网络数据的监听和分析
《网络数据的监听和分析》由会员分享,可在线阅读,更多相关《网络数据的监听和分析(6页珍藏版)》请在装配图网上搜索。
1、2010学年一2011学年第一学期 计算机网络基础实验任务书实验题目: 网络数据的监听和分析实验环境:操作系统 Window Server2003软件:Ethereal实验内容:简单地写出实验步骤: 安装监听软件 启动监听 登陆ftp服务器 停止监听 分析监听日志实验目的:掌握网络监听的原理,会使用监听工具;学会分析网络数据;实现方法及实验结果:要求:(1) 监听一次ftp的登陆过程,抓取一个包含用户名或密码的数据帧,并且观察这个帧的 数据链路层头部、IP头部、TCP头部,书写下列信息,并且指出这些地址具体是谁 的轡(Vntitied) - Ethereal認風聊鏤蟲丨凸ia x购呂|目瞪不量
2、钱巴H因韵蓉熬丨. X. . E.:s.ta. 9. . . z.wT8!.o c 8 2 o c lb5 _d o o4 c 8 o0 7 130 2 2 98 a 8d0 7 3 81 c 4 o7 c 5 o9 af o bubo s a 6 a o e a o8 9 e 87 3 d oQGFASV.-y -h- -u | _H_ 0 0 2 0 0 o od Id o 4 c o o -1-0506 t o 1 o 5 _y o o o 3 4005 o cd 8 1 4 b d 7 4 OB51O o 7 o b 52 A- 7 o 71 3 5 c 4o od e 1o o 7f
3、 500000010002000300040Filter: ftp ExpressionClear ApplyNo.,TimeSourceDestinationProtocolInfo25928.430153202.204.122.39202.204.125.87FTPRequest: user anonymous25938.430576202.204.125.87202.204.122.39FTPResponse: 331 User name okay, pl ease send complete -mai1 addr2 5948.430630202.204.122.39202.204.12
4、5.87FTPRequest: pass ieuss25958.431296202.204.125.87202.204.122.39FTPResponse: 230 User 1ogged in, proceed.259 &8.431389202.204.122.39202.204.125.87FTPRequest: opts utf8 on25978.431737202.204.12 5.87202.204.122.39FTPResponse: 501 invalid option.2 5988.431790202.204.122.39202.204.125.87FTPRequest: sy
5、st25998.432125202.204.125.87202.204.122.39FTPResponse: 215 UNIX Type: L826008.432186202.204.122.39202.204.125.87FTPRequest: site help26018.432504202.204.12 5.87202.204.122.39FTPResponse: 501 site option not supported.26028.432561202.204.122.39202.204.125.87FTPRequest: PWD26038.432876202.204.125.8720
6、2.204.122.39FTPResponse: 257 / is currmnt cHrectory.26048.445847202.204.122.39202.204.125.87FTPRequest: noop26058.446271202.204.125.87202.204.122.39FTPResponse: 200 Command okay.26068.474163202.204.122.39202.204.125.87FTPRequest: cwd /26078.474886202.204.125.87202.204.122.39FTPResponse: 250 Drectory
7、 changed to /26088.475817202.204.122.39202.204.125.87FTPRequest: type a26098.476183202.204.125.87202.204.122.39FTPResponse: 200 Type set to A.FTPRequest: pasv26118.486863202.204.125.87202.204.122.39FTPResponse: 227 Entering Passive Mode (202,204,125,87,18,11)26158.492080202.204.122.39202.204.125.87F
8、TPRequest: list26178.498489202.204.125.87202.204.122.39FTPResponse: 150 openi ng ascii mode data connects on for /bi n/1s.2 62 28.7398122 02.2 04.12 5. S7202.204.122.39FTPTCP Retransmission Response: 150 Openinq ASCII mode data con |田 Frame 2610 (72 bytes on wir已 72 bytes captured)田 Ethernet II, Src
9、: Aij1Syst_08:b9:71 COO:09:78:08:b9:71), Dst: Cisco_40:e9汁f COO:12:00:40:e9汁S internet Protocol, Src: 202.204.122.39 C202.204.122.39), Dst: 202.204.125.87 (202.204.125.87)田 Transmission control Protocol, src Port: 1501 (1501), dst Port: ftp (21), seq: 88, Ack: 320, Len: 6 B File Transfer Protocol (f
10、tp)田 internet Protocol, Src: 202.204.122.39 (202.204.122.39), Dst: 202.204.125.87 202.204.125.87)田 Transmission Control Protocol, Src Port: 1501 (1501), Dst Port: ftp (21), Seq: 88, Ack: 320, Len: 6 H File Transfer Protocol (FTP)uooo0010002000300040_9 o o Q 幵 Q.- e o4 o Q 21 o o_.c c 1 a 02 o o o di
