Objective
To learn how protocols and layering are represented in packets.
They are key concepts for structuring networks that are covered in §1.3 and §1.4 of your text.
Review those sections before doing the lab.
学习如何在包中表示协议和分层。
它们是构建网络的关键概念,请参见本文的§1.3和§1.4。
在做实验之前复习这些部分。
Requirements
Wireshark: This lab uses the Wireshark software tool to capture and examine a packet trace.
A packet trace is a record of traffic at a location on the network, as if a snapshot was taken of all the bits that passed across a particular wire.
The packet trace records a timestamp for each packet, along with the bits that make up the packet, from the lower-layer headers to the higher-layer contents.
Wireshark runs on most operating systems, including Windows, Mac and Linux.
It provides a graphical UI that shows the sequence of packets and the meaning of the bits when interpreted as protocol headers and data.
It color-codes packets by their type, and has various ways to filter and analyze packets to let you investigate the behavior of network protocols.
Wireshark is widely used to troubleshoot networks.
You can download it from www.wireshark.org if it is not already installed on your computer.
We highly recommend that you watch the short, 5 minute video “Introduction to Wireshark” that is on the site.
Wireshark:这个实验室使用Wireshark软件工具来捕获和检查包跟踪。
数据包跟踪是网络上某个位置的流量记录,就好像是对通过某条特定线路的所有位进行快照一样。
包跟踪记录每个包的时间戳,以及组成包的位,从低层头到高层内容。
Wireshark运行在大多数操作系统上,包括Windows、Mac和Linux。它提供了一个图形化的用户界面,当被解释为协议头和数据时,它显示了数据包的序列和位的含义。
它根据数据包的类型对其进行颜色编码,并有各种方法来过滤和分析数据包,以便您研究网络协议的行为。
Wireshark被广泛用于网络故障排除。
你可以从www.wireshark.org如果您的计算机上尚未安装。
我们强烈建议您观看网站上的5分钟短片“Wireshark简介”。
wget / curl: This lab uses wget (Linux and Windows) and curl (Mac) to fetch web resources.
wget and curl are command-line programs that let you fetch a URL.
Unlike a web browser, which fetches and executes entire pages, wget and curl give you control over exactly which URLs you fetch and when you fetch them.
Under Linux, wget can be installed via your package manager.
Under Windows, wget is available as a binary; look for download information on http://www.gnu.org/software/wget/.
Under Mac, curl comes installed with the OS. Both have many options (try “wget --help” or “curl --help” to see) but a URL can be fetched simply with “wget URL” or “curl URL ”.
wget/curl:这个实验室使用wget(Linux和Windows)和curl(Mac)来获取web资源。
wget和curl是命令行程序,允许您获取URL。
与web浏览器不同,web浏览器可以获取并执行整个页面,wget和curl可以精确控制获取哪些url以及何时获取它们。
在Linux下,wget可以通过包管理器安装。
在Windows下,wget是二进制文件;可以在http://www.gnu.org/software/wget/。
在Mac下,curl随操作系统一起安装。
两者都有很多选项(请尝试“wget--help”或“curl--help”来查看),但是URL可以通过“wget URL”或“curl URL”来获取。
Step 1: Capture a Trace
Proceed as follows to capture a trace of network traffic; alternatively, you may use a supplied trace.
We want this trace to look at the protocol structure of packets.
A simple Web fetch of a URL from a server of your choice to your computer, which is the client, will serve as traffic.
按照以下步骤捕获网络流量的跟踪;或者,您可以使用提供的跟踪。
我们希望此跟踪查看数据包的协议结构。
一个简单的从你选择的服务器到你的计算机(客户机)的URL的简单Web获取将作为流量。
1.Pick a URL and fetch it with wget or curl.
For example, “wget http://www.google.com” or “curl http://www.google.com”.
This will fetch the resource and either write it to a file (wget) or to the screen (curl).
You are checking to see that the fetch works and retrieves some content.
A successful example is shown below (with added highlighting) for wget.
You want a single response with status code “200 OK”.
If the fetch does not work then try a different URL; if no URLs seem to work then debug your use of wget/curl or your Internet connectivity.
选择一个URL并使用wget或curl获取它http://www.google.com“或”卷曲http://www.google.com”.
