資源描述:
《協(xié)議數(shù)據(jù)包的捕獲與分析》由會(huì)員上傳分享�����,免費(fèi)在線閱讀��,更多相關(guān)內(nèi)容在工程資料-天天文庫(kù)。
1���、一、實(shí)習(xí)任務(wù)2二����、協(xié)議分析21、捕獲ARP數(shù)據(jù)包,分析研究Z錯(cuò)誤!未定義書簽����。2、捕獲ICMP數(shù)據(jù)包����,分析研究之錯(cuò)誤!未定義書簽����。3�����、捕獲TCP數(shù)據(jù)包并分析54、捕獲HTTP數(shù)據(jù)包并分析55�、捕獲DNS數(shù)據(jù)包并分析56����、捕獲DHCP數(shù)據(jù)包并分析5三、總結(jié)17一����、實(shí)習(xí)任務(wù)1、捕獲APR請(qǐng)求�����、應(yīng)答數(shù)據(jù)包��,分析英組成特征��;弄清楚ARP協(xié)議的作用,對(duì)LAN內(nèi)�、LAN之間,APR是如何工作的���?APR緩沖的內(nèi)容如何保存與其作用?請(qǐng)求與應(yīng)答包的區(qū)別�����。2��、捕獲TCMP數(shù)據(jù)包,分析研究之����;弄清楚ICMP數(shù)據(jù)包的分類�����、作用��,捕
2����、捉Ping命令數(shù)據(jù)包,如何構(gòu)成TCMP協(xié)議包����,請(qǐng)示與應(yīng)答包的區(qū)別,怎樣傳輸?shù)摹?���、捕獲TCP數(shù)據(jù)包并分析;捕獲一對(duì)通信的TCP連接�����、數(shù)據(jù)傳送、釋放的整個(gè)過(guò)程���,分析其三次握手連接��、四次握手釋放的會(huì)話過(guò)程屮每一步通信的參數(shù)傳送�,以及可靠傳輸?shù)膶?shí)現(xiàn)��。4����、捕獲HTTP��、DWS數(shù)據(jù)包,分析英構(gòu)成����;捕獲本機(jī)瀏覽外部某一網(wǎng)站時(shí)的DNS���、HTTP數(shù)據(jù)包,取DNS、HTTP典型數(shù)據(jù)包各一個(gè),列出其應(yīng)用層�����、傳輸層�����、IP層�����、數(shù)據(jù)鏈路層上各層上數(shù)據(jù)包相應(yīng)參數(shù)�,首部?jī)?nèi)容�����,并對(duì)感興趣的部分進(jìn)行深入分析��。5、捕獲DHCP數(shù)據(jù)包,分析其構(gòu)
3�����、成;本機(jī)設(shè)置為自動(dòng)獲取IP地址����,捕獲本機(jī)的DHCP數(shù)據(jù)包�����,列出數(shù)據(jù)包包含的內(nèi)容�,并對(duì)其構(gòu)成進(jìn)行分析�,檢查數(shù)據(jù)包屮是否包含本機(jī)需要的數(shù)據(jù)。二�����、協(xié)議分析1、ARP協(xié)議分析(同一捕獲方案得到的多個(gè)協(xié)議可以寫在一起)(1)捕獲方案利用Ethereal網(wǎng)絡(luò)協(xié)議分析軟件及PING命令發(fā)送請(qǐng)求可捕捉數(shù)據(jù)包����。(2)捕獲數(shù)據(jù)包與協(xié)議分析數(shù)據(jù)包字段分析:ARP請(qǐng)求:字段值含義Hardwaretype0x0001硬件類型Protocoltype0x0800協(xié)議類型Hardwaresize6硬件地址長(zhǎng)度Protocolsize4協(xié)
4、議地址長(zhǎng)度Opcode0x0001操作類型SenderMACaddress00:14:2a:69:c7:2c源MAC地址SenderIPaddress172.16.56.42源協(xié)議地址TargetMACaddess00:00:00:00:00:00目的MAC地址TargetIPaddess172.16.59.217目的協(xié)議地址No.■TimeSourceDestination3rotocolInfo10.000000Elitegro_69:c7:2cBroadcastARPWhohas172.16.59.2
5��、17?Tell172.16.56.4220.000102Elitegro.6e:4c:2fElitegro_69:c7:2cARP172.16.59.217isat00:14:2a:6e:4c:2f30.000118172.16.56.42172.16.59.217ICMPEcho(ping)request40.000222172.16.59.217172.16.56.42ICMPEcho(ping)reply50.991340172.16.56.42172.16.59.217ICMPEcho(ping)r
6、equest/ZACfVIA21*1rr4C.CA"b-17?irraacc.,r£Frame1(42bytesonwire,42bytescaptured)+EthernetII,Src:Elitegro_69:c7:2c(00:14:2a:69:c7:2c),Dst:Broadcast(ff:ff:ff:ff:ff:ff)nAddressResolutionProtocol(request)Hardwaretype:Ethernet(0x0001)Protocoltype:IP(0x0800)Hardw
7��、aresize:6Protocolsize:4opcode:request(0x0001)SenderMACaddress:Elitegro_69:c7:2c(00:14:2a:69:c7:2c)SenderIPaddress:172.16.56.42(172.16.56.42)TargetMACaddress:00:00:00.00:00:00(00:00:00:00:00:00)TargetIPaddress:172.16.59.217(172.16.59.217)ARP答應(yīng):NO..TimeSourc
8、eDestination3rotocolInfo10.000000Elitegro_69:c7:2cBroadcastARPWhohas172.16.59.217?Tell172.16.56.4220.000102E11tegro_6e:4c:2fElitegro_69:c7:2cARP172.16.59.217Isat00:14:2a:6e:4c:2f30.000118172.16.56.42172.16.59