11、d 4 o o o 5 o -h_ o 1 o 5 o o o 3 4 o o 5 d 8 1 b d 7- 4 3 5 1 o 7- o b 5 a 7- o 7. 3 5 c 4 o d p- 1 o 7- f rj7808b971080014 500H| . . -. . . . x.q. . S39eacacc7 a27cacc.:5 .9.z.dea 6bf5438218018W.T8!.08ua00008d9300b2.:QGPASV.3开贻1 Q同圄B | 豳通行证.|9D:亶汇总实验指1lJ 071044127孙.|i| Microsoft P. . . | G ; (ITnt
12、i tied).劈审 1 11:30File: DATEMPetherXXXXYGRRLV 2372 KB 00:00:12P: 2627 D: 24 M: 0 Drops: 0桢头:目的 MAC 00:12:00:40:e9:ff ,源 MAC 地址 00:09:78:08:b9:71|蟲|tied) - EtherealFile Edit View Go Capture Analyze Statistics Help0(珮酬谢 M 巴他号丨回。砂幻不业 (H丨題Q钱巴丨曹X No.,TimeSourceDestinationProtocolInfo25928.430153202.204.1
13、22.39202.204.125.87FTPRequest: USER anonymous25938.430576202.204.125.87202.204.122.39FTPResponse: 331 user name okay, pl ease send complete E-mai1 addr2 5948.430630202.204.122.39202.204.125.87FTPRequest: PASS lEUser25958.431296202.204.125.87202.204.122.39FTPResponse: 230 user logged in, proceed.2596
14、8.431389202.204.122.39202.204.125.87FTPRequest: opts utf8 on25978.431737202.204.125.87202.204.122.39FTPResponse: 501 Invalid option.25988.431790202.204.122.39202.204.125.87FTPRequest: syst25998.432125202.204.125.87202.204.122.39FTPResponse: 215 UNIX Type: L826008.432186202.204.122.39202.204.125.87FT
15、PRequest: site help26018.432504202.204.125.87202.204.122.39FTPResponse: 501 SITE option not supported.26028.432561202.204.122.39202.204.125.87FTPRequest: pwd26038.432876202.204.125.87202.204.122.39FTPResponse: 257 / is currEnt cHrectory.26048.445847202.204.122.39202.204.125.87FTPRequest: noop26058.4
16、46271202.204.125.87202.204.122.39FTPResponse: 200 command okay.26068474163202.204.122.39202.204.125.87FTPRequest: cwd /26078.474886202.204.125.87202.204.122.39FTPResponse: 2 50 Di rectory changed to /26088.475817202.204.122.39202.204.125.87FTPRequest: TYF-E A26098.476183202.204.125.87202.204.122.39F
17、TPResponse: 200 Type set to A.26108.478592202.204.122.39202.204.125.87FTPRequest: PASV26118.486863202.204.125.87202.204.122.39FTPResponse: 227 Entering Passive Mode (202,204,12 5,87,18,11)26158.492080202.204.122.39202.204.125.87FTPRequest: list26178.498489202.204.125.87202.204.122.39FTPResponse: 150
18、 Opening ASCII mode data connection for /bin/1s.FTPLtcp RetransmissionResponse: 150 opernng ascii mode data con.Filter: (ftp Expression. I Clear I Apply II Frame 2610 (72 bytes on wire,72 bytes captured)Ethernet HI, 5rc:ji5yst_08:b9:71 (00:09:78:08:b9:71), Dst: Cisco_40:“:幵(00:12 :00:40:ff)Ethernet
19、(eth), 14 bytes| P: 2627 D: 24 M: 0 Drops: 0M开始I Q固働” |皂网易逋行证I 9D:|四汇总实验指|型I 071044127孙|團Micros。班P | (Untitled)011:30 IP 头部:目的 IP 地址 202.204.125.87(ca:cc:7d:57)、源 IP 地址 202.204.122.39(ca:cc:7a:27)(2)端口号:目的端口号 ftp(21)00:15 和源端口号 1501(1501)05:dd匸 (Untitled) 一 EtherealFile Edit View Go Capture Analyze
20、Statistics Help翱國酬鋤潮|巴口|X筋号丨回仑砂幻不业冒丨題Q钱巴丨函国劭X No.,TimeSourceDestinationProtocolInfo25928.430153202.204.122.39202.204.125.87FTPRequest: USER anonymous25938.430576202.204.125.87202.204.122.39FTPResponse: 331 user name okay, pl ease send complete E-mai1 addr2 5948.430630202.204.122.39202.204.125.87FTPR
