Исследование трафика. Исследование трафика сети с помощью программы анализатора Wireshark и стандартных утилит командной строки (ping, tracert, ipconfig)

Страницы работы

13 страниц (Word-файл)

Фрагмент текста работы

САНКТ-ПЕТЕРБУРГСКИЙ ГОСУДАРСТВЕННЫЙ ТЕХНИЧЕСКИЙ УНИВЕРСИТЕТ

ФАКУЛЬТЕТ ТЕХНИЧЕСКОЙ КИБЕРНЕТИКИ

КАФЕДРА КОМПЬЮТЕРНЫХ СИСТЕМ И ПРОГРАММНЫХ ТЕХНОЛОГИЙ

ОТЧЕТ

о лабораторной работе №1

«Исследование трафика»

по информационным сетям и телекоммуникациям

Работу выполнил студент     4081/11                 

группа                               ФИО

Преподаватель                              

подпись                              ФИО

Санкт-Петербург

2011г.

1.  Цель работы

Исследование трафика сети с помощью программы анализатора Wireshark и стандартных утилит командной строки (ping, tracert, ipconfig).

2.  Выполнение работы

Выполнение работы проводилось на ПК со следующими сетевыми параметрами:

Windows IP Configuration

Host Name . . . . . . . . . . . . : aivts11

Primary Dns Suffix  . . . . . . . :

Node Type . . . . . . . . . . . . : Unknown

IP Routing Enabled. . . . . . . . : No

WINS Proxy Enabled. . . . . . . . : No

Ethernet adapter Network Bridge (Network Bridge) 2:

Connection-specific DNS Suffix  . :

Description . . . . . . . . . . . : MAC Bridge Miniport

Physical Address. . . . . . . . . : 02-FF-46-CE-2A-D0

Dhcp Enabled. . . . . . . . . . . : No

IP Address. . . . . . . . . . . . : 10.1.15.8

Subnet Mask . . . . . . . . . . . : 255.255.255.224

Default Gateway . . . . . . . . . : 10.1.15.1

DNS Servers . . . . . . . . . . . : 10.0.0.10

2.1. Утилита ping

1)  pingyandex.ru

Выполняет 4 эхо запроса по протоколу ICMP размером 32 и получаем 4 эхо-ответа (ICMP-пакеты инкапсулируются в IP пакеты).  На рис. 1 отображен соответствующий трафик в Wireshark:

Рис. 1. Трафик сети при ping yandex.ru.

Структура пакета эхо-запроса:

No.     Time        Source                Destination           Protocol Length Info

44 14.148218   10.1.15.8             93.158.134.11         ICMP     74     Echo (ping) request  id=0x0200, seq=256/1, ttl=128

Frame 44: 74 bytes on wire (592 bits), 74 bytes captured (592 bits)

Arrival Time: Nov 18, 2011 10:41:04.889677000 Московское время (зима)

Epoch Time: 1321598464.889677000 seconds

[Time delta from previous captured frame: 0.007126000 seconds]

[Time delta from previous displayed frame: 0.000000000 seconds]

[Time since reference or first frame: 14.148218000 seconds]

Frame Number: 44

Frame Length: 74 bytes (592 bits)

Capture Length: 74 bytes (592 bits)

[Frame is marked: False]

[Frame is ignored: False]

[Protocols in frame: eth:ip:icmp:data]

[Coloring Rule Name: ICMP]

[Coloring Rule String: icmp || icmpv6]

Ethernet II, Src: AsustekC_78:46:f0 (48:5b:39:78:46:f0), Dst: CameoCom_6e:7b:52 (00:40:f4:6e:7b:52)

Destination: CameoCom_6e:7b:52 (00:40:f4:6e:7b:52)

Address: CameoCom_6e:7b:52 (00:40:f4:6e:7b:52)

.... ...0 .... .... .... .... = IG bit: Individual address (unicast)

.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)

Source: AsustekC_78:46:f0 (48:5b:39:78:46:f0)

Address: AsustekC_78:46:f0 (48:5b:39:78:46:f0)

.... ...0 .... .... .... .... = IG bit: Individual address (unicast)

.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)

Type: IP (0x0800)

Internet Protocol Version 4, Src: 10.1.15.8 (10.1.15.8), Dst: 93.158.134.11 (93.158.134.11)

Version: 4

Header length: 20 bytes

Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00: Not-ECT (Not ECN-Capable Transport))

0000 00.. = Differentiated Services Codepoint: Default (0x00)

.... ..00 = Explicit Congestion Notification: Not-ECT (Not ECN-Capable Transport) (0x00)

Total Length: 60

Identification: 0x2f28 (12072)

Flags: 0x00

0... .... = Reserved bit: Not set

.0.. .... = Don't fragment: Not set

..0. .... = More fragments: Not set

Fragment offset: 0

Time to live: 128

Protocol: ICMP (1)

