Experiment (1)-Network cable production
Experiment content
1. Collect crystal heads, network cables, network cable pliers, etc., and make network cables. Use a line tester to test whether the prepared network cable is normal?
normal
2. Twisted pair wires are divided into unshielded twisted pair wires and (shielded twisted pair wires). (Shielded twisted pair wires) have good shielding effect, and (unshielded twisted pair wires) are cheap.
3. Different categories of twisted pairs are distinguished according to the density of twisting, such as Category 1, Category 2, Category 3, Category 4, Category 5, Category 5e, and Category 6 twisted pairs. What is the purpose of twisting two wires together?
Increase tensile strength, increase transmission speed, reduce interference, and increase transmission distance
4. The length of the twisted pair: theoretically between 1m and 100m, the shortest is no less than 1m, and the longest is no more than 100m. Why is there a maximum limit on communication lines?
The purpose of limiting transmission distance is to reduce interference.
5. In Ethernet, twisted pairs mainly use direct-connect cables and crossover cables. Direct-connect cables are used to connect different types of devices, and crossover cables are used to link the same devices.
For example, between the computer and the router (direct connection);
Use (cross-hatch) between computers;
Used between routers (crossover cable);
Used between switches (crossover cable);
Used between computer and switch (direct connection).
6. Twisted pair cable can achieve full-duplex communication. What are the main types of Category 5 or Category 5e cables used in daily life?
Commonly found in computer networks are Category 3, Category 5, Category 5e and the current Category 6 unshielded twisted pair cables.
Experiment (2)-Commonly used network commands
1. IPConfig
(1) View the MAC address and IP address of the machine, screenshot:
2. Ping command
(1) Ping 127.0.0.1, 127.0.0.1 is the loopback address. Ping the loopback address is to check whether the local TCP/IP protocol is set up; screenshot:
(2) Ping the IP address of the machine to check whether the IP address of the machine is set incorrectly; screenshot:
(3) Ping the gateway of this network is to check whether there is a problem with the hardware device, and you can also check whether the connection between the machine and the local network is normal; screenshot:
(4) Ping the remote IP address. This is mainly to check whether the connection between the local network or the local machine and the outside is normal. screenshot:
3. ARP
(1) arp -a or arp -g-- used to view all items in the cache; screenshot:
(2) Ping the IP addresses of the classmates’ hosts on the left (or right) respectively; screenshot:
(3) arp -a to view all items in the cache; screenshot:
compare with the results in (1) to see the differences and write the differences as follows:
There are two more port numbers just connected
4. Tracert
(1) Use the Tracert www.qq.com command to take a screenshot.
Based on the screenshots, analyze which addresses returned by each gateway are "private addresses" and which are "public addresses".
(The first IP address returned is the exit gateway IP)
The exit gateway of this laboratory is: (172.23.10.1)
(Note: The first IP address returned is the exit gateway IP of this laboratory)
Private The address is: (172.23.10.1)
The public address is: (1.1.1
183.58.16. 129
14.148.19.237
117.176.37.59
)
The server address corresponding to www.qq.com is: (121.14.77.201)
Note: For information on public addresses (global addresses) and private addresses (local addresses or private addresses), please refer to textbook P186.
What is a public address (public IP):
To build an enterprise-level network, you need to apply for a broadband access to the Internet from a "telecom operator ISP". At the same time, the ISP will also assign us one or more IP addresses. These IP addresses can For our company's internal Internet access, the IPs assigned to us by these ISPs are public IPs.
The public address (Public address, also known as the public network address) is responsible for the Internet NIC (Internet Network Information Center). These IP addresses are assigned to organizations that register and apply to the Internet NIC. Direct access to the Internet through it is within the scope of the WAN.
Range of public IP addresses:
Public IP of Class A:
1.0.0.0~9.255.255.255
11.0.0.0~126.255.255.255
Public IP of Class B:
128.0.0.0~172.15.255.255
172.32.0.0~191.255.255.255
C class public IP:
192.0.0.0~192.168.255.255
192.169.0.0~223.255.255.255
What is a private address (private IP):
The IP used to establish a LAN within our company or family generally uses a private IP.
