wireshark ICMP

总体抓包图

wireshark ICMP
bogon,哈哈

关注看icmp报文类型和代码

wireshark ICMP

win 下执行traceert

C:\Users\tb>tracert jd.com

通过最多 30 个跃点跟踪
到 jd.com [118.193.98.63] 的路由:

  1     2 ms     2 ms     2 ms  bogon [192.168.1.1]
  2    10 ms     4 ms     4 ms  100.64.0.1
  3     5 ms     5 ms     5 ms  73.254.120.106.static.bjtelecom.net [106.120.254.73]
  4     7 ms     *        5 ms  219.142.1.70
  5    12 ms     8 ms     7 ms  220.181.0.34
  6     *        *        *     请求超时。
  7     *        *        *     请求超时。
  8     *        *        *     请求超时。
  9     *        *        *     请求超时。
 10     *        *        *     请求超时。
 11     *        *        *     请求超时。
 12     *        *        *     请求超时。
 13     *        *        *     请求超时。
 14     *        *        *     请求超时。
 15     *        *        *     请求超时。
 16     7 ms     6 ms     6 ms  118.193.98.63

跟踪完成。

应用实现举例

1. 将ttl 设置过期

源主机向目的主机发送一系列特定的UDP数据报。
第一组ip数据报 ttl=1
第二组IP数据报ttl=2,etc...,如下图

wireshark ICMP

以上由于设置第n组数据报ttl =n 到达第n个路由器时,会导致

  • 路由器直接丢弃数据报
  • 像源主机发送icmp保温 ,报文类型11 ,代码为0.代表ttl expired。如下图

wireshark ICMP

注意icmp报文中一般包含路由器名称和源主机目的ip地址

Frame 2601: 70 bytes on wire (560 bits), 70 bytes captured (560 bits) on interface 0
Ethernet II, Src: HuaweiTe_0d:74:67 (50:6f:77:0d:74:67), Dst: LiteonTe_f1:fc:61 (e8:2a:44:f1:fc:61)
Internet Protocol Version 4, Src: 220.181.0.34, Dst: 192.168.1.9
    0100 .... = Version: 4
    .... 0101 = Header Length: 20 bytes (5)
    Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT)
    Total Length: 56
    Identification: 0x01e2 (482)
    Flags: 0x0000
    Time to live: 251
    Protocol: ICMP (1)
    Header checksum: 0x1f5a [validation disabled]
    [Header checksum status: Unverified]
    Source: 220.181.0.34
    Destination: 192.168.1.9
Internet Control Message Protocol
    Type: 11 (Time-to-live exceeded)
    Code: 0 (Time to live exceeded in transit)
    Checksum: 0xf4ff [correct]
    [Checksum Status: Good]
    Unused: 00000000
    Internet Protocol Version 4, Src: 192.168.1.9, Dst: 118.193.98.63
        0100 .... = Version: 4
        .... 0101 = Header Length: 20 bytes (5)
        Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT)
        Total Length: 92
        Identification: 0xe478 (58488)
        Flags: 0x0000
        Time to live: 1
            [Expert Info (Note/Sequence): "Time To Live" only 1]
                ["Time To Live" only 1]
                [Severity level: Note]
                [Group: Sequence]
        Protocol: ICMP (1)
        Header checksum: 0x3a77 [validation disabled]
        [Header checksum status: Unverified]
        Source: 192.168.1.9
        Destination: 118.193.98.63
    Internet Control Message Protocol
        Type: 8 (Echo (ping) request)
        Code: 0
        Checksum: 0xf792 [unverified] [in ICMP error packet]
        [Checksum Status: Unverified]
        Identifier (BE): 1 (0x0001)
        Identifier (LE): 256 (0x0100)
        Sequence number (BE): 108 (0x006c)
        Sequence number (LE): 27648 (0x6c00)

2. 指定固定端口号(不可用端口号)

wireshark ICMP
返回的结果就是type3,code 3,见下图

wireshark ICMP

相关推荐