第一章 TCP、IP协议族
互联网历史
中继器
集线器
网桥
交换机
#OSI#七层模型
#DOD模型#(美国国防部模型)
四层TCP/IP
#Ethernet协议#
以太网:一种链路层协议
局域网:一种小型网络
局域网是由以太网技术组建
关键字
-
Destination——目标MAC地址
-
Source——源目标MAC地址
-
Type——上层协议
MAC 地址
- mac地址全球唯一,物理性质不可更改,可以通过工具伪造
- 共48位,前24位厂商标识
- :十六进制
补充
以太网协议仅仅是链路层/局域网通信中的一种标准;
其他链路层协议:
- 令牌环网
- 总线网
- FDDI网等
IP
定义
Internet Protocol,互联网协议,用于实现数据的不可靠面向无连接的通信,实现三层数据封装与IP寻址。
原理(IP包段构成)
版本号
————显示IP版本号
头部长度/总长度
头部长度(默认20字节),总长度;区分IP头部和数据包,接收方根据长度字段知道从哪里封装
DSCP/TOS
区分服务符/服务质量
TTL(Time to Live)
-
包生存时间(常默认64/128),占8位,范围1~255,每经过一跳减一
-
当路由器收到一个TTL=0的数据包,则宣告此数据包死亡并丢弃
-
TTL本质是为了解决IP数据包的“环路”问题
协议号
类型值、协议号、端口号都是用于标志上层协议,方便接收方实现数据的解封装。此功能称为协议之间的“分用”。
头部校验和(checksum)
Hash校验
以太网协议会在数据包后面加入FCS
通过校验和可以让接收方验证此数据包是否完整
源目IP地址
IP分片原理-标识、标志、偏移量
-
标识符(Idetification)
-
偏移位(FO,Fragment Offset)
-
标志位(MF,DF)
#ARP协议#
ARP原理
APR——地址解析协议,IP地址 --> Mac地址
基于ARP的工具:P2P over、Cain、Ettercap(蜘蛛)
Address Resolution Protocol (request)
Hardware type: Ethernet (1)
Protocol type: IPv4 (0x0800)
Hardware size: 6 // mac地址,6个字节,48位
Protocol size: 4 // IP地址,4个字节,32位
Opcode: request (1) // 请求包
Sender MAC address: HuaweiDe_f4:16:a9 (e0:40:07:f4:16:a9)
Sender IP address: 192.168.3.1
Target MAC address: 00:00:00_00:00:00 (00:00:00:00:00:00) // 目标Mac地址置空
Target IP address: 192.168.3.7 // 目标IP地址
ARP攻击原理
VMware虚拟机网卡模式
NAT地址翻转模式
可以访问互联网,共享真机的IP地址(外界不知道虚拟机的存在)
桥接模式
可以访问互联网,使用各自的IP地址
Host-only
不可以访问互联网
ARP防御原理
DAI——动态ARP检测
交换机记录每个端口的ip地址和mac地址,生成DAI Table <port-mac-ip>
ARP双向绑定
客户机和路由器分别绑定,即双向绑定
# windows双向绑定方法,cmd界面
arp -s ip mac
#ICMP协议#
定义
互联网信息控制协议,Internet contronl message protocol,用于实现链路连通性测试和链路追踪,可以实现链路差错报告,ICMP运行在传输层协议,服务于IP协议。
包结构
Internet Control Message Protocol # ICMP
Type: 0 (Echo (ping) reply)
Code: 0
Checksum: 0x5559 [correct] # 校验和
[Checksum Status: Good]
Identifier (BE): 1 (0x0001) # 进程号
Identifier (LE): 256 (0x0100)
Sequence Number (BE): 2 (0x0002) # 序列号
Sequence Number (LE): 512 (0x0200)
[Request frame: 164]
[Response time: 44.795 ms]
Data (32 bytes)
Data: 6162636465666768696a6b6c6d6e6f7071727374757677616263646566676869
[Length: 32]
#DDOS#(分布式拒绝服务攻击)攻击原理
#路由追踪#的实现原理
windows tracert追踪原理
Linux/Unix 链路追踪实现原理
使用高端口,udp包进行探测
#TCP#协议
定义
传输控制协议,是TCP/IP协议栈最为复杂的协议
功能
- 面向连接(三次握手、四次挥手)
- 可靠传输(经典重传、超时重传、快速重传/选择性重传)
- 流量控制(滑动窗口、拥塞控制)
- 多路复用(套接字)
原理
面向连接(三次握手、四次挥手)
三次握手包
No. Time Source Destination Protocol Length Info
150 3.731071 192.168.3.3 13.107.42.16 TCP 66 7604 → 443 [SYN] Seq=0 Win=64240 Len=0 MSS=1460 WS=256 SACK_PERM=1
160 3.845127 13.107.42.16 192.168.3.3 TCP 66 443 → 7604 [SYN, ACK] Seq=0 Ack=1 Win=65535 Len=0 MSS=1412 WS=256 SACK_PERM=1
161 3.845265 192.168.3.3 13.107.42.16 TCP 54 7604 → 443 [ACK] Seq=1 Ack=1 Win=66304 Len=
- SYN包
Transmission Control Protocol, Src Port: 7604, Dst Port: 443, Seq: 0, Len: 0
Source Port: 7604
Destination Port: 443
[Stream index: 11]
[Conversation completeness: Complete, WITH_DATA (31)]
[TCP Segment Len: 0]
Sequence Number: 0 (relative sequence number)
Sequence Number (raw): 1360222657
[Next Sequence Number: 1 (relative sequence number)]
Acknowledgment Number: 0
Acknowledgment number (raw): 0
1000 .... = Header Length: 32 bytes (8)