A private address (Private address, also known as a private network address) is a non-registered address and is exclusively used within an organization. It is within the scope of the local area network.
Range of private IP addresses:
Class A private IP address:
10.0.0.0~10.255.255.255
Class B private IP address:
172.16.0.0~172.31.255.255
Class C private IP address:
192.168.0.0~192.168.255.255
5. Route
(1 ) route print--This command is used to display the current items in the routing table, screenshot:
Experiment (3) - Basic operation of Wireshark
Based on the experiment, answer the following questions. Copy the question first and then answer it below.
1. List all protocol types of captured data packets displayed in the group list sub-window;
ARP、DNS、HTTP、ICMPv6、NBNS、SSDP、TCP、TLSv1.2、UDP
2. How long does it take from sending the HTTP GET message to receiving the corresponding HTTP/1.1 200 OK response message? (The value of the Time column in the packet list window is the total time from when Wireshark started tracing to when the packet was captured, in seconds)
0.036555s
3. What is the IP address of your host? What is the IP address of the server you are accessing?
173.23.10.22
128.119.245.12
Experiment (4)-Use Wireshark to capture and analyze Ethernet frames
1. In the first Echo (ping) request frame, what are the source and destination MAC addresses?
【Answer】Source address: dc:4a:3c:7e:27:95
Destination address: 80:05:88:59:b9
2. In the first Echo (ping) request frame, which source and destination IP addresses are contained in the data field of the frame?
【Answer】Source address: 172.23.10.9
Destination address: 27.148.138.65
3. Compare these addresses to the addresses you captured in step 6. The destination IP address is now the IP address of the www.netacad.com server, whereas in step 6 the destination IP was your default gateway.
Why does the destination IP address change but the destination MAC address remains the same?
【answer】
The MAC address can only be related to the network card. It is fixed when it leaves the factory and will not change. The IP address will change depending on the geographical location, operator, etc. If you use ADSL to access the Internet, the IP address is usually different every time.
4. Wireshark does not display the preamble field of the frame header. What does the preamble contain?
【Answer】SFD and Preamle
Experiment (5) IP protocol analysis and route tracing experiment
1. What is your computer’s IP address? What is the IP address of the University of Massachusetts server?
172.23.10.9
2.In the header of the IP packet, what is the value in the upper layer protocol field?
1
3.How many bytes are there in the IP header? How many bytes are in the payload of an IP datagram? Explain how to determine the number of payload bytes.
20
5
The number of payload bytes is the total length of the payload part (including all extended header parts) in the IPv6 datagram in bytes, that is, the total length of other parts except the basic header of IPv6, accounting for 20 bits.
4. Is this IP datagram fragmented? Explain how you determine whether a datagram is fragmented.
no
1) If the Fragmentation Flags in the IP header of the received packet is 0 and there is a UDP field, it is not fragmented.
2) If the Fragmentation Flags in the IP header of the received packet is 1 and there is a UDP field, it is the first fragment.
3) If If the Fragmentation Flags in the IP header of the received packet is 1 and there is no UDP field, it is the middle piece.
4) If the Fragmentation Flags in the IP header of the received packet is 0 and there is no UDP field, it is the last piece.
5. Among these 10 IP datagrams sent by your computer, which fields always remain the same? Which fields must be changed? Why?
Remains unchanged:
Explicit Congestion Notification (ECN): allows notifying the other party of the occurrence of network congestion without discarding packets.
Total Length: A 16-bit field that defines the total length of the message, including header and data, in bytes. The minimum value of this field is 20 (0 bytes of data) and the maximum value is 65535.
Identification: occupies 16 bits. This field is mainly used to uniquely identify all fragments of a message. Because fragments do not necessarily arrive in order, it is necessary to know the message to which the fragments belong during reassembly.
