实验一:Wireshark简介
一、实验目的
熟悉并掌握Wireshark的基本使用;
二、实验平台
Wire Shark Version 3.4.8 (v3.4.8-0-g3e1ffae201b8)
三、实验步骤
1. List 3 different protocols that appear in the protocol column in the unfiltered packet-listing window in step 7 above.
|
TCP、DNS、ARP、HTTP |
2. How long did it take from when the HTTP GET message was sent until the HTTP OK reply was received(By default, the value of the Time column in the packetlisting window is the amount of time, in seconds, since Wireshark tracing began. To display the Time field in time-of-day format, select the Wireshark View pull down menu, then select Time Display Format, then select Time-of-day.)
|
GET:
OK:
Step: first, select the first one to get through HTTP. Request. Method = = “get” http://gaia.cs.umass.edu/wireshark-labs/INTRO-wireshark-file1.html The data item of the web page information, and then return to the data before filtering. Find the time of the HTTP OK reply by exchanging the source and destination positions. Subtract the two times to obtain the time required from sending the HTTP get message to receiving the HTTP OK reply The answer can be obtained by subtracting the above two times. The time from sending an HTTP GET message to receiving an HTTP OK reply is 19:02:37.086045-19:02:32.152885=0.0493312 seconds. |
3. What is the Internet address of the gaia.cs.umass.edu (also known as wwwnet.cs.umass.edu)What is the Internet address of your computer/p>
|
4. Print the two HTTP messages (GET and OK) referred to in question 2 above. To do so, select Print from the Wireshark File command menu, and select the “Selected Packet Only” and “Print as displayed” radial buttons, and then click OK
|
GET: No. Time Source Destination Protocol Length Info 44 19:02:32.152885 192.168.43.41 128.119.245.12 HTTP 616 GET /wireshark-labs/INTRO-wiresharkfile1.html HTTP/1.1 Frame 44: 616 bytes on wire (4928 bits), 616 bytes captured (4928 bits) on interface DeviceNPF_{0D76D4C3-61B2-492E-8D70- C2DE6024D9FF}, id 0 Interface id: 0 (DeviceNPF_{0D76D4C3-61B2-492E-8D70-C2DE6024D9FF}) Encapsulation type: Ethernet (1) Arrival Time: Sep 20, 2021 19:02:32.152885000 [Time shift for this packet: 0.000000000 seconds] Epoch Time: 1632135752.152885000 seconds [Time delta from previous captured frame: 0.000540000 seconds] [Time delta from previous displayed frame: 0.000000000 seconds] [Time since reference or first frame: 6.151108000 seconds] Frame Number: 44 Frame Length: 616 bytes (4928 bits) Capture Length: 616 bytes (4928 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ethertype:ip:tcp:http] [Coloring Rule Name: HTTP] [Coloring Rule String: http || tcp.port == 80 || http2] Ethernet II, Src: AzureWav_06:ba:93 (dc:f5:05:06:ba:93), Dst: 7a:e0:92:2e:86:d4 (7a:e0:92:2e:86:d4) Destination: 7a:e0:92:2e:86:d4 (7a:e0:92:2e:86:d4) Source: AzureWav_06:ba:93 (dc:f5:05:06:ba:93) Type: IPv4 (0x0800) Internet Protocol Version 4, Src: 192.168.43.41, Dst: 128.119.245.12 0100 …. = Version: 4 …. 0101 = Header Length: 20 bytes (5) Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT) Total Length: 602 Identification: 0x952c (38188) Flags: 0x40, Don’t fragment Fragment Offset: 0 Time to Live: 64 Protocol: TCP (6) Header Checksum: 0x421c [validation disabled] [Header checksum status: Unverified] Source Address: 192.168.43.41 Destination Address: 128.119.245.12 Transmission Control Protocol, Src Port: 62305, Dst Port: 80, Seq: 1, Ack: 1, Len: 562 Source Port: 62305 Destination Port: 80 [Stream index: 5] [TCP Segment Len: 562] Sequence Number: 1 (relative sequence number) Sequence Number (raw): 1409963648 [Next Sequence Number: 563 (relative sequence number)] Acknowledgment Number: 1 (relative ack number) Acknowledgment number (raw): 2094417784 0101 …. = Header Length: 20 bytes (5) Flags: 0x018 (PSH, ACK) Window: 514 [Calculated window size: 131584] [Window size scaling factor: 256] Checksum: 0xe277 [unverified] [Checksum Status: Unverified] Urgent Pointer: 0 [SEQ/ACK analysis] [Timestamps] TCP payload (562 bytes) Hypertext Transfer Protocol GET /wireshark-labs/INTRO-wireshark-file1.html HTTP/1.1rn Host: gaia.cs.umass.edurn Connection: keep-alivern Upgrade-Insecure-Requests: 1rn User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36rn Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/ signed-exchange;v=b3;q=0.9rn Accept-Encoding: gzip, deflatern Accept-Language: zh-CN,zh;q=0.9rn If-None-Match: “51-5cc2aa0c948e6″rn If-Modified-Since: Fri, 17 Sep 2021 05:59:01 GMTrn rn [Full request URI: http://gaia.cs.umass.edu/wireshark-labs/INTRO-wireshark-file1.html] [HTTP request 1/1] [Response in frame: 101] OK: No. Time Source Destination Protocol Length Info 85 19:02:37.086045 128.119.245.12 192.168.43.41 HTTP 492 HTTP/1.1 200 OK (text/html) Frame 85: 492 bytes on wire (3936 bits), 492 bytes captured (3936 bits) on interface DeviceNPF_{0D76D4C3-61B2-492E-8D70- C2DE6024D9FF}, id 0 Interface id: 0 (DeviceNPF_{0D76D4C3-61B2-492E-8D70-C2DE6024D9FF}) Interface name: DeviceNPF_{0D76D4C3-61B2-492E-8D70-C2DE6024D9FF} Interface description: WLAN Encapsulation type: Ethernet (1) Arrival Time: Sep 20, 2021 19:02:37.086045000 [Time shift for this packet: 0.000000000 seconds] Epoch Time: 1632135757.086045000 seconds [Time delta from previous captured frame: 0.000082000 seconds] [Time delta from previous displayed frame: 0.000082000 seconds] [Time since reference or first frame: 11.084268000 seconds] Frame Number: 85 Frame Length: 492 bytes (3936 bits) Capture Length: 492 bytes (3936 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ethertype:ip:tcp:http:data-text-lines] [Coloring Rule Name: HTTP] [Coloring Rule String: http || tcp.port == 80 || http2] Ethernet II, Src: 7a:e0:92:2e:86:d4 (7a:e0:92:2e:86:d4), Dst: AzureWav_06:ba:93 (dc:f5:05:06:ba:93) Destination: AzureWav_06:ba:93 (dc:f5:05:06:ba:93) Source: 7a:e0:92:2e:86:d4 (7a:e0:92:2e:86:d4) Type: IPv4 (0x0800) Internet Protocol Version 4, Src: 128.119.245.12, Dst: 192.168.43.41 0100 …. = Version: 4 …. 0101 = Header Length: 20 bytes (5) Differentiated Services Field: 0x48 (DSCP: AF21, ECN: Not-ECT) Total Length: 478 Identification: 0x9a2e (39470) Flags: 0x40, Don’t fragment Fragment Offset: 0 Time to Live: 38 Protocol: TCP (6) Header Checksum: 0x574e [validation disabled] [Header checksum status: Unverified] Source Address: 128.119.245.12 Destination Address: 192.168.43.41 Transmission Control Protocol, Src Port: 80, Dst Port: 61107, Seq: 1, Ack: 478, Len: 438 Source Port: 80 Destination Port: 61107 [Stream index: 6] [TCP Segment Len: 438] Sequence Number: 1 (relative sequence number) Sequence Number (raw): 2709913224 [Next Sequence Number: 439 (relative sequence number)] Acknowledgment Number: 478 (relative ack number) Acknowledgment number (raw): 4235537759 0101 …. = Header Length: 20 bytes (5) Flags: 0x018 (PSH, ACK) Window: 237 [Calculated window size: 30336] [Window size scaling factor: 128] Checksum: 0x11d5 [unverified] [Checksum Status: Unverified] Urgent Pointer: 0 [SEQ/ACK analysis] [Timestamps] TCP payload (438 bytes) Hypertext Transfer Protocol HTTP/1.1 200 OKrn Date: Mon, 20 Sep 2021 11:02:36 GMTrn Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/7.4.23 mod_perl/2.0.11 Perl/v5.16.3rn Last-Modified: Mon, 20 Sep 2021 05:59:01 GMTrn ETag: “51-5cc66fa496878″rn Accept-Ranges: bytesrn Content-Length: 81rn Keep-Alive: timeout=5, max=100rn Connection: Keep-Alivern Content-Type: text/html; charset=UTF-8rn rn [HTTP response 1/5] [Time since request: 0.305488000 seconds] [Request in frame: 81] [Next request in frame: 90][Next response in frame: 92] [Request URI: http://gaia.cs.umass.edu/wireshark-labs/INTRO-wireshark-file1.html] File Data: 81 bytes Line-based text data: text/html (3 lines) |
- 实验总结及问题
1.学会使用什么做什么事情;
答:学会了wireshark软件的基本使用方法,wireshark软件的工作原理,软件结构、对包进行简单的捕获
2.在实验过程中遇到了什么问题如何解决的/p>
答:在实验过程中对wireshark 并不是很了解,一开始由于又是英文版本的实验,不知从何下手,后面通过静下心来认真看,也在 上找了一些wireshark的相关学习视频来对它加以了解,从而写完这次实验
3、还有什么问题尚未解决能是什么原因导致的。
答:由于http.request.method==”GET”找到了三个wireshark-labs/INTRO-wireshark-file1.html,我选择了第一个被查找到的那个包,不确定是否正确,对应的OK也是找到的第一次获取的,不知道这种方法是不是可行。
文章知识点与官方知识档案匹配,可进一步学习相关知识 络技能树首页概览22720 人正在系统学习中
声明:本站部分文章及图片源自用户投稿,如本站任何资料有侵权请您尽早请联系jinwei@zod.com.cn进行处理,非常感谢!