Table of contents
9. Suggestions for improving the experimental process, methods and means
one. Purpose
1. Master the working principle of TCP protocol
2. Master the TCP connection establishment and connection termination process
3. Understand the characteristics of control connections and data connections during FTP sessions
two. Preliminary knowledge
1. TCP segment format
2. TCP connection concept and process
three. Experimental principle
The FTP protocol is an application layer protocol for file transfer. It adopts the client/server model to implement the file transfer function and uses the connection-oriented and reliable transmission service provided by the TCP protocol. Two TCP connections are used between the FTP client and the server to transfer files: the control connection (TCP port 21) and the data connection (TCP port 20). During the entire FTP session interaction, the control connection is always in the connected state; the data connection is opened using the PORT command or PASV command during each file transfer, and is closed after the file transfer is completed. Therefore, if multiple files are transferred throughout an FTP session, the data connection will be opened and closed multiple times.
The TCP protocol (RFC 793) is a connection-oriented, reliable transport layer protocol that completes connection-oriented transmission through the two processes of connection establishment and connection termination. TCP connection establishment is often referred to as the "three-way handshake." Before establishing a TCP connection, the server program needs to issue a passive open request to its TCP module, indicating that the server is ready to accept the client's connection. The client program must issue an active open request to its TCP module, indicating that the client needs to connect to a specific server. The TCP connection can then be established. Taking the client's active TCP connection as an example, the TCP connection establishment process is as follows:
(1) Client TCP sends a SYN segment. The segment includes the source port number, destination port number, the client's initial sequence number, the maximum length (MSS) of TCP segment data that the client can receive, and other information.
(2) After receiving the client's SYN segment, the server-side TCP returns a SYN and ACK segment. This message segment uses the ACK flag and confirmation number field to confirm that the client's SYN message segment has been received, and also initializes the server-side message segment.
(3) After receiving the SYN and ACK message segments from the server, the client TCP sends an ACK message segment. This segment uses the ACK flag and confirmation number field to confirm that the SYN and ACK segments from the server have been received.
Either party in a TCP connection (client or server) can close the connection. When one party's connection is terminated, the other party can continue to send data to the other party. Therefore, four actions are required to close a bidirectional TCP connection. Taking the client actively closing the TCP connection as an example, the TCP connection termination process is as follows:
(1) The client TCP sends a FIN segment to announce that it wants to terminate the connection.
(2) After the server-side TCP receives the client's FIN segment, it returns an ACK segment to confirm that it has received the client's FIN segment.
(3) Server-side TCP can continue to send data in the server-to-client direction. When the server has no more data to send, it sends a FIN segment.
(4) After the client TCP receives the FIN segment from the server, it returns an ACK segment to confirm that it has received the FIN segment from the server.
Four. Experiment content
five. Experimental steps