这将获取资源并将其写入文件(wget)或屏幕(curl)。
您正在检查fetch是否有效并检索一些内容。下面显示了wget的一个成功示例(添加了突出显示)。
你想要一个状态码为“200ok”的响应。
如果fetch不起作用,那么尝试另一个URL;如果没有URL可以工作,那么调试wget/curl或Internet连接的使用。
Figure 1: Using wget to fetch a URL
2.Close unnecessary browser tabs and windows.
By minimizing browser activity you will stop your computer from fetching unnecessary web content, and avoid incidental traffic in the trace.
关闭不必要的浏览器选项卡和窗口。
通过最小化浏览器活动,您将阻止您的计算机获取不必要的web内容,并避免跟踪中的偶然通信。
3.Launch Wireshark and start a capture with a filter of “tcp port 80” and check “enable network name resolution”.
This filter will record only standard web traffic and not other kinds of packets that your computer may send.
The checking will translate the addresses of the computers sending and receiving packets into names, which should help you to recognize whether the packets are going to or from your computer.
Your capture window should be similar to the one pictured below, other than our highlighting.
Select the interface from which to capture as the main wired or wireless interface used by your computer to connect to the Internet.
If unsure, guess and revisit this step later if your capture is not successful.
Uncheck “capture packets in promiscuous mode”.
This mode is useful to overhear packets sent to/from other computers on broadcast networks.
We only want to record packets sent to/from your computer.
Leave other options at their default values.
The capture filter, if present, is used to prevent the capture of other traffic your computer may send or receive.
On Wireshark 1.8, the capture filter box is present directly on the options screen, but on Wireshark 1.9, you set a capture filter by double-clicking on the interface.
启动Wireshark并使用“tcp端口80”筛选器启动捕获,并选中“启用网络名称解析”。
此筛选器将只记录标准web流量,而不会记录计算机可能发送的其他类型的数据包。
该检查将把发送和接收数据包的计算机的地址转换为名称,这将帮助您识别数据包是发送到还是来自您的计算机。
您的捕获窗口应该类似于下图所示的窗口,而不是我们的突出显示窗口。
选择要从中捕获的接口作为计算机连接到Internet时使用的主要有线或无线接口。
如果不确定,请猜测并在捕获失败后再次访问此步骤。
取消选中“以混杂模式捕获数据包”。
此模式用于偷听广播网络上发送到/来自其他计算机的数据包。
我们只想记录发送到/来自您计算机的数据包。
保留其他选项的默认值。
捕获筛选器(如果存在)用于阻止捕获计算机可能发送或接收的其他流量。
在Wireshark 1.8上,捕获过滤器框直接出现在选项屏幕上,但是在Wireshark 1.9上,您可以通过双击界面来设置捕获过滤器。
Figure 2: Setting up the capture options
4.When the capture is started, repeat the web fetch using wget/curl above.
This time, the packets will be recorded by Wireshark as the content is transferred.
当捕获开始时,使用上面的wget/curl重复web获取,这一次,Wireshark将在内容传输时记录数据包。
5.After the fetch is successful, return to Wireshark and use the menus or buttons to stop the trace.
If you have succeeded, the upper Wireshark window will show multiple packets, and most likely it will be full.
How many packets are captured will depend on the size of the web page, but there should be at least 8 packets in the trace, and typically 20-100, and many of these packets will be colored green.
An example is shown below.
Congratulations, you have captured a trace!
获取成功后,返回Wireshark并使用菜单或按钮停止跟踪。
如果成功,Wireshark上部窗口将显示多个数据包,并且很可能已满。
捕获的数据包数量将取决于网页的大小,但在跟踪中至少应该有8个数据包,通常为20-100个,而且这些数据包中的许多数据包都是绿色的。
示例如下所示。恭喜你,你捕捉到了踪迹!
Figure 3: Packet trace of wget traffic
Step 2: Inspect the Trace
Wireshark will let us select a packet (from the top panel) and view its protocol layers, in terms of both header fields (in the middle panel) and the bytes that make up the packet (in the bottom panel).
In the figure above, the first packet is selected (shown in blue).
Note that we are using “packet” as a general term here.
Strictly speaking, a unit of information at the link layer is called a frame.
At the network layer it is called a packet, at the transport layer a segment, and at the application layer a message.
Wireshark is gathering frames and presenting us with the higher-layer packet, segment, and message structures it can recognize that are carried within the frames.
We will often use “packet” for convenience, as each frame contains one packet and it is often the packet or higher-layer details that are of interest.
