Network Engineering Test 1 Experiment 1: use of network protocol analysis tool Wireshark (Preview part) 1. Download the Installation File of Wireshark from the course website and install Wireshark on a computer in your dormitory. If you do not have a computer, please do this with your computer. (1) Answer the installation steps of Wireshark; (2) Answer the simple usage of Wireshark Based on the PPT in this course; (3) try to use the display filter and capture filter, think about and answer the differences and advantages and disadvantages between the two. 2. query related books and review ARP protocols. (1) Please give a brief answer to the ARP Protocol's working process. (2) briefly answer the usage of the "arp" command in Windows (3) Answer the ARP packet format and explain each field. 3. query related books and review the ICMP protocol. (1) Answer the general message format of ICMP and explain each field. (2) Please cite three or more different types of ICMP messages. 4. briefly answer the working principle of the ping command. 5. In Linux, the command used to track the path to the target host is "traceroute", while in Windows, the corresponding command is "tracert ". Please read the two documents on the course website: traceroute-from-linux.doc.and tracert-from-microsoft.doc (you can also query other materials) to find the nuances of the two commands in terms of working principles. 6. Answer the connection establishment steps of TCP three-way handshake and the connection termination steps of TCP four steps. 7. Please briefly answer the working process of using DNS for domain name resolution. Please give A brief answer to the process of querying A record and MX record respectively using the "nslookup" command, and describe the difference between A record and MX record. Experiment 1: use of network protocol analysis tool Wireshark (Operation part) I. Objective To learn how to use the network protocol analysis tool Wireshark and use it to analyze some protocols. Ii. Experiment Principles and content 1. Important protocols related to the application layer of the network layer in the TCP/IP protocol family 2. Working principles and basic use rules of the network protocol analysis tool Wireshark 3. experiment environment and device PC, twisted pair wires 4. Experiment steps (operation methods and questions) 1. use Wireshark to observe the ARP protocol and ping command: (20 points) (1) use the "ipconfig" command to obtain the MAC address of the Local Machine and the IP address of the default router; (2) run the "arp" command to clear the local cache. (3) Run Wireshark to capture all packets belonging to the ARP or ICMP protocol, and the source or destination MAC address is a local package (note: when setting filter rules, use the MAC address of the Local Machine obtained in (1); (4) execute the command: "ping the IP address of the default router"; write (1 ), (2) Complete commands executed in (including command line parameters), Capture Filter rules of Wireshark to be set, and explain the execution observed by Wireshark (4. 2. use Wireshark to observe the working process of the tracert command: (20 points) (1) Run Wireshark and start to capture the messages used in the tracert command; (2) run "tracert-d www.dlut.edu.cn" to reflect on the phenomenon observed by Wireshark and explain how tracert works. 3. use Wireshark to observe the establishment and termination processes of the TCP connection: (30 points) (1) Start Wireshark and configure the filter rules to capture all packets in the local Telnet protocol (note: the transport layer protocol used by Telnet is TCP, which uses the TCP port number 23); (2) execute the "telnet bbs.dlut.edu.cn" command in the Windows command line window, and then exit after logon. In the lab report:. write out the Capture Filter rules of Wireshark to be set in step (1); B. the establishment process of TCP three-way handshake is explained based on the phenomena observed by Wireshark; c. explain the TCP connection termination process based on the phenomena observed by Wireshark; d. according to Wireshark's observed phenomenon, it indicates which party first initiates the connection to close; 4. use Wireshark to observe the process of using DNS for domain name resolution: (30 points) (1) execute the "nslookup" command in the Windows Command window to enter the Interactive Mode of the command; (2) start Wireshark and configure filtering rules to capture all packets in the local DNS protocol (note: the transport layer protocol used by DNS is UDP, which uses UDP port number 53 ); (3) enter the domain name www.dlut.edu.cn at the prompt ">" and resolve the corresponding IP address. (4) enter the command "set type = mx" at the prompt "> ", set the query type to MX (5) enter the domain name "tom.com" in the prompt ">" and parse the MX record corresponding to it; (6) at the prompt ">", type the command "set type = a" to restore the query type to A record. (7) at the prompt ">", type the query result of the MX record, in this way, the IP address of the "tom.com" email server is located. (8) Enter "exit" at the prompt ">" to exit the interaction mode of nslookup. Please answer in the lab report:. write out the Capture Filter rules of Wireshark to be set in step (2); B. the process of resolving the IP address corresponding to the domain name "www.dlut.edu.cn" is explained according to the phenomenon observed by Wireshark. C. Explain the process of parsing the MX record corresponding to the domain name "tom.com" based on the phenomenon observed by Wireshark. D. How many email servers does the "tom.com" domain have? What are their IP addresses? 5. Discussion, suggestions, and questions