資源描述:
《抓包分析實(shí)驗(yàn)》由會(huì)員上傳分享,免費(fèi)在線閱讀,更多相關(guān)內(nèi)容在工程資料-天天文庫(kù)。
1、實(shí)驗(yàn)一一、實(shí)驗(yàn)?zāi)康氖褂米グぞ呃斫釺CP連接建立過程的中三次握手和釋放過程四次揮手。二、實(shí)驗(yàn)過程(1)、關(guān)閉其他無關(guān)軟件;(2)、打開Wireshark抓包軟件;(3)、配置Wireshark軟件設(shè)置,選擇網(wǎng)卡,并用搜狗瀏覽器訪問qq.com,開始抓包,然后登陸郵箱,成功登錄后,關(guān)閉瀏覽器并停止抓包。三、實(shí)驗(yàn)結(jié)果⑴、分析抓到的包得到由DNS返回到本機(jī)(虛擬機(jī)的IP為192.168.128.128)的IP有五個(gè),QQ郵箱的返回本虛擬機(jī)的IP為113.108.7.1980TimeSourceDestinationP
2、rotocolInfo0.000000192.168.128.128192.168.128.2DNS2.Ho.v1DNS192.168.128.128.108.7.198113.108.7.198192.168.128.12850.04295660.048399192.168.128.128192.168.128.128113.108.7.198113.108.7.198TCPTCPTCPSSLV2StandardqueryAssl.ptlogin2?qi屈nEfiaaGg國(guó)泄制燦回j咖hcarrius-rsh
3、ell>https[5YN]se?https>carrius-rshell[SYN,ACicarrius-rshell>https[ack]se?clientHelloHi
4、+Queries±1Answers+1Authoritativenameservers-iAdditionalrecordsrofile:Default...5&?…ssi.ptlog■in2.qq.com08170AOao6CZ-5oof1Q4co6o020co7oo86oA80141廠o887oA88600-1632707680^800
5、A6d7£5ae76co1933n5lb76Aooo33Ao8oooAbo641A20007A8OJ4O1「9o<3o7Co9522Alb3ooA9aoo2-12ooo3Acdo2ecoC8O6A00009?-oo8o6A00000010002000300040AACAFile:"C:DocumentsandSettingshj...Packets:975Displayed:975Marked:0(£ns-te11.qq.com:typeA,classIN,addr101.226.66.18田ns-tel
6、l?qq?com:A,classIN,addr124.115.14.22田ns-tel2.qq.com:^ypeA,classIN,addr124.115.14.26+ns-tel2?qq.com:typmA,classIN,addr183.60.3.202(2)、TCP建立連接三次握手的過程如下:①首先從本機(jī)發(fā)往QQ郵箱目標(biāo)IP—個(gè)TPC報(bào)文(N0.3),SYN二],seq二0,Len二0;報(bào)文信息如T:FileEditViewGoCaptureAnalyzeStatisticsTelephonyToolsM
7、?lp値aIQQ?門■13盟畀ITime10.00000020.004278Source192.168.128.128Destination192.168.128.2192.168.128.128ProtocolDNSDNSInfo30.031015192.168.128.128113.108?7.198TCPStandardqueryAssl.ptlogTn2.qq.comseandardqueryresponseA113.108.7?:50.04295660.048399192.168.128.128192
8、.168.128.128113?108?7.198113.108.7.198TCPSSLV2https>carrius-rshell[syn,ACK]setcarrius-rshell>https[ACK]seq=lA(dierrtHello0123oooooooo?0?....0..…0.…?0—UJZ—IMUUQUJ=urgent:Notset=Acknowledgement:Notset=Push:notset=Reset:Notset0=Fin:notsetWindowsize:64240c634oof
9、o006208908OboGobo2010e4oo6fd8e8ac63495002006053cfoo7aooofb8ol230080019coooeo4ldb^95652300080045008080716c000070ga04020rofile:Default0Syn(tcp.flags.syn.)?1bytePackets:975Displayed:975Marked:NO.3①