收藏 分销(赏)

常见协议解码详解资料讲解.doc

上传人:a199****6536 文档编号:3773300 上传时间:2024-07-17 格式:DOC 页数:12 大小:257.50KB 下载积分:8 金币
下载 相关 举报
常见协议解码详解资料讲解.doc_第1页
第1页 / 共12页
常见协议解码详解资料讲解.doc_第2页
第2页 / 共12页


点击查看更多>>
资源描述
精品文档 常见协议解码详解 l 数据包封包分层 数据包解码说明 数据链路层 Data Link Layer 如:设备驱动 网络层 Network Layer 如:IP,ICMP,IGMP等 传输层 Transport Layer 如:TCP,UDP 应用层 Application Layer 如:FTP,HTTP,Email等 下图是对数据包的解码图,其中对数据包中的每一层协议分别进行了解码分析: 这里面,我们可以看到协议由外向内封装,分别是: 1. 数据链路层对应“Ethernet II”协议; 2. 网络层对应“IP”协议; 3. 传输层对应“UDP”协议; 4. 应用层对应“DNS”协议。 下面我们就分别对这四层协议做详细解释。 l 以太网数据包结构 协议结构为: 7 1 6 6 2 46-1500bytes 4 Pre SFD DA SA Length Type Data unit + pad FCS 下图是Ethernet II协议解码后的内容,利用此实例进行说明: 上层协议 0x0800 (IP协议) 目标MAC 地址 源MAC 地址 目标MAC地址 0位开始/6 bytes长 源MAC地址 6位开始/6 bytes长 上层协议 12位开始/2 bytes长 字段 说明 Destination address DA,目标MAC地址6 字节 Source addresses SA,源MAC地址6 字节 Protocol Length Type,承载的上层协议类型 Data unit + pad,数据字段(46-1500bytes) FCS检验(4bytes) MAC地址: MAC地址为16进制编码,在解码中可以将前3 bytes代表厂商的字段翻译出来,方便定位问题,如网络上有两台设备IP地址冲突,可以通过厂商信息方便的将故障设备找到,如00e04C为TP-LINK,000AKB为迅捷,00A0C9为Intel等等, 上层协议: Ethernet II 承载的上层协议主要包括0x800为IP协议和0x806为ARP协议。 l IP协议结构 IP头的结构如下: 4 8 16 附件(一):19 32bits Ver 朋友推荐□ 宣传广告□ 逛街时发现的□ 上网□IHL Type of service Total length Identification 十字绣□ 编制类□ 银饰制品类□ 串珠首饰类□Flags 大学生对手工艺制作兴趣的调研Fragment offset 可见“体验化消费” 广受大学生的欢迎、喜欢,这是我们创业项目是否成功的关键,必须引起足够的注意。Time to live 4、“体验化” 消费Protocol Header checksum (5) 资金问题Source address Destination address Option + Padding 民族性手工艺品。在饰品店里,墙上挂满了各式各样的小饰品,有最普通的玉制项链、珍珠手链,也有特别一点如景泰蓝的手机挂坠、中国结的耳坠,甚至还有具有浓郁的异域风情的藏族饰品。Data 下图是IP层解码后的内容,利用此实例进行说明: 6、你购买DIY手工艺制品的目的有那些? 据调查统计,有近94%的人喜欢亲戚朋友送给自己一件手工艺品。无论是送人,个人兴趣,装饰还是想学手艺,DIY手工制作都能满足你的需求。下表反映了同学们购买手工艺制品的目的。如图(1-4)下面是IP协议解码的对应字段解释: 字段 说明 Version: 4 版本号为4,即IPv4协议, Header Length: 5 头部长度20字节,5 bits Type of service: 000 0000 服务提供类型,显示参数摘要。 Precedence 优先路由信息 Delay 迟延 Throughput 吞吐量 Reliability 可靠性 Total Length: 131 总长131(单位字节,最长为65535字节) Identification: 10403 标识 Fragmentation Flags: 000. .... 标志 Reserved: 保留 Fragment: 片断 More Fragment: 最后片断 Fragment Offset: 0 偏移量 Time to Live: TTL, 科来网络分析系统5.0将丢弃TTL=0的数据包 Protocol: 17 是哪种协议,1–ICMP,6 – TCP, 17 – UDP,89 – OSPF Check Sum: 0xCE73 对IP协议头的校验合,0xCE73 为正确 Source IP: 192.168.1.1 源IP地址 Destination IP: 192.168.1.2 目标IP地址 l ARP协议结构 以下是ARP协议结构: 8 16 32 bits Hardware Type Protocol Type Hardware address length Protocol address length Opcode Sender Hardware Address Sender Protocol Address Target Hardware Address Target Protocol Address 下图是对ARP协议进行解码视图: 我们对上图中的ARP字段进行详细说明: 字段 说明 Hardware Type:1 (硬件类型) 占16 bits,用来定义运行ARP的网络类型,每一个局域网基于其类型被指定一个整数,例如,以太网是类型1,ARP可以使用在任何网络上。 Protocol Type: 0x0800 (协议类型)占16 bits,用来定义协议的类型。如:0x0800代表IP协议,ARP可用于任何高层协议。 Hardware Length: 6 (硬件长度)占8 bits,用来定义物理地址和长度。以太网值为6。 Protocol Length: 4 (协议长度)占8 bits,用来定义物理地址和长度。IPv4值为4。 Type: 1 (操作类型)占16 bits,用来定义操作类型,请求为1,回答为2。 