实验01 使用网络协议分析仪Wireshark分析数据链路层帧结构
南华大学计算机科学与技术学院实验报告(20202021 学年度 第二学期)课程名称计算机网络原理实验名称 分析数据链路层帧结构姓名: 学号:专业: 班级:地点: 教师:一、实验名称 分析数据链路层帧结构二、实验目的1. 安装并学会使用Wireshark的一些基本功能;2. 学会分析、理解俘获的踪迹文件的Ethernet帧结构;3. 学会分析、理解IEEE 802.11帧结构;4. 掌握帧结构中每一字段的值和它的含义。三、实验内容和要求1. 安装和配置网络协议分析仪Wireshark;2. 使用并熟悉Wireshark分析协议的界面环境;3. 学会使用Wireshark捕捉协议包;4. 掌握使用Wireshark分析俘获的踪迹文件的基本技能;5. 深刻理解Ethernet帧结构;6. 深刻理解IEEE 802.11帧结构;7. 掌握帧结构中每一字段的值和它的含义。四、实验环境做实验时,本机电脑硬件环境情况如下:1. 运行Windows10家庭中文版64位操作系统的PC 台;设备规格谴备名称处理霑LAPTOP-U14VgAMD Ryzari 5 2500C with KdiL-un Vega Mobile Gh ZOdtfWRATvl设备IFJ产品Daou GB (6.9S GB 可用)fl7BBa7DF r4-1F -1T43 9r3fl-a70337DOAC30034264位操作報基Fk64时处琏羞诳fl刑川J此显那器艇或曲颐豐制苗希就台电脑Windows 规格版本版本号擬柞斑内部版本Window! K赢庭中文版H22021M/2J19042.9*5Windows Feature Experience Pack l20.2?12-2fl2CLO2. PC 具有以太网卡一块,通过无线网络路由器与网络相连3. 每台 PC 运行程序协议分析仪 Wireshark。jf Wiretark 网齢析需-_ X文中Fj扁祖旧视囲M碾G 知軌柑焼计曲司乃无銭(W)工禺“荼勛(出通总3 二邈宣遂王扌亠兰徑2電F|厂計讨:.±£ “:,=;_ T:- -+歆迎便用fir eshark打开E:ttraWireshark项目Z pcapng C3064 Byte?)E:l计网Wi resliarklfS 1 .pea png (1782 K£)捕荻心斗宀上.*岸:一|fT_显示所有接口 ”锂连疥斗IXJ WLAISI.'.-学习用耗谅-»iki -正在运行 VireshArk?. 6.自(v2a 6 a-0-sdfA42cd9).接受自动更新丫 rrrT*F巧:Gt沁一:五、操作方法与实验步骤用 Wireshark 抓捕相应一段时间的数据包1. Ethernet 帧结构,如下图。ffCLIlka3 0,6362374 0,69531®5 .419&16SoLTCH192.164.43.21S3.232.Z31.174 iB3.i92xaa-.4aXSEitlntlcolfl3.232.31,17 192,1SSH43,2 laSLlfii 自43kJFr tteedTCPTCPTCPLar垃th In九(TCP s-eent of a re*5sewbl-edi PDU5LE-1 5HE-255 5125* 甘 idiJ MK 时如3 r 51256 MKH 酣 + 5etl91 ACSSn&qi-l Ack-1 Min-51® Len-lL &M1-1 Ack-2 win-lW0 Len-0Se<=l Ajck=l win=42 Len=s6 1.41971192.16S.41-2Ifil.192-2&0.40TCP54 TCP ACKed umensegment * ee ajCjKSeq=i Ack=2 i41n=321i. Len=7 3,475BSH!-f輛0:;臼曲1: Sff: f凹匚.IOTFV6142 Router Adverti&erient fron a2:dls05:4c;33:16B; 7.5G7135-3dQQ:BQ53l3d51!2B1S3d»:ScSi3! 24QQ:1I ! ! 3_TCP75 512dS -f ddl ACK&Dq;-l Ack»I Uin-Bld Len-lT匸口 E-e-gnnt of m raas ssribl-Ddl P口Uft 7.5671552iW5: 35*: 3451: 2fiia_24&:ac5*:3il00:l: :2_TCP75 512ii4 f 441 ACKS*q=l Ack=l Min=Sl-4 Len=iTCP segment of a rea&enbJedi PDU1S& 7,619514W9:C56:240«:1: :2-24: 835&: 351:2*14.TCPM 443 -* 51244 (MK&eqi-l Ack-2 Hin-SS1 ten-1®SLE-1 SRE-211 7,61951624flSi:Sc50:Mg0:l : :2-24W:395&:3d51:2aia.TCP趺如 * 512JI5- MK5eq-l Ack-2 Hin-5e Len-0SLE-l 5HE-212 7 .