Home > Others

Address Resolution Protocol ARP, Network layer protocol IP, ICMP protocol

Source: Internet
Author: User
Developer on Alibaba Coud: Build your first app with APIs, SDKs, and tutorials on the Alibaba Cloud. Read more >

Software download for analysis: Wireshark-win32-1.10.2.exe

Read the guided Tour

1. Analyze and apply the ARP protocol

2. Analyzing IP Protocols

3. Analyzing the ICMP protocol

1. Analysis of the format and content of ARP messages

(1) The ARP request message of ping 172.18.3.132:

000108000604000100e04c512ae8ac12038e000000000000ac120384

Physical network Type hardware type:0001-ethernet (1)

Protocol type Protocol TYPE:0800-IP (0x0800)

Physical Address length hardware size:06-6

Protocol Address Length Protocol size:04-4

Operation Opcode:0001-request (1):

Sender's physical address, sender, MAC addresses:

00e04c512ae8-realteks_51:2a:e8 (00:e0:4c:51:2a:e8)

Sender IP Address Sender IP addresses:

ac12038e-172.18.3.142 (172.18.3.142)

Target Physical Address target MAC address:

000000000000-00:00:00_00:00:00 (00:00:00:00:00:00)

Target IP Address:

ac120384-172.18.3.132 (172.18.3.132)

(2) The ARP response message for ping 172.18.3.132:

000108000604000200e04cf0ca7eac12038400e04c512ae8ac12038e

Physical network Type hardware type:0001-ethernet (1)

Protocol type Protocol TYPE:0800-IP (0x0800):

Physical Address length hardware size:06-6

Protocol Address Length Protocol size:04-4

Operation Opcode:0002-reply (2)

Sender's physical address, sender, MAC addresses:

00e04cf0ca7e-realteks_f0:ca:7e (00:e0:4c:f0:ca:7e)

Sender IP Address Sender IP addresses:

ac120384-172.18.3.132 (172.18.3.132):

Target Physical Address target MAC address:

00e04c512ae8-realteks_51:2a:e8 (00:e0:4c:51:2a:e8)

Target IP Address:

ac12038e-172.18.3.142 (172.18.3.142):

(3) ARP Request message for Ping 202.202.96.35 (Southwest University Homepage):

000108000604000100e04c512ae8ac12038e000000000000ac120381

Physical network Type hardware type:0001-ethernet (1)

Protocol type Protocol TYPE:0800-IP (0x0800)

Physical Address length hardware size:06-6

Protocol Address Length Protocol size:04-4

Operation Opcode:0001-request (1):

Sender's physical address, sender, MAC addresses:

00e04c512ae8-realteks_51:2a:e8 (00:e0:4c:51:2a:e8)

Sender IP Address Sender IP addresses:

ac12038e-172.18.3.142 (172.18.3.142)

Target Physical Address target MAC address:

000000000000-00:00:00_00:00:00 (00:00:00:00:00:00)

Target IP Address:

ac120381-172.18.3.129 (172.18.3.129)

(4) The ARP response message for ping 202.202.96.35:

0001080006040002001906561e4bac12038100e04c512ae8ac12038e

Physical network Type hardware type:0001-ethernet (1)

Protocol type Protocol TYPE:0800-IP (0x0800):

Physical Address length hardware size:06-6

Protocol Address Length Protocol size:04-4

Operation Opcode:0002-reply (2)

Sender's physical address, sender, MAC addresses:

001906561E4B-CISCO_56:1E:4B (00:19:06:56:1E:4B)

Sender IP Address Sender IP addresses:

ac120381-172.18.3.129 (172.18.3.129):

Target Physical Address target MAC address:

00e04c512ae8-realteks_51:2a:e8 (00:e0:4c:51:2a:e8)

Target IP Address:

ac12038e-172.18.3.142 (172.18.3.142):

Because 202.202.96.35 is not an intra-LAN IP, the request is sent through the gateway to the extranet, so the above operation is actually in communication with the gateway to get the MAC address of the gateway to establish the ARP cache.

