根据抓到的包,分析icmp报文格式,给出icmp的类型字段值是多少 ping命令使用了ICMP协议的各类型的报文是什么?
ICMP\u534f\u8bae\u5bf9\u5e94\u7684\u6570\u636e\u94fe\u8def\u5c42type\u5b57\u6bb5\u662f\u591a\u5c11icmp\u534f\u8bae\u5bf9\u5e94\u7684IP\u5c42\u534f\u8bae\u662f1
\u6570\u636e\u94fe\u8def\u5c42\uff0c\u7531\u4e8e\u4e2d\u95f4\u8de8\u4e86\u4e00\u5c42\uff0c\u5177\u4f53\u662f\u591a\u5c11\u4e0d\u4e00\u5b9a\uff0c\u8981\u770b\u91c7\u7528\u4ec0\u4e48\u5c01\u88c5\u65b9\u5f0f
\u5982\u679c\u662fIp\u5c01\u88c5\u7684\u8bdd\uff0ctype\u662f0x0800
\u4f7f\u7528\u7684\u662f\u7c7b\u578b8\u548c0\uff0c\u5176\u8fc7\u7a0b\u5982\u4e0b\uff1a
ICMP ECHO(Type 8) \u548cECHO Reply (Type 0)
\u6211\u4eec\u4f7f\u7528\u4e00\u4e2aICMP ECHO\u6570\u636e\u5305\u6765\u63a2\u6d4b\u4e3b\u673a\u5730\u5740\u662f\u5426\u5b58\u6d3b\uff08\u5f53\u7136\u5728\u4e3b\u673a\u6ca1
\u6709\u88ab\u914d\u7f6e\u4e3a\u8fc7\u6ee4ICMP\u5f62\u5f0f\uff09\uff0c\u901a\u8fc7\u7b80\u5355\u7684\u53d1\u9001\u4e00\u4e2aICMP ECHO(Type 8)\u6570\u636e\u5305\u5230\u76ee\u6807
\u4e3b\u673a\uff0c\u5982\u679cICMP ECHO Reply(ICMP type 0)\u6570\u636e\u5305\u63a5\u53d7\u5230\uff0c\u8bf4\u660e\u4e3b\u673a\u662f\u5b58\u6d3b\u72b6\u6001\u3002
\u5982\u679c\u6ca1\u6709\u5c31\u53ef\u4ee5\u521d\u6b65\u5224\u65ad\u4e3b\u673a\u6ca1\u6709\u5728\u7ebf\u6216\u8005\u4f7f\u7528\u4e86\u67d0\u4e9b\u8fc7\u6ee4\u8bbe\u5907\u8fc7\u6ee4\u4e86ICMP\u7684REPLY\u3002
|-------------------------------------------------------------
| |
| ------ ICMP ECHO request ------ |
| |HOST| \u2014\u2014\u2014\u2014\u2014\u2014\u2014\u2014\u2014\u2014---> |HOST| |
| | A | <----------------------- | B | |
| | | \u5982\u679c\u5b58\u6d3b\u6216\u8005\u6ca1\u6709\u8fc7\u6ee4 | | |
| ------ \u5c06\u8fd4\u56deICMP RCHO REPLY ------ |
| |
--------------------------------------------------------------
\u8fd9\u79cd\u673a\u5236\u5c31\u662f\u6211\u4eec\u901a\u5e38\u6240\u7528\u7684ping\u547d\u4ee4\u6765\u68c0\u6d4b\u76ee\u6807\u4e3b\u673a\u662f\u5426\u53ef\u4ee5ping\u5230\u3002
首先先看一个包的格式,由下图可知,报文由IP首部和ICMP报文组成,先看下IP包的首部和大小
使用Wireshark简单分析ICMP报文
红色框中蓝色为IP首部,共有20字节
使用Wireshark简单分析ICMP报文
下图为红色框中的蓝色为ICMP报文,共有40个字节
使用Wireshark简单分析ICMP报文
ICMP报文的具体格式
使用Wireshark简单分析ICMP报文
由此可以看到刚才的截图
Type:8
Code:0
Checksum:0x4c90
通过查询ICMP报文类型可知,Type为8的包为 回射请求(Ping请求)
使用相同的方法,查看Echo (ping) reply包,得到type类型为0
通过查询ICMP报文类型可知,Type为0的包为 回射应答(Ping应答)
具体如下图
绛旓細棣栧厛鍏堢湅涓涓寘鐨勬牸寮忥紝鐢变笅鍥惧彲鐭ワ紝鎶ユ枃鐢盜P棣栭儴鍜孖CMP鎶ユ枃缁勬垚锛屽厛鐪嬩笅IP鍖呯殑棣栭儴鍜屽ぇ灏 浣跨敤Wireshark绠鍗鍒嗘瀽ICMP鎶ユ枃 绾㈣壊妗嗕腑钃濊壊涓篒P棣栭儴锛屽叡鏈20瀛楄妭 浣跨敤Wireshark绠鍗曞垎鏋怚CMP鎶ユ枃 涓嬪浘涓虹孩鑹叉涓殑钃濊壊涓篒CMP鎶ユ枃锛屽叡鏈40涓瓧鑺 浣跨敤Wireshark绠鍗曞垎鏋怚CMP鎶ユ枃 ICMP鎶ユ枃鐨勫叿浣撴牸寮 浣跨敤Wireshark...