&47<9Q412.16S.41a2lfiJ.232B2J1.174TCP55 512SJ 441 ACKSnfrq=l Ack=l win=S13 Lett=iTCPof a r&asseubW PDU西腑?ieaa233.211a17412.163-4.2TCP66 442 f 51251 ACKS*q=l A£k=2 Min=107 wnPSLE=1 SR£=214 S,35704352:dl:&S:4c:88:162 urHav_67: Ad:&dlARP42 Who has 192, l-&Bad!3,2? Tel 192 = 165,43 = 1AS B.35707Ax urewjv_&7:4d; £dJ3 :dil:GS;4i:汩日:IEARP42 192 lt&“4ZL2 15 日七 d t! f 5 :i £7:4d;£d16 fl.74057212.16S.41a2Ifil.232-211.174TCP55 51251 + 443 MKteq=l Atk=l Min=50& Len=lTCP segnent of 3 rw朋Mb伽 PDU17 8,77055192.163,43,2183.232.231.17iTCP站 51252 十血3 MKAck-1 win-511 leriF-1TCP s-egnent of a rwssenbJ«ii PDUJIS 8,019183=232,231=171192,168=43,2TCP6&少3 * 51251 MK5eqi-l Ack-2 win-1412 Len-95LE-1 5RE-2埒g厨弗2041B3.231.29-1.17412.163-41.2TCP4.43 峠 51252 MKieq=l Ack=2 Min=l&U Le*gSLE=1 SRE=2M 1*1,096*4512.169.41,2112.34.111.123TCP5-5 TCP Kp-411512M * d4J ACK teq=l Ack=l kin=*茹卿 Len=l21 W.1544W112.341.111.123192.168,45.2TCP66 TCP Kep-*iliV A£K 3弓屮 5-1258 |ACK 5(eq-lAck«Z Win-32B8fl len-0 5LE-1 SRE-222 10.303-575192.10BtB M.10.43-D1£Qm uicq protocol23- 1.701412.168.41,2Ifil.232.211.174TCP5.5 TCP K.eep-Alive512&6 T 441 A£K Seq=l Ack=l k(in=5ia Len=l24 10.7676W1B3.232,231.174192,168,43:, 2TCPK TCP Keep-ftlive ACK dJ>3 -h 1256 ACK 5eq-lAck-Z Win-lMe Len-0 5LE-1 SFtE-23 5- 13. 73Mffdlfla.16S.d3-. 223Q.255-2&5.2SQSSDP215 M-SEARCH * HTlT/l.1用 Wireshark 俘获网络上收发分组或者打开踪迹文件,选取感兴趣的帧进行分析。如图所示,选 取第 7 号帧进行分析。在首部细节信息栏中,可以看到有关该帧的到达时间、帧编号、帧长度、 帧中协议和着色方案等信息。3 a.eaaia?12.169.43.2U9-. 23.2.23.1.174TCP55 S1256+ 443ACESeq=lfltk=lwin=510Len=iTCP se.grneftt ofaredsembledPCd4 a.Gssaiaiaa.232.231.17412.163.4.2TCP66 443 +51256:*CKSeq=lfltk=2Hin=104iOi Len= SLE=1 SRE=25 3,419616133,192,200.4012.16.43.2TCP54*3 + 50991ACK:Seq=l Atk=l win=42 Len=a6192,163.43.2lfil.12.2!&0.4*TCP54 TCP AtKed nseenaegnent SSQSl + Sti就kieq=l Ack=3 皿z幕归i l晋nP17 3.475935f eS0: ; i30d 1 ; 5f f : f e4c.ff02:LICHPV6142 neuter Advertienent froR a2:dl:03;dic:si3:i6a 7=5671252409:3950:3451:251 A.匚越口恥0:1::2. TC P75 51245+ 443ACESeq=lfltk=lLdn=514Len=iTCP se.grneftt ofaredsembledPOU9 7=5671252409:3950:3451:2514.4: A匚晞:1::i. TCP75 S1244+ 443ACKSeq=lAtk=lkrLn=514Len=lTCP £键胆mt ofareasembledlWDLl13 7.6195142409:St50:240!0l:l::2.24加:的越:H454:話i氐.TCPfit 443 +51244ACKSeq=lfltk=2Ldn=5GSLen=SSLE=1 iRE=211 7.6195162409:St50:240!0l:l::2.24加:的5:3454 :話i氐.TCPfit 443 +51245ACKSeq=lfltk=2idn=5GSLen=SSLE=1 SRE=212 7.947934192.16S.43a2U9-. 