Select a packet for which the Protocol column is “HTTP” and the Info column says it is a GET.
It is the packet that carries the web (HTTP) request sent from your computer to the server.
(You can click the column headings to sort by that value, though it should not be difficult to find an HTTP packet by inspection.)
Let’s have a closer look to see how the packet structure reflects the protocols that are in use.
Since we are fetching a web page, we know that the protocol layers being used are as shown below.
That is, HTTP is the application layer web protocol used to fetch URLs.
Like many Internet applications, it runs on top of the TCP/IP transport and network layer protocols.
The link and physical layer protocols depend on your network, but are typically combined in the form of Ethernet (shown) if your computer is wired, or 802.11 (not shown) if your computer is wireless.
Wireshark将让我们选择一个包(从顶部面板)并查看它的协议层,包括头字段(在中间面板中)和组成包的字节(在底部面板中)。
在上图中,选择了第一个数据包(以蓝色显示)。
请注意,我们在这里使用“数据包”作为通用术语。
严格地说,链路层的信息单元称为帧。
在网络层它被称为包,在传输层称为段,在应用层称为消息。
Wireshark正在收集帧,并向我们展示它可以识别的、在帧中承载的更高层的包、段和消息结构。
为了方便起见,我们经常使用“数据包”,因为每个帧都包含一个包,通常感兴趣的是包或更高层的细节。
选择协议列为“HTTP”且Info列显示为GET的数据包
它是将从您的计算机发送到服务器的web(HTTP)请求的数据包。
(您可以单击列标题以按该值排序,但通过检查查找HTTP包应该不难。)
让我们仔细看看包结构如何反映正在使用的协议。
因为我们正在获取一个网页,所以我们知道正在使用的协议层如下所示。
也就是说,HTTP是用于获取url的应用层web协议。
与许多Internet应用程序一样,它运行在TCP/IP传输和网络层协议之上。
链路和物理层协议取决于您的网络,但如果您的计算机是有线的,则通常以以太网(如图所示)或802.11(未显示)的形式组合在一起(如果您的计算机是无线的)。
Figure 4: Protocol stack for a web fetch
With the HTTP GET packet selected, look closely to see the similarities and differences between it and our protocol stack as described next.
The protocol blocks are listed in the middle panel.
You can expand each block (by clicking on the “+” expander or icon) to see its details.
选择了httpget包后,仔细查看它与我们的协议栈之间的异同,如下所述。
您可以展开每个块(通过单击“+”展开器或图标)查看其详细信息。
- The first Wireshark block is “Frame”. This is not a protocol, it is a record that describes overall information about the packet, including when it was captured and how many bits long it is.
- The second block is “Ethernet”. This matches our diagram! Note that you may have taken a trace on a computer using 802.11 yet still see an Ethernet block instead of an 802.11 block. Why? It happens because we asked Wireshark to capture traffic in Ethernet format on the capture options, so it converted the real 802.11 header into a pseudo-Ethernet header.
- Then come IP, TCP, and HTTP, which are just as we wanted. Note that the order is from the bottom of the protocol stack upwards. This is because as packets are passed down the stack, the header information of the lower layer protocol is added to the front of the information from the higher layer protocol, as in Fig. 1-15 of your text. That is, the lower layer protocols come first in the packet “on the wire”.
第一个Wireshark块是“Frame”。这不是一个协议,它是一个记录,描述了关于包的总体信息,包括它被捕获的时间和它的长度。
第二块是“以太网”。这符合我们的图表!请注意,您可能在使用802.11的计算机上进行了跟踪,但仍然看到以太网块而不是802.11块。为什么?之所以会发生这种情况,是因为我们要求Wireshark在捕获选项上以以太网格式捕获流量,因此它将真正的802.11报头转换为伪以太网报头。
然后是IP、TCP和HTTP,这正是我们想要的。注意,顺序是从协议栈的底部向上。这是因为当数据包在堆栈中传递时,较低层协议的头信息被添加到来自高层协议的信息的前面,如文本的图1-15所示。也就是说,较低层的协议首先出现在“在线”包中。
Now find another HTTP packet, the response from the server to your computer, and look at the structure of this packet for the differences compared to the HTTP GET packet.
This packet should have “200 OK” in the Info field, denoting a successful fetch.
In our trace, there are two extra blocks in the detail panel as seen in the next figure.