(5) The ARP request message that is ping native IP (172.18.3.142) by his machine (172.18.3.134):

000108000604000100e04c501178ac120386000000000000ac12038e

Physical network Type hardware type:0001-ethernet (1)

Protocol type Protocol TYPE:0800-IP (0x0800):

Physical Address length hardware size:06-6

Protocol Address Length Protocol size:04-4

Operation Opcode:0001-request (1)

Sender's physical address, sender, MAC addresses:

00e04c501178-realteks_50:11:78 (00:e0:4c:50:11:78)

Sender IP Address Sender IP addresses:

ac120386-172.18.3.134 (172.18.3.134):

Target Physical Address target MAC address:

000000000000-00:00:00_00:00:00 (00:00:00:00:00:00)

Target IP Address:

ac12038e-172.18.3.142 (172.18.3.142):

(6) ARP response message for ping native IP (172.18.3.142) by his machine (172.18.3.134):

000108000604000200e04c512ae8ac12038e00e04c501178ac120386

Physical network Type hardware type:0001-ethernet (1)

Protocol type Protocol TYPE:0800-IP (0x0800)

Physical Address length hardware size:06-6

Protocol Address Length Protocol size:04-4

Operation Opcode:0001-request (1):

Sender's physical address, sender, MAC addresses:

00e04c512ae8-realteks_51:2a:e8 (00:e0:4c:51:2a:e8)

Sender IP Address Sender IP addresses:

ac12038e-172.18.3.142 (172.18.3.142)

Target Physical Address target MAC address:

00e04c501178-realteks_50:11:78 (00:e0:4c:50:11:78)

Target IP Address:

ac120386-172.18.3.134 (172.18.3.134)

2.analysis of the format and content of IP messages

(1) IP packet for ICMP echo request during ping 172.18.3.132:

4500003c1842000040010349ac12038eac120384

Version: 4

Header Length (headers length): 5-20 bytes

Service type (Differentiated Services Field): 00

-0x00 (DSCP 0x00:default; Ecn:0x00:not-ect (not ecn-capable Transport))

Total Length: 003c-60

Identification (identification): 42-0x1842 (6210)

Flag (Flags): 00-0x00

Slice offset (Fragment offset): 0000-0

Lifetime (Time to live): 40-64

Protocol (PROTOCOL): 01-icmp (1)

Header checksum (header checksum): 49-0x0349 [Correct]

Origin IP address (source): AC 8e-172.18.3.142 (172.18.3.142)

Destination IP address (Destination): AC 12 03 84-172.18.3.132 (172.18.3.132)

(2) IP packet for ICMP echo response during ping 172.18.3.132:

4500003c2e9600004001ecf4ac120384ac12038e

Version: 4

Header Length (headers length): 5-20 bytes

Service type (Differentiated Services Field): 00

-0x00 (DSCP 0x00:default; Ecn:0x00:not-ect (not ecn-capable Transport))

Total Length: 003c-60

Identification (identification): 2e 96-0x2e96 (11926)

Flag (Flags): 00-0x00

Slice offset (Fragment offset): 0000-0

Lifetime (Time to live): 40-64

Protocol (PROTOCOL): 01-icmp (1)

Header checksum (header Checksum): EC F4-0XECF4 [Correct]

Source IP Address: AC 12 03 84-172.18.3.132 (172.18.3.132)

Destination IP address (Destination): AC 8e-172.18.3.142 (172.18.3.142)

Data: for ICMP messages

(3) To access the IP message of a UDP protocol during the swu.edu.cn process:

450000240ef600004011bc0cac1203b5ffffffff

Version: 4

Header Length (headers length): 5-20 bytes

Service type (Differentiated Services Field): 00

-0x00 (DSCP 0x00:default; Ecn:0x00:not-ect (not ecn-capable Transport))

Total Length: 00 24-36

Identification (identification): 0e F6-0x0ef6 (3830)

Flag (Flags): 00-0x00

Slice offset (Fragment offset): 0000-0

Lifetime (Time to live): 40-64

Protocol (PROTOCOL): 11-UDP (17)

Header checksum (header checksum): BC 0C-0XBC0C [Correct]

Origin IP address (source): AC b5-172.18.3.181 (172.18.3.181)

Destination IP address (Destination): FF FF FF ff-255.255.255.255 (255.255.255.255)

Data: for UDP messages

(4) An IP message that accesses an OSPF protocol during the swu.edu.cn process:

6e00000000245901fe80000000000000021906fffe561e4bff020000000000000000000000000005

Version: 6

Communication type (traffic Class): = e 0

Bit stream Kee (Flowlabel): 0 00 00

Load Length (Payload length): 00 24-36

Next header (Next header): 59-OSPF IGP (89)

Hop Limit: 01-1

Source IP Address: FE 1e 4b, the FF Fe, at the

-FE80::219:6FF:FE56:1E4B

Destination IP (Destination): FF 02 00 00 00 00 00 00 00 00 00 00 00 00 00 05

-Ff02::5

(5) To access the IP message of a TCP protocol during the swu.edu.cn process:

450000341c4d40004006fcbeac12038768190a06

Version: 4

Header Length (headers length): 5-20 bytes

Service type (Differentiated Services Field): 00

-0x00 (DSCP 0x00:default; Ecn:0x00:not-ect (not ecn-capable Transport))

Total Length: 00 34-52

Identification (identification): 1c 4D-0X1C4D (7245)

Flag (Flags): 40-0x02 (Don ' t Fragment)

Slice offset (Fragment offset): 0000-0

Lifetime (Time to live): 40-64

Protocol (PROTOCOL): 06-tcp (6)

Header checksum (header checksum): FC BE-0XFCBE [Correct]

Source IP Address: AC 12 03 87-172.18.3.135

Destination IP address (Destination): 0a 06-104.25.10.6

Data: For TCP messages

Analysis of the format and content of IP fragment packets

(1) IP shard packet for ICMP echo request during PING-L 4000 172.18.3.136:

This IP packet is divided into 3 pieces:

First Shard

45000034087340004006cacdac120387246e937c

df:0

Mf:1

Fragment offset:0

A second shard:

450005dc087420b94001ecc0ac120387ac120388

df:0

Mf:1

Fragment offset:1480

A third shard:

4500042c0874017240010db8ac120387ac120388

df:0

mf:0

Fragment offset:2960

(2) IP shard packet for ICMP echo request in Ping-l 5000 172.18.3.136 process

This IP packet is divided into 4 pieces:

First Shard

450005dc08d520004001ed18ac120387ac120388

df:0

Mf:1

Fragment offset:0

A second shard:

450005dc08d520b94001ec5fac120387ac120388

df:0

Mf:1

Fragment offset:1480

A third shard:

450005dc08d521724001eba6ac120387ac120388

df:0

Mf:1

Fragment offset:2960

Fourth Shard:

4500024c08d5022b40010e7eac120387ac120388

df:0

mf:0

Fragment offset:4440

(3) IP shard packet for ICMP echo request in Ping-l 2000 202.202.96.35 process

This IP packet is divided into 2 pieces:

First Shard

450005dc08db2000400171bfac120387caca6023

df:0

Mf:1

Fragment offset:0

A second shard:

4500022408db00b9400194beac120387caca6023

df:0

mf:0

Fragment offset:1480

(4) IP shard message for ICMP echo request 1 in Ping-l www.baidu.com (not ping) process

This IP packet is divided into 3 pieces:

First Shard

450005dc042320004001cb85ac120399b461216c

df:0

Mf:1

Fragment offset:0

A second shard:

450005dc042320b94001caccac120399b461216c

df:0

Mf:1

Fragment offset:1480

A third shard:

45000044042301724001efabac120399b461216c

df:0

mf:0

Fragment offset:2960

(5) IP shard message for ICMP echo request 2 in Ping-l www.baidu.com (not ping) process

This IP packet is divided into 3 pieces:

First Shard

450005dc042f20004001cb79ac120399b461216c

df:0

Mf:1

Fragment offset:0

A second shard:

450005dc042f20b94001cac0ac120399b461216c

df:0

Mf:1

Fragment offset:1480

A third shard:

45000044042f01724001ef9fac120399b461216c

df:0

mf:0

Fragment offset:2960

In the IP Fragment Message analysis experiment, the use of the Ping–l command to set the length of the appropriate IP packets to achieve different sharding effect.