绛旓細闄曡タ甯堣寖澶у 璁$畻鏈虹綉缁 瀹為獙鎶ュ憡瀹為獙涓僆CMP涓銆佸疄楠岀洰鐨1.鐔熸倝骞舵帉鎻ireshark鐨勬搷浣溿2.鍒嗘瀽ICMP鍗忚銆備簩銆佸疄楠屽櫒鏉1.PC鏈虹數鑴戜竴鍙般2.涓嬭浇wireshark杞欢骞跺畨瑁呬笁銆佸疄楠屽唴瀹瑰強闂鍥炵瓟1.ICMPandPing1.鎵撳紑wireshark寮濮嬫姄鍖2.鍦╳idows鍛戒护涓嬭緭鍏ing鈥搉10www.ust.hk3.寰卲ing绋嬪簭缁堟,鍋滄wireshark鎶撳寘1.WhatistheI...
绛旓細瀹冩槸TCP/IP鍗忚闆嗕腑鐨勪竴涓瓙鍗忚,灞炰簬缃戠粶灞傚崗璁 ICMP鍗忚鍜孶DP鍗忚涓鏍锋槸鍩轰簬鏃犺繛缁撶殑锛屼竴鏍峰鏄撲吉閫 瀹冧綅浜嶪P灏佽鐨勪笅闈紝鍐呭姣旇緝绠鍗
绛旓細浠ヤ笂杩囩▼涓嶆柇杩涜锛岀洿鍒扮洰鐨勭鏀跺埌婧愮鍙戦佺殑UDP鎶ユ枃鍚庯紝鍒ゆ柇鍑虹洰鐨処P鍦板潃鏄湰鏈篒P鍦板潃锛屽垯澶勭悊姝ゆ姤鏂囥鏍规嵁鎶ユ枃涓殑鐩殑UDP绔彛鍙峰鎵惧崰鐢ㄦ绔彛鍙风殑涓婂眰鍗忚锛屽洜鐩殑绔病鏈夊簲鐢ㄧ▼搴忎娇鐢ㄨUDP绔彛鍙凤紝鍒欏悜婧愮杩斿洖涓涓狪CMP绔彛涓嶅彲杈撅紙Destination Unreachable锛夋姤鏂囥傛簮绔敹鍒癐CMP绔彛涓嶅彲杈炬姤鏂囧悗锛屽垽鏂...
绛旓細鎴戜滑鍏堜粠瀹炴垬鍏ユ墜锛屾參鎱㈣繃娓″埌鐞嗚銆傞氳繃wireshark鎶撳寘銆傚浘1.1涓垜浠琾ing baidu锛屽緱鍒扮殑IP鍦板潃鏄 183.232.231.172銆備笅闈㈡垜浠鏍规嵁杩欎釜IP鍦板潃鏉鍒嗘瀽銆傚鍥2.1鎵绀猴紝鎴戜滑閫氳繃wireshark鎶撳寘鍚庯紝閫氳繃鍛戒护 杩囨护鍑烘潵涓浜鎶ユ枃锛杩欎簺鎶ユ枃鍗忚閮芥槸ICMP鍗忚銆俻ing , traceroute 閮芥槸鍩轰簬ICMP鍗忚鏉ュ疄鐜扮殑銆備粠涓婂浘鎴戜滑...
