CCNA协议分析实验--徐曙光.ppt

1、抓包实验报告,TCP链接建立的三次握手/链接拆除的四次握手 Telnet:不安全的原因 Ping第一个慢的原因 QQ端口号抓包 TCP/IP头部 Traceroute所用的协议(思科的命令) Tracert所用的协议(微软的命令),作者：徐曙光,三次握手、四次解除,三次握手,弄好了三次握手把抓到的包关了，又重弄一次，所以前后不一样。,四次解除,第一次握手,作者：徐曙光,Client,Server,Client 向Server发起连接请求， 以一个随机初始化seq， 这里seq等于0.,Source port: 49961 (49961) Destination port: http (80)

2、Stream index: 13 Sequence number: 0 (relative sequence number) Header length: 28 bytes Flags: 0 x02 (SYN) 000. . . = Reserved: Not set .0 . . = Nonce: Not set . 0. . = Congestion Window Reduced (CWR): Not set . .0. . = ECN-Echo: Not set . .0. . = Urgent: Not set . .0 . = Acknowledgement: Not set . .

3、 0. = Push: Not set . . .0. = Reset: Not set . . .1. = Syn: Set,看详细数据,第二次握手,SYN(seq=0),No. Time Source Destination Protocol Info 8596 43.792916 00 02 TCP 49961 http SYN Seq=0 Win=8192 Len=0 MSS=1460 SACK_PERM=1 Internet Protocol, Src: 00 (00), Dst: 220.1

4、70.192.102 (02) Version: 4 Header length: 20 bytes Differentiated Services Field: 0 x00 (DSCP 0 x00: Default; ECN: 0 x00) 0000 00. = Differentiated Services Codepoint: Default (0 x00) . .0. = ECN-Capable Transport (ECT): 0 . .0 = ECN-CE: 0 Total Length: 48 Identification: 0 x7acf (31439

5、) Flags: 0 x02 (Dont Fragment) 0. . = Reserved bit: Not set .1. . = Dont fragment: Set .0. . = More fragments: Not set Fragment offset: 0 Time to live: 128 Protocol: TCP (6) Header checksum: 0 x0000 incorrect, should be 0 x20db Good: False Bad: True Expert Info (Error/Checksum): Bad checksum Message

6、: Bad checksum Severity level: Error Group: Checksum Source: 00 (00) Destination: 02 (02) Transmission Control Protocol, Src Port: 49961 (49961), Dst Port: http (80), Seq: 0, Len: 0 Source port: 49961 (49961) Destination port: http (80) Stream index: 1

7、3,第一次握手,作者：徐曙光,Sequence number: 0 (relative sequence number) Header length: 28 bytes Flags: 0 x02 (SYN) 000. . . = Reserved: Not set .0 . . = Nonce: Not set . 0. . = Congestion Window Reduced (CWR): Not set . .0. . = ECN-Echo: Not set . .0. . = Urgent: Not set . .0 . = Acknowledgement: Not set . . 0

8、. = Push: Not set . . .0. = Reset: Not set . . .1. = Syn: Set Expert Info (Chat/Sequence): Connection establish request (SYN): server port http Message: Connection establish request (SYN): server port http Severity level: Chat Group: Sequence . . .0 = Fin: Not set Window size: 8192 Checksum: 0 x5f40

9、 validation disabled Good Checksum: False Bad Checksum: False Options: (8 bytes) Maximum segment size: 1460 bytes NOP NOP TCP SACK Permitted Option: True,第二次握手,返回,第二次握手,作者：徐曙光,Client,Server,Server 收到Client的连接请求后， 也以一个随机初始化seq=0； Server的ACK是Client的seq加1， 即0+1=1,Sequence number: 0 (relative sequence n

10、umber) Acknowledgement number: 1 (relative ack number) Header length: 28 bytes Flags: 0 x12 (SYN, ACK) 000. . . = Reserved: Not set .0 . . = Nonce: Not set . 0. . = Congestion Window Reduced (CWR): Not set . .0. . = ECN-Echo: Not set . .0. . = Urgent: Not set . .1 . = Acknowledgement: Set . . 0. = P

11、ush: Not set . . .0. = Reset: Not set . . .1. = Syn: Set,看详细数据,第三次握手,Syn(seq=0)，Ack=1,SYN(seq=0),No. Time Source Destination Protocol Info 8616 44.001946 02 00 TCP http 49961 SYN, ACK Seq=0 Ack=1 Win=5840 Len=0 MSS=1440 SACK_PERM=1 Internet Protocol, Src: 02 (220

12、.170.192.102), Dst: 00 (00) Version: 4 Header length: 20 bytes Differentiated Services Field: 0 x00 (DSCP 0 x00: Default; ECN: 0 x00) 0000 00. = Differentiated Services Codepoint: Default (0 x00) . .0. = ECN-Capable Transport (ECT): 0 . .0 = ECN-CE: 0 Total Length: 48 Identific