Fragment Offset: This 13-bit field specifies the offset of each fragment relative to the beginning of the original message, in 8-byte units.
Source address: the sender of the message;
destination address: the receiver of the message;
options: additional header fields may follow the destination address;
must be changed:
Identification: 16 bits, mainly used to uniquely Identifies all fragments of a message;
Time To Live (TTL): 8 bits to prevent the message from existing forever on the Internet. Implemented as a hop counter, each router that the packet passes through decrements this field by 1. When this field is equal to 0, the packet is no longer transmitted to the next hop and is discarded. The maximum value is 255. This is the core principle of traceroute;
Header Checksum: occupies 16 bits. The checksum field only checks the header for errors. At each hop, the router must recalculate the header checksum and compare it with this field. , if inconsistent, this message will be discarded;
data
6. Describe the change in the value in the "Identification" field in the IP datagram header.
Every value is different
7. Check one of the ping request packets sent by the host. What are ICMP types and codes? What other fields does this ICMP packet have? How many bytes are there in each field? Which fields always have the same value?
0
0
0x5558
2 bytes
Checksum, sequence number and identifier fields
8. Check the corresponding reply packet from the University of Massachusetts (Echo(ping)reply). What are ICMP types and codes? What other fields does this ICMP packet have? How many bytes are there in each field? Which fields always have the same value? Which fields have the same values as those in the corresponding request packet?
0
0
0x5524
2 bytes
Checksum, sequence number and identifier fields
9. How many Echo (ping) request packets were sent from your computer to the server in France? How do you calculate it? .What is the IP address of the French server?
50 pieces
Numerical
128.93.162.83
10. Find the first Echo (ping) request you sent, and compare it with the Echo (ping) request sent by the ping command in step 2 above. Are there any similarities and differences in the ICMP fields between the two? Has the Echo (ping) request message you sent arrived in France?
Same: Type, Code, Checksum Status, Identifier (BE), Id Entifier(LE)
Different: Checksum, Sequence number (BE), Sequence number r(LE)
11. Find the ICMP TTL expired (Time-to-live exceeded) message sent back by your default gateway. Compare it with the reply message (Echo(ping)reply) of the Ping command in step 2. There will be some more fields. , what are these extra fields?
Extra: Response time
12. Check the last three ICMP packets received by the source host (as shown below). Where are they sent from? How are these packets different from ICMP TTL expired (Time-to-live exceeded) packets? Why is it different?
Sent from 128.93.162.83.
Type, Checksum, Checksum Status, Sequence number r, the Sequence number is somewhat different.
Because the source IP address sent is different.
13. During your Tracert path tracing process, is there a link whose delay is significantly longer than other links? If so, what do you think are the possible reasons?
Yes, this is the echo response message returned by the destination host, because the principle of the tracert program is to send data packets with increased TTL. When the packet with TTL = 1 reaches the router, the router will discard the packet and send an ICMP error. to the requesting machine. The last group of 3 datagrams can reach the destination host. At this time, because they are received by the destination host, the destination host will not lose the packet, but actually receives the probed datagram and responds.
Experiment (6) UDP protocol analysis
1. What is the IP address corresponding to www.ust.hk?
143.89.12.134
2. Select any UDP packet from the captured data. From this packet, determine how many fields the UDP header has. What are the names of these fields?
answer:
User Datagram Protocol, Src Port: 61451, Dst Port: 53
Source Port (source port number): 61451
Destination Port: 53
Length (UDP segment length: UDP header + data length): 46
Checksum: 0x65f8 [unverified]
Stream index:9
3. Check the Wireshark captured packet display content. What is the length (in bytes) of each UDP header field?
Answer: UDP segment length: UDP header (8 Bytes) + data length (corresponding to different application services)
4.What is the value in the "Length" field? What length does it represent?
Answer: The UDP header has 4 fields, each field is 2 bytes, so:
the maximum number of bytes: 4 * 2 = 8 bytes
5. What is the maximum number of bytes possible in a UDP payload (i.e. the data part excluding the headers)? Explain how you calculated it.
