用Wireshark进行IP协议分析

1、TCP/IP 实 验 报 告实验4用Wireshark进行IP协议分析 学 院 计算机学院 专 业 网络工程 班 级 1班 姓 名 刘小芳 学 号 2012 5 4.1 实验性质本实验为操作分析性实验。4.2 实验目的1. 掌握Wireshark软件的基本使用方法。2. 掌握基本的网络协议分析方法。3. 使用Wireshark抓包工具，分析IP数据报的格式。4. 加深理解IP协议的原理及其工作过程。4.3 实验环境1. 硬件环境：PC机1台。2. 网络环境：PC机接入LAN或Internet。物理地址：00-E0-4C-00-16-78Ip地址：192.168.0.1313. 软件环境：Win

2、dows操作系统和Wireshark软件。4.4 实验学时1. Capturing packets from an execution of traceroute2. A look at the captured traceWhat is the IP address of your computer?2. Within the IP packet header, what is the value in the upper layer protocol field?3. How many bytes are in the IP header? How many bytes are in th

3、e payload of theIP datagram? Explain how you determined the number of payload bytes.4. Has this IP datagram been fragmented? Explain how you determined whether ornot the datagram has been fragmented.Use the down arrow on your keyboard to move through the ICMP messages sentby your computer.5. Which f

4、ields in the IP datagram always change from one datagram to the nextwithin this series of ICMP messages sent by your computer?6. Which fields stay constant? Which of the fields must stay constant? Which fieldsmust change? Why?7. Describe the pattern you see in the values in the Identification field

5、of the IPDatagramNext (with the packets still sorted by source address) find the series of ICMP TTLexceededreplies sent to your computer by the nearest (first hop) router.8. What is the value in the Identification field and the TTL field?9. Do these values remain unchanged for all of the ICMP TTL-ex

6、ceeded replies sentto your computer by the nearest (first hop) router? Why?FragmentationSort the packet listing according to time again by clicking on the Time column.10. Find the first ICMP Echo Request message that was sent by your computer afteryou changed the Packet Size in pingplotter to be 200

7、0. Has that message beenfragmented across more than one IP datagram?11. Print out the first fragment of the fragmented IP datagram. What information inthe IP header indicates that the datagram been fragmented? What information inHow long is this IP datagram?12. Print out the second fragment of the f

8、ragmented IP datagram. What information inthe IP header indicates that this is not the first datagram fragment? Are the morefragments? How can you tell?13. What fields change in the IP header between the first and second fragment?Now find the first ICMP Echo Request message that was sent by your computer after youchanged the Packet Size in pingplotter to be 3500.14. How many fragments were created from the original datagram?15. What fields change in the IP header among the fragments?4.5 实验内容与要求4.5.1 启动Wireshark协议分析工具4.5.2 抓取IP数据包4.5.3分析IP报文、1. Capturing a bulk TCP transfer from your com