13、ation: 0 x0000 (0) Flags: 0 x02 (Dont Fragment) 0. . = Reserved bit: Not set .1. . = Dont fragment: Set .0. . = More fragments: Not set Fragment offset: 0 Time to live: 56 Protocol: TCP (6) Header checksum: 0 xe3aa correct Good: True Bad: False Source: 02 (02) Destination:

14、00 (00) Transmission Control Protocol, Src Port: http (80), Dst Port: 49961 (49961), Seq: 0, Ack: 1, Len: 0 Source port: http (80) Destination port: 49961 (49961),第二次握手,作者：徐曙光,Stream index: 13 Sequence number: 0 (relative sequence number) Acknowledgement number: 1 (relative ack

15、 number) Header length: 28 bytes Flags: 0 x12 (SYN, ACK) 000. . . = Reserved: Not set .0 . . = Nonce: Not set . 0. . = Congestion Window Reduced (CWR): Not set . .0. . = ECN-Echo: Not set . .0. . = Urgent: Not set . .1 . = Acknowledgement: Set . . 0. = Push: Not set . . .0. = Reset: Not set . . .1.

16、= Syn: Set Expert Info (Chat/Sequence): Connection establish acknowledge (SYN+ACK): server port http Message: Connection establish acknowledge (SYN+ACK): server port http Severity level: Chat Group: Sequence . . .0 = Fin: Not set Window size: 5840 SEQ/ACK analysis This is an ACK to the segment in fr

17、ame: 8596 The RTT to ACK the segment was: 0.209030000 seconds,第三次握手,返回,第三次握手,作者：徐曙光,Client,Server,Client收到 Server的回复后， Client发出的的ACK是Server 的seq加1(即0+1=1),它的seq 是它的上一个请求的seq加1(0+1=1),SYN(seq=0),Sequence number: 1 (relative sequence number) Acknowledgement number: 1 (relative ack number) Header lengt

18、h: 20 bytes Flags: 0 x10 (ACK) 000. . . = Reserved: Not set .0 . . = Nonce: Not set . 0. . = Congestion Window Reduced (CWR): Not set . .0. . = ECN-Echo: Not set . .0. . = Urgent: Not set . .1 . = Acknowledgement: Set . . 0. = Push: Not set . . .0. = Reset: Not set . . .0. = Syn: Not set . . .0 = Fi

19、n: Not set,看详细数据,Syn(seq=0)，Ack=1,ACK=1,ESTABLISHED,8617 44.002063 00 02 TCP 49961 http ACK Seq=1 Ack=1 Win=64800 Internet Protocol, Src: 00 (00), Dst: 02 (02) Version: 4 Header length: 20 bytes Differentiated Services Field: 0

20、x00 (DSCP 0 x00: Default; ECN: 0 x00) 0000 00. = Differentiated Services Codepoint: Default (0 x00) . .0. = ECN-Capable Transport (ECT): 0 . .0 = ECN-CE: 0 Total Length: 40 Identification: 0 x7ad0 (31440) Flags: 0 x02 (Dont Fragment) 0. . = Reserved bit: Not set .1. . = Dont fragment: Set .0. . = Mo

21、re fragments: Not set Fragment offset: 0 Time to live: 128 Protocol: TCP (6) Header checksum: 0 x0000 incorrect, should be 0 x20e2 Good: False Bad: True Expert Info (Error/Checksum): Bad checksum Message: Bad checksum Severity level: Error Group: Checksum Source: 00 (00) Destin

22、ation: 02 (02) Transmission Control Protocol, Src Port: 49961 (49961), Dst Port: http (80), Seq: 1, Ack: 1, Len: 0 Source port: 49961 (49961) Destination port: http (80),第三次握手,作者：徐曙光,Stream index: 13 Sequence number: 1 (relative sequence number) Acknowledgement number: 1 (r

23、elative ack number) Header length: 20 bytes Flags: 0 x10 (ACK) 000. . . = Reserved: Not set .0 . . = Nonce: Not set . 0. . = Congestion Window Reduced (CWR): Not set . .0. . = ECN-Echo: Not set . .0. . = Urgent: Not set . .1 . = Acknowledgement: Set . . 0. = Push: Not set . . .0. = Reset: Not set .

