This experiment uses a network configuration, the host IP address 172.16.0.0 segment. Two pairs, each group to submit electronic reports.
This course requires an experiment in class and then write the report, the last open-book exam, here is my sort of problem, the corresponding answer in the PDF, 25 too many, there is need for self-created it
Link: https: //pan.baidu.com/s/1Gq0TM5lgZ5CgAItHqOaklA
extraction code: l3x4
copy the contents of this open Baidu network disk phone App, the operation more convenient oh
- And the length of the LLC frame header (destination MAC-6, the source MAC-6, protocol type or data length -2)
- The actual length of the Ethernet frame header: the header of the LLC frame 14 + 4 byte CRC
- Compare SAP meaning control field three LLC frames
- Protocol type or data length field mean? If this field is> 0600H (1536 in decimal), indicates the protocol type, less than, data indicating the length of the latter, so that in Experiment 1, the field is 0040, indicating the data length of the back 60 (64-4,4 bit LLC. header length)
- Objective MAC LLC frame is broadcast FFFFFFF-FFFFFF
- Different IP address and MAC address: bits, protocol, assignment based on the protocol layer different
- IPconfig command to check the machine IP, MAC, DNS, gateway, MASK
- See route print native routing table: table entry comprises: the IP object, netmask, gateway, an output interface Interface, the path length METRIC
- This machine is the default route in the routing table: Network Destination of 0.0.0.0
- IP protocol header fields and the meaning (sixteen mechanism will give an Ethernet frame byte information, it determines the protocol type, IP address, port, etc.), the total length of the IP packet header length = data length 20Byte +
- Protocol type, data length field used Value (hex): 0800: IP protocol 8600: IPV6 protocol 0806: ARP protocol
- Common high-level protocol type value (hex) IP protocol: ICMP: 01 IGMP: 02 TCP06 UDP: 11 OSPF: 59
- Experiment Question 2: View of the captured frame length is how many? It is consistent with the length of the message editor? Inconsistent, because the IP packet after encapsulation, capture the frame length 14 is the length of the total length of the IP packet frames + LLC
- Experiment 2 Question: Why has the destination port unreachable message: edit the package because no transport layer, no process receives, so ...
- IPV6 and IPV4 difference, the corresponding field? (NextHeader TTL HopLimit)
- IP broadcast
- IP fragmentation (emphasis): IP fragmentation of this experiment is to use PIng achieve, due to the principle Ping is the use of ICMP query messages, there is an 8-byte ICMP header in the IP data portion, therefore, the entire data section ping is the number of bytes + 8 bytes, if ping3000, sliced into (3000 + 8) / 3 = 1480, a last IP data length of 3008-1480 * 2 = 48, IP packets total length is 48 + 20 = 68 bytes, a total length of the last frame is 82
- IP fragment (ping), ping how long to keep the last frame is 82 bytes? 1480 * n + 40
- netstat command: -s shows the machine has been accepted and the number of IP packets transmitted -r: shows the routing tables
- -e: View Ethernet statistics
- arp -a to view the contents of the cache table
- ARP Request message header: MAC layer -ARP layer
- Different network sends ARP packets principle (spoken computer network), during which the same IP packet, the MAC is changed, TTL change (number of gateways through the reaction)
- ARP spoofing principle
- IP conflict principle: free ARP (ARP inquiry packet, the source and destination IP are their own IP)
- The role of the ARP cache: reducing the number of broadcasts sent, improve parsing speed
- Why ARP entries over time, would disappear? It has aging mechanism
- ICMP packet types and formats, codes, carried in the IP layer protocol
- ICMP timestamp packets and response packets format
- Compare and ICMPV4 of ICMPV6
- ICMP redirect (what characteristics data?)
- UDP checksum fill 0, which means no check
- Manually calculate UDP packet format and checksum
- UDP port is not up, generate ICMP error messages
- UDP limited broadcast and direct broadcasting, the difference between the two
- DNS: nslookup domain DNS message edition (forward and reverse lookup queries)
- Changes in TCP three-way handshake sequence number and acknowledgment number
- TCP connection release changes
- TCP experiments, the host sends a reply message, whether to capture two consecutive response packet, the ACK and the former than the latter? Will, it is possible for the first ACK packet is lost, the recipient retransmission timeout led to the subsequent arrival
- UDP port scan
- TCP port scan SYN (RST representative Close, SYN / ACK representatives open), FIN scans (unix: Close restore RST, windows: all replies RST)
- FTP command, port, etc., the PORT effect, control and data connections
- HTTP protocol
- DHCP four phases
- DHCP message format
- SMTP protocol