绛旓細浣犺鐨勮繖涓棶棰橈紝棣栧厛锛岄粯璁ょ殑璺敱鍣ㄧ殑ip鍦板潃鏄192.168.1.1 锛屼絾鏄繖鏄竴涓鐢ㄥ湴鍧锛屼綘鐢ㄧ殑tracert鍛戒护鏄拷韪殑鍒拌揪鐧惧害鏈嶅姟鍣ㄧ殑鍏綉ip鍦板潃 鍐嶈咃紝鍦ㄥ叕缃戜笂闈㈣矾鐢卞櫒鏄笉浼氳浆鍙戠鐢ㄥ湴鍧鐨勬暟鎹鍖呯殑锛杩欐槸鑲畾鐨勩傝繕鏄氨鏄繖涓矾鐢卞櫒鐨刬p鍦板潃鍙槸涓涓薄寰佹х殑鍦板潃锛屽拰loopback鐜洖鍦板潃鏄樊涓嶅鐨勶紝瀹...
绛旓細ICMP鍖鍙互鍖呭惈璇婃柇淇℃伅(ping, traceroute 鈥 娉ㄦ剰鐩墠unix绯荤粺涓殑traceroute鐢║DP鍖呰屼笉鏄疘CMP)锛岄敊璇俊鎭(缃戠粶/涓绘満/绔彛 涓嶅彲杈 network/host/port unreachable), 淇℃伅(鏃堕棿鎴硉imestamp, 鍦板潃鎺╃爜address mask request, etc.)锛屾垨鎺у埗淇℃伅 (source quench, redirect, etc.) 銆備綘鍙互鍦/assignments/...
绛旓細璁╂垜浠氳繃ping鍛戒护鏉ュ涔犳姄鍖呭拰鏁版嵁鍒嗘瀽銆傞鍏堬紝閫夋嫨鍚堥傜殑缃戝崱锛岀劧鍚庤缃姄鍖呰繃婊ゆ潯浠讹紝渚嬪锛氭姄鍖呰繃婊ゅ櫒: 鍦–apture Filters鑿滃崟涓缃紝濡傛寚瀹氭姄鍙栨潵鑷狪P鍦板潃60.207.246.216鐨処CMP鏁版嵁鍖呫傛樉绀鸿繃婊ゅ櫒: 鎶撳彇鍚庯紝浣跨敤鏉′欢杩囨护鏉ュ墧闄ゆ棤鍏虫暟鎹紝濡俰p.addr == 211.162.2.183 and icmp銆傚湪绠鍗曠殑鍦烘櫙涓紝...
绛旓細涓嶈繃,tcpdump 鎻愪緵浜嗘妸鎴彇鐨勬暟鎹繚瀛樺埌鏂囦欢鐨勫姛鑳,浠ヤ究鍚庨潰浣跨敤鍏朵粬鍥惧舰宸ュ叿(姣斿 wireshark,Snort)鏉鍒嗘瀽銆 -w 閫夐」鐢ㄦ潵鎶婃暟鎹鎶ユ枃杈撳嚭鍒版枃浠: 濡傛灉鎯冲疄鏃跺皢鎶撳彇鍒扮殑鏁版嵁閫氳繃绠¢亾浼犻掔粰鍏朵粬宸ュ叿鏉ュ鐞,闇瑕佷娇鐢 -l 閫夐」鏉ュ紑鍚缂撳啿妯″紡(鎴栦娇鐢 -c 閫夐」鏉ュ紑鍚暟鎹寘缂撳啿妯″紡)銆備娇鐢 -l 閫夐」鍙互灏嗚緭鍑洪氳繃绔嬪嵆...
绛旓細Wireshark锛堝墠绉癊thereal锛夋槸涓涓綉缁滃皝鍖鍒嗘瀽杞欢銆傜綉缁滃皝鍖呭垎鏋愯蒋浠剁殑鍔熻兘鏄挿鍙栫綉缁滃皝鍖咃紝骞跺敖鍙兘鏄剧ず鍑烘渶涓鸿缁嗙殑缃戠粶灏佸寘璧勬枡銆俉ireshark浣跨敤WinPCAP浣滀负鎺ュ彛锛岀洿鎺ヤ笌缃戝崱杩涜鏁版嵁鎶ユ枃浜ゆ崲銆傚噯澶囧伐浣滐細鎵撳紑Wireshark杞欢锛岀櫥褰晀q銆 閫夋嫨鎶撳寘锛屾墦寮qq涓庣綉鍙嬭亰澶╋紝杩囦竴浼氬仠姝㈡姄鍖呫 鍙互鐪嬪埌Wireshark鐨勪富绐楀彛...
