1. Download the packet capture tool
x The following is an IP datagram capture software - the download link of IPtool's Lanzuo Cloud
2. Use iptool
After downloading and decompressing, right-click to run as administrator and open the exe file
Then click the green run to start capturing packets
Just click on a package and analyze it.
As shown in the picture below, just click on a package
Then analyze it
3. IP datagram format
One-to-one correspondence between left and right, just analyze in order
The meanings and functions of the main fields are as follows:
* Version: refers to the version of the IP protocol;
* Header length: refers to the length of the header of the IP datagram, which is in units of 4 bytes. The IP header length is at least 20 bytes,
If the option part is not an integer multiple of 4 bytes, fill it with padding;
* Total length: the length of the entire IP datagram;
* Service type: specifies the processing method for datagrams;
* Identification: It is the sign given to the datagram by the IP protocol, which is used by the destination host to determine which message the data fragment belongs to;
* Flag: It is three bits, of which only the lower two bits are valid, which respectively indicate whether the data message can be segmented and whether it is
No Whether the segment is the last segment of the source message;
* Life cycle: the life time of the datagram in the network. Every time the message passes through a router, its value will be reduced by 1. When the life cycle becomes 0, the message will be discarded; thus preventing loop routing in the network;
* Protocol: refers to which protocol the IP data part is sent by;
* Checksum: only check the header of the IP header to ensure the integrity of the header;
* Source IP address and destination IP address: refer to the IP addresses of the hosts that send and receive datagrams, respectively.
The following is an example of IP datagram analysis
| field |
message information |
illustrate |
| Version |
4 |
Version , this field indicates the version number of the IP protocol |
| head length |
20 byte |
Header length , indicating the length of the IP datagram header |
| Service type |
Type of service |
|
| total length |
60 byte |
Total length , indicating the length of the entire IP datagram, including the header and data part, the unit of this field is byte |
| logo |
0 |
Indentification , used to uniquely identify each IP datagram |
| the sign |
010 |
Flags , consisting of 3 bits, the first bit is reserved, the second bit indicates whether fragmentation is allowed, and the third bit indicates whether it is the last fragmentation |
| slice offset |
0 |
Fragment offset , indicating the position of the current fragment in the original IP datagram |
| life cycle |
53 hops ( hop count) |
Time to Live , used to control the survival time of IP datagrams in routers to prevent infinite loops of datagrams |
| protocol |
TCP protocol |
Protocol, this field indicates the type of protocol used by the data encapsulated in the IP datagram |
| checksum |
0xf2b2 ( correct verification) |
Checksum, used to detect errors during the transmission of the IP datagram header, to prevent datagrams from being damaged or wrong during transmission |
| source address |
223.111.173.27 |
Source IP Address, indicating the IP address of the sender of the IP datagram |
| Destination address |
10.40.188.106 |
Destination IP Address, specifies the IP address of the destination of the IP datagram |