陕西师范大学 计算机网络 实验报告

年级：12级计科2班 姓名：

学号： 实验日期：2012-11-28

实验名称：Wireshark Lab:ICMP

一、 实验目的

1、 会用wireshark分析ICMP协议，对ICMP协议有个全面的学习与了解

2、 分析ICMP协议，学习ICMP报文段的各领域。

3、掌握ICMP协议以及ping和 tracert 两种命令。

二、 实验器材

1、 接入internet的计算机主机。

2、 抓包工具wreshark 和截图工具

三、 实验内容实验操作实践与步骤

(一)、ICMP and Ping

1、打开wireshark开始抓包。

2、在windows命令下输入ping-n

1、 待ping程序终止，停止wireshark抓包。实验截图如下：

1. What is the IP address of your host? What is the IP address of the destination host?

答：截图如下：

由图可知：本地主机IP地址是10.150.191.7

目的主机IP地址是143.89.14.2

2. Why is it that an ICMP packet does not have source and destination port numbers?

答：ICMP用于主机和路由器彼此交互网络层信息,它的报文中有一个类型字段和一个编码字段，用来表示特定的消息被接收。因为它能解释所有消息，所以ICMP报文不需要源和目的端口。

3. Examine one of the ping request packets sent by your host. What are the ICMP type and code numbers? What other fields does this ICMP packet have? How many bytes are the checksum, sequence number and identifier fields?

答：如下截图：

由图可知：ICMP类型为8，编码为0，可知是是对Ping的回显回答。ICMP报文其他字段包括：checksum(2字节),identifier(2字节),sequence number(2字节)，sequence number（LE），data fields.

4. Examine the corresponding(相应的) ping reply packet. What are the ICMP type and code numbers? What other fields does this ICMP packet have? How many bytes are the checksum, sequence number and identifier fields?

答：由上图可知。ICMP的type是0，code是0，它的其他字段还包括：checksum(2字节),identifier(2字节),sequence number(2字节)，sequence number（LE），data fields.

（二）、ICMP和tracerout

1、打开wireshark开始抓包。

2、在Windows命令下输入tracert www.inria .fr

3、等tracert程序结束后，停止抓包。

5. What is the IP address of your host? What is the IP address of the target destination host?

答：截图如下：可知主机的IP地址是：10.2.136.54，目标主机的IP是：193.51.193.149

6. If ICMP sent by UDP packets instead (as in Unix/Linux), would the IP protocol number still be 01 for the probe packets? If not, what would it be?

答：不是01，因为它的上层协议UDP.,所以它的protocol number 不是ICMP（1）。

7. Examine the ICMP echo packet in your screenshot. Is this

different from the ICMP ping query packets in the first half of this lab? If yes, how so?

答：Ping 请求消息如下：

Tracert请求的消息如下：

二者的checksum ,sequence number ,data的值都不一样。

8. Examine the ICMP error packet in your screenshot. It has more fields than the ICMP echo packet. What is included in those fields? 答：在error packet 中，

在ecoh packet中，

相比两者，error packet 比echo packet 多出了

9. Examine the last three ICMP packets received by the source host. How are these packets different from the ICMP error packets? Why are they different?

答：后三个reply消息中与error 分组相比，error packet 比它们多出了如下消息：

10. Within the tracert measurements, is there a link whose delay is significantly longer than others? Refer to the screenshot in Figure 4, is there a link whose delay is significantly longer than others? On the basis of the router names, can you guess the location of the two routers on the end of this link?

答：在tracert跟踪中，时延差距很大，如图所示

由IP地址查询可知一个位于美国一个位于欧洲的奥地利，所以时延很长。

四、实验总结

通过实验进一步学习了ICMP协议的格式，知道其功能是差错报告，以及在ping 和tracert命令中ICMP协议的使用，并比较了在这两种命令中ICMP数据包的异同；同时知道ICMP数据包中没有源端口号和目的端口号。

第二篇：ICMP攻击及其相应对策