计网实验报告(IP)

实验：Wireshark Lab: IP

一、 实验目的

1、 会用wireshark分析IP协议，对IP协议有个全面的学习与了解 2、 学习ip报文段的各领域。

二、 实验器材

1、 接入internet的计算机主机。

2、 抓包工具wreshark 和截图工具

三、 实验内容实验操作实践与步骤

Capturing packets from an execution of traceroute

1、 打开wireshark开始抓包.

2、 启动pingpiotter，在“address to trace window”中输入“gaia.cs.umass.edu”,

在“# of time to trace”中输入3,选中”edit”选项，接着选中“advance options”—packet option输入56，按OK键，在按Trace键。

3、 接着在packet option中输入2000，按OK键，在按Resume键。 4、 再在packet option中输入3500，按OK键，在按Resume键。 5、 停止抓包。 截图如下：

A look at the captured trace

1. Select the first ICMP Echo Request message sent by your computer, and expand the Internet Protocol part of the packet in the packet details window. What is the IP address of your computer?

答：第一条ICMP回显请求报文如下：

由上图可知，我的电脑的IP地址是10.135.87.190

2. Within the IP packet header, what is the value in the upper layer protocol field? 答：由

可知，上层协议的值为1.

3. How many bytes are in the IP header? How many bytes are in the payload of the IP datagram? Explain how you determined the number of payload bytes. 答：

由上图可知IP数据报首部长度为20比特，有效载荷量为56-20=36比特。

4. Has this IP datagram been fragmented? Explain how you determined whether or not the datagram has been fragmented.

由上图知flag和offset都为0，所以没有分片。

5. Which fields in the IP datagram always change from one datagram to the next within this series of ICMP messages sent by your computer?

通过多次分析，如上两图所示，标识、TTL、首部检验和都在不断变化。

6. Which fields stay constant? Which of the fields must stay constant? Which fields must change? Why? 答：分析可知

保持不变的有：版本号 首部长度，服务类型，标志，偏移，上层协议，目的和源IP地址

必须保持不变的是：版本号 源和目的IP地址 必须改变的是：标识，首部检验和

7. Describe the pattern （模式）you see in the values in the Identification field of the IP datagram。

由上两图可知标识字段模式：每一个IP数据报头部的标识号域都不一

样，每次加1。

8. What is the value in the Identification field and the TTL field?

答：标识字段的值是:1417

TTL字段的值是:35

9. Do these values remain unchanged for all of the ICMP TTL-exceeded replies sent to your computer by the nearest (first hop) router? Why？

答：没有改变。因为每一个固定的路由器都有一个固定的TTL值，所以最

近的那个路由器回复的给主机所有的ICMP TTL-exceeded 的TTL的值都不会改变。

10. Find the first ICMP Echo Request message that was sent by your computer after you changed the Packet Size in pingplotter to be 2000. Has that message been fragmented across more than one IP datagram?

本文来源：https://www.bwwdw.com/article/hj5d.html