计算机网络自顶向下方法、WireShark实验

发表于 |
computer network a top-down approach, lab

书中的实验链接(含pdf)见这里

实验一 WireShark入门

  1. List 3 different protocols that appear in the protocol column in the unfiltered packet-listing window in step 7 above.
    • 我看到的有TCP, DNS, ARP, AJP13.
  2. How long did it take from when the HTTP GET message was sent until the HTTP OK reply was received?
    • GET信息发出去的时间为35.031986,接受到OK信息的时间为35.063673,两者相减为0.0031687,根据手册,单位为秒。
  3. What is the Internet address of the gaia.cs.umass.edu (also known as www-net.cs.umass.edu)? What is the Internet address of your computer?
    • 看自家电脑地址可以通过System-preference-network,或者通过Wireshark上get信息一行中的source,为10.197.33.166(由于是内网地址所以写在这里也无所谓);gaia.cs.umass.edu地址为128.119.245.12。
  4. 不打印了,需要打印的就在File-Print里面选择print as displayed 以及 print selected packages即可。

实验二 HTTP

基本GET命令

  1. 两个包显示的均为HTTP/1.1
  2. en,zh-CN,zh-TW
  3. 我主机:10.197.22.166,gaia.cs.umass.edu的IP:128.119.245.12
  4. 200
  5. Last-Modified:Sat, 28 Oct 2017 05:59:01 GMT
  6. Content-Length:128

  7. No, I didnt see any below.

    有趣的事情:In your answer to question 5 above, you might have been surprised to find that the document you just retrieved was last modified within a minute before you downloaded the document. That’s because (for this particular file), the gaia.cs.umass.edu server is setting the file’s last-modified time to be the current time, and is doing so once per minute. Thus, if you wait a minute between accesses, the file will appear to have been recently modified, and hence your browser will download a “new” copy of the document.

Safari 做接下来几个步骤好像有点问题,它不会向服务器发送条件get,而是直接发送get命令。然后我用了Chrome.

条件GET

  1. No ‘If-Modified-Since’ line.
  2. Yes, I can tell it because there is line-based text data.
  3. If-Modified-Since: Sat, 28 Oct 2017 05:59:01 GMT\r\n, the time here is exactly the time of Last-Modified in the first 220 packet from server.
  4. There is no contents of file, because I cannot see any html-formatted text. And the returned status key is HTTP/1.1 304 Not Modified\r\n.

长文件获取

实验二的第三部分

  1. My browser sent one request message, it is Trace 22.
  2. Trace 24 contains ‘HTTP/1.1 200 OK’.
  3. ‘200’, ‘OK’
  4. 4: 24, 25, 26, 27.

内嵌对象的HTML获取

  1. 4 HTTP GET messages. For html file and pearson.png, the IP address is 128.119.245.12. For the ~kurose/cover_5th_ed.jpg, the IP address is 128.119.240.90, then server tells the client that the host is redirected, then the client changes the ‘Host:’ head line and re-send the GET maessage to the same server.
  2. In my opinion, they work serially. One reason is that the html cites the pearson.png first, and then cites the ~kurose/cover_5th_ed.jpg, which is exactly in the same order of GET message. Another reason is that the time-interval of requesting these two images doesn’t overlap with each other.

HTTP认证

这篇关于HTTP认证的文章挺有趣的,讲到了该如何攻击。(中间人攻击,重放攻击)

  1. 401 Unauthorized.
  2. Authorization: Basic d2lyZXNoYXJrLXN0dWRlbnRzOm5ldHdvcms=\r\n

使用python中的

1
base64.b64decode('d2lyZXNoYXJrLXN0dWRlbnRzOm5ldHdvcms')

就可以得出当前的用户名和密码,也就是说任何一台装有Wireshark的机器都可以得到用户发给服务器的密码(在使用Basic Access Authentication的方法时)。有没有觉得不太安全?

实验三 DNS

nslookup

1.Run nslookup to obtain the IP address of a Web server in Asia. What is the IP address of that server?

Take baidu tieba as example:

1
2
3
tieba.baidu.com	canonical name = post.n.shifen.com.
Name:	post.n.shifen.com
Address: 119.75.222.48

2.Run nslookup to determine the authoritative DNS servers for a university in Europe.

Take the website of Oxford University as example:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
Non-authoritative answer:
*** Can't find www.ox.ac.uk: No answer
Authoritative answers can be found from:
ox.ac.uk
	origin = nighthawk.dns.ox.ac.uk
	mail addr = hostmaster.ox.ac.uk
	serial = 2017102772
	refresh = 3600
	retry = 1800
	expire = 1209600
	minimum = 900
Non-authoritative answer:
Name:	nighthawk.dns.ox.ac.uk
Address: 163.1.2.189

The IP address of authorative server is 163.1.2.189.

3.Run nslookup so that one of the DNS servers obtained in Question 2 is queried for the mail servers for Yahoo! mail. What is its IP address?

1
2
3
4
5
6
Non-authoritative answer:
mail.yahoo.com	canonical name = fd-geoycpi-uno.gycpi.b.yahoodns.net.
Name:	fd-geoycpi-uno.gycpi.b.yahoodns.net
Address: 69.147.64.34
Name:	fd-geoycpi-uno.gycpi.b.yahoodns.net
Address: 69.147.64.33

ipconfig

Mac上对应的命令见这里

Tracing DNS with Wireshark

  1. It uses User Diagram Protocol, which is UDP.
  2. Dst Port is 53, Src Port is 50989.
  3. It send to 152.3.27.40, which is the same local DNS server when using nslookup.
  4. It queries for type A, Answer RR is 0, so no answer is cotained.
  5. Answers:
1
2
3
www.ietf.org: type CNAME, class IN, cname www.ietf.org.cdn.cloudflare.net
www.ietf.org.cdn.cloudflare.net: type A, class IN, addr 104.20.1.85
www.ietf.org.cdn.cloudflare.net: type A, class IN, addr 104.20.0.85
  1. yeah, it’s 104.20.1.85, which is the same in answers.
  2. No
  3. Dst Port is 53, Src Port is 50989.
  4. It’s the same address as the local DNS server.
  5. DNS query is type ‘A’. It doesn’t include any answers.
  6. Answers
1
2
3
www.mit.edu: type CNAME, class IN, cname www.mit.edu.edgekey.net
www.mit.edu.edgekey.net: type CNAME, class IN, cname e9566.dscb.akamaiedge.net
e9566.dscb.akamaiedge.net: type A, class IN, addr 23.72.250.124
  1. 不给看。
  2. It’s the same address as the local DNS server.
  3. DNS query is type ‘NS’. It doesn’t include any answers.
  4. Answers:
1
2
3
4
5
6
7
8
mit.edu: type NS, class IN, ns use2.akam.net
mit.edu: type NS, class IN, ns eur5.akam.net
mit.edu: type NS, class IN, ns asia1.akam.net
mit.edu: type NS, class IN, ns usw2.akam.net
mit.edu: type NS, class IN, ns ns1-173.akam.net
mit.edu: type NS, class IN, ns ns1-37.akam.net
mit.edu: type NS, class IN, ns asia2.akam.net
mit.edu: type NS, class IN, ns use5.akam.net

They didn’t include IP address.

  1. 不给看。
  2. 此题到最后的题都做不来,自己电脑的nslookup有点问题,输入nslookup host server时host会自动加上后缀(如:host.wireless.duke.edu),因此我yy一下的话申请的类型还是’A’类。DNS Server会改为命令中dns的所在IP.