferent.TheICMPpingquerypackets’datafieldsizeis32bytes.ButthesizeofdatafieldinICMPechopacketisnotthenumber.ICMPechopacketICMPpingquerypackets8.ExaminetheICMPerrorpacketinyourscreenshot.IthasmorefieldsthantheICMPechopacket.Whatisincludedinthosefields?Itcontainstheheaderandthefirst8bytesoftheIPdatagramthatcausetheICMPmessagetobegenerated.Besides,wecanseethatithastheoriginalICMPmessage,andithasownType、CodeandChecksumfields.ICMPechopacketICMPerrorpacket9.ExaminethelastthreeICMPpacketsreceivedbythesourcehost.HowarethesepacketsdifferentfromtheICMPerrorpackets?Whyaretheydifferent?ThelastthreeICMPpackets’typeis0ratherthan11.ThatmeanstheICMPpacketisanechoreplypacket.TheyaredifferentbecausethatthelastthreeICMPpackethavearrivedthedestinationbeforetheTTLexpired..ICMPerrorpacketsthelastthreeICMPpackets10.Withinthetracertmeasurements,istherealinkwhosedelayissignificantlylongerthanothers?RefertothescreenshotinFigure4,istherealinkwhosedelayissignificantlylongerthanothers?Onthebasisoftherouternames,canyouguessthelocationofthetworoutersontheendofthislink?Inthepicture,wecanseethatalinkbetweenstep12andstep13hasasignificantlydelaylongerthanothers.Butsadly,wecan’tgettheroutername,soit’shardtogettheinformationabouttheirlocation.ButwecansearchthemontheInternet.WhatsurprisemeisthatbothofthemareinChina,whichmeansthattheyarenotindifferentcountry.InFigure4,wecanseethatalinkbetweenstep9andstep10hasasignificantlydelaylongerthanothers.Basedontheroutername,IcanguessthelinkisfromNewYorkCitytoPastourelle,France.QUESTIONSForoneoftheprogrammingassignmentsyoucreatedaUDPclientpingprogram.Thispingprogram,unlikethestandardpingprogram,sendsUDPprobepacketsratherthanICMPprobepackets.UsetheclientprogramtosendaUDPpacketwithanunusualdestinationportnumbertosomelivehost.Atthesametime,useWiresharktocaptureanyresponsefromthetargethost.Prov