Flags: 0x002 (SYN)
000. .... .... = Reserved: Not set
...0 .... .... = Nonce: Not set
.... 0... .... = Congestion Window Reduced (CWR): Not set
.... .0.. .... = ECN-Echo: Not set
.... ..0. .... = Urgent: Not set
.... ...0 .... = Acknowledgment: Not set
.... .... 0... = Push: Not set
.... .... .0.. = Reset: Not set
.... .... ..1. = Syn: Set
.... .... ...0 = Fin: Not set
[TCP Flags: ··········S·]
Window: 64240
[Calculated window size: 64240]
Checksum: 0xaeb5 [unverified]
[Checksum Status: Unverified]
Urgent Pointer: 0
Options: (12 bytes), Maximum segment size, No-Operation (NOP), Window scale, No-Operation (NOP), No-Operation (NOP), SACK permitted
TCP Option - Maximum segment size: 1460 bytes
TCP Option - No-Operation (NOP)
TCP Option - Window scale: 8 (multiply by 256)
TCP Option - No-Operation (NOP)
TCP Option - No-Operation (NOP)
TCP Option - SACK permitted
[Timestamps]
[Time since first frame in this TCP stream: 0.000000000 seconds]
[Time since previous frame in this TCP stream: 0.000000000 seconds]
- ACK/SYN包
Transmission Control Protocol, Src Port: 443, Dst Port: 7604, Seq: 0, Ack: 1, Len: 0
Source Port: 443
Destination Port: 7604
[Stream index: 11]
[Conversation completeness: Complete, WITH_DATA (31)]
[TCP Segment Len: 0]
Sequence Number: 0 (relative sequence number)
Sequence Number (raw): 1748629334
[Next Sequence Number: 1 (relative sequence number)]
Acknowledgment Number: 1 (relative ack number)
Acknowledgment number (raw): 1360222658
1000 .... = Header Length: 32 bytes (8)
Flags: 0x012 (SYN, ACK)
000. .... .... = Reserved: Not set
...0 .... .... = Nonce: Not set
.... 0... .... = Congestion Window Reduced (CWR): Not set
.... .0.. .... = ECN-Echo: Not set
.... ..0. .... = Urgent: Not set
.... ...1 .... = Acknowledgment: Set
.... .... 0... = Push: Not set
.... .... .0.. = Reset: Not set
.... .... ..1. = Syn: Set
.... .... ...0 = Fin: Not set
[TCP Flags: ·······A··S·]
Window: 65535
[Calculated window size: 65535]
Checksum: 0x4a35 [unverified]
[Checksum Status: Unverified]
Urgent Pointer: 0
Options: (12 bytes), Maximum segment size, No-Operation (NOP), Window scale, No-Operation (NOP), No-Operation (NOP), SACK permitted
TCP Option - Maximum segment size: 1412 bytes
TCP Option - No-Operation (NOP)
TCP Option - Window scale: 8 (multiply by 256)
TCP Option - No-Operation (NOP)
TCP Option - No-Operation (NOP)
TCP Option - SACK permitted
[Timestamps]
[Time since first frame in this TCP stream: 0.114056000 seconds]
[Time since previous frame in this TCP stream: 0.114056000 seconds]
[SEQ/ACK analysis]
- ACK包
Transmission Control Protocol, Src Port: 7604, Dst Port: 443, Seq: 1, Ack: 1, Len: 0
Source Port: 7604
Destination Port: 443
[Stream index: 11]
[Conversation completeness: Complete, WITH_DATA (31)]
[TCP Segment Len: 0]
Sequence Number: 1 (relative sequence number)
Sequence Number (raw): 1360222658
[Next Sequence Number: 1 (relative sequence number)]
Acknowledgment Number: 1 (relative ack number)
Acknowledgment number (raw): 1748629335
0101 .... = Header Length: 20 bytes (5)
Flags: 0x010 (ACK)
