The second experiment: the understanding of the application layer protocol

Others 2019-09-22 16:32:25 views: null

The second experiment: the understanding of the application layer protocol

  • Name: Wang Lulu
  • Student ID: 201821121037
  • Class: calculated 1812

0 Abstract

In this report, I will try to grab a packet DNS, FTP, DHCP, SMTP, POP3 and other application layer protocols, and grab the data packets for analysis, in-depth understanding of each application layer protocol in the network transmission play a role.

1 Purpose

Familiar with Packet Tracer tool. Analysis caught application layer protocol packets, application layer protocol-depth understanding, including syntax, semantics, timing.

2 Experimental content

Use Packet Tracer, properly configured network parameter, packet data capture and analysis application layer protocol, the protocol comprising DNS, FTP, DHCP, stmp, pop3. Steps include:

  • Establish a network topology
  • Configuration parameters
  • Ethereal
  • Analysis of the data packet

3 test report

Throughout the experiment, to construct the network topology, then the client and server configuration parameters selected to fetch packages, and then enter the address of the server to be accessed from the client, run, to crawl analysis of data packets.

3.1 Establish a network topology

 

Pictured on this experiment will be used in the network topology. The network topology is simple, the left PC-PT client, to the right server Server-PT, with a simple line connection therebetween.

 

3.2 DNS packet

  • What is DNS: DNS is the Internet naming system used for converting easier for people to use the machine name to an IP address.
  • Domain name to IP address resolution process: When an application process needs to resolve host names to IP addresses, the application process will be called analytical procedures, and become a client DNS, the domain name to be resolved will be placed in the DNS request packets to UDP user datagram way distributed to local name server. Find a local domain name server after the domain name, the corresponding IP address in the reply message to communicate to return the application to obtain the IP address of the destination host.

Configuration parameters 3.2.1

(1) prior to the IP address of the client and the server's configuration.

Client IP:

Server IP:

 

 

 (2) In the Services window server, DNS domain name open configuration, add a domain name in the DNS, which can resolve the IP address of the domain name server. Operation below:

(3) After the server port finished configuring the DNS, the client's IP settings configure the DNS Server. Operation below:

 

 

 (4) These parameters configured, select a crawl of a DNS packet in simulation, and then enter the address of the domain name in the client, to access the content in the domain.

 

 

 (5) Finally, the following results will appear in the simulation:

 

 

 

 After obtaining this result, it can be analyzed to crawl to the DNS packets.

3.2.2 capture and analyze captured packets

3.2.2.1 Header

In the DNS Message will generally include this information:

    Header-- message header

    Question --DNS request

    Answer-- answer resource record request (Resource Record (s))

    Authority-- resource records point to domain

    Additional-- Other resource records

 

  • QDCOUNT indicates the number of records in the message request issue section (QD represents the Questions the Count )
  • ANCOUNT represents the number of records that answer message answer in paragraph (AN represents the Answer )
  • NSCOUNT represents the authorization record number of packets authorized to paragraph (NS represents the Authoritative Nameservers )
  • ARCOUNT indicates the number of additional recording in the additional message segment (AR is represented Additional Recoreds )

 

3.2.2.2 query message

  • NAME represents the query name. The query name is not fixed, without using stuffing bytes, the field represented by the general need to query the domain name is
  • TYPE represents the type of query. TYPE: 4 meaning that a mail forwarder
  • CLASS represents the query type. CLASS general value is 1, indicating that the Internet address
  • TTL indicates the survival time. The time in seconds, represents the life cycle of resource records, generally used when the address resolution procedure after removing resource records decide to save time and use the cached data, it also can indicate the degree of stability in the resource record, is extremely stable the information will be assigned a large value (such as 86400, which is the number of seconds a day)
  • LEBGTH indicates the resource data length. This field is a variable length field that indicates the data associated resource records returned by a query in accordance with the requirements of section can be Address (indicates that the query response message you want is an IP address) or CNAME (show the desired query message response is a canonical host name), etc.

For TYPE there are other values ​​emulated:

Types of Mnemonic Explanation
1 A Obtain an IPv4 address from the domain name
2 NS Domain Name Server query
5 CNAME Query specification name
6 SOA For licensing
11 WKS Known service
12 PTR Converting IP addresses into domain names
13 HINFO Host Information
15 MX Mail Exchange
28 YYYY Obtain an IPv6 address from the domain name
252 AXFR Transfer request entire region
255 ANY Request for all records

 3.2.2.3 reply message

 

 

Similar meaning and message of each parameter query reply message in.

