1、精品文档常见协议解码详解l 数据包封包分层数据包解码说明数据链路层 Data Link Layer如:设备驱动网络层 Network Layer如:IP,ICMP,IGMP等传输层 Transport Layer如:TCP,UDP应用层 Application Layer如:FTP,HTTP,Email等下图是对数据包的解码图,其中对数据包中的每一层协议分别进行了解码分析:这里面,我们可以看到协议由外向内封装,分别是:1. 数据链路层对应“Ethernet II”协议;2. 网络层对应“IP”协议;3. 传输层对应“UDP”协议;4. 应用层对应“DNS”协议。下面我们就分别对这四层协议做详细
2、解释。l 以太网数据包结构协议结构为: 7166246-1500bytes4PreSFDDASALength TypeData unit + padFCS下图是Ethernet II协议解码后的内容,利用此实例进行说明:上层协议0x0800 (IP协议)目标MAC地址源MAC地址 目标MAC地址 0位开始/6 bytes长 源MAC地址 6位开始/6 bytes长 上层协议 12位开始/2 bytes长字段说明Destination addressDA,目标MAC地址6 字节Source addressesSA,源MAC地址6 字节ProtocolLength Type,承载的上层协议类型Da
3、ta unit + pad,数据字段(46-1500bytes)FCS检验(4bytes)MAC地址:MAC地址为16进制编码,在解码中可以将前3 bytes代表厂商的字段翻译出来,方便定位问题,如网络上有两台设备IP地址冲突,可以通过厂商信息方便的将故障设备找到,如00e04C为TP-LINK,000AKB为迅捷,00A0C9为Intel等等,上层协议:Ethernet II 承载的上层协议主要包括0x800为IP协议和0x806为ARP协议。l IP协议结构IP头的结构如下:4816附件(一):1932bitsVer朋友推荐 宣传广告 逛街时发现的 上网IHLType of service
4、Total lengthIdentification十字绣 编制类 银饰制品类 串珠首饰类Flags大学生对手工艺制作兴趣的调研Fragment offset可见“体验化消费” 广受大学生的欢迎、喜欢,这是我们创业项目是否成功的关键,必须引起足够的注意。Time to live4、“体验化” 消费ProtocolHeader checksum(5) 资金问题Source addressDestination addressOption + Padding民族性手工艺品。在饰品店里,墙上挂满了各式各样的小饰品,有最普通的玉制项链、珍珠手链,也有特别一点如景泰蓝的手机挂坠、中国结的耳坠,甚至还有具
5、有浓郁的异域风情的藏族饰品。Data下图是IP层解码后的内容,利用此实例进行说明:6、你购买DIY手工艺制品的目的有那些?据调查统计,有近94%的人喜欢亲戚朋友送给自己一件手工艺品。无论是送人,个人兴趣,装饰还是想学手艺,DIY手工制作都能满足你的需求。下表反映了同学们购买手工艺制品的目的。如图(1-4)下面是IP协议解码的对应字段解释:字段说明Version: 4版本号为4,即IPv4协议,Header Length: 5头部长度20字节,5 bitsType of service: 000 0000服务提供类型,显示参数摘要。Precedence优先路由信息Delay迟延Throughpu
6、t吞吐量Reliability可靠性Total Length: 131总长131(单位字节,最长为65535字节)Identification: 10403标识Fragmentation Flags: 000. .标志Reserved:保留Fragment:片断More Fragment:最后片断Fragment Offset: 0偏移量Time to Live:TTL, 科来网络分析系统5.0将丢弃TTL=0的数据包Protocol: 17是哪种协议,1ICMP,6 TCP, 17 UDP,89 OSPFCheck Sum: 0xCE73对IP协议头的校验合,0xCE73 为正确Source
7、 IP: 192.168.1.1源IP地址Destination IP: 192.168.1.2目标IP地址l ARP协议结构以下是ARP协议结构:81632 bits Hardware Type Protocol Type Hardware address lengthProtocol address lengthOpcodeSender Hardware Address Sender Protocol Address Target Hardware Address Target Protocol Address 下图是对ARP协议进行解码视图:我们对上图中的ARP字段进行详细说明:字段说明
8、Hardware Type:1(硬件类型) 占16 bits,用来定义运行ARP的网络类型,每一个局域网基于其类型被指定一个整数,例如,以太网是类型1,ARP可以使用在任何网络上。Protocol Type: 0x0800(协议类型)占16 bits,用来定义协议的类型。如:0x0800代表IP协议,ARP可用于任何高层协议。Hardware Length: 6(硬件长度)占8 bits,用来定义物理地址和长度。以太网值为6。Protocol Length: 4(协议长度)占8 bits,用来定义物理地址和长度。IPv4值为4。Type: 1(操作类型)占16 bits,用来定义操作类型,请求
9、为1,回答为2。Source Physics:00:A0:C9:BB:21:2A 源MAC地址Source IP: Source Ip 192.168.1.3源IP地址Destination Physics: 00:00:00:00:00:00 目标MAC地址,对于ARP请求数据包,此值全为0,因为请求主机并不知道目标主机的MAC地址Destination IP:192.168.1.1目标IP地址l TCP协议结构以下是TCP协议的结构:16 32 bits Source port Destination port Sequence number Acknowledgement number
10、Offset Reserved UAPRSFWindow Checksum Urgent pointer Option + Padding Data 下图是对TCP协议进行解码视图:我们对上图中的TCP字段进行详细说明:字段说明Source Port: 80源端口,HTTP为80端口Destination Port: 3406目标端口Sequence Number: 416175999032 bits. The sequence number of the first data octet in this segment (except when SYN is present). If SYN
11、 is present, the sequence number is the initial sequence number (ISN) and the first data octet is ISN+1.Ack Number: 032 bits. If the ACK control bit is set, this field contains the value of the next sequence number which the sender of the segment is expecting to receive. Once a connection is establi
12、shed, this value is always sent.Data Offset: 80Header Length: 804 bits. The number of 32-bit words in the TCP header. This indicates where the data begins. The length of the TCP header is always a multiple of 32 bits.Reserved: 06 bits. Reserved for future use. Must be cleared to zero. Urgent pointer
13、:Urgent pointer field significant. Acknowledgment numberAcknowledgment field significant. Push Function:Push function. Reset the connection:Reset the connection. Synchronize sequence:Synchronize sequence numbers. End of data: No more data from sender.Window16 bits. It specifies the size of the sende
