实验二利用Wireshark分析ICMP协议

年级： 姓名： 学号：

实验日期： 实验名称： 利用Wireshark分析ICMP协议

一、实验目的

1. 利用wireshark分析ICMP协议，学习了解ICMP数据包。 2. 学习ICMP报文段的各领域。

二、实验器材

3. 接入Internet的计算机主机；

4. 抓包工具wireshark和截图工具snagit。

三、 实验内容

1．1. What is the IP address of your host? What is the IP address of the destination

host? 答：the IP address of your host is 10.0.163.199，

the IP address of the destination host is 143.89.14.34， 实验截图如下

2. Why is it that an ICMP packet does not have source and destination port numbers?

答：因为端口号是运输层的，而icmp是包装在ip数据报里，所以icmp包没有源和目的端口号。

3. Examine one of the ping request packets sent by your host. What are the ICMP

type and code numbers? What other fields does this ICMP packet have? How many bytes are the checksum, sequence number and identifier fields?

答：the ICMP type ：8

code numbers ： 0 试验截图如下：

the checksum,：0x4d4f sequence number ：12

identifier fields：0x0001 试验截图如下：

4. Examine the corresponding ping reply packet. What are the ICMP type and code

numbers? What other fields does this ICMP packet have? How many bytes are the checksum, sequence number and identifier fields? 答：实验结果如下：

5. What is the IP address of your host? What is the IP address of the target destination host?

答：the IP address of your host is

the IP address of the target destination host is

6．If ICMP sent UDP packets instead (as in Unix/Linux), would the IP protocol number still be 01 for the probe packets? If not, what would it be? 答：用的系统是windows系统

7. Examine the ICMP echo packet in your screenshot. Is this different from the ICMP ping query packets in the first half of this lab? If yes, how so?

答：不同

试验截图如下：

8. Examine the ICMP error packet in your screenshot. It has more fields than the ICMP echo packet. What is included in those fields?

答：icmp error packet has more filds than the ICMP echo packet，这些字段包括：

实验截图如下：

9. Examine the last three ICMP packets received by the source host. How are these packets different from the ICMP error packets? Why are they different?

答：

最后三个接收的包截图如下：

10. Within the tracert measurements, is there a link whose delay is

significantly longer than others? Refer to the screenshot in Figure 4, is there a link whose delay is significantly longer than others? On the basis of the router names, can you guess the location of the two routers on the end of this link?

答：There is a link whose delay is significantly longer than others。Refer to the screenshot in Figure 4, there is a link whose delay is significantly longer than others。能猜到在终端的两个路由器的的位置为：法国

实验结果如下：

四、 实验总结

1．通过实验，详细分析了ICMP协议，对ICMP协议有了更深的理解。 2．在实验中，详细分析了ICMP数据报。