ftp网络数据包分解

 

ftp网络数据包分解(flying 2004-8-13)

$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$
//                                                       //
//                    arp包  60byte                      //
//                                                       //
///

ff ff ff ff ff ff
0 20 ed a8 66 7b
8 6  //0x806 -- arp

//arphead//
0 1  //硬件类型
8 0  //协议类型
6    //length of hardware address
4    //length of protocol address
0 1   //opcode (command)请求还是应答ARP  0x1---ARP request
0 20 ed a8 66 7b  //sender hardware address
c0 a8 0 6e        //sender IP address
0 0 0 0 0 0       //target hardware address
c0 a8 0 69        //target IP address

0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 len=60

eth_hdr->h_dest = ff ff ff ff ff ff
eth_hdr->h_source = 0 20 ed a8 66 7b
eth_hdr->h_proto = 2054 //十进制
arp_hdr->ar_sha = 0 20 ed a8 66 7b
 arp_hdr->ar_sip = 1845536960  //192.168.0.110

if(opcode==0x1) arp_send_rsp();

arp_add_cache();//增加eth_hdr->h_source arp_hdr->ar_sip 保存在缓存

$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$
//                                                             //
//                 ping包   74byte                             //
//                                                             //
/

0 80 48 12 34 56
0 20 ed a8 66 7b
8 0
iphead/
45
0
0 3c
22 9e
0 0
80
1  //0x1--ICMP
95 fb
c0 a8 0 6e
c0 a8 0 69
icmphdr//
8  //0x8 -------icmp_rcv_echo
0
43 5c

2 0  //标识符
8 0  //序号
61 62 63 64 65 66 67 68 69 6a 6b 6c 6d 6e 6f 70 71 72 73 74 75 76 77 61 62 63 64 65 66 67 68 69 len=74

eth_hdr->h_dest = 0 80 48 12 34 56
eth_hdr->h_source = 0 20 ed a8 66 7b
eth_hdr->h_proto = 2048

------发送响应包---------icmp_send_echo();

//ping 包 end///

 

$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$
//                                                                       //
//                           ftp包                                       //
//                                                                       //
///

------------接收ftp请求包--------------
0  80 48 12 34 56   //destination eth addr
0  20 ed a8 66 7b   //source ether addr
8  0                //0x800 --- ip  packet type ID field

/iphead//
45
0       //一字节服务类型标志
0 2a   //二字节报文总长度 42byte
22 a1  //两字节惟一报文标识
0 0    //3位标志  13位片偏移
80     //一字节生存时间域
11     //一字节协议标识域 0x11--UDP
95 fa  //两字节校验和
c0 a8 0 6e  //四字节目的地址
c0 a8 0 69  //四字节源地址

udphead//
7 4b  //两字节UDP源端口号
0 45  //2字节UDP目的端口号  0x45---TFTP
0 16  //两字节信息长度  22byte
4 98  //两字节校验和

/tftphead/
0 2  //th_opcode 0x2 --- WRQ /* write request */
31 2e

74 78 74 0 6f 63 74 65 74 0 0 0 0 0 len=60

eth_hdr->h_dest = 0 80 48 12 34 56
eth_hdr->h_source = 0 20 ed a8 66 7b
eth_hdr->h_proto = 2048
Starting the TFTP download...

--if(th_opcode==0x2)----回送ACK---client_block=0---确认验证---------

---------接收数据包----------------
len=92
0 80 48 12 34 56
0 20 ed a8 66 7b
8 0

45
0
0  4e  //78byte
22 a2
0 0
80
11
95 d5
c0 a8 0 6e
c0 a8 0 69

7 4b
0 45
0 3a  //58byte
36 80

0 3   // 0x03 -- DATA 接收数据/* data packet */
0 1
///data///
61 62 63 64 65 66 73 64 66 73 64 66 73 64 66 77 32 32 33 31 35 35 35 35 35 35 35 35 35 35 35 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 len=92

eth_hdr->h_dest = 0 80 48 12 34 56
eth_hdr->h_source = 0 20 ed a8 66 7b
eth_hdr->h_proto = 2048

----------回送ACK  tftp_send_ack（）;---client_block++-----------------

ftp——end/
Received 2e Bytes, END...