Second experiment: using Packet Tracer application layer protocol analysis
Personal information
- Zheng Lanyan
- 201821121064
- Calculated 1813
1 Purpose
Familiar with Packet Tracer tool. Analysis caught application layer protocol packets, application layer protocol-depth understanding, including syntax, semantics, timing.
2 Experimental content
Use Packet Tracer, properly configured network parameter, packet data capture and analysis application layer protocol, the protocol comprising DNS, FTP, DHCP, stmp, pop3. Steps include:
- Establish a network topology
- Configuration parameters
- Ethereal
- Analysis of the data packet
3. The test report
(1) establish a network topology
Description: Connect with a host PC and a server, networking topology
3.1 DNS
(1) Configuration Parameters
IP address (192.168.1.64) client
IP address (192.168.1.65) of the server
Open DNS, add a domain name www.baidu.com
(4) capture and analyze packets captured
DNS Message
DNS Query
Name: is the domain name you want to query, belonging to the variable length fields. His format is "Length (1 byte) bytes + N content (N is defined by the length of the front) + ~~~ + 0. length to the start of a unit of length N, then N consecutive bytes of its contents, and then a byte is a length of N2, N2 and then followed by another byte content, until it encounters the length of the mark length is zero.
Query name you want to find the name, it consists of a sequence identifier or more. Count value of each identifier in the first byte has been described that the identifier length, each name ending in 0. Counting the number of bytes must be between 0 to 63. This field without padding bytes.
TYPE: length 16, indicates the type of query. Probably values as follows:
resource record type enum QueryType // query.
{
A × 01 = 0, // IP address of the specified computer.
NS = 0 × 02, // specify the DNS name server for the named area.
MD = 0 × 03, // station specifies the message (this type obsolete, instead of using MX)
the MF = 0 × 04, // specifies the message transfer station (obsolete this type, instead of using MX)
a CNAME = 0 × 05, // specify the canonical name for an alias.
SOA = 0 × 06, // the specified "start authority" for DNS zone.
MB = 0 × 07, // specify the mail domain.
MG = 0 × 08, // specifies the message group.
MR = 0 × 09, // specifies the message rename domain.
NULL = 0x0A, // specify an empty resource records
WKS = 0x0B, // described known service.
PTR = 0x0C, // if the query is an IP address, specify computer name; otherwise specified pointer to other information.
HINFO = 0x0D, // specify the computer's CPU and operating system type.
MINFO = 0x0E, // specified mailbox or mail list information.
MX = 0x0F, // specify the mail exchanger.
TXT = 0 × 10, // specified text information.
UINFO = 0 × 64, // the specified user information.
UID = 0 × 65, // the specified user identifier.
GID = 0 × 66, // the specified group identifier of the group name.
ANY = 0xFF // specify all data types.
};
Class: 16 bits in length, it indicates the classification.
enum QueryClass // protocol group specific information.
{
The IN = 0 × 01, // specified Internet category.
CSNET = 0 × 02, // CSNET specified category. (Obsolete)
the CHAOS × 03 = 0, // Chaos specified category.
HESIOD = 0 × 04, // MIT Athena Hesiod specified category.
ANY = 0xFF // specify any wildcard previously listed.
};
TTL: represents the survival time indicates the resource record can be cached
LENGTH: indicates the length of data resources
DNS Answer
NAME: domain name included in the resource record.
The TYPE: indicates the type of the DNS protocol.
The CLASS: class represented RDATA.
The TTL:. 4 byte unsigned integer resource record can be cached. 0 represents can only be transferred, but can not be cached.
RDLENGTH: 2-byte unsigned integer RDATA length of
RDATA: variable length strings to represent recorded format of the root and CLASS TYPE related. For example, TYPE is A, CLASS is IN, so RDATA is a 4-byte ARPA network address.
(5) a new questions and answers generated by the test (not required, but are bonus items)
With this experiment if there is a new question, you can write it out and try to solve the problem yourself.
