ftp网络数据包分解(flying 2004-8-13)
$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$
// //
// arp包 60byte //
// //
///
ff ff ff ff ff ff
0 20 ed a8 66 7b
8 6 //0x806 -- arp
//arphead//
0 1 //硬件类型
8 0 //协议类型
6 //length of hardware address
4 //length of protocol address
0 1 //opcode (command)请求还是应答ARP 0x1---ARP request
0 20 ed a8 66 7b //sender hardware address
c0 a8 0 6e //sender IP address
0 0 0 0 0 0 //target hardware address
c0 a8 0 69 //target IP address
0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 len=60
eth_hdr->h_dest = ff ff ff ff ff ff
eth_hdr->h_source = 0 20 ed a8 66 7b
eth_hdr->h_proto = 2054 //十进制
arp_hdr->ar_sha = 0 20 ed a8 66 7b
arp_hdr->ar_sip = 1845536960 //192.168.0.110
if(opcode==0x1) arp_send_rsp();
arp_add_cache();//增加eth_hdr->h_source arp_hdr->ar_sip 保存在缓存
$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$
// //
// ping包 74byte //
// //
/
0 80 48 12 34 56
0 20 ed a8 66 7b
8 0
iphead/
45
0
0 3c
22 9e
0 0
80
1 //0x1--ICMP
95 fb
c0 a8 0 6e
c0 a8 0 69
icmphdr//
8 //0x8 -------icmp_rcv_echo
0
43 5c
2 0 //标识符
8 0 //序号
61 62 63 64 65 66 67 68 69 6a 6b 6c 6d 6e 6f 70 71 72 73 74 75 76 77 61 62 63 64 65 66 67 68 69 len=74
eth_hdr->h_dest = 0 80 48 12 34 56
eth_hdr->h_source = 0 20 ed a8 66 7b
eth_hdr->h_proto = 2048
------发送响应包---------icmp_send_echo();
//ping 包 end///
$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$
// //
// ftp包 //
// //
///
------------接收ftp请求包--------------
0 80 48 12 34 56 //destination eth addr
0 20 ed a8 66 7b //source ether addr
8 0 //0x800 --- ip packet type ID field
/iphead//
45
0 //一字节服务类型标志
0 2a //二字节报文总长度 42byte
22 a1 //两字节惟一报文标识
0 0 //3位标志 13位片偏移
80 //一字节生存时间域
11 //一字节协议标识域 0x11--UDP
95 fa //两字节校验和
c0 a8 0 6e //四字节目的地址
c0 a8 0 69 //四字节源地址
udphead//
7 4b //两字节UDP源端口号
0 45 //2字节UDP目的端口号 0x45---TFTP
0 16 //两字节信息长度 22byte
4 98 //两字节校验和
/tftphead/
0 2 //th_opcode 0x2 --- WRQ /* write request */
31 2e
74 78 74 0 6f 63 74 65 74 0 0 0 0 0 len=60
eth_hdr->h_dest = 0 80 48 12 34 56
eth_hdr->h_source = 0 20 ed a8 66 7b
eth_hdr->h_proto = 2048
Starting the TFTP download...
--if(th_opcode==0x2)----回送ACK---client_block=0---确认验证---------
---------接收数据包----------------
len=92
0 80 48 12 34 56
0 20 ed a8 66 7b
8 0
45
0
0 4e //78byte
22 a2
0 0
80
11
95 d5
c0 a8 0 6e
c0 a8 0 69
7 4b
0 45
0 3a //58byte
36 80
0 3 // 0x03 -- DATA 接收数据/* data packet */
0 1
///data///
61 62 63 64 65 66 73 64 66 73 64 66 73 64 66 77 32 32 33 31 35 35 35 35 35 35 35 35 35 35 35 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 len=92
eth_hdr->h_dest = 0 80 48 12 34 56
eth_hdr->h_source = 0 20 ed a8 66 7b
eth_hdr->h_proto = 2048
----------回送ACK tftp_send_ack();---client_block++-----------------
ftp——end/
Received 2e Bytes, END...