000. .... .... = Reserved: Not set
...0 .... .... = Nonce: Not set
.... 0... .... = Congestion Window Reduced (CWR): Not set
.... .0.. .... = ECN-Echo: Not set
.... ..0. .... = Urgent: Not set
.... ...1 .... = Acknowledgment: Set
.... .... 0... = Push: Not set
.... .... .0.. = Reset: Not set
.... .... ..0. = Syn: Not set
.... .... ...0 = Fin: Not set
[TCP Flags: ·······A····]
Window: 259
[Calculated window size: 66304]
[Window size scaling factor: 256]
Checksum: 0x89d5 [unverified]
[Checksum Status: Unverified]
Urgent Pointer: 0
[Timestamps]
[Time since first frame in this TCP stream: 0.114194000 seconds]
[Time since previous frame in this TCP stream: 0.000138000 seconds]
[SEQ/ACK analysis]
四次挥手
1643 11.867252 192.168.3.3 13.107.42.16 TCP 54 7604 → 443 [FIN, ACK] Seq=1257 Ack=6478 Win=65536 Len=0
1687 11.972017 13.107.42.16 192.168.3.3 TCP 60 443 → 7604 [ACK] Seq=6478 Ack=1258 Win=523776 Len=0
1688 11.972263 13.107.42.16 192.168.3.3 TCP 60 443 → 7604 [FIN, ACK] Seq=6478 Ack=1258 Win=523776 Len=0
1689 11.972320 192.168.3.3 13.107.42.16 TCP 54 7604 → 443 [ACK] Seq=1258 Ack=6479 Win=65536 Len=0
- 客户端FIN/ACK包
Transmission Control Protocol, Src Port: 7604, Dst Port: 443, Seq: 1257, Ack: 6478, Len: 0
Source Port: 7604
Destination Port: 443
[Stream index: 11]
[Conversation completeness: Complete, WITH_DATA (31)]
[TCP Segment Len: 0]
Sequence Number: 1257 (relative sequence number)
Sequence Number (raw): 1360223914
[Next Sequence Number: 1258 (relative sequence number)]
Acknowledgment Number: 6478 (relative ack number)
Acknowledgment number (raw): 1748635812
0101 .... = Header Length: 20 bytes (5)
Flags: 0x011 (FIN, ACK)
000. .... .... = Reserved: Not set
...0 .... .... = Nonce: Not set
.... 0... .... = Congestion Window Reduced (CWR): Not set
.... .0.. .... = ECN-Echo: Not set
.... ..0. .... = Urgent: Not set
.... ...1 .... = Acknowledgment: Set
.... .... 0... = Push: Not set
.... .... .0.. = Reset: Not set
.... .... ..0. = Syn: Not set
.... .... ...1 = Fin: Set
[TCP Flags: ·······A···F]
Window: 256
[Calculated window size: 65536]
[Window size scaling factor: 256]
Checksum: 0x6ba2 [unverified]
[Checksum Status: Unverified]
Urgent Pointer: 0
[Timestamps]
[Time since first frame in this TCP stream: 8.136181000 seconds]
[Time since previous frame in this TCP stream: 7.480645000 seconds]
- 服务器ACK包回复
Transmission Control Protocol, Src Port: 443, Dst Port: 7604, Seq: 6478, Ack: 1258, Len: 0
Source Port: 443
Destination Port: 7604
[Stream index: 11]
[Conversation completeness: Complete, WITH_DATA (31)]
[TCP Segment Len: 0]
Sequence Number: 6478 (relative sequence number)
Sequence Number (raw): 1748635812
[Next Sequence Number: 6478 (relative sequence number)]
Acknowledgment Number: 1258 (relative ack number)
Acknowledgment number (raw): 1360223915
0101 .... = Header Length: 20 bytes (5)
Flags: 0x010 (ACK)
000. .... .... = Reserved: Not set
...0 .... .... = Nonce: Not set
.... 0... .... = Congestion Window Reduced (CWR): Not set
.... .0.. .... = ECN-Echo: Not set
.... ..0. .... = Urgent: Not set
.... ...1 .... = Acknowledgment: Set
