前言
计算机网络自顶向下WireShark
实验记录,可供参考
题目
1. Select the first ICMP Echo Request message sent by your computer, and expandthe Internet Protocol part of the packet in the packet details window.
选择计算机发送的第一条 ICMP 回应请求消息,并在数据包详细信息窗口中展开数据包的互联网协议部分。
What is the IP address of your computer?你电脑的 IP 地址是什么?
答:
2.Within the IP packet header, what is the value in the upper layer protocol field?
在 IP 数据包报头中,上层协议字段的值是多少?
答:
3.How many bytes are in the IP header? How many bytes are in the payload of theIP datagram? Explain how you determined the number of payload bytes.
IP 报头中有多少字节?IP 数据报的有效载荷中有多少字节?解释如何确定有效负载字节数。
答:
IP数据一共160字节,而IP头部一共20字节,所以IP数据的有效载荷为140字节
4.Has this IP datagram been fragmented? Explain how you determined whether ornot the datagram has been fragmented.
这个 IP 数据报被分段了吗?解释您如何确定数据报是否已被分段
答:
可以知道没有分片
5.Which fields in the IP datagram always change from one datagram to the nextwithin this series of ICMP messages sent by your computer?
在您的计算机发送的这一系列 ICMP 消息中,IP 数据报中的哪些字段总是从一个数据报变化到下一个数据报?
答:
这两个一直在变
7.Which fields stay constant? Which of the fields must stay constant? Which fieldsmust change? Why?
哪些字段保持不变?哪些字段必须保持不变?哪些字段必须更改?为什么呢?
答:
版本,首部长度,上层协议,源地址,目的地址这些肯定是不能变的,像数据报长度,标志,标识段,片偏移这些,以及数据段肯定需要变化
8. Describe the pattern you see in the values in the Identification field of the IP datagram
描述您在 IP 数据报的标识字段的值中看到的模式
答:
这个?
9.What is the value in the Identification field and the TTL field?
“标识”字段和“TTL”字段中的值是多少?
TTL就是这个?
10.Do these values remain unchanged for all of the ICMP TTL-exceeded replies sentto your computer by the nearest (first hop) router? Why?
对于最近的(第一跳)路由器发送到您的计算机的所有 ICMP TTL 超出回复,这些值是否保持不变?为什么呢?
答:不懂啥意思
11. Find the first ICMP Echo Request message that was sent by your computer afteryou changed the Packet Size in pingplotter to be 2000. Has that message beenfragmented across more than one IP datagram? [Note: if you find your packet hasnot been fragmented, you should download the zip file http://gaia.cs.umass.edu/wireshark-labs/wireshark-traces.zip and extract the ipethereal-trace-1packet trace. If your computer has an Ethernet interface, a packet
size of 2000 should cause fragmentation.3]
在将 ping 绘图仪中的数据包大小更改为 2000 后,查找计算机发送的第一条ICMP 回应请求消息。该消息是否被分割到多个 IP 数据报中?[注意:如果您发现您的数据包没有被分段,您应该下载 zip 文件 http://gaia.cs.umass.edu/wireshark-labs/wireshark-traces.zip
答:没有看到有被分片的消息-.-
12.Print out the first fragment of the fragmented IP datagram. What information inthe IP header indicates that the datagram been fragmented? What information inthe IP header indicates whether this is the first fragment versus a latter fragment?How long is this IP datagram?打印出分段的 IP 数据报的第一个片段。IP 报头中的哪些信息表明数据报已被分段?IP 报头中的哪些信息表明这是第一个片段还是后一个片段?这个 IP 数据报有多长?
答:
我觉得这几个就能判断了
13… Print out the second fragment of the fragmented IP datagram. What information inthe IP header indicates that this is not the first datagram fragment? Are the morefragments? How can you tell?打印出分段的 IP 数据报的第二个片段。IP 报头中的哪些信息表明这不是第一个数据报片段?碎片越多?你怎么知道?
答:依旧是偏移量吧
14.What fields change in the IP header between the first and second fragment? 第一个和第二个片段之间的 IP 报头中有哪些字段发生了变化?
答:偏移量和数据包那些发生了变化吧
15. How many fragments were created from the original datagram?
从原始数据报创建了多少个片段?
答:没看到分段。。。
16. What fields change in the IP header among the fragments?
片段中的 IP 报头有哪些字段发生了变化?
答:标志,标识位,数据报长度,偏移量等发生了变化吧