  • NAME represents the domain name contained in the resource record. Its format and name queries Queries field area is the same. There is one difference, when the packet domain repeated, this field uses 2 bytes to represent the offset pointer
  • TYPE represents the type of resource record
  • CLASS represents the resource record class
  • TTL represents the life cycle of a resource record
  • LENGTH indicates the data length of the resource
  • IP represents the results obtained by DNS

3.3 FTP packet

Configuration parameters 3.3.1

(1) complete DNS crawl, no change has set a good client IP address and server IP address

(2) will open an FTP server Services and set the record FTP username and password

(3) modify the FTP package to crawl

 

 

 (4) Open the Command Prompt Client

(5) in the Command Prompt access ftp server address

At this time, you will get a packet, and requests to enter a user name.

Asks after (6) to enter a user name password, enter the password in the Password input line, you can enter to access the ftp

 

 

 

 

 

 Enter "help" command can be used to query available

 

 

 (7) below shows the simulation obtained after the last data packet

3.3.2  capture and analyze captured packets

(1) server response to a request to enter ftp server requirements

 

  •  Code: 220 represents the new users of the service is ready Ftp
  • Message Code is the explanation of which will be explained in the output Command Prompt the user is prompted to enter the server Ftp

(2) appears in the Username Command Prompt, the user name input, and the command information to the server, requesting access to the ftp

 

  • FTP Command: USER represents the FTP user specified remote computer
  • FTP Argument: cisco represents the specified user name to log in to a remote computer using cisco

(3) End enter a user name, the server response packet analysis

 

  • Code: 331 indicates the presence of the input user name, a password is required
  • Message Code is a detailed explanation for prompting the user

(4) Next Password command will appear in the client, you need to enter the password here

 

  • FTP Command: PASS represents the ftp command is the password
  • FTP Argument: cisco indicates where the command is to be entered is cisco

(5) after finished entering the password, the server returns to the client a response packet

 

  •  Code: ftp landing is successful representation of 230
  • Message indicates that the interpretation of the Code, for prompting the user

(6) When the user wants to exit ftp, you can enter the command quit, then the client will send a command to the ftp server request packets

 

  • FTP Command: QUIT represents the ftp command is used to exit
  • After FTP Argument no information indicates the instruction is not input information back QUIT

(7) when exiting succeeds, the server returns the client wants a response packet

 

  • Code: 221 represents the server closes the connection to the ftp control
  • Message is the interpretation of the Code, as well as prompt to the user

In the ftp commonly used commands are the following:

  USER <username> System Login

  PASS <password> system login password

  TYPE <datatype> File Type (A = ASCII, E = EBCDIC, I = binary)

  STRU <type> data structure (F = file, R = record, P = Page)

  MODE <mode> Transfer Mode

  PASV connection request waiting for data

  PORT <address> IP address and a two byte port id

  CWD <dirpath> change the working directory on the server

  LIST <name> list of files and directories display

  PWD current working directory

  RETR <filename> to download files from the server to the client

  REST <offset> to restart a specific offset file delivery

  STOR <filename> upload files to the server

  STOU <filename> upload files to the server (not overwrite files with the same name)

  ACCT <account> system priority

  Specify the file on DELETE <filename> Delete server

  RMD <directory> delete the specified directory on the server

  MKD <directory> to establish the specified directory on the server

  QUIT Log from ftp server

Common response code as follows:

  332 Need account name 331 valid user name, a password is required

  Login success Login failed 230 530

  200 success

  227 into the passive mode (sending IP and port number)

  220 server is ready to shut down the server 421

  225 data connection 425 to open a data connection can not be opened

  Close the data connection 226

  452 552 more than enough disk space allocated storage space

  426 End connections

  500 Invalid command 504 Invalid command parameter

  501 502 Command not perform error parameter

  125 data connection is opened to start transmission in a short time

  120 server ready in a short time to prepare

  250 completed file behavior

  257 current pathname 550 unusable file

  553 551 does not allow file names do not know the type of page

3.4 DHCP Packet

Configuration parameters 3.4.1

(1) The DHCP server service opens, and will begin to set the IP address 192.168.1.0

 

 (2) the IP address of the client is set to DHCP to obtain

 

 (3) changes to crawl data package for DHCP

 