.... .... 0... = Push: Not set
.... .... .0.. = Reset: Not set
.... .... ..0. = Syn: Not set
.... .... ...0 = Fin: Not set
[TCP Flags: ·······A····]
Window: 2046
[Calculated window size: 523776]
[Window size scaling factor: 256]
Checksum: 0x64a4 [unverified]
[Checksum Status: Unverified]
Urgent Pointer: 0
[Timestamps]
[Time since first frame in this TCP stream: 8.240946000 seconds]
[Time since previous frame in this TCP stream: 0.104765000 seconds]
[SEQ/ACK analysis]
- 服务器FIN/ACK包
Transmission Control Protocol, Src Port: 443, Dst Port: 7604, Seq: 6478, Ack: 1258, Len: 0
Source Port: 443
Destination Port: 7604
[Stream index: 11]
[Conversation completeness: Complete, WITH_DATA (31)]
[TCP Segment Len: 0]
Sequence Number: 6478 (relative sequence number)
Sequence Number (raw): 1748635812
[Next Sequence Number: 6479 (relative sequence number)]
Acknowledgment Number: 1258 (relative ack number)
Acknowledgment number (raw): 1360223915
0101 .... = Header Length: 20 bytes (5)
Flags: 0x011 (FIN, ACK)
000. .... .... = Reserved: Not set
...0 .... .... = Nonce: Not set
.... 0... .... = Congestion Window Reduced (CWR): Not set
.... .0.. .... = ECN-Echo: Not set
.... ..0. .... = Urgent: Not set
.... ...1 .... = Acknowledgment: Set
.... .... 0... = Push: Not set
.... .... .0.. = Reset: Not set
.... .... ..0. = Syn: Not set
.... .... ...1 = Fin: Set
[TCP Flags: ·······A···F]
Window: 2046
[Calculated window size: 523776]
[Window size scaling factor: 256]
Checksum: 0x64a3 [unverified]
[Checksum Status: Unverified]
Urgent Pointer: 0
[Timestamps]
[Time since first frame in this TCP stream: 8.241192000 seconds]
[Time since previous frame in this TCP stream: 0.000246000 seconds]
- 客户端ACK回复包
Transmission Control Protocol, Src Port: 7604, Dst Port: 443, Seq: 1258, Ack: 6479, Len: 0
Source Port: 7604
Destination Port: 443
[Stream index: 11]
[Conversation completeness: Complete, WITH_DATA (31)]
[TCP Segment Len: 0]
Sequence Number: 1258 (relative sequence number)
Sequence Number (raw): 1360223915
[Next Sequence Number: 1258 (relative sequence number)]
Acknowledgment Number: 6479 (relative ack number)
Acknowledgment number (raw): 1748635813
0101 .... = Header Length: 20 bytes (5)
Flags: 0x010 (ACK)
000. .... .... = Reserved: Not set
...0 .... .... = Nonce: Not set
.... 0... .... = Congestion Window Reduced (CWR): Not set
.... .0.. .... = ECN-Echo: Not set
.... ..0. .... = Urgent: Not set
.... ...1 .... = Acknowledgment: Set
.... .... 0... = Push: Not set
.... .... .0.. = Reset: Not set
.... .... ..0. = Syn: Not set
.... .... ...0 = Fin: Not set
[TCP Flags: ·······A····]
Window: 256
[Calculated window size: 65536]
[Window size scaling factor: 256]
Checksum: 0x6ba1 [unverified]
[Checksum Status: Unverified]
Urgent Pointer: 0
[Timestamps]
[Time since first frame in this TCP stream: 8.241249000 seconds]
[Time since previous frame in this TCP stream: 0.000057000 seconds]
[SEQ/ACK analysis]
可靠传输(序列号SEQ+确认号ACK+重传算法)
流量控制(滑动窗口)
Transmission Control Protocol, Src Port: 23, Dst Port: 10625, Seq: 274, Ack: 10, Len: 8
Source Port: 23