23.2.23.1.174TCP55 51253+ 443ACKSeq=lfltk=lwin=510Len=iTCP se.grneftt ofaredsembledPOU13 a.3J!9»71S3.232.231.17412.163.4.2TCP66 443 +51253AEKSeq=lfltk=2win=1076;Len= SLE=1 SRE=2Frflnw 7: 142 bytes on wire (1136 匕辻町口 12 bytet captured (1136 bit) on interface §Ethernet IIj 5rc: a2:dl:B:4i:BS:16 (i2;dl;0i3:d!c;S3:ie), M匕 IPv6RCa5t_01(33: JJ: W: W: W:01)Internet Pnotocol Versior> 虽 5rc: few: :0dl;Sff;fedicE0S16? Dst: ff92: :1lnterr*et Conitrcil Hessflg-e Protocol ¥&33Weidl1:as1686dd600733L-M175S35ffWW000000aSdl-XE-知fffe4C16ffWW0000000000LWWWTOWOIL23稠41089e100000薛利-WWWW32:i旺SS160501L-WWW陽S3掰4尊c<5W009e100000會央ieWWW24TOB9W345128130000PiQtWWW19的WWW009e102A09W34512EISWW00003C'PAQ(-六、实验数据记录和结果分析T1aqDASt£lt4»PrfiitM*!Ls£<th.mio1 S.&fiMM1翌iea 拒工112.34a111.12aTCP5551253 + 441 ACK Seq=l Ack=l ihiin=6334a Len=i. TCP segnent of a reassenbled PDu2 0.075SS1112.34.111.12192.163.41.3TCP桶4421 + 5135fi A£K Seq=l Ack=3 Win*湖的 “nP S-LE=1 SRE=23 S.eaaMJ12.163.43a3iaS. 232.23-1. 174TCP5551256 f 44J ACK Seq=l Ack=i Nin=51gi Len=l TCP segment of a reassenbled PDUJI 0.695S1&1S3H232,231.174152,163,45.2TCP443 + 51256 ACK 5eq-l Ack-Z Win-10dg Len-S 5LE-1 5RE-253.41961&133.152,200,45192.16S.43r2TCPS0 + 5洒 1 Ad? 5eq-l Ack-1 Win亚 len-9£ 3.41970312-162.43,3133,192. 2M恥TCPS4 TCP AMed unseen segnent 51 + 閱ACit 跖q“ ack=2 wirii= 3-211 Len=S7 3ai7533SfeSO: ?30dl:Bff :fe4c. ff92: :1ICHPV612Router* Advertisenent frcin 32 :dl iS: J!c:SS:16E 7.567155-SdflQ:sgss: 2B1&-:ScM! Is :3_TCP75E12dl5-+ J J. 3- ACK Seq-l Ack-l Min-Sid Lan-1 TCP £°|gno 门七 of a r-D-aiSEorib led PDU§ 7.5671252439:Q95Q:3451: 2S1A. 2409:StM! 2磁i;1:2_TCP7551244p 44J ACK Seq=l Ack=l Win=514 Len=l TCPof a reasseMbled PDUIS 7=6195142439:3C50:: 1! ! 2- 2409:的苗! 24S1! 2313_TCP恥443 +51244 A£K Seq=i Ack=2 LJln=560 LM旳 S-LE=1 SR£=211 7 = 61951t2439:3C50:: 1! ! 2- 2409:的苗! 24S1! 2313_TCP443 +S134S A£K Seq=l Ack=2 LJln=560 ®旳 S-LE=1 SR£=212 7 = 94793412.16a.43a3133a232.174TCP5551253p 44J ACK Seq=l Ack=l Win=5ia Len=l TCPof a reasseMbled PDU13 8 = 0290971S3.232.231.174192.163,43.2TCP砖<43 +51255 ACK 5eq-l Ack-2 Win-1076 Lffi-6 SLE-1 5RE-2M 8=35704532:dl:08c:-ttB: 16AzureMav 67:41:fidARPi.2Hhci h少 192.L6SBd!3.2? Tell 192.163Bdl3BlFrarie 6: 54 byte on mire (432 bit?)P 嗣 bytes captured (432 b辻s) on interface &Etherwt IIj SrCE AzureW3V_67:4d:6d (dc-;f5:5-:67:id;6d) ? Dst : 2 :dl:9S:d!C-:&S: 16 i<2:dl;03:d!C :BS: 16) Internet Pratecol Version 4 Srt: 192.16S.4J. 3j. Ost: 133,12.Tranifii&siom Contcd Prato匚彷1.占re Ports 5臼&仝&st Ports 3.駅q: l9 Acks Lem:白ssss a2 dl4c asIS de05 67 4d Sdob45 ee- L -£Mn E0U JU 他lb 辰 40朋轮俯bl 3e 3hE2b 0 b? tfi->-00湘 亡£ 話柑ab 0050 tb 412 04 酣 b97b 50 54 10-PC» »-PPas:a 7di刁牛 is Bo) p 选中6号帧进行分析。该帧传输时间为俘获后的3419701秒;从源IP地址192.168432 传输到目的IP地址183.192.200.40,帧的源MAC地址和目的MAC地址分别是dc.f5.05.674d.6d和a2d1084c8816 ;分组长度54字节;是TCP携带的HTTP报文。 