For detailed experimental procedures, please refer to the TCP//IP Experiment Instructions. Since the steps are too long, I won’t go into details here.
- Experimental data and result analysis
- Record all TCP message segments captured on subnet A in step 5 in the order of capture. The record information is as follows:
IP packet header |
TCP segment |
||||||||
IP address |
port |
serial number |
Confirmation number( |
Flag bit |
window |
Length (bytes) |
|||
source |
Purpose |
source |
Purpose |
capital |
data |
||||
192.168.11.2 |
192.168.22.253 |
1032 |
21 |
0xabe19a9b |
0x0 |
SYN |
0xfaf0 |
28 |
0 |
192.168.22.253 |
192.168.11.2 |
21 |
1032 |
0xe1fbe2c2 |
0xabe19a9c |
SYN, ACK |
0xfaf0 |
28 |
0 |
192.168.11.2 |
192.168.22.253 |
1032 |
21 |
0xabe19a9c |
0xe1fbe2c3 |
ACK |
0xfaf0 |
20 |
0 |
192.168.22.253 |
192.168.11.2 |
21 |
1032 |
0xe1fbe2c3 |
0xabe19a9c |
PSH,ACK |
0xfaf0 |
20 |
27 |
192.168.11.2 |
192.168.22.253 |
1032 |
21 |
0xabe19a9c |
0xe1fbe2de |
ACK |
0xfad5 |
20 |
0 |
192.168.11.2 |
192.168.22.253 |
1032 |
21 |
0xabe19a9c |
0xe1fbe2de |
PSH,ACK |
0xfad5 |
20 |
10 |
192.168.22.253 |
192.168.11.2 |
21 |
1032 |
0xe1fbe2de |
0xabe19aa6 |
PSH,ACK |
0xfae6 |
20 |
72 |
192.168.11.2 |
192.168.22.253 |
1032 |
21 |
0xabe19aa6 |
0xe1fbe326 |
ACK |
0xfa8d |
20 |
0 |
192.168.11.2 |
192.168.22.253 |
1032 |
21 |
0xabe19aa6 |
0xe1fbe326 |
PSH,ACK |
0xfa8d |
20 |
10 |
192.168.22.253 |
192.168.11.2 |
21 |
1032 |
0xe1fbe326 |
0xabe19ab0 |
PSH,ACK |
0xfadc |
20 |
31 |
192.168.11.2 |
192.168.22.253 |
1032 |
21 |
0xabe19ab0 |
0xe1fbe345 |
ACK |
0xfa6e |
20 |
0 |
192.168.11.2 |
192.168.22.253 |
1032 |
21 |
0xabe19ab0 |
0xe1fbe345 |
PSH,ACK |
0xfa6e |
20 |
24 |
192.168.22.253 |
192.168.11.2 |
21 |
1032 |
0xe1fbe345 |
0xabe19ac8 |
PSH,ACK |
0xfac4 |
20 |
30 |
192.168.11.2 |
192.168.22.253 |
1032 |
21 |
0xabe19ac8 |
0xe1fbe363 |
PSH,ACK |
0xfa50 |
20 |
16 |
192.168.22.253 |
192.168.11.2 |
21 |
1032 |
0xe1fbe363 |
0xabe19ad8 |
PSH,ACK |
0xfab4 |
20 |
64 |
192.168.22.253 |
192.168.11.2 |
20 |
1034 |
0x23fe47db |
0x0 |
SYN |
0xfaf0 |
28 |
0 |
192.168.11.2 |
192.168.22.253 |
1034 |
20 |
0x2238e9ca |
0x23fe47dc |
SYN, ACK |
0xfaf0 |
28 |
0 |
192.168.22.253 |
192.168.11.2 |
20 |
1034 |
0x23fe47dc |
0x2238e9cb |
ACK |
0xfaf0 |
20 |
0 |
192.168.22.253 |
192.168.11.2 |
20 |
1034 |
0x23fe47dc |
0x2238e9cb |
PSH,ACK |
0xfaf0 |
20 |
5 |
192.168.22.253 |
192.168.11.2 |
20 |
1034 |
0x23fe47e1 |
0x2238e9cb |
FINE, THANKS |
0xfaf0 |
20 |
0 |
192.168.11.2 |
192.168.22.253 |
1032 |
21 |
0xabe19ad8 |
0xe1fbe3a3 |
ACK |
0xfa10 |
20 |
0 |
192.168.11.2 |
192.168.22.253 |
1034 |
20 |
0x2238e9cb |
0x23fe47e2 |
ACK |
0xfaeb |
20 |
0 |
192.168.11.2 |
192.168.22.253 |
1034 |
20 |
0x2238e9cb |
0x23fe47e2 |
FINE, THANKS |
0xfaeb |
20 |
0 |
192.168.22.253 |
192.168.11.2 |
21 |
1032 |
0xe1fbe3a3 |
0xabe19ad8 |
PSH,ACK |
0xfab4 |
20 |
24 |
192.168.22.253 |
192.168.11.2 |
20 |
1034 |
0x23fe47e2 |
0x2238e9cc |
ACK |
0xfaf0 |
20 |
0 |
192.168.11.2 |
192.168.22.253 |
1032 |
21 |
0xabe19ad8 |
0xe1fbe3bb |
ACK |
0xf9f8 |
20 |
0 |
192.168.11.2 |
192.168.22.253 |
1032 |
21 |
0xabe19ad8 |
0xe1fbe3bb |
PSH,ACK |
0xf9f8 |
20 |
6 |
192.168.22.253 |
192.168.11.2 |
21 |
1032 |
0xe1fbe3bb |
0xabe19ade |
PSH,ACK |
0xfaae |
20 |
7 |
192.168.22.253 |
192.168.11.2 |
21 |
1032 |
0xe1fbe3c2 |
0xabe19ade |
FINE, THANKS |
0xfaae |
20 |
0 |
192.168.11.2 |
192.168.22.253 |
1032 |
21 |
0xabe19ade |
0xe1fbe3c3 |
ACK |
0xf9f1 |
20 |
0 |
192.168.11.2 |
192.168.22.253 |
1032 |
21 |
0xabe19ade |
0xe1fbe3c3 |
FINE, THANKS |
0xf9f1 |
20 |
0 |
192.168.22.253 |
192.168.11.2 |
21 |
1032 |
0xe1fbe3c3 |
0xabe19adf |
ACK |
0xfaae |
20 |
0 |
【analyze】
1) How many TCP connections are established between the FTP client and FTP server in step 5? What are the IP addresses, TCP port numbers and initial sequence numbers of both parties in each connection?