Destination Port: 10625
[Stream index: 0]
[Conversation completeness: Incomplete (28)]
[TCP Segment Len: 8]
Sequence Number: 274 (relative sequence number)
Sequence Number (raw): 1747108158
[Next Sequence Number: 282 (relative sequence number)]
Acknowledgment Number: 10 (relative ack number)
Acknowledgment number (raw): 1150149929
0101 .... = Header Length: 20 bytes (5)
Flags: 0x018 (PSH, ACK)**Window: 33182 # 窗口大小 [Calculated window size: 33182] [Window size scaling factor: -1 (unknown)]** Checksum: 0x3c66 [unverified] [Checksum Status: Unverified] Urgent Pointer: 0 [Timestamps] [SEQ/ACK analysis] TCP payload (8 bytes)
多路复用(套接字socket、会话session、五元组)
- TCP通过端口或套接字(IP+port)实现多路复用
- 源目IP + 源目port + 协议号 ==> 五元组
- IP + Port ==> socket
- 1对socket构成一个会话
示例图:
基于TCP的应用层端口
- HTTP/80
- HTTPS/443
- FTP/20/21
- SSH/22
- TELNET/23
- SMTP/POP 25/110
#UDP#协议
定义
实现面向无连接的不可靠协议,传输层协议.
特征
-
数据包结构非常简洁
-
处理速度快
-
实时交互(社交软件,视频流,实时交互协议)
1-1023为知名端口号范围
User Datagram Protocol, Src Port: 54963, Dst Port: 8000
Source Port: 54963 # 源端口 一般属于随机高端口
Destination Port: 8000 # 目标端口 属于固定知名端口
Length: 52
Checksum: 0xceba [unverified]
[Checksum Status: Unverified]
[Stream index: 24]
[Timestamps]
[Time since first frame: 0.000000000 seconds]
[Time since previous frame: 0.000000000 seconds]
UDP payload (44 bytes)
基于UDP开发的应用、协议
DHCP,DNS,OICQ,TFTP
#DHCP#
DHCP动态主机配置协议,用于实现对终端设备的动态IP信息分布;DHCP的源目端口都固定,客户端口号为68,服务器端为67。
请求原理:
为什么需要4个包来获取地址,而不是2个包?
2个包无法解决多服务器环境下地址浪费/冲突问题
DHCP Discover包
Dynamic Host Configuration Protocol (Discover)
Message type: Boot Request (1)
Hardware type: Ethernet (0x01)
Hardware address length: 6
Hops: 0
Transaction ID: 0x1ff16b34
Seconds elapsed: 0
Bootp flags: 0x0000 (Unicast)
0... .... .... .... = Broadcast flag: Unicast
.000 0000 0000 0000 = Reserved flags: 0x0000
Client IP address: 0.0.0.0
Your (client) IP address: 0.0.0.0
Next server IP address: 0.0.0.0
Relay agent IP address: 0.0.0.0
Client MAC address: 1a:09:45:75:2f:07 (1a:09:45:75:2f:07)
Client hardware address padding: 00000000000000000000
Server host name not given
Boot file name not given
Magic cookie: DHCP
Option: (53) DHCP Message Type (Discover)
Length: 1
DHCP: Discover (1)
Option: (61) Client identifier
Length: 7
Hardware type: Ethernet (0x01)
Client MAC address: 1a:09:45:75:2f:07 (1a:09:45:75:2f:07)
Option: (50) Requested IP Address (192.168.3.3)
Length: 4
Requested IP Address: 192.168.3.3
Option: (12) Host Name
Length: 8
Host Name: ��������
Option: (60) Vendor class identifier
Length: 8
Vendor class identifier: MSFT 5.0
Option: (55) Parameter Request List
Length: 14
Parameter Request List Item: (1) Subnet Mask
Parameter Request List Item: (3) Router
Parameter Request List Item: (6) Domain Name Server
Parameter Request List Item: (15) Domain Name
Parameter Request List Item: (31) Perform Router Discover
Parameter Request List Item: (33) Static Route
Parameter Request List Item: (43) Vendor-Specific Information
Parameter Request List Item: (44) NetBIOS over TCP/IP Name Server
Parameter Request List Item: (46) NetBIOS over TCP/IP Node Type
