Project-2013

1WiresharkandProtocolPacketAnalysis2220130304FengweiQin1ObjectiveInthisexerciseweanalyzethelayeredstructureofnetworkprotocolsusingawebbrowsingexample.WeexaminetheheaderstructureofthePDUsatthedatalink,IP,transport,andapplicationlayers.Inparticularweobservehowaddressesandportnumbersworktogethertoenableend-to-endapplications.2ProtocolsExaminedEthernetandIPaddressingDNSQueryandResponseTCPthree-wayhandshake,sequenceandACKnumberingHTTPGETandResponsemessages3Theexperimentalenvironment•OperatingSystem:WindowsXP32bit•Network:Thewirednetworkaccesstocampusnetwork•Ethernetaddress:00-23-AE-76-CB-6A•IPaddress:10.15.11.170•Browser:360•Date:2014/1/4•Website:ExaminetheprotocolcolumninthetoppaneoftheWiresharkwindow.ConfirmthatyouhavecapturedDNS,TCP,andHTTPpackets.Figure2(a)DNSpackets.Figure2(b)TCPpackets.Figure2(c)HTTPpackets.Figure3theframeforthefirstDNSpacketsentbytheclienta.IdentifytheEthernetandIPaddressoftheclient.Ans：Asshowninfigure3:TheEthernetaddressoftheclientis(00-23-AE-76-CD-6A).TheIPaddressoftheclientis(10.15.11.170).b.WhatisthecontentofthetypefieldintheEthernetframe?Ans：IP（0x0800）c.WhatarethedestinationEthernetandIPaddressesandtowhichmachinesdotheseaddressescorrespond?ExplainhowthisdependsonhowyourmachineisconnectedtotheInternet.Ans:DestinationEthernetaddressis(58-66-ba-82-82-41).DestinationIPaddressis（101.4.60.121）.Addressiscorrespondingtothedomainnameserver,DNSanalysestheinputEthernetframetypeHeaderLengthprotocoltype&numbertotalLengthDestinationEthernetaddressDestinationIPaddressIPaddressoftheclientEthernetaddress3websiteoftheclientandresolvestotheIPaddress.ExaminetheIPheaderforthefirstDNSpacketsentbytheclient.a.Whatistheheaderlength?Whatisthetotalpacketlength?Ans:Asshowninfigure3:HeaderLengthis20bytes,TotalLengthis298bytes.b.Identifytheprotocoltypefield.Whatisthenumberandtypeoftheprotocolinthepayload?Ans:Asshowninfigure3:TheprotocoltypeisUDP,thenumberoftheprotocolis17.ExaminetheUDPheaderofthefirstDNSpacketsentbytheclient.Figure4theUDPheaderofthefirstDNSpacketsentbytheclienta.Identifytheclientephemeralportnumberandtheserverwell-knownportnumber.Whattypeofapplicationlayerprotocolisinthepayload?Ans:Theclientephemeralportnumberis（10219），theserverwell-knownportnumberis（53），thetypeofapplicationlayerprotocolisinthepayload：DNS。b.ConfirmthatthelengthfieldintheUDPheaderisconsistentwiththeIPheaderlengthinformation.Ans:Asisshowninfigure4,thelengthfieldintheUDPheaderis278bytes.UDPlength=IPpacketlength-IPheaderlength,sothelengthfieldintheUDPheaderisn’tconsistentwiththeIPheaderlengthinformation.SketchtheprotocolstackfromthedatalinklayeruptotheapplicationlayerattheclientandserversidesandexplainhowthecontentsinthevariousPDUsenableend-to-endcommunicationbetweenapplicationlayerprocesses.Ans:DNSclientDNSserverDNSDNSUDPUDPUDPIPIPIPEthernetEthernetEthernetPhysicslayersFigure5TheprotocolstackportnumberWellknownportnumberHeaderlength4IntheuserPContheapplicationlayerHTTPrequeststothetransportlayer,transportlayerwillmessageencapsulatedinaTCPmessage,TCPmessagesegmentistransmittedtotheIPlayer.IPlayerdatapackagefromtheInternetpacket,andsendsittotherouter.Whileintheserver,theserverNICcaptureEthernetframesandextracttheIPdatagram,throughtheoppositeprocess,transmitdatatotheapplicationlayer.3.DNSExaminetheDNSquerymessageintheDNSpacketsentbytheclient.Figure6DNSquerymessagea.Whatfieldindicateswhetherthemessageisaqueryoraresponse?Ans:TheQR:0indicatesthatthemessageisaqueryand1indicatesthatthemessageisaresponse.b.Whatinformationiscarriedinthebodyofthequery?Ans:Thetransmissionofaqueryname,Thetypeofquery,Queryclass.(正文传送查询名、查询类型、查询类)c.WhatisthequerytransactionID?Ans:Asshowninfigure6,thequerytransactionIDis0xaaf5d.Identifythefieldsthatcarrythetypeandclassofthequery.Ans:Asshowninfigure6,thetypeofthequeryisA,classofthequeryisIN(0x0001).NowconsiderthepacketthatcarriestheDNSresponsetotheabovequery.transactionIDQRtypeandclassofthequery5Figure7ThecarriestheDNSresponsetotheabovequerya.WhatshouldtheEthernetandIPaddressesforthispacketbe?Verifythattheseaddressesareasexpected.Ans:SourceEthernetaddressis(00-23-ae-76-cb-6a),thesourceIPaddressoftheclientis（10.15..11.170）.DestinationEthernetaddressis(58-66-ba-82-82-41)，thedestinationIPaddressis(10.0.0.10).Theseaddressesareasexpected.DestinationIPaddressSourceIPaddresssizeoftheIPpacketUDPdatagramthatcarrytheresponsetransactionID6b.WhatisthesizeoftheIPpacketandUDPdatagramthatcarrytheresponse?Isitlongerthanthequery?Ans:thesizeoftheIPpacketis63bytes,UDPdatagramthatcarrytheresponseis48bytes.Itislongerthanthequery.c.ConfirmthatthetransactionIDintheresponsemessageiscorrect.Ans:0xaaf5,thetransactionIDintheresponsemessageiscorrect.d.Howmanyansw