wireshark ICMP
总体抓包图
bogon,哈哈
关注看icmp报文类型和代码
win 下执行traceert
C:\Users\tb>tracert jd.com 通过最多 30 个跃点跟踪 到 jd.com [118.193.98.63] 的路由: 1 2 ms 2 ms 2 ms bogon [192.168.1.1] 2 10 ms 4 ms 4 ms 100.64.0.1 3 5 ms 5 ms 5 ms 73.254.120.106.static.bjtelecom.net [106.120.254.73] 4 7 ms * 5 ms 219.142.1.70 5 12 ms 8 ms 7 ms 220.181.0.34 6 * * * 请求超时。 7 * * * 请求超时。 8 * * * 请求超时。 9 * * * 请求超时。 10 * * * 请求超时。 11 * * * 请求超时。 12 * * * 请求超时。 13 * * * 请求超时。 14 * * * 请求超时。 15 * * * 请求超时。 16 7 ms 6 ms 6 ms 118.193.98.63 跟踪完成。
应用实现举例
1. 将ttl 设置过期
源主机向目的主机发送一系列特定的UDP数据报。
第一组ip数据报 ttl=1
第二组IP数据报ttl=2,etc...,如下图
以上由于设置第n组数据报ttl =n 到达第n个路由器时,会导致
- 路由器直接丢弃数据报
- 像源主机发送icmp保温 ,报文类型11 ,代码为0.代表ttl expired。如下图
注意icmp报文中一般包含路由器名称和源主机目的ip地址
Frame 2601: 70 bytes on wire (560 bits), 70 bytes captured (560 bits) on interface 0 Ethernet II, Src: HuaweiTe_0d:74:67 (50:6f:77:0d:74:67), Dst: LiteonTe_f1:fc:61 (e8:2a:44:f1:fc:61) Internet Protocol Version 4, Src: 220.181.0.34, Dst: 192.168.1.9 0100 .... = Version: 4 .... 0101 = Header Length: 20 bytes (5) Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT) Total Length: 56 Identification: 0x01e2 (482) Flags: 0x0000 Time to live: 251 Protocol: ICMP (1) Header checksum: 0x1f5a [validation disabled] [Header checksum status: Unverified] Source: 220.181.0.34 Destination: 192.168.1.9 Internet Control Message Protocol Type: 11 (Time-to-live exceeded) Code: 0 (Time to live exceeded in transit) Checksum: 0xf4ff [correct] [Checksum Status: Good] Unused: 00000000 Internet Protocol Version 4, Src: 192.168.1.9, Dst: 118.193.98.63 0100 .... = Version: 4 .... 0101 = Header Length: 20 bytes (5) Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT) Total Length: 92 Identification: 0xe478 (58488) Flags: 0x0000 Time to live: 1 [Expert Info (Note/Sequence): "Time To Live" only 1] ["Time To Live" only 1] [Severity level: Note] [Group: Sequence] Protocol: ICMP (1) Header checksum: 0x3a77 [validation disabled] [Header checksum status: Unverified] Source: 192.168.1.9 Destination: 118.193.98.63 Internet Control Message Protocol Type: 8 (Echo (ping) request) Code: 0 Checksum: 0xf792 [unverified] [in ICMP error packet] [Checksum Status: Unverified] Identifier (BE): 1 (0x0001) Identifier (LE): 256 (0x0100) Sequence number (BE): 108 (0x006c) Sequence number (LE): 27648 (0x6c00)
2. 指定固定端口号(不可用端口号)
返回的结果就是type3,code 3,见下图
相关推荐
gaogaorimu 2020-05-09
wanggongzhen 2020-03-27
Proudoffaith 2020-01-04
xiaohouye 2019-12-05
黑木爷 2015-02-12
futurezone 2010-02-17
Linux学习笔记 2015-08-10
fuming00sc 2019-07-18
MrRaoJL 2015-08-10
zchen 2015-02-12
Ongoingcre 2014-09-29
benico 2014-09-03
citic 2011-12-15
viplinux 2010-12-21
阳光之吻 2019-06-27
wenfanwu 2018-10-05