wireshark抓包分析实验报告

Wireshark抓包分析试验假设惜年一、试验目的：1 wireshark软件，能在电脑上抓包。二、试验内容：使用抓包软件抓取协议通信的网络数据和DNS通信的网络数据，分析对应的、TCP、IPDNS.UDP.IP协议。三、试验正文：IP报文分析：sInternetProtocol,Src:119.75.222.18(119.75.222.18),Dst:192.168.1.108(192.168.1.1Version:4Headerlength:20bytes®DifferentiatedServicesField:0x00(DSCP0x00:Default;ECN:0x00)TotalLength:40Identification:0xd74b(55115)®Flags:0x02(Don”tFragment)Fragmentoffset:0Timetolive:48Protocol:TCP(6)®Headerchecksum:0x5cl2[correct]Source:119.75.222.18(119.75.222.18)Destination;19168.1.108(192.168.1.108)®TransmissionControlProtocol,SrcPort:(80),DstPort:56670(56670),Seq:1,Ack:从图中可以看出：IP报文版本号为：IFV4首部长度为:20bytes数据包长度为：40标识符：0xd74b标志:0x02比特偏移：0寿命：48上层协议：TCP首部校验和:0x5cl2源IP地址为：目的IP为:UDP:0UserDatagramProtocol^SrcPort:childkey-notif(1891),DstPort:irdmi(Sourceport:childkey-notif(1891)Destinationport:irdmi(8000)Length:280Checksum:0x58d7[validationdisabled]□Data(20bytes)Data:64f53d0094cc7ce5f65e475037002ca792bdc44b□Data(20bytes)从图中可以看岀：源端口号:1891U的端口号：8000udp报文长度为:28检验和：0x58d7数据长度：20bytesUDP协议是一种无需建立连接的协议，它的报文格式很简洁。当主机中的DNS应用程序想要惊醒一次查询时，它构造一个DNS查询报文段并把它给UDP,不需要UDP之间握手，UDP为报文加上首部字段，将报文段交给网络层。TCP:第一次握手:sTransmissionControlProtocol,SrcPort:56770(56770),DstPort:(80)fSeq:0,号:56770(56770)目的端□号:(80)[Streamindex:17]Sequencenumber:0Headerlength:32bytes

(relativesequencenumber)□ Flags:0x02(SYN)000.............=□ Flags:0x02(SYN)・・・0......二Nonce:Notset....0.............=CongestionWindowReduced(CWR):Notset........0........=ECN-Echo:Notset........0........=Urgent:Notset0・•・・=Acknovvledgement:Notset...........0…=Push:Notset.............0・・=Reset:Notseta 1. =Syn:Set.................0 =Fin:NotsetWindowsize:8192□ Checksum;0xf734[validationdisabled][GoodChecksum:False][BadChecksum:False]rc rIi、从图中看出：源端口号：56770II的端口号：80序列号为：0首部长为：32bytesSYN1表示建立连接成功当fin1时表示删除连接。其次次握手:源端口号:(8O)56770(56770)[Streamindex:17]Sequeneenumber:0(relativesequeneenumber)Acknowledgementnumber:1(relativeacknumber)Headerlength:24bytes日酝s:0x12(SYNZACK)000......... =Reserved:Notset...0.......... =Nonce:Notset....0…… =CongestionWindowReduced(CWR):Notset•….0・・・ =ECN-Echo:Notset・ =Urgent:Notset.......0...1..0・

=Acknowledgement:Set=Push:Notset=Reset:Notset=Syn:Set...1...1・...0Fin:NotsetWindowsize:146000Checksum:0x5781[validationdisabled][GoodChecksum:False][BadChecksum:False]从图中看出：源端口号是：800ack为:1Acknowledgement1表示包含确认的报文Syn1表示建立连接。第三次握手:0TransmissionControlProtocol*SrcPort:56770(56770)*DstPort:(80),Seq:1,Ack源端口号:56770(56770)目的端口号:(80)[Streamindex:17]Sequencenumber:1(relativesequencenumber)Acknowledgementnumber:1(relativeacknumber)Headerlength;20bytes□Flags:0x10(ACK)000...............= Reserved:Notset.0......... =Nonce:Notset・•0…・・・•・0….・•・・・・・

=CongestionWindowReduced(CWR):Notset=ECN-Echo:Notset=Urgent:Notset=Acknowledgement:Set=Push:Notset=Reset:Notset=Syn:Notset......0=......0=Fin:Notset□Checksum:0xf728[validationdisabled]从图中看出：源端口：56770目的端口：80序列号为：1ACK为：1首部长为：20bytesAcknowledgement1表示包含确认的报文所以，看岀来这是TCP连接成功了Tcp是因特网运输层的面对连接的可幕的运输协议，在一个应用进程可以开始段，建立确保传输的参数。发送报文:SGET//l.l\r\nHost:vw^v.baidu\r\nConnection:keep-alive\r\nAccept:text/htmlzapplication/xhtml+xmlzapplicatbn/xml;q=0.9zrnage/webpz*/*;q=0.8\r\nUser-Agent:Mozilla/5.0(WindowsNT10.0;WOW64)AppleWebKit/537.36(KHTML,likeGeelReferer:s://wvAv.baidu/lhk7urk8g4CZsXFGvv4ZyiP3z6IO2XIyRmgtObIvvMopZPOwJ-Accept-Encoding:gzip,deflate,sdch\r\nAccept-Language:zh-CN,zh;q=0.8\r\n[truncated]Cookie:BAIDUID=07F68A3D8A6E54DlE754230DA462EF2C:FG=l;BIDUPSID=O\r\nGET//：是恳求一个页面文件HOST：是恳求的主机名Connection：持续连接Accept：收到的文件User-Agent:扫瞄器的类型Accept-encoding：gzipdeflatesdeh限制回应中可以承受的内容编码值,指示附加内容的解码方式为gzip,deflate,sdeh。Accept-language:申请的语言种类是中文响应报文：□|HypertextTransferProtocolE/1.1200OK\r\nServer:nginx\r\nDate:Monz07Dec201514:23:27GMT\r\nContent-Type:text/plain;charset=UTF-8\r\n®Content-Length:118\r\nConnection:keep-alive\r\nssLine-basedtextdata:text/plain[truncated]\032p\242\272s\225\037\241\313\250\207\360\264\201\314\02/200OK:表示版恳求成功Server:表示报文是nginx效劳器产生的Date：表示效劳器产生并发送报文的时间和日期Contenttype:表示文件类型是plain,charset是字符集Contentlength：表示发送的字节数Connection：长久连接Dns:UserDatagramProtocol,SrcPort:domain(53),DstPort:52069(52069)0DomainNameSystem(response)〔RequestIn:227]aFlags:0x8180(Standardqueryresponse^NoaFlags:0x8180(Standardqueryresponse^Noerror)Questions:1AnswerRRs;2AuthorityRRs:7AdditionalRRs:7Queries®ss2.baidu:typeAfclassINAnswers日ss2.baidu:typeCNAMEfclassINrcnamesslbaidu.jomodnsName:ss2・baiduType:CNAME(Canonicalnameforanalias)Class:IN(0x0001)Timetolive:5minutes,51secondsDatalength:19Primaryname:sslbaidu.jomodnssslbaidu.jomodns:typeA,classIN，addr123.138.46.33DNS使用的是UDP协议Question1AnswersRRs2:发岀