Computer Network Experiment II

1. Purpose of the experiment

1. Understand and master typical network commands and applications
2. Learn to use the network analysis tool wireshark
3. Learn to select the target machine for ping test

 

2. Experimental environment

computer, wireshark;

 

3. Relevant principles and knowledge points

1. Ethernet protocol
The frame format used in this experiment is Ethernet ||

its preamble is composed of 0 and 1 interval codes, and the destination and source addresses specify the receiving high-level protocol, occupying 2 bytes, and the length of the data segment is not less than 46 bytes, the frame check sequence contains 4 bytes of cyclic redundancy check value, which is used to determine whether the frame is damaged during transmission.

2. The main function of wireshark, a network analysis tool, is network packet capture and decoding analysis. Its tracking communication steps are: run wireshark; set capture conditions; start capture; communicate process; end capture; analyze data.
Filter rules: Here we only talk about the filtering address in the experiment. In wireshark, there are two types of filters: capture filters and display filters. The capture filter only captures the ones specified by itself, while the display filter captures all packets, and then filters them during analysis.

3. Typical network commands and applications
ping: the main function is to test network connectivity
ifconfig: the main function is to view network configuration, such as IP address, etc.
arp: the main function is to view and manage the arp table (arp table is composed of The address information of the node in the current network segment is dynamic)
nslookup: the main function is domain name resolution, querying the ip address of a website

 

4. Experimental content

Experimental Task 1: Application of Typical Network Commands

1. Use a twisted pair wire stripper to remove 2 to 3 cm of outer sheath
2. Follow the sequence of T567B and T568A standards to dial the wires respectively, and use diagonal pliers to leave a twisted pair with a length of 14mm.
3. Put the relevant wires into the pins in order to make the wires reach the top of the pins. Finally, use crimping pliers to crimp the crystal head.
4. Put the connected twisted pair into both ends of the line tester respectively, turn on the alignment mode button, and observe the change of the green point.

Design ideas:

1. ping command query example: ping+"IP address"
2. Ifconfig command query example: ifconfig
3. Example of arp command query: arp -a
4. nslookup command query example: nslookup + "domain name of the website"

Key details: If you forget the arp command, you can enter "arp" on the command line, and the system will display some arp commands

Experimental task 2: use the target machine to perform ping test, and use wireshark to record the whole process

Design ideas:

1. Set the capture filter conditions and start the capture function
2. Execute the ping command on the command line and stop the packet capture
3. Observe and analyze the captured packets in sequence

Key details: setting filter conditions is basically to filter a single ip address, and stop immediately when executing the ping command, otherwise it will be difficult to find the package we need

 

5. Experimental steps

Experimental task one

1. Use the ping command to test the connectivity between the local host and another host
   ping 192.168.1.3
2. Use the ifconfig command to view the local network configuration, view the physical address of the local network card
   ifconfig -all (you can also use ifconfig)
3. Use the arp command to display the local arp table, delete the local arp table, and query the MAC address of a machine on this network segment
   Display the arp table: arp -a
   Delete the arp table: arp -d *
   Query the MAC address of a machine on this network segment (the default address is 192.168.1.3)
4. Use the nslookup command to query the ip address of a website by domain name
   nslookup www.qq.com (here to query the ip address of the Tencent website)

Design ideas:

1. ping command query example: ping+"IP address"
2. Ifconfig command query example: ifconfig
3. Example of arp command query: arp -a
4. nslookup command query example: nslookup + "domain name of the website"

Key details: If you forget the arp command, you can enter "arp" on the command line, and the system will display some arp commands

Experimental task two

Ping test and track and record the whole process with wireshark

1. Open wireshark, set the packet capture filter condition
   host 192.168.1.3
2. Start the capture function in wireshark
3. Open the command line, enter ping 192.168.1.3 and press Enter to execute
   ping 192.168.1.3
4. After the command is executed on the command line, stop capturing the package and archive the captured results
5. Observe and analyze the captured packets sequentially

 

6. Experimental results and analysis

Experimental Task 1 Results

The result is as shown below

1. Use the ping command to test the connectivity of the local host to another host
   

Analysis: You must add a space after entering ping here, otherwise it cannot be used; the reply from 192.168.1.3 is displayed below, indicating that the connection is normal; in the statistical information, it is found that the number of sending and receiving is equal, indicating that there is no packet loss and the connectivity is good.

