Experiment Name: ICMP Capture Experiment with Wireshark Software
Experimental purposes: 1. Master the basic use of Wireshark.
2. Master the ICMP frame format and operation principle by analyzing the ICMP protocol packets captured by Wireshark. 3. Familiar with the meaning of the fields in the IP header and the Ethernet encapsulation format.
Experimental environment: 1. Hardware environment
a) NIC information DescripTIon: Realtek RTL8139 Family Fast Ethernet Adapter Link speed: 100MBits/s Media supported: 802.3 (Ethernet) Media in use: 802.3 (Ethernet) Maximum Packet Size 1514 See Figure 1 for other details.
b) Network composition The experimental computer accesses the Unicom ADSL server in the Internet through ADSL MODEM, and the PPP over Ethernet (PPPoE) protocol between the ADSL MODEM and the ADSL server relays the PPP frame information in the Ethernet network. The computer accesses the Internet via ADSL via an Ethernet card (Ethernet). The normal TCP/IP method is used, and no new protocol is added. It is transparent to our packet capture experiment.
2. Software environment
a) Operating system Microsoft Windows XP Professional version 2002 Service Pack 3
b) Wireshark software uses the system command systeminfo to view the processor type as X86-based PC, which is a 32-bit machine, so select the 32-bit Wireshark software (Version: Version 1.2.3 for win32).
I. Overview:1. ICMP allows hosts or routes to report error conditions and provide exceptions. ICMP is the standard protocol for the Internet, but ICMP is not a high-level protocol, but an IP-layer protocol. Usually ICMP messages are used by the IP layer or higher layer protocols (TCP or UDP). Some ICMP messages return error messages to the user process.
2. The ICMP message is used as the data of the IP layer datagram, plus the header of the datagram, and the datagram is sent out.
3. There are two types of ICMP packets, namely ICMP error report messages and ICMP query messages.
Second, the format of ICMP messages
1. Type: 8 bits
2. Code: 8 bits
3. Inspection and: 16 bits
Note: The first 4 bytes of all ICMP messages are the same, but the remaining bytes are different from each other.
4. Other fields have different ICMP message types.
1 The first 4 bytes of an ICMP message are in a uniform format with three fields: type, code, and checksum.
2" The 8-bit type and 8-bit code field together determine the type of ICMP message.
Type 8, code 0: indicates an echo request (ping request).
Type 0, code 0: indicates echo reply (ping response)
Type 11, code 0: timeout
3" 16-bit test and field: the checksum of the entire ICMP packet including the data; the calculation method is the same as the IP header test and calculation method.
ICMP packets are classified into query packets and error packets. Sometimes ICMP error packets need to be specially processed. Therefore, they must be distinguished. For example, when responding to ICMP error packets, another packet will never be generated. ICMP error message, otherwise an infinite loop will occur)
1. There are 5 types of ICMP error report messages.
1) End point unreachable: End point unreachable is divided into: network unreachable, host unreachable, protocol unreachable, port unreachable, fragmentation required, but DF bit has been set to 1, and source routing failure, etc. The fields are set to 0 to 5 respectively. When the above six conditions occur, the destination unreachable message is sent to the source station.
Description:
Port unreachable: One of the rules of UDP is: If a UDP datagram is received and the destination port does not match a certain process being used, UDP returns an ICMP unreachable message.
2 Source source suppression: When the router or host discards the datagram due to congestion, it sends a source station suppression message to the source station, so that the source station knows that the datagram transmission rate should be slowed down.
3) Time exceeds: When the router receives a datagram with a lifetime of zero, in addition to discarding the datagram, it also sends the timeout message to the source station. When the destination station cannot receive all the datagrams of a datagram within a predetermined time, the received datagrams are discarded, and the timeout message is sent to the source station.
4) Parameter problem: When the value of the field in the header of the datagram received by the router or destination host is incorrect, the datagram is discarded and a parameter problem message is sent to the source station.
5) Change route (redirect) The router sends the change route message to the host, letting the host know that the datagram should be sent to another router next time.
Description:
The following situations will not cause ICMP error messages.
1" ICMP error message (however, ICMP query message may generate ICMP error message)
2" IP address of the destination address is a broadcast address or multicast address
3" as a datagram broadcasted by the link layer
4" is not the first piece of IP fragmentation
5" The source address is not a single host datagram. That is, the source address cannot be a zero address, a loopback address, a broadcast address, or a multicast address.
These rules are intended to prevent broadcast storms that in the past allowed ICMP error messages to respond to broadcast packets.
2. The data fields in all ICMP error report messages have the same format. The first 8 bytes of the received header and data fields of the error report IP datagram are extracted as the data field of the ICMP message. Together with the first 8 bytes of the response ICMP error report message, an ICMP error report message is formed. The first 8 bytes of the data field of the received datagram are extracted in order to obtain the port number of the transport layer (for TCP and UDP) and the transmission sequence number of the transport layer message (for TCP).
Note: ICMP error report message is not sent in the following situation.
Fractional horsepower centrifugal switches
Fractional Horsepower Motor,Fractional Horsepower Ac Motor,3 Phase Starter Switch,Auto Motor Starter Switch
Ningbo Zhenhai Rongda Electrical Appliance Co., Ltd. , https://www.centrifugalswitch.com