修改发送数据包的大小
跟踪的地址为
www.ustc.edu.cn
\text{www.ustc.edu.cn}
www.ustc.edu.cn
由于自己抓的包比较凌乱,分析起来比较复杂,所以使用作者的数据包进行分析
Select the first ICMP Echo Request message sent by your computer, and expand the Internet Protocol part of the packet in the packet details window.What is the IP address of your computer?
IP为
192.168.1.102
192.168.1.102
192.168.1.102.
Within the IP packet header, what is the value in the upper layer protocol field?
上层协议为
ICMP
\text{ICMP}
ICMP协议
1
1
1是
ICMP
\text{ICMP}
ICMP的协议字段值
How many bytes are in the IP header? How many bytes are in the payload of the IP datagram? Explain how you determined the number of payload bytes.
回显请求消息的Header length为20bytes,Total length为84bytes,所以有效负载为64bytes,总长度-报头长度就是有效负载的长度
接收到的消息的Header length为20bytes,Total length为56bytes,所以有效负载为36bytes
Has this IP datagram been fragmented? Explain how you determined whether or not the datagram has been fragmented
没有分段,因为More fragments标志为not set ,fragment offset:段偏移也为
0
0
0
Which fields in the IP datagram always change from one datagram to the next within this series of ICMP messages sent by your computer?
标识符(Identification)、存活时间(Time To Live,TTL)、首部检验和 (Header Checksum)在改变
Which fields stay constant? Which of the fields must stay constant? Which fields must change? Why?
必须保持不变:
保持不变:
1. 显式拥塞通告( Explicit Congestion Notification,ECN):允许在不丢弃报文的同时通知对方网络拥塞的发生。
2. 全长(Total Length):占 16 位字段,定义了报文总长,包含首部和数据,单位为字节。这个字段的最小值是 20(0 字节数据),最大值是65535。
3. 标识符(Identification):占16位,这个字段主要被用来唯一地标识一个报文的所有分片,因为分片不一定按序到达,所以在重组时需要知道分片所属的报文。
4. 分片偏移 (Fragment Offset):这个13位字段指明了每个分片相对于原始报文开头的偏移量,以8字节作单位。
5. 源地址:报文的发送端;
6. 目的地址:报文的接收端;
7. 选项:附加的首部字段可能跟在目的地址之后;
必须更改:
所谓的保持不变指的是这次 traceroute 不会改变的,但是下一次 traceroute 可能就会改了。
保持不变 | 必须保持不变 | 必须改变 |
---|---|---|
全长:报文总长,包含首部和数据 | 版本:始终为IPV4 | 标识符:标识所有分片 |
标识符:唯一地标识一个报文的所有分片 | 首部长度:始终为20 | 存活时间:报文寿命(TTL) |
分片偏移:相对于原始报文开头的偏移量 | 区分服务:一般不使用 | 首部检验和 :检验报文是否出错 |
源地址:报文的发送端 | 上层协议:此处为ICMP | 数据 |
目的地址:报文的接收端 | ||
选项 |
Next (with the packets still sorted by source address) find the series of ICMP TTL exceeded replies sent to your computer by the nearest (first hop) router.
Identification为
0x9d7c
\text{0x9d7c}
0x9d7c、TTL为
255
255
255
Do these values remain unchanged for all of the ICMP TTL-exceeded replies sent to your computer by the nearest (first hop) router? Why
ID改变,但TTL不变,因为一个路由中的数据包具有相同的寿命,而除分段的数据其他数据包都会有唯一的标识,标识相同表示他们来自同一个数据包的分片
Find the first ICMP Echo Request message that was sent by your computer after you changed the Packet Size in pingplotter to be 2000. Has that message been fragmented across more than one IP datagram?
发送
2000
b
y
t
e
s
2000bytes
2000bytes的数据后进行了分片,分为了两片
Print out the first fragment of the fragmented IP datagram. What information in the IP header indicates that the datagram been fragmented? What information in the IP header indicates whether this is the first fragment versus a latter fragment? How long is this IP datagram
More fragment:Set表示数据报被分段,Fragment Offset:0表示其没有偏移,是第一个分段,这个数据报的长度为
1480+20=1500bytes
\text{1480+20=1500bytes}
1480+20=1500bytes
Print out the second fragment of the fragmented IP datagram. What information in the IP header indicates that this is not the first datagram fragment? Are the more fragments? How can you tell?
More fragment:Not set表示数据报不再被分段,即其后不再有分段,Fragment Offset:1480表示其偏移1480,是第二个分段
What fields change in the IP header between the first and second fragment?
Total Length、Flags、Header Checksum 均发生了改变
数据报分段所以Flags不同、数据内容不同 所以首部检验和改变
Now find the first ICMP Echo Request message that was sent by your computer after you changed the Packet Size in pingplotter to be 3500.
Total Length、Flags、Header Checksum 发生了改变
第一个分片More fragments:Set,fragment offset:0,总长度:1500,
第二个分片More fragments:Set,fragment offset:1480,总长度:1500,
最后一个分片More fragments:Not set,fragment offset:2960,总长度:568;