two;
First connection:
IP address 1 |
Port 1 |
IP address 2 |
Port 2 |
Initial serial number |
192.168.22.253 |
21 |
192.168.11.2 |
1032 |
0xabe19a9b |
192.168.11.2 |
1032 |
192.168.22.253 |
21 |
0xe1fbe2c2 |
Second connection:
IP address 1 |
Port 1 |
IP address 2 |
Port 2 |
Initial serial number |
192.168.22.253 |
20 |
192.168.11.2 |
1034 |
0x23fe47db |
192.168.11.2 |
1034 |
192.168.22.253 |
20 |
0x2238e9ca |
2) Does the window value in the TCP segment define the sending window or receiving window of the source or destination of the segment?
The receiving window of the source.
3) Which types of TCP segment headers carry MSS option information in the experiment?
标し位中訳SYN的TCP报Bundan. (SYN),(SYN,ACK)
2. Record all TCP connection establishment, connection termination and connection reset message segments captured on subnet A in step 7 in the order of capture. The record information is as follows:
The three different colors in the table below represent three different TCP connections.
IP packet header |
TCP segment |
||||||||
IP address |
port |
serial number |
Confirmation Number |
Flag bit |
window |
Length (bytes) |
|||
source |
Purpose |
source |
Purpose |
capital |
data |
||||
192.168.11.2 |
192.168.22.253 |
1043 |
21 |
0x75e2accc |
0x0 |
SYN |
0xfaf0 |
28 |
0 |
192.168.22.253 |
192.168.11.2 |
21 |
1043 |
0xd501c8cb |
0x75e2accd |
SYN, ACK |
0xfaf0 |
28 |
0 |
192.168.11.2 |
192.168.22.253 |
1043 |
21 |
0x75e2accd |
0xd501c8cc |
ACK |
0xfaf0 |
20 |
0 |
192.168.11.2 |
192.168.22.253 |
1044 |
1030 |
0x35861f3d |
0x0 |
SYN |
0xfaf0 |
28 |
0 |
192.168.22.253 |
192.168.11.2 |
1030 |
1044 |
0xec7d8155 |
0x35861f3e |
SYN, ACK |
0xfaf0 |
28 |
0 |
192.168.11.2 |
192.168.22.253 |
1044 |
1030 |
0x35861f3e |
0xec7d8156 |
ACK |
0xfaf0 |
20 |
0 |
192.168.22.253 |
192.168.11.2 |
1030 |
1044 |
0xec7d8188 |
0x35861f3e |
FINE, THANKS |
0xfaf0 |
20 |
0 |
192.168.11.2 |
192.168.22.253 |
1044 |
1030 |
0x35861f3e |
0xec7d8189 |
ACK |
0xfabe |
20 |
0 |
192.168.11.2 |
192.168.22.253 |
1044 |
1030 |
0x35861f3e |
0xec7d8189 |
FINE, THANKS |
0xfabe |
20 |
0 |
192.168.22.253 |
192.168.11.2 |
1030 |
1044 |
0xec7d8189 |
0x35861f3f |
ACK |
0xfaf0 |
20 |
0 |
192.168.11.2 |
192.168.22.253 |
1045 |
1031 |
0xb0c5973e |
0x0 |
SYN |
0xfaf0 |
28 |
0 |
192.168.22.253 |
192.168.11.2 |
1031 |
1045 |
0xb3e83e9a |
0xb0c5973f |
SYN, ACK |
0xfaf0 |
28 |
0 |
192.168.11.2 |
192.168.22.253 |
1045 |
1031 |
0xb0c5973f |
0xb3e83e9b |
ACK |
0xfaf0 |
20 |
0 |
192.168.22.253 |
192.168.11.2 |
1031 |
1045 |
0xb3e83ea0 |
0xb0c5973f |
FINE, THANKS |
0xfaf0 |
20 |
0 |
192.168.11.2 |
192.168.22.253 |
1045 |
1031 |
0xb0c5973f |
0xb3e83ea1 |
ACK |
0xfaeb |
20 |
0 |
192.168.11.2 |
192.168.22.253 |
1045 |
1031 |
0xb0c5973f |
0xb3e83ea1 |
FINE, THANKS |
0xfaeb |
20 |
0 |
192.168.22.253 |
192.168.11.2 |
1031 |
1045 |
0xb3e83ea1 |
0xb0c5973f |
ACK |
0xfaf0 |
20 |
0 |
192.168.11.2 |
192.168.22.253 |
1043 |
21 |
0x75e2ad6b |
0xd501cbda |
FINE, THANKS |
0xf7e2 |
20 |
0 |
192.168.22.253 |
192.168.11.2 |
21 |
1043 |
0xd501cbda |
0x75e2ad6c |
ACK |
0xfa52 |
20 |
0 |
192.168.22.253 |
192.168.11.2 |
21 |
1043 |
0xd501cbda |
0x75e2ad6c |
FINE, THANKS |
0xfa52 |
20 |
0 |
192.168.11.2 |
192.168.22.253 |
1043 |
21 |
0x75e2ad6c |
0xd501cbdb |
ACK |
0xf7e2 |
20 |
0 |
【analyze】
- How many TCP connections are established between the FTP client and FTP server in step 7? What are the IP addresses, TCP port numbers and initial sequence numbers of both parties in each connection?
