实验实验利用WireShark分析ARP协议.docx

实验实验利用WireShark分析ARP协议 计算机网络 实验报告 年级： 姓名： 学号： 实验日期： 实验名称： 实验八利用WireShark分析ARP协议 一、实验目的 1、学会使用nslookup工具查询 并分析Internet 域名信息或诊断DNS 服务器。学会使用ipconfig工具进行分析。 2、会用wireshark分析DNS协议。对DNS协议有个全面的学习与了解。 二、实验器材 1、接入Internet的计算机主机； 2、抓包工具wireshark和截图工具snagit。 三、实验内容 1. What is the 48-bit Ethernet address of your computer? 2. What is the 48-bit destination address in the Ethernet frame? Is this the Ethernet address of gaia.cs.umass.edu? (Hint: the answer is no). What device has this as its Ethernet address? Note: this is an important question, and one that students sometimes get wrong. Re-read pages 468-469 in the text and make sure you understand the answer here. 答：实验结果如下 3. Give the hexadecimal value for the two-byte Frame type field. What do the bit(s) whose value is 1 mean within the flag field? 如上图所示，Type 字段的值是0x0800，代表IP协议 1 4. How many bytes from the very start of the Ethernet frame does the ASCII “G” in “GET” appear in the Ethernet frame? 答：实验结果如下 5. What is the hexadecimal value of the CRC field in this Ethernet frame? 无 6. What is the value of the Ethernet source address? Is this the address of your computer, or of gaia.cs.umass.edu (Hint: the answer is no). What device has this as its Ethernet address? 答：这个以太网地址既不是主机以太网地址，也不是目的主机以太网地址，实验结果如下 7. What is the destination address in the Ethernet frame? Is this the Ethernet address of your computer? 8. Give the hexadecimal value for the two-byte Frame type field. What do the bit(s) whose value is 1 mean within the flag field? 答： 9. How many bytes from the very start of the Ethernet frame does the ASCII “O” in “OK” (i.e., the HTTP response code) appear in the Ethernet frame? 答：以下比特没有出现在Ethernet frame中 2 10. What is the hexadecimal value of the CRC field in this Ethernet frame? 无 11. Write down the contents of your computers ARP cache. What is the meaning of each column value? 答：实验结果如下 12. What are the hexadecimal values for the source and destination addresses in the Ethernet frame containing the ARP request message? 答：实验结果如下 13. Give the hexadecimal value for the two-byte Ethernet Frame type field. What do the bit(s) whose value is 1 mean within the flag field? 答：实验结果如下 14. Download the ARP specification from ftp:/ftp.rfc-editor.org/innotes/ std/std37.txt. A readable, detailed discussion of ARP is also at http:/www.erg.abdn.ac.uk/users/gorry/course/inet-pages/arp.html. a) How many bytes from the very beginning of the Ethernet frame does the ARP opcode field begin? 3 答：如下图，总共20个字节 b) What is the value of the opcode field within the ARP-payload part of the Ethernet frame in which an ARP request is made? 答：实验结果如下 c) Does the ARP message contain the IP address of the sender? 答：实验结果如下 15. Now find the ARP reply that was sent in response to the ARP request. a) How many bytes from the very beginning of the Ethernet frame does the ARP opcode field begin? 答：如下图，总共14个字节 b) What is the value of the opcode field within the ARP-payload part of the Ethernet frame in which an ARP response is made? 答：如下图，the value is 0x0002 c) Where in the ARP message does the “answer” to the earlier ARP request appear the IP address of the machine having the Ethernet address whose corresponding IP address is being queried? 答：实验结果如下 4 16. What are the hexadecimal values for the source and destination addresses in the Ethernet frame containing the ARP reply message? 答：如下图，the value is 0x0806 17. Open the ethernet-ethereal-trace-1 trace file in http:/gaia.cs.umass.edu/wireshark-labs/wireshark-traces.zip. The first and second ARP packets in this trace correspond to an ARP request sent by the computer running Wireshark, and the ARP reply sent to the computer running Wireshark by the computer with the ARP-requested Ethernet address. But there is yet another computer on this network, as indiated by packet 6 another ARP request. Why is there no ARP reply (sent in response to the ARP request in packet 6) in the packet trace? Extra Credit EX-1. The arp command: arp -s InetAddr EtherAddr allows you to manually add an entry to the ARP cache that resolves the IP address InetAddr to the physical address EtherAddr. What would happen if, when you manually added an entry, you entered the correct IP address, but the wrong Ethernet address for that remote interface? EX-2. What is the default amount of time that an entry remains in your ARP cache before being removed. You can determine this empirically (by monitoring thecache contents) or by looking this up in your operation system documentation. Indicate how/where you determined this value. 四、实验总结 1、通过实验对arp有了更深的了解 2、通过实验增强了自己的动手能 5