2. Use the ifconfig command to view the local network configuration and view the physical address of the local network card
   ;
   analysis: ifconfig -all is to display the information of all network cards, such as physical address, DHCP server, etc.;
   and ifconfig is to display the information of the network card in the up state

3. Use the arp command to display the local arp table, delete the local arp table, and query the MAC address of a machine on the network segment
   Display the arp table:
   arp -a;
   delete the arp table:
   arp -d *;
   query the MAC address of a machine on the network segment (default The address is 192.168.1.3)
   arp -a 192.168.1.3;

4. Use the nslookup command to query the ip address of a website by domain name
   nslookup www.qq.com;

Experimental task two results:

The results are as follows:
ping test and use wireshark to track and record the whole process

1. Open wireshark, click Ethernet, set packet capture filter conditions
   
2. Start the capture function in wireshark
   
3. Open the command line, enter ping 192.168.1.3 and press Enter to execute
   
4. After the command is executed on the command line, stop capturing the package and archive the captured results
   

Analysis: Because we originally wrote host 192.168.1.3 in the filter, the captured packet information with the pink frame in the picture is what we want to use and analyze, and 192.168.1.3 and the local IP address are also written on it address.

5. Observe and analyze the captured packets sequentially

analyze:

1. The frame Frame 235 in the first line refers to the data block to be sent, where the serial number captured is 235, and the captured byte is equal to the transmitted byte: 74byte.
2. Arrival Time is the arrival time, the value is Oct 23,…
3. [Time delta from previous captured frame: 0.000256000 seconds] refers to a time difference of 0.000256000 seconds from the previously captured data frame; [Time delta
   from previous displayed frame: 0.000256000 seconds]: a time difference of 0.000256000 seconds from the previously displayed frame;
   [Time s ince reference or first frame: 25.783499000 seconds]: the time difference from the reference frame or the first frame is 25.783499000 seconds;
4. Frame Number: 235, the frame number is 235;
5. Frame Length: 74 bytes (560 bits), means the frame length is 74 bytes;
   Capture Length: 74 bytes (560 bits), means the captured length is 74 bytes;
6. [Frame is marked: False], indicating that the frame is marked: None;
   [Frame is ignored: False], indicating that the frame is ignored: None;
7. [Protocols in frame: eth:ethertype:ip:icmp:data], representing the protocol frame: eth (Ethernet), enthertype, ip, icmp, data
8. [Coloring Rule Name: ICMP], is the color rule name: ICMP;
   [Coloring Rule String: icmp||icmpv6], is the color rule string: ICMP;

Analysis: This is the analysis of Frame information

1. Destination: LcfcHefe_cd:a7:ad (54:e1:ad: cd:a7:ad), refers to the target Mac address is 54:e1:ad: cd:a7:ad
2. Source: LcfcHefe_cd:aa:5b (54:e1:ad: cd:aa:5b), the source Mac address is 54:e1:ad: cd:aa:5b
3. Type: IPv4 (0x0800), the type is IPv4 data packet

Analysis: This is an information analysis of the IPv4 protocol

1. version 4: The IP protocol version is IPv4, Header Length: 20byte means the header data length is 20 bytes
2. Differentiated Services Field: 0x00 (DSCP CS0, ECN: Not-ECT ), representing the differentiated service field is 0x00
3. Flags: 0x00, support grouping; Fragment offset: 0, grouping offset is 0
4. Time to live: 64, TTL, time to live is 64
5. Source: 192.168.1.3, the source IP address is 192.168.1.3;
   Destination: 192.168.1.42, the destination IP address is 192.168.1.42;

 

7. Experimental summary

1. When I was doing experimental task 1, I was not very familiar with the typical commands of the network, and finally searched on the Internet to learn more about the usage of these network commands.
2. When the nslookup command was used in the experimental classroom, the system reported an error. After searching on the Internet, it was found that this command should be used when the network is connected, because it is to query the ip address of a certain website. If there is no network, the website cannot be opened, nor can it be obtained. ip address.
3. When doing experimental task 2, some problems occurred when using the ping test. For example, when we specify to detect 192.168.1.3, we start to capture packets after directly pinging 192.168.1.3, resulting in no corresponding packets being captured. This is an operational error.
4. After following the corresponding steps, we successfully obtained the package we want. But I can't understand the data and content it displays. After searching some blog forums, I learned about the relevant protocols and the content displayed by the capture package.

References:
[1]: Blog Garden: 20179213LiuLei https://www.cnblogs.com/lv6965/p/7707291.html