6 bytes
6. What is the maximum possible source port number? Explain how you calculated it.
The maximum possible source port value is 2^16-1
7.What is the protocol number of UDP at the IP layer? Answer in hexadecimal and decimal respectively. (View the contents of the Protocol field of the IP datagram containing this UDP segment)
Answer:
Internet Protocol Version 4, Src: 192.168.1.102, Dst: 192.168.1.104
Protocol: UDP (17)
Hexadecimal: 0x11
Decimal: 17
8. Check a pair of UDP packets, your host sends a UDP packet (refer to the frame numbered 5 in the picture, the number you captured may be different) to the DNS server (8.8.8.8), the next UDP packet ( Number 6) is the reply from the DNS server (8.8.8.8) to the UDP packet number 5 you sent. Describe the relationship between the UDP port numbers (ports) in these two packets.
Send UDP data packet, IP address: 172.23.10.9 Port number: 61451
Receive UDP data packet, IP address: 8.8.8.8 Port number: 53
Experiment (7) TCP protocol analysis experiment
1. What is the IP address and TCP port number used by your computer? What is the IP address of the FTP server (teacher machine)? On which port number does the teacher's machine send and receive TCP segments?
172.23.10.6
3263
172.23.10.67
34946
2. Analyze the frame numbered 1. What is the Sequence Number of the TCP SYN segment used to establish a TCP connection between your computer and the teacher's computer? How did you determine this was a TCP SYN segment?
0X002
Look at the picture and find the first data sent by the teacher for analysis. You can get it by analyzing the Flags.
3. Analyze the frame numbered 1. In the TCP Options field, find the Maximum segment size (MSS). What is the value of MSS? Refer to the textbook and explain the role of MSS.
1460bytes
4. Analyze the frame numbered 2. What is the sequence number of the TCP SYN-ACK segment sent by the teacher's computer to your computer? What is the Acknowledgment Number? How did you determine that this was a TCP SYN-ACK segment? Refer to the textbook to explain the process of establishing a TCP connection.
6634946 to 3263
1
The code bit of the first segment of the handshake process is set to SYN, and the sequence number is x, indicating the start of a handshake. After receiving this segment, the receiver sends a segment back to the sender. The code bits are set to SYN and ACK, the sequence number is set to y, and the acknowledgment sequence number is set to x+1. After receiving this segment, the sender knows that it can send TCP data, so it sends an ACK segment to the receiver, indicating that the connection between the two parties has been established.
5. Starting from the frame numbered 4, the teacher's computer begins to transmit the file Alice.txt to your computer. Please expand the frames numbered 4 to 10 respectively (the results you capture may be different, as long as there are 2 frames you sent. Just give the teacher’s confirmation) and record the sequence number and confirmation number of each TCP segment:
(Source IP, port number) (Destination IP, port number) Serial number Confirmation number
—————— ———————— ——— ———
4:172.23.10.67 34946 172.23.10.6 3263 1 1
5:172.23.10.6 3263 172.23.10.67 34946 1 1461
6:172.23.10.67 34946 172.23.10.6 3263 1461 1
7: 172.23.10.6 3263 172.23.10.67 34946 1 2921
8:172.23.10.67 34946 172.23.10.6 3263 2921 1
9:172.23.10.6 3263 172.23.10.67 34946 1 4381
10:172.23.10.67 34946 172.23.10.6 3263 4381 1
Analyze the relationship between sequence numbers and acknowledgment numbers among these TCP segments. The TCP segment numbered 4 was sent to your computer by the teacher's computer. Where did you confirm this segment? Browse the TCP segment sent to you by the teacher. What is the length of the largest TCP segment [TCP Segment Len]? Why is this value?