24、. .0. = Syn: Not set . . .0 = Fin: Not set Window size: 64800 Checksum: 0 x5f38 validation disabled Good Checksum: False Bad Checksum: False SEQ/ACK analysis This is an ACK to the segment in frame: 8616 The RTT to ACK the segment was: 0.000117000 seconds,返回,ESTABLISHED,ESTABLISHED？,Hypertext Transfe

25、r Protocol GET /js/speed_v1.9-min.js HTTP/1.1rn Expert Info (Chat/Sequence): GET /js/speed_v1.9-min.js HTTP/1.1rn Message: GET /js/speed_v1.9-min.js HTTP/1.1rn Severity level: Chat Group: Sequence Request Method: GET Request URI: /js/speed_v1.9-min.js Request Version: HTTP/1.1 Accept: */*rn Referer:

26、 Accept-Language: zh-CNrn User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/4.0; QQDownload 665; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; CIBA)rn Accept-Encoding: gzip, deflatern Host: rn Connection: Keep-Alivern truncated Cookie: p

27、t2gguin=o0544305819; ptcz=c794aafb7f1347457eda287f660f69c189e143a9be8de6 865502aa2d26ebbd21; pvid=5623354220; flv=10.0; pgv_pvid=2319958122; pgv_flv=10.0; pgv_r_cookie=1010136968139; o_cookie=544305819; qzone_mood_noIma rn,四次解除,四次解除一,作者：徐曙光,FIN=1 ACK=743Seq=69,Client,Server,Client 发送FIN+ACK报文，并置序列号为

28、69,ACK=70Seq=743,Server 发送ACK报文，并置序列号为743,Server发送FIN+ACK报文，并置序列号为743,Client 发送ACK报文，并置序列号为744,FIN=1 ACK=70Seq=743,ACK=744Seq=70,抓包,抓包,抓包,抓包,TELNET,抓包一,作者：徐曙光,No. Time Source Destination Protocol Info 309 10.429647 59 00 TCP http 52074 FIN, ACK Seq=69 Ack=743 Win=6678 Len=0 Tr

29、ansmission Control Protocol, Src Port: http (80), Dst Port: 52074 (52074), Seq: 69, Ack: 743, Len: 0 Source port: http (80) Destination port: 52074 (52074) Stream index: 44 Sequence number: 69 (relative sequence number) Acknowledgement number: 743 (relative ack number) Header length: 20 bytes Flags:

30、 0 x11 (FIN, ACK) 000. . . = Reserved: Not set .0 . . = Nonce: Not set . 0. . = Congestion Window Reduced (CWR): Not set . .0. . = ECN-Echo: Not set . .0. . = Urgent: Not set . .1 . = Acknowledgement: Set . . 0. = Push: Not set . . .0. = Reset: Not set . . .0. = Syn: Not set . . .1 = Fin: Set,返回,Exp

31、ert Info (Chat/Sequence): Connection finish (FIN) Message: Connection finish (FIN) Severity level: Chat Group: Sequence Window size: 6678 Checksum: 0 x93f5 validation disabled Good Checksum: False Bad Checksum: False,抓包二,作者：徐曙光,No. Time Source Destination Protocol Info 310 10.429690 00 11

32、59 TCP 52074 http ACK Seq=743 Ack=70 Win=64732 Len=0 Internet Protocol, Src: 00 (00), Dst: 59 (59) Version: 4 Header length: 20 bytes Differentiated Services Field: 0 x00 (DSCP 0 x00: Default; ECN: 0 x00) 0000 00. = Differentiated Services Code

33、point: Default (0 x00) . .0. = ECN-Capable Transport (ECT): 0 . .0 = ECN-CE: 0 Total Length: 40 Identification: 0 x104b (4171) Flags: 0 x02 (Dont Fragment) 0. . = Reserved bit: Not set .1. . = Dont fragment: Set .0. . = More fragments: Not set Fragment offset: 0 Time to live: 128 Protocol: TCP (6) H

34、eader checksum: 0 x0000 incorrect, should be 0 x666d Good: False Bad: True Expert Info (Error/Checksum): Bad checksum Message: Bad checksum Severity level: Error Group: Checksum Source: 00 (00) Destination: 59 (59) Transmission Control Protocol, Src Port

35、: 52074 (52074), Dst Port: http (80), Seq: 743, Ack: 70, Len: 0 Source port: 52074 (52074) Destination port: http (80) Stream index: 44,Sequence number: 743 (relative sequence number) Acknowledgement number: 70 (relative ack number) Header length: 20 bytes Flags: 0 x10 (ACK) 000. . . = Reserved: Not

36、 set .0 . . = Nonce: Not set . 0. . = Congestion Window Reduced (CWR): Not set . .0. . = ECN-Echo: Not set . .0. . = Urgent: Not set . .1 . = Acknowledgement: Set . . 0. = Push: Not set . . .0. = Reset: Not set . . .0. = Syn: Not set . . .0 = Fin: Not set Window size: 64732 Checksum: 0 x8432 validat

37、ion disabled Good Checksum: False Bad Checksum: False SEQ/ACK analysis This is an ACK to the segment in frame: 309 The RTT to ACK the segment was: 0.000043000 seconds,返回,No. Time Source Destination Protocol Info 311 10.432031 00 59 TCP 52074 http FIN, ACK Seq=743 Ack=70 Win=64