3. Analyzing the format and content of ICMP messages

(1) The ICMP echo request message for ping 172.18.3.132 1:

08004a5c020001006162636465666768696a6b6c6d6e6f7071727374757677616263646566676869

Type (type): 08-Echo Request

Code: 00

Checksum (Checksum): 4a 5c

Logo Identifier (BE) Identifier (LE):

Ordinal Sequence number (BE), Sequence No. (LE):

Optional data (Date):

6162636465666768696a6b6c6d6e6f7071727374757677616263646566676869

(2) The ICMP echo response message for ping 172.18.3.132 1:

0000525c020001006162636465666768696a6b6c6d6e6f7071727374757677616263646566676869

Type: 00-loopback Answer

Code: 00

Checksum (Checksum): 5c

Logo Identifier (BE) Identifier (LE):

Ordinal Sequence number (BE), Sequence No. (LE):

Optional data (Date):

6162636465666768696a6b6c6d6e6f7071727374757677616263646566676869

(3) The ICMP echo request message for ping 172.18.3.132 2:

0800495c020002006162636465666768696a6b6c6d6e6f7071727374757677616263646566676869

Type (type): 08-Echo Request

Code: 00

Checksum (Checksum): 5c

Logo Identifier (BE) Identifier (LE):

Ordinal Sequence number (BE), Sequence numbers (LE):

Optional data (Date):

6162636465666768696a6b6c6d6e6f7071727374757677616263646566676869

(4) The ICMP echo response message for ping 172.18.3.132 2:

0000515c020002006162636465666768696a6b6c6d6e6f7071727374757677616263646566676869

Type: 00-loopback Answer

Code: 00

Checksum (Checksum): 5c

Logo Identifier (BE) Identifier (LE):

Ordinal Sequence number (BE), Sequence numbers (LE):

Optional data (Date):

6162636465666768696a6b6c6d6e6f7071727374757677616263646566676869

(5) ICMP echo request message 1 for 202.202.96.35 (Southwest University Homepage):

08003e5c02000d006162636465666768696a6b6c6d6e6f7071727374757677616263646566676869

Type (type): 08-Echo Request

Code: 00

Checksum (Checksum): 3e 5c

Logo Identifier (BE) Identifier (LE):

Ordinal Sequence number (BE), Sequence No. (LE):0d

Optional data (Date):

6162636465666768696a6b6c6d6e6f7071727374757677616263646566676869

(6) ICMP echo response message 1 for ping202.202.96.35 (Southwest University Homepage):

0000465c02000d006162636465666768696a6b6c6d6e6f7071727374757677616263646566676869

Type: 00-loopback Answer

Code: 00

Checksum (Checksum): 5c

Logo Identifier (BE) Identifier (LE):

Ordinal Sequence number (BE), Sequence No. (LE):0d

Optional data (Date):

6162636465666768696a6b6c6d6e6f7071727374757677616263646566676869

The above experiment shows that:

The identity of the paired ICMP request and reply message is the same as the ordinal field.

The ping command works based on the ICMP echo request and the reply message, and its role is to detect whether a destination station is available.

ICMP is used to solve control problems and implement error mechanisms, which can help maintain the Internet delivery order.

Address Resolution Protocol ARP, Network layer protocol IP, ICMP protocol

This article is an English version of an article which is originally in the Chinese language on aliyun.com and is provided for information purposes only. This website makes no representation or warranty of any kind, either expressed or implied, as to the accuracy, completeness ownership or reliability of the article or any translations thereof. If you have any concerns or complaints relating to the article, please send an email, providing a detailed description of the concern or complaint, to info-contact@alibabacloud.com. A staff member will contact you within 5 working days. Once verified, infringing content will be removed immediately.

Related Keywords:
icmp protocol number layer 2 tunneling protocol secure sockets layer ssl protocol network service protocol tcp ip protocol number wireshark network protocol analyzer ip protocol numbers

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

What's Trending
Top 10 Tags
datastax versions naming convention zookeeper client class definition md5 microsoft sql server 2005 data structures exception handling error handling
Top 10 Keywords
microsoft download center down wordpress address url site address url wordpress address url windows installer 4 0 download 302 not found web address url definition site address url wordpress db2 integer mac os installation step by step pdf abbreviation for return

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

Get Started for Free

  • Sales Support

    1 on 1 presale consultation

    Chat Contact Sales

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

    Open a Ticket

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.

    Learn More