6. In your capture results, find the following frames 11 to 14 (your capture results may be different, as long as it can show the 4 message exchanges of TCP closing the connection):
Please expand the frames numbered 11 to 14 respectively and record the sequence number and confirmation number of each TCP segment:
(Source IP, port number) (Destination IP, port number) Serial number Confirmation number Flags->Fin value
—————— —————— ——— ——— ——————
11:172.23.10.18 2715 172.16.16.143 55417 1 152139 0x010
12:172.16.16.143 55417 172.23.10.18 2715 152139 1 0x010
13:172.23.10.18 2715 172.16.16.143 55417 2 152140 0x010
14:172.23.10.18 2537 172.16.16.143 21 85 386 0x010
Experiment (8)-Web page request process
Bob is a student. He brought a laptop to school and found a twisted pair to connect to the campus network.
Then he opened the browser, entered a website in the address bar, and hit Enter to display the page in the browser.
Next, you need to combine the network knowledge you have learned to explain the execution process of each step in the above Web page request process.
Read the document and answer the 24 steps briefly.
Step 1:. Create a DHCP request message and put this message into a UDP segment. The UDP segment is placed into an IP datagram with a broadcast IP destination address (255.255.255.255) and 0.0.0.0 source IP address.
Step 2: Place the IP datagram containing the DHCP request message in an Ethernet frame so that the frame is broadcast to all devices connected to the switch; the source MAC address of the frame is the MAC address of Bob's laptop.
Step 3: The broadcast Ethernet frame containing the DHCP request is the first frame Bob's laptop sends to the Ethernet switch. The switch broadcasts incoming frames on all outgoing ports.
Step 4: The router receives the broadcast Ethernet frame containing the DHCP request on its interface with the MAC address and extracts the IP datagram from the Ethernet frame. The broadcast IP destination address of the datagram indicates that the IP datagram should be sent by that node. The upper layer protocol processing, so the datagram's payload (UDP segment) is multiplexed to UDP, and the DHCP request message is extracted from the UDP segment.
Step 5: The DHCP server creates a DHCP ACK message that contains the IP address, the IP address of the DNS server, the IP address of the default gateway router, and the subnet block. DHCP messages are placed in UDP segments, UDP segments are placed in IP datagrams, and IP datagrams are placed in Ethernet frames. The Ethernet frame has the source MAC address of the router to the home network interface and the destination MAC address of Bob's laptop.
Step 6: The Ethernet frame containing the DHCP ACK is sent (unicast) by the router to the switch. Since the switch is learning itself and has previously received an Ethernet frame (containing a DHCP request) from Bob's laptop, the switch knows to only forward the frame for one address to the output port leading to Bob's laptop.
Step 7: Bob's laptop receives the Ethernet frame containing the DHCPACK, extracts the IP datagram from the Ethernet frame, extracts the UDP segment from the IP datagram, and extracts the DHCPACK message from the UDP segment. Bob's DHCP client then logs his IP address and the IP address of the DNS server. It also installs the address of the default gateway into its IP forwarding table. Bob's laptop will send all datagrams with destination addresses in his subnet to the default gateway. At this point, Bob's laptop has initialized its network components and is ready to start processing web page fetching.
Step 8: The operating system on Bob's laptop therefore creates a DNS query message, placing the string "www.google.com" in the question portion of the DNS message. This DNS message is then placed in a UDP segment with destination port 53 (DNS server). The UDP segment is then placed in the IP datagram for the IP destination address (the DNS server address returned in the DHCP ACK in step 5) and the source IP address. Step 9: Bob's laptop places the datagram containing the DNS query message
in in an Ethernet frame. The frame will be sent (addressed at the link layer) to the gateway router in Bob's school network.
Step 10: Bob's laptop creates an ARP query message for the destination IP address, places the ARP message in an Ethernet frame with a broadcast destination address, and sends the Ethernet frame to the switch, which sends the frame to all Connected devices, including gateway routers.