Source Physics: 00:A0:C9:BB:21:2A 源MAC地址 Source IP: Source Ip 192.168.1.3 源IP地址 Destination Physics: 00:00:00:00:00:00 目标MAC地址,对于ARP请求数据包,此值全为0,因为请求主机并不知道目标主机的MAC地址 Destination IP: 192.168.1.1 目标IP地址 l TCP协议结构 以下是TCP协议的结构: 16 32 bits Source port Destination port Sequence number Acknowledgement number Offset Reserved U A P R S F Window Checksum Urgent pointer Option + Padding Data 下图是对TCP协议进行解码视图: 我们对上图中的TCP字段进行详细说明: 字段 说明 Source Port: 80 源端口,HTTP为80端口 Destination Port: 3406 目标端口 Sequence Number: 4161759990 32 bits. The sequence number of the first data octet in this segment (except when SYN is present). If SYN is present, the sequence number is the initial sequence number (ISN) and the first data octet is ISN+1. Ack Number: 0 32 bits. If the ACK control bit is set, this field contains the value of the next sequence number which the sender of the segment is expecting to receive. Once a connection is established, this value is always sent. Data Offset: 80 Header Length: 80 4 bits. The number of 32-bit words in the TCP header. This indicates where the data begins. The length of the TCP header is always a multiple of 32 bits. Reserved: 0 6 bits. Reserved for future use. Must be cleared to zero. Urgent pointer: Urgent pointer field significant. Acknowledgment number Acknowledgment field significant. Push Function: Push function. Reset the connection: Reset the connection. Synchronize sequence: Synchronize sequence numbers. End of data: No more data from sender. Window 16 bits. It specifies the size of the sender's receive window, that is, the buffer space available in octets for incoming data. Check Sum: 16 bits. The checksum field is the 16 bit one¡¯s complement of the one¡¯s complement sum of all 16-bit words in the header and text. If a segment contains an odd number of header and text octets to be checksummed, the last octet is padded on the right with zeros to form a 16-bit word for checksum purposes. The pad is not transmitted as part of the segment. While computing the checksum, the checksum field itself is replaced with zeros. Urgent Pointer 16 bits. This field communicates the current value of the urgent pointer as a positive offset from the sequence number in this segment. The urgent pointer points to the sequence number of the octet following the urgent data. This field can only be interpreted in segments for which the URG control bit has been set. l DNS 协议结构 以下是DNS协议的结构: 16 17 21 22 23 24 25 26 27 28 32 Identification QR Opcode AA TC RD RA Z AD CD Rcode Question count Answer count Authority count Additional count 下图是对DNS协议进行解码视图: 我们对上图中的DNS字段进行详细说明: 字段 说明 Identification: 43 标识,占16 bits Flags: Query/Response: 1 用于定义是Query还是Response。0为Query, 1为Response。 Operator Code: 0 占 4 bits,其对应代码如下: 0 QUERY, Standard query. 1 IQUERY, Inverse query. 2 STATUS, Server status request. 3 Reserved. 4 Notify. 5 Update. 6-15 Reserved. Authoritative Answer: 0 1-bit field. When set to 1, identifies the response as one made by an authoritative name server. 