现在找到另一个HTTP包,即从服务器到您的计算机的响应,并查看此包的结构与HTTP GET包的差异。
此包的信息字段中应该有“200OK”,表示获取成功。
在我们的跟踪中,detail面板中有两个额外的块,如下图所示。
- The first extra block says “[11 reassembled TCP segments …]”. Details in your capture will vary, but this block is describing more than the packet itself. Most likely, the web response was sent across the network as a series of packets that were put together after they arrived at the computer. The packet labeled HTTP is the last packet in the web response, and the block lists packets that are joined together to obtain the complete web response. Each of these packets is shown as having protocol TCP even though the packets carry part of an HTTP response. Only the final packet is shown as having protocol HTTP when the complete HTTP message may be understood, and it lists the packets that are joined together to make the HTTP response.
- The second extra block says “Line-based text data …”. Details in your capture will vary, but this block is describing the contents of the web page that was fetched. In our case it is of type text/html, though it could easily have been text/xml, image/jpeg, or many other types. As with the Frame record, this is not a true protocol. Instead, it is a description of packet contents that Wireshark is producing to help us understand the network traffic.
第一个额外的块显示“[11个重新组合的TCP段…”。捕获中的细节会有所不同,但是这个块描述的不仅仅是包本身。最有可能的是,web响应通过网络以一系列包的形式发送,这些包在到达计算机后被组合在一起。标记为HTTP的包是web响应中的最后一个包,块列出了连接在一起以获得完整web响应的包。这些数据包中的每一个都显示为具有TCP协议,即使这些数据包携带了HTTP响应的一部分。当完整的HTTP消息可以被理解时,只有最后一个包显示为具有协议HTTP,并且它列出了连接在一起以做出HTTP响应的包。
第二个额外的块显示“基于行的文本数据…”。捕获中的详细信息会有所不同,但此块描述的是所获取的网页的内容。在我们的例子中,它的类型是text/html,尽管它很容易是text/xml、image/jpeg或其他许多类型。和帧记录一样,这不是一个真正的协议。相反,它是Wireshark为帮助我们了解网络流量而制作的包内容描述。
Figure 5: Inspecting a HTTP “200 OK” response
Step 3: Packet Structure
To show your understanding of packet structure, draw a figure of an HTTP GET packet that shows the position and size in bytes of the TCP, IP and Ethernet protocol headers.
Your figure can simply show the overall packet as a long, thin rectangle.
Leftmost elements are the first sent on the wire.
On this drawing, show the range of the Ethernet header and the Ethernet payload that IP passed to Ethernet to send over the network.
To show the nesting structure of protocol layers, note the range of the IP header and the IP payload.
You may have questions about the fields in each protocol as you look at them.
We will explore these protocols and fields in detail in future labs.
为了显示您对数据包结构的理解,请绘制一个HTTP GET数据包的图,该图显示TCP、IP和以太网协议头的位置和大小(以字节为单位)。
您的图形可以简单地将整个数据包显示为一个细长的矩形。
最左边的元素是第一个在线路上发送的元素。
在这张图上,显示以太网报头的范围和IP通过网络发送到以太网的以太网有效负载。
要显示协议层的嵌套结构,请注意IP报头和IP有效负载的范围。
在查看每个协议中的字段时,您可能会对它们有疑问。
我们将在未来的实验室中详细探讨这些协议和领域。
To work out sizes, observe that when you click on a protocol block in the middle panel (the block itself, not the “+” expander) then Wireshark will highlight the bytes it corresponds to in the packet in the lower panel and display the length at the bottom of the window.
For instance, clicking on the IP version 4 header of a packet in our trace shows us that the length is 20 bytes.
(Your trace will be different if it is IPv6, and may be different even with IPv4 depending on various options.)
You may also use the overall packet size shown in the Length column or Frame detail block.
要计算大小,请注意,当您单击中间面板中的协议块(块本身,而不是“+”扩展器)时,Wireshark将在下面板的数据包中突出显示它对应的字节,并在窗口底部显示长度。
例如,在我们的跟踪中,点击一个包的ipversion4头,我们可以看到它的长度是20个字节。
(如果是IPv6,则跟踪将不同,即使使用IPv4也可能不同,具体取决于不同的选项。)
也可以使用长度列或帧详细信息块中显示的总体数据包大小。
Turn-in: Hand in your packet drawing.
上交:把你的图纸交上来。
Step 4: Protocol Overhead
Estimate the download protocol overhead, or percentage of the download bytes taken up by protocol overhead.