Header checksum: 0x0ee7 [correct]

[Good: True]

[Bad: False]

Source: 10.1.15.8 (10.1.15.8)

Destination: 93.158.134.11 (93.158.134.11)

Internet Control Message Protocol

Type: 8 (Echo (ping) request)

Code: 0

Checksum: 0x4a5c [correct]

Identifier (BE): 512 (0x0200)

Identifier (LE): 2 (0x0002)

Sequence number (BE): 256 (0x0100)

Sequence number (LE): 1 (0x0001)

[Response In: 45]

Data (32 bytes)

0000  61 62 63 64 65 66 67 68 69 6a 6b 6c 6d 6e 6f 70   abcdefghijklmnop

0010  71 72 73 74 75 76 77 61 62 63 64 65 66 67 68 69   qrstuvwabcdefghi

Data: 6162636465666768696a6b6c6d6e6f707172737475767761...

[Length: 32]

Адрес назначения- 93.158.134.11, TTL 128, тип ICMP – 8 (эхо-запрос), пакет не фрагментирован, передается по Ethernet 2.

Структура пакета эхо-ответа:

No.     Time        Source                Destination           Protocol Length Info

45 14.160266   93.158.134.11         10.1.15.8             ICMP     74     Echo (ping) reply    id=0x0200, seq=256/1, ttl=53

Frame 45: 74 bytes on wire (592 bits), 74 bytes captured (592 bits)

Arrival Time: Nov 18, 2011 10:41:04.901725000 Московское время (зима)

Epoch Time: 1321598464.901725000 seconds

[Time delta from previous captured frame: 0.012048000 seconds]

[Time delta from previous displayed frame: 0.000000000 seconds]

[Time since reference or first frame: 14.160266000 seconds]

Frame Number: 45

Frame Length: 74 bytes (592 bits)

Capture Length: 74 bytes (592 bits)

[Frame is marked: False]

[Frame is ignored: False]

[Protocols in frame: eth:ip:icmp:data]

[Coloring Rule Name: ICMP]

[Coloring Rule String: icmp || icmpv6]

Ethernet II, Src: CameoCom_6e:7b:52 (00:40:f4:6e:7b:52), Dst: AsustekC_78:46:f0 (48:5b:39:78:46:f0)

Destination: AsustekC_78:46:f0 (48:5b:39:78:46:f0)

Address: AsustekC_78:46:f0 (48:5b:39:78:46:f0)

.... ...0 .... .... .... .... = IG bit: Individual address (unicast)

.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)

Source: CameoCom_6e:7b:52 (00:40:f4:6e:7b:52)

Address: CameoCom_6e:7b:52 (00:40:f4:6e:7b:52)

.... ...0 .... .... .... .... = IG bit: Individual address (unicast)

.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)

Type: IP (0x0800)

Internet Protocol Version 4, Src: 93.158.134.11 (93.158.134.11), Dst: 10.1.15.8 (10.1.15.8)

Version: 4

Header length: 20 bytes

Differentiated Services Field: 0x60 (DSCP 0x18: Class Selector 3; ECN: 0x00: Not-ECT (Not ECN-Capable Transport))

0110 00.. = Differentiated Services Codepoint: Class Selector 3 (0x18)

.... ..00 = Explicit Congestion Notification: Not-ECT (Not ECN-Capable Transport) (0x00)

Total Length: 60

Identification: 0x37c9 (14281)

Flags: 0x00

0... .... = Reserved bit: Not set

.0.. .... = Don't fragment: Not set

..0. .... = More fragments: Not set

Fragment offset: 0

Time to live: 53

Protocol: ICMP (1)

Header checksum: 0x50e6 [correct]

[Good: True]

[Bad: False]

Source: 93.158.134.11 (93.158.134.11)

Destination: 10.1.15.8 (10.1.15.8)

Internet Control Message Protocol

Type: 0 (Echo (ping) reply)

Code: 0

Checksum: 0x525c [correct]

Identifier (BE): 512 (0x0200)

Identifier (LE): 2 (0x0002)

Sequence number (BE): 256 (0x0100)

Sequence number (LE): 1 (0x0001)

[Response To: 44]

[Response Time: 12,048 ms]

Data (32 bytes)

0000  61 62 63 64 65 66 67 68 69 6a 6b 6c 6d 6e 6f 70   abcdefghijklmnop

0010  71 72 73 74 75 76 77 61 62 63 64 65 66 67 68 69   qrstuvwabcdefghi

Data: 6162636465666768696a6b6c6d6e6f707172737475767761...

[Length: 32]

Адрес назначения- 10.1.15.8, TTL 128, тип ICMP – 0 (эхо-ответ),  пакет не фрагментирован, передается по Ethernet 2.