从分组首部信息窗口,还可以看到各个层次协议及其对应的内容。7 Frame 5: 5J byte? on wire bit?). 54 bytes captured (432 biti) on interface e> interface Id: 0 DewiC eHP F_ CA31O9E4 - 3&C 3-4542' 9«>&-C t08951B>lB09 > EMdpMltlQUOil typ«! Ethtrftit (1)Arrival Timei May 25, Mil g!W! 19_e«7353flea 心国标准时同Tim亡 shift for this patk亡t:臼 standsfpciqli Tine: 1$Time de lfa frm previous capt ured frame:孝.阳朋站盟 seconds J(lime delta +ro« previous displayed frame!吐oee盹500 secondslime siflce reference or first fraw: 3,ai-97&100P secondsFrame 槽uirtjpr:;鼻Frani9 L«-ngt h: 54 byt« (411 bits)taptur& Length: E4 byte5 (.4bite)frdmm i§ mark胡:Falmp(frame i i ignortd; FalseprQtflCQls iR: eth:sttiertype;ip: tp'folorin Rule «d»e : Had TCPfo.lorin ftuJc String: tcp»,jnjlysit.fLsgs Itcp.jnjlysit.wintlow_upHldte* Eteirnt II, sre: Azurewu_G7:4dsd (de :fs:«5;67:dtJsdJj Dst:沁:卅:貓:毗:ee:is (J2:di:os:4c:ss:169 Dctlotion;就;<j:盹;4t;gT"6< (as ;dir03;4c;fiS;1&)Address : fiJ :dl : 4c: 1 (mQ :dl :内右:斗v)1- . - . .* = LG bit J Loially administered jddr«& (this is Udi the factory iH&ult) .-*-.环-一*.-.*= IG bit: indiividiidl address (uniedt)3 5owrce: Azureha.v_&7;id; &tf (de; f5;5 ;G7 ;ad;-frd)Adtfr*ss : ftzurewHiv 67:Jd :6d (de :fs:G5: 67:Jd :6d)& LGbit: Gldblly uritqdt dddr电話(fittory dfrfjuLt) 0 1(3 bit: Indtvidijdl(unicast)Type; IPv4 伽即验)“ internet Protocol ve-rsioft 4t sre: 12,168,43.2j &st: 183,192 + 20.40&1CG * - Wrsion: 4GlCl = Hedr Length: 20 bvtes (5)* Differ ent is ted S-e rulers F i«2d: &k&& (DSCP: CS6, ECH: Not-ECT)Total L更ngtli: iOidenti-fication: exibf (7ice)> Fldgs: exJ-GOC, D«n*t -fra£nientTime to 1¥已:64Prctccol: TCP (6)Header <hec ksum: Oxb3 3e valid at icn dis-abledHeader checksum status; Ujiveri-FiedSource: 192.16S.43.2Chestlnation: 103.19. 200.de7 irnmision 匚ontrol Protocol, sre Port: 59991ust Port:目尊二 s&q: 1, Ack.: 2, Len: 0 source Port; 500SIOestination Port; 80$trem xndex: 2TCP Segment Len: 0Sequence number: 1 (relative sequence flumbr)s唱qu电jko number:1(relativermmber)Acknowledgment nuniberi 2 (relative num'ber')0101 . = Header Length: 2& bytes (5)> F13gS: CX010 (ACK)window site value: 321313】匚uWted window 品讥申 32131 kri ndow size sc a 1 ifig "fact o r= - 1 (unknovin)checksum: 0XJ970 uriverifiedChecksum Status: UrtvrifiedJurgent pointer: 0> SEQ/4CK analysis> Timeitanrps 七、实验体会、质疑和建议通过实验,我对 Wireshark 分析俘获的踪迹文件的基本技能有了基本了解,理解了以太 网的结构,了解TCP/IP的主要协议和协议的层次结构,对以后的学习有很大帮助。我也基本 掌握了网络协议分析仪的使用,加深了对协议格式、协议层次和协议交互过程的理解。但还 有许多功能理解的不是很清晰,希望在后续实验中可以更好地去理解。
个人主页