To do this, consider HTTP data (headers and message) to be useful data for the network to carry, and lower layer headers (TCP, IP, and Ethernet) to be the overhead.
We would like this overhead to be small, so that most bits are used to carry content that applications care about.
To work this out, first look at only the packets in the download direction for a single web fetch.
You might sort on the Destination column to find them.
The packets should start with a short TCP packet described as a SYN ACK, which is the beginning of a connection.
They will be followed by mostly longer packets in the middle (of roughly 1 to 1.5KB), of which the last one is an HTTP packet.
This is the main portion of the download.
And they will likely end with a short TCP packet that is part of ending the connection.
For each packet, you can inspect how much overhead it has in the form of Ethernet / IP / TCP headers, and how much useful HTTP data it carries in the TCP payload.
You may also look at the HTTP packet in Wireshark to learn how much data is in the TCP payloads over all download packets.
估计下载协议开销,或协议开销占下载字节的百分比。
要做到这一点,请将HTTP数据(报头和消息)视为网络可携带的有用数据,而较低层的报头(TCP、IP和以太网)是开销。
我们希望此开销较小,以便大多数位用于承载应用程序关心的内容。
要解决这个问题,首先只查看下载方向的数据包,以便进行一次web获取。
您可以在Destination列上进行排序以找到它们。
数据包应该以一个称为SYN ACK的短TCP包开始,这是连接的开始。
它们后面大部分是中间较长的包(大约1到1.5KB),最后一个是HTTP包。
这是下载的主要部分。它们很可能以一个短的TCP包结束,这是结束连接的一部分。
对于每个包,您可以检查它以Ethernet/IP/TCP报头的形式有多少开销,以及它在TCP有效负载中携带了多少有用的HTTP数据。
您还可以查看Wireshark中的HTTP包,以了解在所有下载包中TCP有效负载中有多少数据。
上交:您对下载协议开销的估计,如上所述。告诉我们你是否觉得这项开销很重要。
Turn-in: Your estimate of download protocol overhead as defined above. Tell us whether you find this overhead to be significant.
Step 5: Demultiplexing Keys
When an Ethernet frame arrives at a computer, the Ethernet layer must hand the packet that it contains to the next higher layer to be processed.
The act of finding the right higher layer to process received packets is called demultiplexing.
We know that in our case the higher layer is IP.
But how does the Ethernet protocol know this?
After all, the higher-layer could have been another protocol entirely (such as ARP).
We have the same issue at the IP layer – IP must be able to determine that the contents of IP message is a TCP packet so that it can hand it to the TCP protocol to process.
The answer is that protocols use information in their header known as a “demultiplexing key” to determine the higher layer.
当一个以太网帧到达计算机时,以太网层必须将它包含的数据包交给下一个更高的层进行处理。
找到合适的更高层来处理接收到的数据包的行为称为解复用。
我们知道在我们的例子中,上层是IP。
但是以太网协议是怎么知道的呢?
毕竟,更高层可能是另一个完全不同的协议(比如ARP)。
我们在IP层也有同样的问题——IP必须能够确定IP消息的内容是一个TCP包,这样它就可以把它交给TCP协议来处理。
答案是,协议使用报头中称为“解复用密钥”的信息来确定更高层。
Look at the Ethernet and IP headers of a download packet in detail to answer the following questions:
请详细查看下载包的以太网和IP标头,以回答以下问题:
- Which Ethernet header field is the demultiplexing key that tells it the next higher layer is IP? What value is used in this field to indicate “IP”?
- Which IP header field is the demultiplexing key that tells it the next higher layer is TCP? What value is used in this field to indicate “TCP”?
Turn-in: Hand in your answers to the above questions.
哪个以太网报头字段是告诉它下一个更高层是IP的解复用键?此字段中使用什么值表示“IP”?
哪个IP报头字段是用来告诉它下一个更高层是TCP的解复用密钥?此字段中使用什么值表示“TCP”?
上交:把你对上述问题的答案交上来。
Explore on your own
We encourage you to explore protocols and layering once you have completed this lab.
Some ideas:
我们鼓励您在完成本实验后探索协议和分层。
一些想法:
- Look at a short TCP packet that carries no higher-layer data. To what entity is this packet destined? After all, if it carries no higher-layer data then it does not seem very useful to a higher layer protocol such as HTTP!
