这部分回顾Wireshark Lab1,该实验主要是对wireshark有个初步了解。

Wireshark Lab1: Getting Started

问题1

几种协议为:

  • UDP
  • DNS
  • TCP
  • HTTP

问题2

  • HTTP GET:2021-06-04 23:19:43.447449
  • HTTP OK:2021-06-04 23:19:43.702526

问题3

  • 本机:192.168.1.2
  • gaia.cs.umass.edu:128.119.245.12

问题4

windows版本的wireshark似乎有点问题,无法打印,解决方法为对packet header中项目展开,然后右键复制值。

HTTP GET:

Frame 135: 642 bytes on wire (5136 bits), 642 bytes captured (5136 bits) on interface \Device\NPF_{F753ABA9-3223-40A2-9A94-5A5372E5E576}, id 0
Ethernet II, Src: IntelCor_5e:46:e7 (48:a4:72:5e:46:e7), Dst: zte_e2:8c:68 (14:00:7d:e2:8c:68)
Internet Protocol Version 4, Src: 192.168.1.2, Dst: 128.119.245.12
Transmission Control Protocol, Src Port: 6721, Dst Port: 80, Seq: 1, Ack: 1, Len: 588
Hypertext Transfer Protocol
    GET /wireshark-labs/INTRO-wireshark-file1.html HTTP/1.1\r\n
    Host: gaia.cs.umass.edu\r\n
    Connection: keep-alive\r\n
    Cache-Control: max-age=0\r\n
    Upgrade-Insecure-Requests: 1\r\n
    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36\r\n
    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9\r\n
    Accept-Encoding: gzip, deflate\r\n
    Accept-Language: zh-CN,zh;q=0.9\r\n
    If-None-Match: "51-5c3ea63717c76"\r\n
    If-Modified-Since: Fri, 04 Jun 2021 05:59:01 GMT\r\n
    \r\n
    [Full request URI: http://gaia.cs.umass.edu/wireshark-labs/INTRO-wireshark-file1.html]
    [HTTP request 1/1]
    [Response in frame: 137]

HTTP OK:

Frame 146: 233 bytes on wire (1864 bits), 233 bytes captured (1864 bits) on interface \Device\NPF_{F753ABA9-3223-40A2-9A94-5A5372E5E576}, id 0
Ethernet II, Src: zte_e2:8c:68 (14:00:7d:e2:8c:68), Dst: IntelCor_5e:46:e7 (48:a4:72:5e:46:e7)
Internet Protocol Version 4, Src: 223.119.248.18, Dst: 192.168.1.2
Transmission Control Protocol, Src Port: 80, Dst Port: 6748, Seq: 1, Ack: 125, Len: 179
Hypertext Transfer Protocol
    HTTP/1.1 200 OK\r\n
    Content-Length: 14\r\n
    Date: Fri, 04 Jun 2021 16:05:24 GMT\r\n
    Connection: close\r\n
    Content-Type: text/plain\r\n
    Cache-Control: max-age=30, must-revalidate\r\n
    \r\n
    [HTTP response 1/1]
    [Time since request: 0.037543000 seconds]
    [Request in frame: 142]
    [Request URI: http://www.msftncsi.com/ncsi.txt]
    File Data: 14 bytes
Line-based text data: text/plain (1 lines)