21、equest: PASS lEUser25958.431296202.204.125.87202.204.122.39FTPResponse: 230 user logged in, proceed.25968.431389202.204.122.39202.204.125.87FTPRequest: opts utf8 on25978.431737202.204.125.87202.204.122.39FTPResponse: 501 Invalid option.25988.431790202.204.122.39202.204.125.87FTPRequest: syst25998.43
22、2125202.204.125.87202.204.122.39FTPResponse: 215 UNIX Type: L826008.432186202.204.122.39202.204.125.87FTPRequest: site help26018.432504202.204.125.87202.204.122.39FTPResponse: 501 SITE option not supported.26028.432561202.204.122.39202.204.125.87FTPRequest: pwd26038.432876202.204.125.87202.204.122.3
23、9FTPResponse: 257 / is currEnt cHrectory.26048.445847202.204.122.39202.204.125.87FTPRequest: noop26058.446271202.204.125.87202.204.122.39FTPResponse: 200 command okay.26068474163202.204.122.39202.204.125.87FTPRequest: cwd /26078.474886202.204.125.87202.204.122.39FTPResponse: 2 50 Di rectory changed
24、to /26088.475817202.204.122.39202.204.125.87FTPRequest: TYF-E A26098.476183202.204.125.87202.204.122.39FTPResponse: 200 Type set to A.26108.478592202.204.122.39202.204.125.87FTPRequest: PASV26118.486863202.204.125.87202.204.122.39FTPResponse: 227 Entering Passive Mode (202,204,12 5,87,18,11)26158.49
25、2080202.204.122.39202.204.125.87FTPRequest: list2&1 了8.498489202.204.125.87202.204.122.39FTPResponse: 150 Opening ASCII mode data connection for /bin/1s.FTPLtcp RetransmissionResponse: 150 opening ascii mode data con Filter: (ftp Expression. I Clear I Apply IFrame 2610 odaTransmission Control Protoc
26、ol (tcp), 32 bytesd开始| 祷口岁 |自网易通行证 | d:|P: 2627 D: 24 M: 0 Drops: 0|砂汇总 实验指|电J 071044127孙|團Micros。班P. | 血titled) .瑟|岂多哲门抓取一个包含ARP数据帧,指出是哪个机器发送的这个ARP请求,那台机器在做什么?202.204.122.39在局域网内,通过ARP请求询问202.204.122.254的MAC地址(Untitled) - Ethereal劃風t(錢翹丨巴IH x葩呂|回e妙幻不业&园丨国IH蓉炭丨Filter: larp I Expression. I Clear I Ap
27、plyNo.,TimeSourceDestinationDrotocolInfo21.000866Yozan_dd:80:99BroadcastARPWho has 202.204.122.254? Tell 202.204.122.20386.19704600:22:15:98:51:5ad8:02:a3:88:e9:ffARF1202.204.122.166 is at OO:22:15:98:51:5a1311.318527Ai j-isyst_09:26:leBroadcastARF1Who has 202.204.122.77? Tell 202.204.122.441813.599
28、663Ai j1Sy5t_07:de:82BroadcastARF1Who has 202.204.122.39? Tell 202.204.122.771913.599686AijiSyst_08:b9:71Aijisyst_07:de:82ARP202.204.122.39 is at 00:09:78:08:b9:714113.653073Aiji5yst_08:b9:71BroadcastARPWho has 202.204.122.254? Tel 1 202.204.122.39殳4213.654629Cisco_40:e9:ffAijiSyst_08:b9:71ARF1202.2
29、04.122.254 is at 00:12:00:40:e9汁f286 15.985244Yozan_e2:de:2cBroadcastARPWho has 202.204.122.206? Tell 202.204.122.208287 16.19757000:22:15:98:51:5a70:db:c2:89:e9:ffARP202.204.122.166 is at OO:22:15:98:51:5a401 18.286052Yozan.eB:35:b3BroadcastARPWho has 202.204.122.206? Tell 202.204.122.193田 Frame 41