- In a classic layered model, one message from a higher layer has a header appended by the lower layer and becomes one new message. But this is not always the case. Above, we saw a trace in which the web response (one HTTP message comprised of an HTTP header and an HTTP payload) was converted into multiple lower layer messages (being multiple TCP packets). Imagine that you have drawn the packet structure (as in step 2) for the first and last TCP packet carrying the web response. How will the drawings differ?
- In the classic layered model described above, lower layers append headers to the messages passed down from higher layers. How will this model change if a lower layer adds encryption?
- In the classic layered model described above, lower layers append headers to the messages passed down from higher layers. How will this model change if a lower layer adds compression?
看看一个不携带更高层数据的短TCP包。这个包的目的地是什么实体?毕竟,如果它不携带更高层的数据,那么它对于更高层的协议(如HTTP)来说似乎并不是很有用!
在经典的分层模型中,来自较高层的一条消息在较低层的后面附加了一个头,并成为一个新的消息。但情况并非总是如此。在上面,我们看到了一个跟踪,其中web响应(由HTTP报头和HTTP负载组成的一个HTTP消息)被转换成多个较低层的消息(即多个TCP包)。假设您已经为承载web响应的第一个和最后一个TCP包绘制了数据包结构(如步骤2所示)。图纸会有什么不同?
在上面描述的经典分层模型中,较低层将头附加到从高层传递下来的消息中。如果较低层添加加密,这种模式将如何改变?
在上面描述的经典分层模型中,较低层将头附加到从高层传递下来的消息中。如果底层增加了压缩,这个模型会有什么变化?
Step 3: Packet Structure
To show your understanding of packet structure, draw a figure of an HTTP GET packet that shows the position and size in bytes of the TCP, IP and Ethernet protocol headers. Your figure can simply show the overall packet as a long, thin rectangle. Leftmost elements are the first sent on the wire. On this drawing, show the range of the Ethernet header and the Ethernet payload that IP passed to Ethernet to send over the network. To show the nesting structure of protocol layers, note the range of the IP header and the IP payload. You may have questions about the fields in each protocol as you look at them. We will explore these protocols and fields in detail in future labs.
To work out sizes, observe that when you click on a protocol block in the middle panel (the block itself, not the “+” expander) then Wireshark will highlight the bytes it corresponds to in the packet in the lower panel and display the length at the bottom of the window. For instance, clicking on the IP version 4 header of a packet in our trace shows us that the length is 20 bytes. (Your trace will be different if it is IPv6, and may be different even with IPv4 depending on various options.) You may also use the overall packet size shown in the Length column or Frame detail block.
Turn-in: Hand in your packet drawing.
Step 4: Protocol Overhead
Estimate the download protocol overhead, or percentage of the download bytes taken up by protocol overhead. To do this, consider HTTP data (headers and message) to be useful data for the network to carry, and lower layer headers (TCP, IP, and Ethernet) to be the overhead. We would like this overhead to be small, so that most bits are used to carry content that applications care about. To work this out, first look at only the packets in the download direction for a single web fetch. You might sort on the Destination column to find them. The packets should start with a short TCP packet described as a SYN ACK, which is the beginning of a connection. They will be followed by mostly longer packets in the middle (of roughly 1 to 1.5KB), of which the last one is an HTTP packet. This is the main portion of the download. And they will likely end with a short TCP packet that is part of ending the connection. For each packet, you can inspect how much overhead it has in the form of Ethernet / IP / TCP headers, and how much useful HTTP data it carries in the TCP payload. You may also look at the HTTP packet in Wireshark to learn how much data is in the TCP payloads over all download packets.
Turn-in: Your estimate of download protocol overhead as defined above. Tell us whether you find this overhead to be significant.
Step 5: Demultiplexing Keys
Look at the Ethernet and IP headers of a download packet in detail to answer the following questions:
- Which Ethernet header field is the demultiplexing key that tells it the next higher layer is IP? What value is used in this field to indicate “IP”?
- Which IP header field is the demultiplexing key that tells it the next higher layer is TCP? What value is used in this field to indicate “TCP”?
Turn-in: Hand in your answers to the above questions.
请详细查看下载包的以太网和IP标头,以回答以下问题:
哪个以太网报头字段是告诉它下一个更高层是IP的解复用键?此字段中使用什么值表示“IP”?
哪个IP报头字段是用来告诉它下一个更高层是TCP的解复用密钥?此字段中使用什么值表示“TCP”?
1215
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