3.2 FTP
(1) Open the FTP server, the user configuration information
(2) PC side of the Command Prompt enter a user name and password
(3) analyze packets
Code: 220 indicates that the connection is successful, the server is ready
FTP Command: USER requests the user login name system
Code: 331 represents input the correct user name, a password is required
PASS indicates a request to enter the password
Code: 230 sign indicates successful
3.3 DHCP
(1) The DHCP server service open
(2) IP DHCP change the Configuration PC side
(3) analyze packets
Request packet:
OP packet type, 1 represents a request packet, response packet represents 2.
HW TYPE Hardware address type, the Ethernet is a 10Mb / s hardware address.
HW LEN hardware address length, 6 is the Ethernet.
HOPS hops. The client is set to 0, it can also be a proxy server settings.
TRANSACTION ID Transaction ID, a random number chosen by the client, the server and client are used to exchange requests and responses between them, with its side to match the client request and response. The ID is provided by the client by the server returns a 32-bit integer.
SECS filled by the client, indicating the start to obtain the IP address or IP address is used to renew the number of seconds from the client.
FLAGS Flags field. This 16-bit field, only the leftmost one bit helpful, the bit is 0, indicating that unicast and 1 for broadcast.
ADDRESS CLIENT IP address of the client. Only the client is Bound, Renew, Rebinding state, and can respond to an ARP request, in order to be filled.
CLIENT ADDRESS YOUR IP address "your own" or clients.
SERVER ADDRESS indicate IP address of the server the next stage of DHCP protocol procedures to be used.
Aggress the AGENT RELAY the IP address of the DHCP relay. // Note: The definition is not the gateway address pool
HARDWARE ADDRESS CLIENT r client hardware address. The client must set its "chaddr" field. UDP packets in the Ethernet frame header has the field, but typically determined header of the Ethernet frame of the field by viewing the UDP packet to obtain the value is difficult or impossible, and the DHCP packets in the UDP protocol carried this field is set, the user process can easily get the value.
SERVER HOSTNAME optional server host name, the field is null-terminated string, filled in by the server.
FILE boot file name is a null-terminated string. DHCP Discover packet is a "generic" name or null character, DHCP Offer packet to provide a valid directory path full name.
OPTIONS Optional parameters field, the format of "+ length + data codes."
Response message
OP indicates packet type, packet 2 shows the response
YOUR CLIENT ADDRESS indicates that the client address
ADDRESS SERVER IP address of the DHCP protocol represents the next stage in the process to be used by the server
DHCP Options
OP: represents the DNS Server
LEN: indicates the length
DOMAIN NAME SERVER: Indicates the IP domain name server
OP is the primary DNS server name
LEN denotes a variable length
DOMAIN NAME represents a Domain Name
3.4 smtp and pop3
(1) PC side configuration email
(2) server configured email
(3) the server's DNS service is turned on, and add two domain names
(4) PC client to send messages to the server.
(5) the packet analysis
The e-mail message sent to the server
Acceptance e-mail messages
4. The experiment generated questions and answers
Question: What is the pop3 and smtp?
answer:
pop3 --- reception
POP3 is Post Office Protocol 3 for short, that the Post Office Protocol version 3, which defines how a personal computer connected to the electronic mail server and download e-mail protocol of the Internet.
It is the first off-line protocol standard Internet e-mail, POP3 allows users to store the mail from the server to the local host (ie your computer), and save deleted messages on the mail server and POP3 server it is to follow the POP3 Incoming mail server protocol for receiving e-mail.
Send SMTP ---
SMTP stands for "Simple Mail Transfer Protocol", ie the Simple Mail Transfer Protocol. It is from a set of source to destination message transfer standard, which controls the relay by way of the message.
SMTP protocol is TCP / IP protocol suite, it helps each computer to find the next destination or transit when sending mail. SMTP server to send mail is to follow the SMTP protocol server.