Step 11: The gateway router receives the frame containing the ARPquery message on the interface to the school network and finds that the destination IP address of 68.85.2.1 in the ARP message matches the IP address of its interface. Therefore, the gateway router prepares an ARP reply indicating that its MAC address 00:22:6B:45:1F:1B corresponds to the IP address 68.85.2.1. It places the ARP reply message in an Ethernet frame and sends the frame to the switch, which delivers the frame to Bob's laptop. Step 12: Bob's laptop receives the frame containing the ARP
reply message and sends it from Extract the MAC address of the gateway router from the ARP reply message.
Step 13: Bob’s laptop can now address Ethernet frames containing DNS queries to the gateway router’s MAC address. Bob's laptop sends this frame to the switch, which sends the frame to the gateway router.
Step 14: The gateway router receives the frame and extracts the IP datagram containing the DNS query. The router looks up the destination address of this datagram and determines from its forwarding table that the datagram should be sent to the leftmost router in the Comcast network in the diagram.
Step 15: The leftmost router in the Comcast network receives the frame, extracts the IP datagram, examines the datagram's destination address, and forwards it to the Internet's interdomain protocol BGP. Step 16: The IP datagram contains the DNS
query Reach the DNS server. The DNS server extracts the DNS query message and looks for the name www.google. And find the DNS resource record that contains the IP address of www.google.com. (assuming it's currently cached in the DNS server). The DNS server forms a DNS response message containing this hostname to IP address mapping and places the DNS response message in a UDP segment and places the segment in the IP datagram addressed to Bob's laptop. The datagram will be forwarded through the Comcast network back to the school's router, and from there through the Ethernet switch to Bob's laptop.
Step 17: Bob’s laptop extracts the IP address of the server www.google. Conform to DNS messages. Finally, after a lot of work, Bob's laptop can now contact the www.google.com server.
Step 18: Now that Bob's laptop's IP address is www.google.com, it can create a TCP socket, using to send an HTTP GET message to www.google.com. When Bob creates a TCP socket, the TCP in Bob's laptop must first perform a three-way handshake with TCP
www.google.com. So, Bob's laptop first creates a TCP SYN segment (for HTTP) with destination port 80, places the TCP segment inside the IP datagram at the destination IP address, and puts the datagram inside the frame at the destination MAC address (gateway router) and sends the frame to the switch.
Step 19: The routers in the school network, Comcast network, and Google network forward the datagram containing the TCP SYN to www.Google.com, using the forwarding in each router. Posted.
Step 20: Bob's laptop first creates a TCP SYN segment (for HTTP) with a destination port of 80, places the TCP segment within the IP datagram of the destination IP address (www.google.com), and places the data The packet is placed in the frame at the destination MAC address (the gateway router) and the frame is sent to the switch. Comcast's network and Google's network forward the datagram containing the TCP SYN to www.Google.com, using the forwarding in each router. Posted, eventually, the datagram containing the TCP SYN arrives at www.Google.com. The TCPSYN message is extracted from the datagram and demultiplexed to the welcome socket associated with port 80. A connection socket is created for the TCP connection between the Google HTTP server and Bob's laptop. A TCPSYNACK segment is generated, placed in a datagram sent to Bob's laptop, and finally placed in a link layer frame suitable for the link to www.google.
Step 21: The datagram containing the TCP SYNACK segment is forwarded through Google, Comcast, and the school network, eventually reaching the Ethernet card in Bob's laptop.
Step 22: Now access www.google.com with the socket on Bob's laptop ready to send bytes, Bob's browser creates an HTTP GET message containing the URL to be fetched. The HTTP GET message is then written to the socket and the GET message becomes the payload of the TCP segment. TCP segments are placed in datagrams and sent to www.google.com
Step 23: HTTP server at www.google.com. com reads the HTTP GET message from the TCP socket, creates an HTTP response message, places the requested web page content in the body of the HTTP response message, and sends the message to the TCP socket.
Step 24: The datagram containing the HTTP reply message is forwarded through Google, Comcast, and the school network and reaches Bob's laptop. Bob's web browser program reads the HTTPresponse from the socket, extracts the html of the web page from the body of the HTTP response, and finally displays the web page!