Parameter Request List Item: (47) NetBIOS over TCP/IP Scope
Parameter Request List Item: (119) Domain Search
Parameter Request List Item: (121) Classless Static Route
Parameter Request List Item: (249) Private/Classless Static Route (Microsoft)
Parameter Request List Item: (252) Private/Proxy autodiscovery
Option: (255) End
Option End: 255
Padding: 0000000000
DHCP Offer包
Dynamic Host Configuration Protocol (Offer)
Message type: Boot Reply (2)
Hardware type: Ethernet (0x01)
Hardware address length: 6
Hops: 0
Transaction ID: 0x1ff16b34
Seconds elapsed: 0
Bootp flags: 0x0000 (Unicast)
0... .... .... .... = Broadcast flag: Unicast
.000 0000 0000 0000 = Reserved flags: 0x0000
Client IP address: 0.0.0.0
Your (client) IP address: 192.168.3.3
Next server IP address: 0.0.0.0
Relay agent IP address: 0.0.0.0
Client MAC address: 1a:09:45:75:2f:07 (1a:09:45:75:2f:07)
Client hardware address padding: 00000000000000000000
Server host name not given
Boot file name not given
Magic cookie: DHCP
Option: (53) DHCP Message Type (Offer)
Length: 1
DHCP: Offer (2)
Option: (54) DHCP Server Identifier (192.168.3.1)
Length: 4
DHCP Server Identifier: 192.168.3.1
Option: (51) IP Address Lease Time
Length: 4
IP Address Lease Time: (86400s) 1 day
Option: (58) Renewal Time Value
Length: 4
Renewal Time Value: (43200s) 12 hours
Option: (59) Rebinding Time Value
Length: 4
Rebinding Time Value: (75600s) 21 hours
Option: (1) Subnet Mask (255.255.255.0)
Length: 4
Subnet Mask: 255.255.255.0
Option: (3) Router
Length: 4
Router: 192.168.3.1
Option: (6) Domain Name Server
Length: 4
Domain Name Server: 192.168.3.1
Option: (255) End
Option End: 255
DHCP Request包
Dynamic Host Configuration Protocol (Request)
Message type: Boot Request (1)
Hardware type: Ethernet (0x01)
Hardware address length: 6
Hops: 0
Transaction ID: 0x1ff16b34
Seconds elapsed: 0
Bootp flags: 0x0000 (Unicast)
0... .... .... .... = Broadcast flag: Unicast
.000 0000 0000 0000 = Reserved flags: 0x0000
Client IP address: 0.0.0.0
Your (client) IP address: 0.0.0.0
Next server IP address: 0.0.0.0
Relay agent IP address: 0.0.0.0
Client MAC address: 1a:09:45:75:2f:07 (1a:09:45:75:2f:07)
Client hardware address padding: 00000000000000000000
Server host name not given
Boot file name not given
Magic cookie: DHCP
Option: (53) DHCP Message Type (Request)
Length: 1
DHCP: Request (3)
Option: (61) Client identifier
Length: 7
Hardware type: Ethernet (0x01)
Client MAC address: 1a:09:45:75:2f:07 (1a:09:45:75:2f:07)
Option: (50) Requested IP Address (192.168.3.3)
Length: 4
Requested IP Address: 192.168.3.3
Option: (54) DHCP Server Identifier (192.168.3.1)
Length: 4
DHCP Server Identifier: 192.168.3.1
Option: (12) Host Name
Length: 8
Host Name: ��������
Option: (81) Client Fully Qualified Domain Name
Length: 11
Flags: 0x00
A-RR result: 0
PTR-RR result: 0
Client name: ��������
Option: (60) Vendor class identifier
Length: 8
Vendor class identifier: MSFT 5.0
Option: (55) Parameter Request List
Length: 14
Parameter Request List Item: (1) Subnet Mask
Parameter Request List Item: (3) Router
Parameter Request List Item: (6) Domain Name Server