30、 (42 bytes on wire, 42 bytes captured)田 Ethernet II, src: Ai jisyst_08:b9:71 (00:09:78:08:b9:71), Dst: Broadcast (幵汁f 汁f:幵汁f 汁f) 日 Address Resolution Protocol (request)Hardware type: Ethernet (0x0001)Protocol type: IPHardware size: 6protocol size: 4opcode: request (0x0001)Sender mac address: Anjisys
31、T_08:b9:71 (00:09:78:08:b9:71)Sender IP address: 202.204.122.39 C02.204.122.39)Target MAC addrmss: 00:00:00-00:00:00 00:00:00:00:00:00)Target IP address: 202.204.122.254 (202.204.122.254)0000001000204-8 0toorr rr rr00 06 0400 00 004-0 0too_y _y o o o o o orr01009 9 b b7171 zqq1 7 o 2 o a o 76 c o c8
32、 a o ci开始1越同砂J 1旨通用碗19D:也汇总 实| 四 07104412. . |區Microsof. . . |0 (Untitle.MCAWINBO. . . |塾岂聖0渗11:36Target IP address (arp.dst.proto_ipv4), 4 bytesP: 404 D: 10 M: 0 Drops: 0-旧| X202.204.122.254 发送 ARP 响应:sender IP address:倉 (Untitled) 一 EtherealFile Edit View Go Capture Analyze Statistics Helpx他母 回瞪幻香
33、业1園冒丨題q钱巴 塚13劭炭丨Filter: arpExpression. Clear ApplyTimeSourceDestinationProtocolNo.-Info2 1.000866Yozan_dd:80:99BroadcastARP8 6.197046OO:22:15:98:51:5ad8:02:a3:88:e9汁fARP13 11.318527Ai j1Syst_09:26:leBroadcastARP18 13.599663Aljisyst_07:de:82BroadcastARP19 13.599686Ai j i 5yst_08:b9:71AijiSyst_07:de:8
34、2ARP41 13.653073Ai j i 5yst_08:b9:71BroadcastARPWho has 202.204.122.254? Tell 202.204.122.203202.204.122.166 is at 00:22:15:98:51:5aWho has 202.204.122.77? Tell 202.204.122.44Who has 202.204.122.39? Tell 202.204.122.77202.204.122.39 is at 00:09:78:08:b9:71Who has 202.204.122.254? Tell 202.204.122.39
35、Yozan_e2:de:2cBroadcastARP287 16.19757000:22:15:98:51:5a70:db:c2:89:e9:ffARP401 18.286052Yozan_eB:3 5:bBBroadcastARP286 15.985244Who has 202.204.122.206? Tell 202.204.122.208202.204.122.166 is at 00:22:15:98:51:5aWho has 202.204.122.206? Tell 202.204.122.193田 Frame 42 (60 bytes on wire, 60 bytes cap
36、tured)田 EthernEt II, Src: Cisco_40:e9:ff (00:12:00:40:e9:ff), Dst: AijiSyst_08:b9:71 (00:09:78:08:b9:71)曰 Address Resolution Protocol (reply)type: type: size: size:Ethernet (0x0001)IP COxOSOO)64C0X0002)HardwareProtocolHardwareProtocolOpcode: replySender MAC address: Cnsco_40:e9:ff (00:12:00:40:e9:ff
37、)Sender IP address: 202.204.122.254 (202.204.122.254)Target 啊AC adcIrESS: ji:71 00:09:78:0:19:71)Target ip address: 202.204.122.39 (202.204.122.0000010002000301 27 o9 o b oCO 4 o o s 67 o9 o o o o s o o4_y b8 o87 _y o o oo o o o o o o o o o o o2 2 c o1 1 c o o o a o o o c o9 9 0 0e e o o0 0 7 04 4 2 0o o a o0 0 7 0o a o0 7 0 & c o o c o co a o o c oolfeoozTarget MAC address (arp.dsthw_mac), 6 bytes| F: 404 D:10M:0 Drops: 0Q开始|窃働| 9D:| 附汇总实| 07104412. . | Microsof. . 11(Unti tie. . . SJ C: WIND0. . . | 11:43注意:包含ARP数据帧的长度,观察其中的填充字段,指出为什么要进行填充。结果分析: 参考书目: Internet参考课堂ppt
- 温馨提示:
1: 本站所有资源如无特殊说明,都需要本地电脑安装OFFICE2007和PDF阅读器。图纸软件为CAD,CAXA,PROE,UG,SolidWorks等.压缩文件请下载最新的WinRAR软件解压。
2: 本站的文档不包含任何第三方提供的附件图纸等,如果需要附件,请联系上传者。文件的所有权益归上传用户所有。
3.本站RAR压缩包中若带图纸,网页内容里面会有图纸预览,若没有图纸预览就没有图纸。
4. 未经权益所有人同意不得将文件中的内容挪作商业或盈利用途。
5. 装配图网仅提供信息存储空间,仅对用户上传内容的表现方式做保护处理,对用户上传分享的文档内容本身不做任何修改或编辑,并不能对任何下载内容负责。
6. 下载文件中如有侵权或不适当内容,请与我们联系,我们立即纠正。
7. 本站不保证下载资源的准确性、安全性和完整性, 同时也不承担用户因使用这些下载资源对自己和他人造成任何形式的伤害或损失。
