内容发布更新时间 : 2025/1/4 4:05:43星期一 下面是文章的全部内容请认真阅读。
Lab Exercise – IPv4
Objective
To learn about the details of IP (Internet Protocol). IP is the network layer protocol used throughout the Internet. We will examine IP version 4, since it is ubiquitously deployed, whilethe IP version 6 is partly deployed.
The trace is here: http://scisweb.ulster.ac.uk/~kevin/com320/labs/wireshark/trace-ipv4.pcap The text file is here: http://scisweb.ulster.ac.uk/~kevin/com320/labs/wireshark/trace-ipv4.txt
Requirements
Wireshark: This lab uses the Wireshark software tool to capture and examine a packet trace. A packet trace is a record of traffic at a location on the network, as if a snapshot was taken of all the bits that passed across a particular wire. The packet trace records a timestamp for each packet, along with the bits that make up the packet, from the lower-layer headers to the higher-layer contents. Wireshark runs on most operating systems, including Windows, Mac and Linux. It provides a graphical UI that shows the sequence of packets and the meaning of the bits when interpreted as protocol headers and data. It col-or-codes packets by their type, and has various ways to filter and analyze packets to let you investigate the behavior of network protocols. Wireshark is widely used to troubleshoot networks. You can down-load it from www.wireshark.org if it is not already installed on your computer. We highly recommend that you watch the short, 5 minute video “Introduction to Wireshark” that is on the site.
wget / curl: This lab uses wget (Linux and Windows) and curl (Mac) to fetch web resources. wget and curlare command-line programs that let you fetch a URL. Unlike a web browser, which fetches and executes entire pages, wget and curl give you control over exactly which URLs you fetch and when you fetch them. Under Linux, wget can be installed via your package manager. Under Windows, wget is available as a binary; look for download information on http://www.gnu.org/software/wget/. Under Mac, curl comes installed with the OS. Both have many options (try “wget --help” or “curl --help” to see) but a URL can be fetched simply with “wgetURL” or “curl URL ”. traceroute / tracert: This lab uses “traceroute” to find the router level path from your computer to a remote Internet host. traceroute is a standard command-line utility for discovering the Internet paths that your computer uses. It is widely used for network troubleshooting. It comes pre-installed on Win-dow and Mac, and can be installed using your package manager on Linux. On Windows, it is called
“tracert”. It has various options, but simply issuing the command “traceroute www.uwa.edu.au” will cause your computer to find and print the path to the remote computer (here www.uwa.edu.au).
1
Step 1: Capture a Trace
Proceed as follows to capture a trace assuming that your computer has IPv4 connectivity; alternatively, you may use a supplied trace.The trace we want to gather is a simple web fetch from a remote server, which will cause your computer to send and receive IP packets, followed by a traceroute to the re-mote server to find the path it uses over the Internet.
1. Pick a URL at a remote server, e.g., http://www.uwa.edu.au/ and check that you can fetch the
contents with wget or curl, e.g., “wgethttp://www.uwa.edu.au/” or “curl
http://www.uwa.edu.au/”. This will fetch the resource and either write it to a file (wget) or to the screen (curl). With wget, you want a single response with status code “200 OK”. If the fetch does not work then try a different URL; keep in mind that you may be referring to a URL by a shortcut for which browsers must do work to find the intended content, e.g.,
http://mit.edu may really be http://web.mit.edu/index.html. If no URLs seem to work then de-bug your use of wget/curl or your Internet connectivity.
2. Perform a traceroute to the same remote server to check that you can discover information
about the network path. On Windows, type, e.g., “tracert www.uwa.edu.au”. On Linux / Mac, type, e.g., “traceroute www.uwa.edu.au”. If you are on Linux / Mac and behind a NAT (as most home users or virtual machine users) then use the –I option (that was a capital i) to traceroute, e.g., “traceroute –I www.uwa.edu.au”. This will cause traceroute to send ICMP probes like tracert instead of its usual UDP probes; ICMP probes are better able to pass through NAT boxes. A successful example is shown below; save the output as you will need it for later steps. Note that traceroute may take up to a minute to run. Each line shows information about the next IP hop from the computer running traceroute towards the tar-get destination. The lines with “*”s indicate that there was no response from the network to identity that segment of the Internet path. Some unidentified segments are to be expected. However, if traceroute is not working correctly then nearly all the path will be “*”s. In this case, try a different remote server, experiment with traceroute, or use the supplied traces.
Figure 1: Running traceroute (as tracert on Windows)
2
3. Launch Wireshark and start a capture with a filter of “tcp port 80“. Make sure to check
“enable network name resolution”.We use this filter to record only standard web traffic. Name resolution will translate the IP addresses of the computers sending and receiving packets into names. It will help you to recognize whether the packets are going to or from your computer. Your capture window should be similar to the one pictured below, other than our highlighting. Select the interface from which to capture as the main wired or wireless interface used by your computer to connect to the Internet. If unsure, guess and revisit this step later if your capture is not successful. Uncheck “capture packets in promiscuous mode”. This mode is useful to over-hear packets sent to/from other computers on broadcast networks. We only want to record packets sent to/from your computer. Leave other options at their default values. The capture filter, if present, is used to prevent the capture of other traffic your computer may send or re-ceive. On Wireshark 1.8, the capture filter box is present directly on the options screen, but on Wireshark 1.9, you set a capture filter by double-clicking on the interface.
Figure 2: Setting up the capture options
4. After the capture is started, repeat the wget/curl command above. This time, the packets will
also be recorded by Wireshark.
3