计网实验报告(IP)

实验：Wireshark Lab: IP

一、实验目的

1、会用wireshark分析IP协议，对IP协议有个全面的学习与了解

2、学习ip报文段的各领域。

二、实验器材

1、接入internet的计算机主机。

2、抓包工具wreshark 和截图工具

三、实验内容实验操作实践与步骤

Capturing packets from an execution of traceroute

1、打开wireshark开始抓包.

2、启动pingpiotter，在“address to trace window”中输入“”,

在“# of time to trace”中输入3,选中”edit”选项，接着选中“advance options”

—packet option输入56，按OK键，在按Trace键。

3、接着在packet option中输入2000，按OK键，在按Resume键。

4、再在packet option中输入3500，按OK键，在按Resume键。

5、停止抓包。

截图如下：

A look at the captured trace

1. Select the first ICMP Echo Request message sent by your computer, and expand the Internet Protocol part of the packet in the packet details window. What is the IP address of your computer?

答：第一条ICMP回显请求报文如下：

由上图可知，我的电脑的IP地址是10.135.87.190

2. Within the IP packet header, what is the value in the upper layer protocol field?

答：由可知，上层协议的值为1.

3. How many bytes are in the IP header? How many bytes are in the payload of the IP datagram? Explain how you determined the number of payload bytes.

答：

由上图可知IP数据报首部长度为20比特，有效载荷量为56-20=36比特。

4. Has this IP datagram been fragmented? Explain how you determined whether or not the datagram has been fragmented.

由上图知flag和offset都为0，所以没有分片。

5. Which fields in the IP datagram always change from one datagram to the next within this series of ICMP messages sent by your computer?

通过多次分析，如上两图所示，标识、TTL、首部检验和都在不断变化。

6. Which fields stay constant? Which of the fields must stay constant? Which fields must change? Why?

答：分析可知

保持不变的有：版本号首部长度，服务类型，标志，偏移，上层协议，目的和源IP地址

必须保持不变的是：版本号源和目的IP地址

必须改变的是：标识，首部检验和

7. Describe the pattern （模式）you see in the values in the Identification field of the IP datagram。

由上两图可知标识字段模式：每一个IP数据报头部的标识号域都不一

样，每次加1。

8. What is the value in the Identification field and the TTL field?

答：标识字段的值是:1417

TTL字段的值是:35

9. Do these values remain unchanged for all of the ICMP TTL-exceeded replies sent to your computer by the nearest (first hop) router? Why？

答：没有改变。因为每一个固定的路由器都有一个固定的TTL值，所以最

近的那个路由器回复的给主机所有的ICMP TTL-exceeded 的TTL的值都不会改变。

10. Find the first ICMP Echo Request message that was sent by your computer after you changed the Packet Size in pingplotter to be 2000. Has that message been fragmented across more than one IP datagram?

由上图可知，当数据包大小改为2000后数据报被分成2片。

11. Print out the first fragment of the fragmented IP datagram. What information in the IP header indicates that the datagram been fragmented? What information in the IP header indicates whether this is the first fragment versus a latter fragment? How long is this IP datagram?

由数据报首部的flag不为0可知数据报被分片，flag为0时表示这是最后一片，offset为0表示这是第一片。这个IP数据报的长度为

1480+500+20=2000字节。

12. Print out the second fragment of the fragmented IP datagram. What information in the IP header indicates that this is not the first datagram fragment? Are the more fragments? How can you tell?