Analysis of MAC layer frame structure stipulated by Ethernet standard and Ieee802.3 standard

Source: Internet
Author: User
Tags ftp login win32

Software download for analysis: Wireshark-win32-1.10.2.exe

Read the guided Tour

1. Installation and use of learning Wireshark

2. Familiar with the operation interface and function of Wireshark

3. Design an application to acquire an Ethernet link data frame

4. Analysis of Ethernet link data frame format and content

1. Installation and use of learning Wireshark

Download and install the network pack software wireshark-win32-1.10.2

Environment required to install the software WinPcap

2. Familiar with the operation interface and function of Wireshark

Open Wireshark software, familiar with Operation interface and function

3. Design an application to acquire an Ethernet link data frame

(1) Grab ping app to get Ethernet link data frame

Start grabbing the bag

Ping the ip:172.18.3.132 of a computer in the current lab

Stop grabbing a packet, get a ping app's get Ethernet link data frame

(2) Crawling Ethernet link Data frames for HTTP applications

Start grabbing the bag

Visit Southwest University Homepage: www.swu.edu.cn

Stop grabbing packets, filter and get Ethernet link data frames for HTTP applications

4. Analysis of Ethernet link data frame format and content

1. Get the results of the Ethernet link data frame

(1) Get the Ethernet link data frame to the Ping app:

(2) Get the Ethernet link data frame to the HTTP app:

4. Analysis of Ethernet link data frame format and content

(1)Ping the Ethernet link data frame of the application

Destination Address: E0 4c F0 ca 7e (6 bytes)

Source Address: E0 4c 2a E8 (6 bytes)

Type: 08 00 (2 bytes)

Data: 4500003c87b40000400193d6ac12038eac1203840800465c020005006162636465666768696a6b6c6d6e6f7071727374757677616263646566676869

(2) Ethernet link data frames for HTTP applications

Destination Address: 1e 4b (6 bytes)

Source Address: E0 4c 2a e6 (6 bytes)

Type: 08 00 type (2 bytes)

Data: 4500014627264000400637feac12038ecaca602307b70050382e697999ae4d8d5018b5c9f4ad0000474554202f20485454502f312e310d0a416363657 0743a202a2f2a0d0a4163636570742d4c616e67756167653a207a682d636e0d0a4163636570742d456e636f64696e673a20677a69702c206465666c61 74650d0a557365722d4167656e743a204d6f7a696c6c612f342e302028636f6d70617469626c653b204d53494520362e303b2057696e646f7773204e5 420352e313b205356313b202e4e4554342e30453b202e4e455420434c5220322e302e35303732373b202e4e455420434c5220332e302e343530362e32 3135323b202e4e455420434c5220332e352e33303732393b202e4e4554342e3043290d0a486f73743a207777772e7377752e6564752e636e0d0a436f6 e6e656374696f6e3a204b6565702d416c6976650d0a0d0a

(3) The format and content of Ethernet link data frame in Campus network login process

Destination Address: 1e 4b (6 bytes)

Source Address: E0 4c 2a E8 (6 bytes)

Type: 08 00 (2 bytes)

Data:

45000356a65440004006b6adac12038ecaca60350749233cb5c25d7ad00705965018b5c9be050000504f5354202f6c6f67696e2f6c6f67696e312e6a7 37020485454502f312e310d0a4163636570743a20696d6167652f6769662c20696d6167652f782d786269746d61702c20696d6167652f6a7065672c20 696d6167652f706a7065672c206170706c69636174696f6e2f766e642e6d732d657863656c2c206170706c69636174696f6e2f766e642e6d732d706f7 76572706f696e742c206170706c69636174696f6e2f6d73776f72642c206170706c69636174696f6e2f766e642e6d732d787073646f63756d656e742c 206170706c69636174696f6e2f782d6d732d6170706c69636174696f6e2c206170706c69636174696f6e2f782d6d732d786261702c206170706c69636 174696f6e2f78616d6c2b786d6c2c202a2f2a0d0a526566657265723a20687474703a2f2f3230322e3230322e39362e35333a393032302f696e646578 2e6a73700d0a4163636570742d4c616e67756167653a207a682d636e0d0a436f6e74656e742d547970653a206170706c69636174696f6e2f782d77777 72d666f726d2d75726c656e636f6465640d0a4163636570742d456e636f64696e673a20677a69702c206465666c6174650d0a557365722d4167656e74 3a204d6f7a696c6c612f342e302028636f6d70617469626c653b204d53494520362e303b2057696e646f7773204e5420352e313b205356313b202e4e4554342e30453b202e4e455420434c522 0322e302e35303732373b202e4e455420434c5220332e302e343530362e323135323b202e4e455420434c5220332e352e33303732393b202e4e455434 2e3043290d0a486f73743a203230322e3230322e39362e35333a393032300d0a436f6e74656e742d4c656e6774683a2037370d0a436f6e6e656374696 F6e3a204b6565702d416c6976650d0a43616368652d436f6e74726f6c3a206e6f2d63616368650d0a436f6f6b69653a204a53455353494f4e49443d34 353033323441353346363630343643394331414633364632464239383334380d0a0d0a757365726e616d653d70636a313939342670617373776f72643d7368696e6531393934303732382669******************** 42323d2542352543372543322542432532384c6f67696e253239