38、732 Len=0 Internet Protocol, Src: 00 (00), Dst: 59 (59) Version: 4 Header length: 20 bytes Differentiated Services Field: 0 x00 (DSCP 0 x00: Default; ECN: 0 x00) 0000 00. = Differentiated Services Codepoint: Default (0 x00) . .0. = ECN-Capable Transport

39、(ECT): 0 . .0 = ECN-CE: 0 Total Length: 40 Identification: 0 x104c (4172) Flags: 0 x02 (Dont Fragment) 0. . = Reserved bit: Not set .1. . = Dont fragment: Set .0. . = More fragments: Not set Fragment offset: 0 Time to live: 128 Protocol: TCP (6) Header checksum: 0 x0000 incorrect, should be 0 x666c

40、Good: False Bad: True Expert Info (Error/Checksum): Bad checksum Message: Bad checksum Severity level: Error Group: Checksum Source: 00 (00) Destination: 59 (59) Transmission Control Protocol, Src Port: 52074 (52074), Dst Port: http (80), Seq: 743, Ack:

41、70, Len: 0,抓包三,作者：徐曙光,Source port: 52074 (52074) Destination port: http (80) Stream index: 44 Sequence number: 743 (relative sequence number) Acknowledgement number: 70 (relative ack number) Header length: 20 bytes Flags: 0 x11 (FIN, ACK) 000. . . = Reserved: Not set .0 . . = Nonce: Not set . 0. . =

42、 Congestion Window Reduced (CWR): Not set . .0. . = ECN-Echo: Not set . .0. . = Urgent: Not set . .1 . = Acknowledgement: Set . . 0. = Push: Not set . . .0. = Reset: Not set . . .0. = Syn: Not set . . .1 = Fin: Set Expert Info (Chat/Sequence): Connection finish (FIN) Message: Connection finish (FIN)

43、 Severity level: Chat Group: Sequence Window size: 64732 Checksum: 0 x8432 validation disabled Good Checksum: False Bad Checksum: False,返回,抓包四,作者：徐曙光,No. Time Source Destination Protocol Info 312 10.595335 59 00 TCP http 52074 ACK Seq=70 Ack=744 Win=6678 Len=0 Internet Protoco

44、l, Src: 59 (59), Dst: 00 (00) Version: 4 Header length: 20 bytes Differentiated Services Field: 0 x00 (DSCP 0 x00: Default; ECN: 0 x00) 0000 00. = Differentiated Services Codepoint: Default (0 x00) . .0. = ECN-Capable Transport (ECT): 0 . .0 = ECN-CE: 0

45、Total Length: 40 Identification: 0 xe0d0 (57552) Flags: 0 x02 (Dont Fragment) 0. . = Reserved bit: Not set .1. . = Dont fragment: Set .0. . = More fragments: Not set Fragment offset: 0 Time to live: 55 Protocol: TCP (6) Header checksum: 0 xdee7 correct Good: True Bad: False Source: 59 (1

46、59) Destination: 00 (00) Transmission Control Protocol, Src Port: http (80), Dst Port: 52074 (52074), Seq: 70, Ack: 744, Len: 0 Source port: http (80) Destination port: 52074 (52074) Stream index: 44,Sequence number: 70 (relative sequence number) Acknowledgement numb

47、er: 744 (relative ack number) Header length: 20 bytes Flags: 0 x10 (ACK) 000. . . = Reserved: Not set .0 . . = Nonce: Not set . 0. . = Congestion Window Reduced (CWR): Not set . .0. . = ECN-Echo: Not set . .0. . = Urgent: Not set . .1 . = Acknowledgement: Set . . 0. = Push: Not set . . .0. = Reset:

48、Not set . . .0. = Syn: Not set . . .0 = Fin: Not set Window size: 6678 Checksum: 0 x93f4 validation disabled Good Checksum: False Bad Checksum: False SEQ/ACK analysis This is an ACK to the segment in frame: 311 The RTT to ACK the segment was: 0.163304000 seconds,返回,Telnet:不安全的原因,在运行里面打开CMD就能进入dos状态下，然后输入telnet 1 按回车接可以进如到控制台。输入密码和设备的名字，便可以进行实验。 但是这些操作是不安全的 ，因为用户、显示的数据、密码等等可以被泄漏，下面通过登陆控制台过程的抓包说明为什么不安全,作者：徐曙光,Telnet:不安全的原因,作者：徐曙光,这是password：,密码一目了然,返回,Ping第一个慢的原因,进入dos，输入下列语句。 Ping 出现右图所示的图,作者：徐曙光,Ping第一个慢的原因,如上图所示，ping的时候，第一次时间长的原因就是要进行ARP地址解析。,作者：徐曙光,Ping第一个慢的原因,第二次 已经有了缓存，