Parameter Request List Item: (15) Domain Name
Parameter Request List Item: (31) Perform Router Discover
Parameter Request List Item: (33) Static Route
Parameter Request List Item: (43) Vendor-Specific Information
Parameter Request List Item: (44) NetBIOS over TCP/IP Name Server
Parameter Request List Item: (46) NetBIOS over TCP/IP Node Type
Parameter Request List Item: (47) NetBIOS over TCP/IP Scope
Parameter Request List Item: (119) Domain Search
Parameter Request List Item: (121) Classless Static Route
Parameter Request List Item: (249) Private/Classless Static Route (Microsoft)
Parameter Request List Item: (252) Private/Proxy autodiscovery
Option: (255) End
Option End: 255
DHCP ACK包
Dynamic Host Configuration Protocol (ACK)
Message type: Boot Reply (2)
Hardware type: Ethernet (0x01)
Hardware address length: 6
Hops: 0
Transaction ID: 0x1ff16b34
Seconds elapsed: 0
Bootp flags: 0x0000 (Unicast)
0... .... .... .... = Broadcast flag: Unicast
.000 0000 0000 0000 = Reserved flags: 0x0000
Client IP address: 0.0.0.0
Your (client) IP address: 192.168.3.3
Next server IP address: 0.0.0.0
Relay agent IP address: 0.0.0.0
Client MAC address: 1a:09:45:75:2f:07 (1a:09:45:75:2f:07)
Client hardware address padding: 00000000000000000000
Server host name not given
Boot file name not given
Magic cookie: DHCP
Option: (53) DHCP Message Type (ACK)
Length: 1
DHCP: ACK (5)
Option: (54) DHCP Server Identifier (192.168.3.1)
Length: 4
DHCP Server Identifier: 192.168.3.1
Option: (51) IP Address Lease Time
Length: 4
IP Address Lease Time: (86400s) 1 day
Option: (58) Renewal Time Value
Length: 4
Renewal Time Value: (43200s) 12 hours
Option: (59) Rebinding Time Value
Length: 4
Rebinding Time Value: (75600s) 21 hours
Option: (1) Subnet Mask (255.255.255.0)
Length: 4
Subnet Mask: 255.255.255.0
Option: (3) Router
Length: 4
Router: 192.168.3.1
Option: (6) Domain Name Server
Length: 4
Domain Name Server: 192.168.3.1
Option: (255) End
Option End: 255
#DNS#
DNS域名解析协议基于UDP端口号:53
19480 1994.888910 192.168.3.3 192.168.3.1 DNS 69 Standard query 0xbbb6 A zhihu.com
# 请求包
19481 1994.934082 192.168.3.1 192.168.3.3 DNS 85 Standard query response 0xbbb6 A zhihu.com A 103.41.167.234
# 回复包
Domain Name System (query) # DNS 请求包
Transaction ID: 0xbbb6
Flags: 0x0100 Standard query
Questions: 1
Answer RRs: 0
Authority RRs: 0
Additional RRs: 0
Queries
zhihu.com: type A, class IN # 请求包信息
[Response In: 19481]
Domain Name System (response) # DNS 回复包
Transaction ID: 0xbbb6
Flags: 0x8180 Standard query response, No error
Questions: 1
Answer RRs: 1
Authority RRs: 0
Additional RRs: 0
Queries
zhihu.com: type A, class IN # 请求信息
Answers
zhihu.com: type A, class IN, addr 103.41.167.234 # 回答
[Request In: 19480]
[Time: 0.045172000 seconds]
局域网验证
Notice:
- 先验证后获取IP地址
- 一般基于二层验证,802.1X和AAA技术实现
分类:
计算机网络
【推荐】国内首个AI IDE,深度理解中文开发场景,立即下载体验Trae
【推荐】编程新体验,更懂你的AI,立即体验豆包MarsCode编程助手
【推荐】抖音旗下AI助手豆包,你的智能百科全书,全免费不限次数
【推荐】轻量又高性能的 SSH 工具 IShell:AI 加持,快人一步
· 地球OL攻略 —— 某应届生求职总结
· 周边上新:园子的第一款马克杯温暖上架
· Open-Sora 2.0 重磅开源!
· 提示词工程——AI应用必不可少的技术
· .NET周刊【3月第1期 2025-03-02】