欢迎来到天天文库
浏览记录
ID:43721548
大小:291.73 KB
页数:14页
时间:2019-10-13
《《tcp_ip协议分析》wireshark抓包实验-以太帧分析-arp攻击实验》由会员上传分享,免费在线阅读,更多相关内容在工程资料-天天文库。
1、计算机学院专业网络工程指导教师张祯学生姓名实验日期2011-12-8以太帧格式的分析1.抓取方法描述第一步:打开wireshark抓包软件,开始抓包。第二步:在电脑(本机192.168.1.100)命令提示符下ping—下本局域网内的某台开启的主机的地址,如]192.168.1.3第三步:分析抓取的icmp包的格式。2.记录抓取的过程第一步:icmp[Wireshark1.7.0(SVNRev39768from/trunk)]FileEditViewfioRaptureAnalyzeStatisticsTelephonyToolsInternalsHelpFilterTime1■Option
2、s...Ctri.K冃CtZECtrl-^E>令苓殳igTg]⑥q@No.10.00000000(20.00059700(30.08368600(WStart■Stop■RestartJCaptureFilters...▼jExpression...Ctrl^Rination.255.255.255adcastadcastProtocolLengthInfoDHCP334DHCARP60WhoARP60Who第二步:anAdministratorCommandPromptHicrosoftWindows(Uersion6.1.7601]Copyright2009MicrosoftCor
3、poration.Allrights>*eserued.C:Usersjohnson^ping192.168•!.3Pinging192.168.1.3with32bytesofdata:ReplyReplyReplyReplyfronfronfronfron192.168.1.3:192.168.1.3:192.168.1.3:192.168.1.3:bytes«32bytes-32bytes・32bytes»32time®lnstime・2mstime4、168.1.3:Packets:Sent=4.Received=4.LostApproximateroundtriptimesinnilli-seconds:Mininun■0nsMaximum■2ms.Average■1msC:MJsersjohnson>3.抓取数据的内容Frame41:5、60bytes!ArrivalTime:Dec[TimeEpoch[Time[Time[TimeFrameFrameshiftTime:deltadeltasinceonre(480bits),60bytescaptured(480bits)11^201113:57:02.252604000China6、StandardTimeforthispacket:0.000000000seconds]1323583022.252604000secondsfrompreviouscapturedframe:0.000583000seconds]frompreviousdisplayedframe:0.000000000seconds]referenceorfirstframe:9.077778000seconds]Number:41Length:60bytes(480bits)bits)CaptureLwngth:60bytes(480[Frameismarked:False][Frameisigno7、red:False][Protocolsinframe:eth:arp][ColoringRuleName:ARP][ColoringRuleString:arp]目的MAC□EthernetII,Src:Tp-LinkT_35:85:3d@Destination:Broadcast(ff:ff:ff:ff:ff:ff)・Source:TD-LinkT_35:85:3a(5c:63:bf:35:85:3a)8、Type:ARP(0x0806)Jtrailer:tftrrrttttffKdTbOGcdZfbcOSOOOOOOOOOOd5c:63:bf:35:85:3a),Dst:Broadcas9、tdff:ff:ff:ff:ff•AddressResolutionProtocol(request)a)抓取数据的格式解释(可直接在抓取数据的内容旁边标注)•源MAC地址•目的MAC地址•类型•长度•校验和•以太帧类型b)补充说明(如果有需要补充的内容写在这)3.ARP协议的分析a)抓取方法描述启动wireshark抓包软件,过滤器选择arp,用电脑ping192.168.1.3,分析抓到的数据包b)记录抓
4、168.1.3:Packets:Sent=4.Received=4.LostApproximateroundtriptimesinnilli-seconds:Mininun■0nsMaximum■2ms.Average■1msC:MJsersjohnson>3.抓取数据的内容Frame41:
5、60bytes!ArrivalTime:Dec[TimeEpoch[Time[Time[TimeFrameFrameshiftTime:deltadeltasinceonre(480bits),60bytescaptured(480bits)11^201113:57:02.252604000China
6、StandardTimeforthispacket:0.000000000seconds]1323583022.252604000secondsfrompreviouscapturedframe:0.000583000seconds]frompreviousdisplayedframe:0.000000000seconds]referenceorfirstframe:9.077778000seconds]Number:41Length:60bytes(480bits)bits)CaptureLwngth:60bytes(480[Frameismarked:False][Frameisigno
7、red:False][Protocolsinframe:eth:arp][ColoringRuleName:ARP][ColoringRuleString:arp]目的MAC□EthernetII,Src:Tp-LinkT_35:85:3d@Destination:Broadcast(ff:ff:ff:ff:ff:ff)・Source:TD-LinkT_35:85:3a(5c:63:bf:35:85:3a)
8、Type:ARP(0x0806)Jtrailer:tftrrrttttffKdTbOGcdZfbcOSOOOOOOOOOOd5c:63:bf:35:85:3a),Dst:Broadcas
9、tdff:ff:ff:ff:ff•AddressResolutionProtocol(request)a)抓取数据的格式解释(可直接在抓取数据的内容旁边标注)•源MAC地址•目的MAC地址•类型•长度•校验和•以太帧类型b)补充说明(如果有需要补充的内容写在这)3.ARP协议的分析a)抓取方法描述启动wireshark抓包软件,过滤器选择arp,用电脑ping192.168.1.3,分析抓到的数据包b)记录抓
此文档下载收益归作者所有