2)  Ping –l 4000 yandex.ru

Осуществляет 4 эхо-запроса длиной 4000 байт каждый и приходит 4 эхо-ответа (рис. 2).

Рис. 2. Трафик сети при ping –l 4000 yandex.ru.

Посылка разбивается на 3 пакета по 1480, 1480 и 1048 байт данных (+8 служебных).

Структура 1 пакета эхо-запроса:

No.     Time        Source                Destination           Protocol Length Info

5 3.692625    10.1.15.8             93.158.134.11         IPv4     1514   Fragmented IP protocol (proto=ICMP 0x01, off=0, ID=3000) [Reassembled in #7]

Frame 5: 1514 bytes on wire (12112 bits), 1514 bytes captured (12112 bits)

Ethernet II, Src: AsustekC_78:46:f0 (48:5b:39:78:46:f0), Dst: CameoCom_6e:7b:52 (00:40:f4:6e:7b:52)

Internet Protocol Version 4, Src: 10.1.15.8 (10.1.15.8), Dst: 93.158.134.11 (93.158.134.11)

Version: 4

Header length: 20 bytes

Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00: Not-ECT (Not ECN-Capable Transport))

Total Length: 1500

Identification: 0x3000 (12288)

Flags: 0x01 (More Fragments)

Fragment offset: 0

Time to live: 128

Protocol: ICMP (1)

Header checksum: 0xe86e [correct]

Source: 10.1.15.8 (10.1.15.8)

Destination: 93.158.134.11 (93.158.134.11)

Reassembled IPv4 in frame: 7

Data (1480 bytes)

Установлен флаг More Fragments, смещение фрагмента 0.

Структура 2 пакета эхо-запроса:

No.     Time        Source                Destination           Protocol Length Info

6 3.692724    10.1.15.8             93.158.134.11         IPv4     1514   Fragmented IP protocol (proto=ICMP 0x01, off=1480, ID=3000) [Reassembled in #7]

Frame 6: 1514 bytes on wire (12112 bits), 1514 bytes captured (12112 bits)

Ethernet II, Src: AsustekC_78:46:f0 (48:5b:39:78:46:f0), Dst: CameoCom_6e:7b:52 (00:40:f4:6e:7b:52)

Internet Protocol Version 4, Src: 10.1.15.8 (10.1.15.8), Dst: 93.158.134.11 (93.158.134.11)

Version: 4

Header length: 20 bytes

Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00: Not-ECT (Not ECN-Capable Transport))

Total Length: 1500

Identification: 0x3000 (12288)

Flags: 0x01 (More Fragments)

Fragment offset: 1480

Time to live: 128

Protocol: ICMP (1)

Header checksum: 0xe7b5 [correct]

Source: 10.1.15.8 (10.1.15.8)

Destination: 93.158.134.11 (93.158.134.11)

Reassembled IPv4 in frame: 7

Data (1480 bytes)

Установлен флаг More Fragments, смещение фрагмента 1480.

Структура 3 пакета эхо-запроса:

No.     Time        Source                Destination           Protocol Length Info

7 3.692747    10.1.15.8             93.158.134.11         ICMP     1082   Echo (ping) request  id=0x0200, seq=3328/13, ttl=128

Frame 7: 1082 bytes on wire (8656 bits), 1082 bytes captured (8656 bits)

Ethernet II, Src: AsustekC_78:46:f0 (48:5b:39:78:46:f0), Dst: CameoCom_6e:7b:52 (00:40:f4:6e:7b:52)

Internet Protocol Version 4, Src: 10.1.15.8 (10.1.15.8), Dst: 93.158.134.11 (93.158.134.11)

Version: 4

Header length: 20 bytes

Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00: Not-ECT (Not ECN-Capable Transport))

Total Length: 1068

Identification: 0x3000 (12288)

Flags: 0x00

Fragment offset: 2960

Time to live: 128

Protocol: ICMP (1)

Header checksum: 0x08ad [correct]

Source: 10.1.15.8 (10.1.15.8)

Destination: 93.158.134.11 (93.158.134.11)

[3 IPv4 Fragments (4008 bytes): #5(1480), #6(1480), #7(1048)]

Internet Control Message Protocol

Type: 8 (Echo (ping) request)

Code: 0

Checksum: 0xe3fb [correct]

Identifier (BE): 512 (0x0200)

Identifier (LE): 2 (0x0002)

Sequence number (BE): 3328 (0x0d00)

Sequence number (LE): 13 (0x000d)

[Response In: 10]

Data (4000 bytes)

Флаг More Fragments сброшен, смещение фрагмента 2960. Сообщение состоит из 3х фрагментов.

Эхо-ответ имеет сходную структуру, и приводить его в отчет не имеет

Похожие материалы

Информация о работе