Wireshark-Lab7:ICMP

最新推荐文章于 2025-11-01 01:14:06 发布

原创

最新推荐文章于 2025-11-01 01:14:06 发布 · 6.5k 阅读

78 ·

CC 4.0 BY-SA版权

文章标签：

#前端 #c++ #开发语言

本实验深入探讨了ICMP协议，通过捕获Ping和Traceroute程序生成的数据包。实验展示了如何使用Wireshark进行数据包嗅探，分析了ICMP消息的类型、代码、校验和、标识符等关键字段。实验结果显示，源主机IP为192.168.1.101，目标主机IP为143.89.14.34。ICMP数据包不包含源端口号和目的端口号，因为它主要在主机和路由器间传递网络层信息。Traceroute程序通过递增TTL值来确定数据包路径，而ICMP错误数据包包含比响应数据包更多的字段，如IP头和原始ICMP数据的前8字节。

更好的阅读体验

Lab7:ICMP

In this lab, we’ll explore several aspects of the ICMP protocol:

在本实验中，我们将探讨 ICMP 协议的几个方面：

ICMP messages generating by the Ping program;

Ping 程序生成的 ICMP 消息;
ICMP messages generated by the Traceroute program;

Traceroute 程序生成的 ICMP 消息;
the format and contents of an ICMP message.

ICMP 消息的格式和内容。

Before attacking this lab, you’re encouraged to review the ICMP material in section 5.6 of the text1 . We present this lab in the context of the Microsoft Windows operating system. However, it is straightforward to translate the lab to a Unix or Linux environment.

在开始本实验之前，我们建议您查看课本的 5.6 节中的 ICMP 章节。此实验是在Windows 下完成的，如果您使用其他系统也不用担心，因为大体都相同。

1. ICMP and Ping ICMP 协议和 Ping 程序

Let’s begin our ICMP adventure by capturing the packets generated by the Ping program. You may recall that the Ping program is simple tool that allows anyone (for example, a network administrator) to verify if a host is live or not. The Ping program in the source host sends a packet to the target IP address; if the target is live, the Ping program in the target host responds by sending a packet back to the source host. As you might have guessed (given that this lab is about ICMP), both of these Ping packets are ICMP packets.

让我们通过捕获 Ping 程序生成的数据包开始我们的 ICMP 实验。您可能还记得Ping 程序是一个简单的工具，允许任何人（例如：网络管理员）验证主机是否存标主机中的 Ping 程序将会发送响应 Ping 数据包证明他在线，这两个 Ping 数据包都是 ICMP 数据包。因此您可能猜出我们这个实验都是关于 ICMP 的实验了。

Do the following : 请按照以下动作做：

Let’s begin this adventure by opening the Windows Command Prompt application (which can be found in your Accessories folder). 打开 windows 的命令提示符。
Start up the Wireshark packet sniffer, and begin Wireshark packet capture.

启动 Wireshark 数据包嗅探器，并开始 Wireshark 数据包捕获。
The ping command is in c:\windows\system32, so type either “ping –n 10 hostname” or “c:\windows\system32\ping –n 10 hostname” in the MS-DOS command line (without quotation marks), where hostname is a host on another continent. If you’re outside of Asia, you may want to enter www.ust.hk for the Web server at Hong Kong University of Science and Technology. The argument “-n 10” indicates that 10 ping messages should be sent. Then run the Ping program by typing return.

Ping 程序在 c:\windows\system32 目录中，所以您在命令提示符中输入“ping –n 10 hostname” 或 “c:\windows\system32\ping –n 10 hostname”都是正确的（注意命令是引号里的内容）。其中 hostname 是另一个大陆的主机名。如您如果在非亚洲地区，建议您访问香港科技大学 www.ust.hk ，参数-n 10代表发送 10 个 Ping 消息，然后按下回车执行命令。
When the Ping program terminates, stop the packet capture in Wireshark.

当 Ping 程序终止时，停止在 Wireshark 中捕获数据包。

At the end of the experiment, your Command Prompt Window should look something like Figure 1. In this example, the source ping program is in Massachusetts and the destination Ping program is in Hong Kong. From this window we see that the source ping program sent 10 query packets and received 10 responses. Note also that for each response, the source calculates the round-trip time (RTT), which for the 10 packets is on average 375 msec.

在实验结束时，您的命令提示符窗口应如图 1 所示。在此示例中，源 ping 程序位于马萨诸塞州，目标 Ping 程序位于香港。从这个窗口我们看到源 ping 程序发送了10 个查询包并收到了 10 个响应。另请注意，对于每个响应，源计算往返时间（RTT），对于 10 个数据包平均为 375 毫秒。