Where the bold part of the user name and password is fetched, the way the password is transmitted in clear text transmission, unencrypted, unsafe!

(4) Ethernet link Data frame format and content of campus network exit login Process

Destination Address: 1e 4b (6 bytes)

Source Address: E0 4c 2a E8 (6 bytes)

Type: 08 00 (2 bytes)

Data:

45000336ab6240004006b1bfac12038ecaca603507c6233c60b26d06fa8430875018b5c9a4420000504f5354202f6c6f67696e2f6c6f676f7574312e6 a737020485454502f312e310d0a4163636570743a20696d6167652f6769662c20696d6167652f782d786269746d61702c20696d6167652f6a7065672c 20696d6167652f706a7065672c206170706c69636174696f6e2f766e642e6d732d657863656c2c206170706c69636174696f6e2f766e642e6d732d706 F776572706f696e742c206170706c69636174696f6e2f6d73776f72642c206170706c69636174696f6e2f766e642e6d732d787073646f63756d656e74 2c206170706c69636174696f6e2f782d6d732d6170706c69636174696f6e2c206170706c69636174696f6e2f782d6d732d786261702c206170706c696 36174696f6e2f78616d6c2b786d6c2c202a2f2a0d0a526566657265723a20687474703a2f2f3230322e3230322e39362e35333a393032302f696e6465 782e6a73703f757365726e616d653d70636a313939340d0a4163636570742d4c616e67756167653a207a682d636e0d0a436f6e74656e742d547970653 a206170706c69636174696f6e2f782d7777772d666f726d2d75726c656e636f6465640d0a4163636570742d456e636f64696e673a20677a69702c2064 65666c6174650d0a557365722d4167656e743a204d6f7a696c6c612f342e302028636f6d70617469626c653b204d53494520362e303b2057696e646f7773204e5420352e313b205356313b202 e4e4554342e30453b202e4e455420434c5220322e302e35303732373b202e4e455420434c5220332e302e343530362e323135323b202e4e455420434c 5220332e352e33303732393b202e4e4554342e3043290d0a486f73743a203230322e3230322e39362e35333a393032300d0a436f6e74656e742d4c656 e6774683a2032370d0a436f6e6e656374696f6e3a204b6565702d416c6976650d0a43616368652d436f6e74726f6c3a206e6f2d63616368650d0a436f 6f6b69653a204a53455353494f4e49443d34353033323441353346363630343643394331414633364632464239383334380d0a0d0a42323d254344254 3422542332546362532384c6f676f7574253239

(3) as in (4), the destination address is the same as the source address, except that the transfer data is different, (3) is the login, (4) is the exit

(5) Ethernet link Data frame format and content of FTP login process

Destination Address: 1e 4b (6 bytes)

Source Address: E0 4c 2a E8 (6 bytes)

Type: 08 00 (2 bytes)

Data:

45000038b03a40004006296dac12038eac120566083d0015fd016db87c1b8ef45018ffd95af2000055534552207a68616e6368656e670d0a

From the above analysis of the Ethernet link data frame format and content of the process, found that some of the site's user name password in clear text transmission, it is easy to crawl, very insecure, these sites should improve the transmission mode!

Analysis of MAC layer frame structure stipulated by Ethernet standard and Ieee802.3 standard

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.