Three TCP connections
Article 1:
IP address 1 |
Port 1 |
IP address 2 |
Port 2 |
Initial serial number |
192.168.22.253 |
21 |
192.168.11.2 |
1043 |
0xd501c8cb |
192.168.11.2 |
1043 |
192.168.22.253 |
21 |
0x75e2accc |
Article 2:
IP address 1 |
Port 1 |
IP address 2 |
Port 2 |
Initial serial number |
192.168.22.253 |
1030 |
192.168.11.2 |
1044 |
0x35861f3d |
192.168.11.2 |
1044 |
192.168.22.253 |
1030 |
3967648085 |
Article 3:
IP address 1 |
Port 1 |
IP address 2 |
Port 2 |
Initial serial number |
192.168.22.253 |
1031 |
192.168.11.2 |
1045 |
0xb3e83e9a |
192.168.11.2 |
1045 |
192.168.22.253 |
1031 |
0xb0c5973e |
- How do the FTP session interactions of steps 5 and 7 differ? Explain the reasons for these differences.
FTP的连接有控制连接和数据连接。在步骤5中数据连接的发起方是服务器(端口20),但是在步骤七当中数据连接的发起方是客户端不是服务端。此外,相应的端口也有所不同。
原因:FTP协议有两种工作方式:PORT方式和PASV方式,即主动与被动。
IE浏览器使用PORT方式,即主动。在这种模式下,客户端使用随机端口号,向服务器的21号端口发起建立控制连接的请求;客户端通过控制连接,告诉服务端,自身开放的数据连接的端口(随机产生的);服务器使用端口20,主动向客户端发起建立数据连接的请求,进行文件传输;最后,文件传输完成,关闭TCP连接。
命令行的FTP传输采用的PASV方式。客户端使用随机端口,向服务器21号端口发起建立连接的请求;服务器通过控制连接,告诉客户端,自身开放的数据连接的端口号(随机产生);客户端使用随机端口号,向服务器端的数据连接端口发起TCP连接,然后开始进行文件传输;最后文件传输完成,关闭TCP连接。
- 实验结论
- 需要用哪些参数来标识一条TCP 连接?
源IP,目的IP,源端口号,目的端口号
- 利用记录的 TCP 报文段信息,在一张时序图中画出步骤 5 中 FTP 客户与FTP 服务器之间的整个 TCP 报文段交互过程。
要求:在图中注明每个 TCP 报文段的编号、类型、序号和确认号,并标注出每一条 TCP 连接的连接建立、数据传输和连接终止阶段。
以下图片中,TCP1连接用蓝色表示,TCP2连接用黑色表示。
下图中,序号和确认号采用的是真实值(十进制)
图3 TCP连接 |
八、总结及心得体会
1.在此次实验当中,学习了如何在虚拟机中配置IP等,以及熟练了对VM下虚拟机的使用。
2.在实验当中,对实验过程中的FTP的控制信道和数据信道有了深刻的认识和了解。掌握了FTP的两种工作方式主动模式和被动模式。
3.在实验过程中,要认真仔细,不要把步骤操作顺序搞反了。
九、对本实验过程及方法、手段的改进建议
1.建议可以增加一下对报文的分析,采用别的软件,不借助wireshark直接对报文进行分析,根据课上学习的相关协议报文的格式,对捕获的数据进行分析。