14、rs receive window, that is, the buffer space available in octets for incoming data.Check Sum:16 bits. The checksum field is the 16 bit ones complement of the ones complement sum of all 16-bit words in the header and text. If a segment contains an odd number of header and text octets to be checksumme
15、d, the last octet is padded on the right with zeros to form a 16-bit word for checksum purposes. The pad is not transmitted as part of the segment. While computing the checksum, the checksum field itself is replaced with zeros.Urgent Pointer16 bits. This field communicates the current value of the u
16、rgent pointer as a positive offset from the sequence number in this segment. The urgent pointer points to the sequence number of the octet following the urgent data. This field can only be interpreted in segments for which the URG control bit has been set.l DNS 协议结构以下是DNS协议的结构:1617212223242526272832
17、IdentificationQROpcodeAATCRDRAZADCDRcodeQuestion countAnswer count Authority countAdditional count 下图是对DNS协议进行解码视图:我们对上图中的DNS字段进行详细说明:字段说明Identification: 43 标识,占16 bitsFlags:Query/Response: 1用于定义是Query还是Response。0为Query, 1为Response。Operator Code: 0占 4 bits,其对应代码如下:0 QUERY, Standard query. 1 IQUERY,
18、Inverse query. 2 STATUS, Server status request. 3 Reserved. 4 Notify. 5 Update. 6-15 Reserved.Authoritative Answer: 01-bit field. When set to 1, identifies the response as one made by an authoritative name server. 0 Not authoritative. 1 Is authoritativeTruncation: 01-bit field. When set to 1, indica
19、tes the message has been truncated. 0 Not truncated. 1 Message truncatedRecursion Desired: 1 Recursion desired: 1-bit field. May be set in a query and is copied into the response. If set, the name server is directed to pursue the query recursively. Recursive query support is optional.0 Recursion not
20、 desired. 1 Recursion desired.Approve Recursion: 11 bit field. Indicates if recursive query support is available in the name server.0 Recursive query support not available. 1 Recursive query support available.Reserved: 0 1 bit field. Indicates in a response that all data included in the answer and a
21、uthority sections of the response have been authenticated by the server according to the policies of that server. It should be set only if all data in the response has been cryptographically verified or otherwise meets the servers local security policy.Respond code: 00 No error. The request complete
22、d successfully. 1 Format error. The name server was unable to interpret the query. 2 Server failure. 3 Name Error. 4 Not Implemented.5 Refused. 6 YXDomain. Name Exists when it should not. 7 YXRRSet. RR Set Exists when it should not. 8 NXRRSet. RR Set that should exist does not. 9 NotAuth. Server Not
23、 Authoritative for zone. 10 NotZone. Name not contained in zone. 11-15 Reserved. 16 BADVERS. Bad OPT Version.BADSIG. TSIG Signature Failure. 17 BADKEY. Key not recognized. 18 BADTIME. Signature out of time window. 19 BADMODE. Bad TKEY Mode. 20 BADNAME.Duplicate key name. 21 BADALG.Algorithm not supp
24、orted. 22-38403841-4095 Private use. 4096-65535Questions: 116-bit field that defines the number of entries in the question section.Answers: 216-bit field that defines the number of resource records in the answer section.Authority: 016-bit field that defines the number of name server resource records
25、 in the authority section.Additional: 016-bit field that defines the number of resource records in the additional records section.Question: 数据结构1 1617 32Query NameTypeClass我们对上图的Question进行说明:字段说明Domain Name: . 请求的域名。Type: 11为A, IPv4 address.Class: 11为IN, Internet.Answer: 数据结构1 1617 32NameTypeClassTTLRdata Length我们对上图的Answer进行说明:字段说明Domain Name: . 解析的域名。Type: 11为A, IPv4 address.Class: 11为IN, Internet.Time to Live: 1200生存周期为1200秒Data Length 4数据长度为4 字节IP Address: 206.132.220.203IP地址为206.132.220.203精品文档
浙ICP备2021020529号-1 | 浙B2-20240490 