 (4) Start the simulation results obtained

3.4.2 capture and analyze captured packets

(1) Request message as shown below:

  • OP indicates the packet type, wherein 1 represents a request packet
  • HW TYPE indicates the type of hardware address, wherein a value of 1 indicates Ethernet 10Mb / s hardware address
  • HW LEN indicates the hardware address length, while the value in the Ethernet 6
  • HOPS represents the hops, the client is set to 0, this value can also be a proxy settings
  • TRANSACTION ID indicates the transaction ID, a random number chosen by the client, the server and client are used to exchange requests and responses between them, with its matching client requests and responses, the ID provided by the client returned by the server, a 32-bit integer
  • SECS indicated after starting to get the IP address or the IP address from the client to renew the use of the number of seconds, filled by the client
  • FLAGS represents the symbol field, this 16-bit field, only the leftmost one bit helpful, the bit is 0, which indicates unicast, broadcast represents 1
  • CLIENT ADDRESS represents the IP address of the client. But this is only the client is Bound, Renew, Rebinding state, and can respond to the ARP request, in order to be filled
  • YOUR CLIENT ADDRESS represents the IP address "your own" or client
  • SERVER ADDRESS represents the IP address of the server the next stage of the process of the DHCP protocol to be used
  • RELAY AGENT ADDRESS indicates the IP address of the DHCP relay
  • CLENT HARDWARE ADDRESS represents the client hardware address
  • SERVER HOSTNAME represents the optional server host name, the field is null-terminated string, completed by the server
  • FILE indicates the startup file name is a null-terminated string
  • OPTIONS indicates the optional parameter field, the format of "+ length + Code Data"

(2) a response message as shown below:

Various parameters of the response packet request message consistent with the meaning, which is a value of 2 indicates OP response packet.

 

  • DOMAIN NAME SERVER: IP address of the DNS server gives the

3.5 SMTP and POP3

Configuration parameters 3.5.1

(1) Services provided in the server first opening SMTP and POP3 services to EMAIL, FIG operates as follows:

 

 The Email information (2) configure the client, the configuration as shown below:

 

 (3) Email server configuration information, the configuration as shown below:

 

 (4) write a mail client and send the message to the server

When the following prompt, indicate sends an error, according to the investigation data found on a small set up two DNS domain name, so that the client can not contact the server's IP address

The DNS (5) disposed Server

 

 (6) Send a message will appear after the success of the following figure:

 

 (7) sending the message packet obtained

(8) Click on "Receive" in the client's message, receiving files from the server over the pass, the receiver will be successful at drawing information

(9) the received message packet obtained

3.5.2 capture and analyze captured packets

(1) when sending mail message

 (2) the message when receiving mail

4 Reference:

DNS request packets which have several parts: http://09105106.blog.163.com/blog/static/2483578201342584441807/

Principle and DNS resolution process: https://www.cnblogs.com/gopark/p/8430916.html

DNS message format analysis: https://jocent.me/2017/06/18/dns-protocol-principle.html

Detailed FTP command: http://blog.chinaunix.net/uid-21411227-id-1826769.html

FTP implementation principle and packet capture analysis: https://www.jianshu.com/p/05212313d0e2

DHCP message parsing: http://blog.chinaunix.net/uid-20530497-id-2203830.html

Guess you like

Origin www.cnblogs.com/jmuaia-wll/p/11567176.html
Recommended
Ranking
Empire cms smart tag calls four first-level recommended articles, starting from the fourth article
Linux environment installation and configuration Elasticsearch7.17
Big Data processing architecture and Lambda Kappa architecture
Explore the top of the AI large model platform - Wenxin Qianfan
Beijing car PK10 lucky airship Guanya size and value of the odd and even tips
W3B x Sui Hacker House|In-depth understanding of Sui and Move language
Know almost Ko Chan: Chinese what any decent open source software products? (Finishing from my original answer)
Comprehensively improve AD domain security authentication | Zhuyun IDaaS
Android Update Engine Analysis (24) What happened when making the downgrade package?
Spark Architecture and Operating Mechanism (1) - System Architecture
Daily
More
2024-05-07(34)
2024-05-06(6)
2024-05-05(0)
2024-05-04(18)
2024-05-03(8)
2024-05-02(0)
2024-05-01(4)
2024-04-30(36)
2024-04-29(5)
2024-04-28(12)

Code World

© 2018 codetd.com