用Wireshark进行IP协议分析.docVIP

TCP/IP 实 验 报 告 实验4用Wireshark进行IP协议分析 学 院 计算机学 专 业 网络工程 班 级 1班 姓 名 刘小芳 学 号 41009040127 2012． 5 4.1 实验性质 本实验为操作分析性实验。 4.2 实验目的 1. 掌握Wireshark软件的基本使用方法。 2. 掌握基本的网络协议分析方法。 3. 使用Wireshark抓包工具，分析IP数据报的格式。 4. 加深理解IP协议的原理及其工作过程。 4.3 实验环境 1. 硬件环境：PC机1台。 2. 网络环境：PC机接入LAN或Internet。 物理地址：00-E0-4C-00-16-78 Ip地址：192.168.0.131 3. 软件环境：Windows操作系统和Wireshark软件。 4.4 实验时 1. Capturing packets from an execution of traceroute 2. A look at the captured trace What is the IP address of your computer? 2. Within the IP packet header, what is the value in the upper layer protocol field? 3. How many bytes are in the IP header? How many bytes are in the payload of the IP datagram? Explain how you determined the number of payload bytes. 4. Has this IP datagram been fragmented? Explain how you determined whether or not the datagram has been fragmented. Use the down arrow on your keyboard to move through the ICMP messages sent by your computer. 5. Which fields in the IP datagram always change from one datagram to the next within this series of ICMP messages sent by your computer? 6. Which fields stay constant? Which of the fields must stay constant? Which fields must change? Why? 7. Describe the pattern you see in the values in the Identification field of the IP Datagram Next (with the packets still sorted by source address) find the series of ICMP TTLexceeded replies sent to your computer by the nearest (first hop) router. 8. What is the value in the Identification field and the TTL field? 9. Do these values remain unchanged for all of the ICMP TTL-exceeded replies sent to your computer by the nearest (first hop) router? Why? Fragmentation Sort the packet listing according to time again by clicking on the Time column. 10. Find the first ICMP Echo Request message that was sent by your computer after you changed the Packet Size in pingplotter to be 2000. Has that message been fragmente