0 Not authoritative. 1 Is authoritative Truncation: 0 1-bit field. When set to 1, indicates the message has been truncated. 0 Not truncated. 1 Message truncated Recursion Desired: 1 Recursion desired: 1-bit field. May be set in a query and is copied into the response. If set, the name server is directed to pursue the query recursively. Recursive query support is optional. 0 Recursion not desired. 1 Recursion desired. Approve Recursion: 1 1 bit field. Indicates if recursive query support is available in the name server. 0 Recursive query support not available. 1 Recursive query support available. Reserved: 0 1 bit field. Indicates in a response that all data included in the answer and authority sections of the response have been authenticated by the server according to the policies of that server. It should be set only if all data in the response has been cryptographically verified or otherwise meets the server's local security policy. Respond code: 0 0 No error. The request completed successfully. 1 Format error. The name server was unable to interpret the query. 2 Server failure. 3 Name Error. 4 Not Implemented. 5 Refused. 6 YXDomain. Name Exists when it should not. 7 YXRRSet. RR Set Exists when it should not. 8 NXRRSet. RR Set that should exist does not. 9 NotAuth. Server Not Authoritative for zone. 10 NotZone. Name not contained in zone. 11-15 Reserved. 16 BADVERS. Bad OPT Version.BADSIG. TSIG Signature Failure. 17 BADKEY. Key not recognized. 18 BADTIME. Signature out of time window. 19 BADMODE. Bad TKEY Mode. 20 BADNAME.Duplicate key name. 21 BADALG.Algorithm not supported. 22-3840 3841-4095 Private use. 4096-65535 Questions: 1 16-bit field that defines the number of entries in the question section. Answers: 2 16-bit field that defines the number of resource records in the answer section. Authority: 0 16-bit field that defines the number of name server resource records in the authority section. Additional: 0 16-bit field that defines the number of resource records in the additional records section. Question: 数据结构 1 16 17 32 Query Name Type Class 我们对上图的Question进行说明: 字段 说明 Domain Name: . 请求的域名。 Type: 1 1为A, IPv4 address. Class: 1 1为IN, Internet. Answer: 数据结构 1 16 17 32 Name Type Class TTL Rdata Length 我们对上图的Answer进行说明: 字段 说明 Domain Name: . 解析的域名。 Type: 1 1为A, IPv4 address. Class: 1 1为IN, Internet. Time to Live: 1200 生存周期为1200秒 Data Length 4 数据长度为4 字节 IP Address: 206.132.220.203 IP地址为206.132.220.203 精品文档
展开阅读全文

开通  VIP会员、SVIP会员  优惠大
下载10份以上建议开通VIP会员
下载20份以上建议开通SVIP会员


开通VIP      成为共赢上传

当前位置:首页 > 应用文书 > 合同范本

移动网页_全站_页脚广告1

关于我们      便捷服务       自信AI       AI导航        抽奖活动

©2010-2026 宁波自信网络信息技术有限公司  版权所有

客服电话:0574-28810668  投诉电话:18658249818

gongan.png浙公网安备33021202000488号   

icp.png浙ICP备2021020529号-1  |  浙B2-20240490  

关注我们 :微信公众号    抖音    微博    LOFTER 

客服