Esercitazione Wireshark2021

NO.
Domanda Frame Risposta
1 frame della ritrasmissione dei pacchetti

55 336 55
2 SOA di Intel.com
236 Log akamoi.net
3 frame della reply ARP
2
4 peso del .png
9 Impossibile
55
5 Round Trip Time della ritrasmissione
0,045405000seconds
3 128
6 TTL a inizio connessione TCP
7 protocollo di trasporto del frame 9

9 TCP
10
8 Payload di HTTP/1.1 200 OK
9 lunghezza in byte della risposta DNS

13
236 299 bute
10 indirizzo MAC dell’IP 192.168.0.20
235 impossibile
11 frame ping request
152 il 07002
12 MSS della seconda fase di connessione TCP
4 1460
13 ack number dell’inizio della connessione sicura
14 Porta lato destinatario della chiamata DNS

40 O
235 53
2732
15 porta sorgente del frame per ottenere un’immagine
9
16 Payload del ping di risposta
153 32
Mss us sack
17 opzioni attive all’inizio connessione sicura
40
18 porta sorgente della connessione TCP
3 2427
19 Lunghezza degli header TCP della prima fase di
20
connessione TCP
Tempo di risposta della ping reply

3 abyte
153 01363ns
40
21 frame di inizio connessione sicura
40
40 528 bates
22 Lunghezza in bit dell’inizio connessione sicura
23 Indirizzo MAC di 192.168.75.132

2 00 00 29 01 21 03
24 Destinatario della seconda fase di connessione
TCP
4 192.168.75.1
25 Dimensione della finestra dell’inizio della
connessione sicura 60 8192
No. Time Source Destination Protocol Lenght Info
1 0.000000 VMware_c0:00:08 Broadcast ARP 42 Who has 192.168.75.132? Tell
192.168.75.1
Frame 1: 42 bytes on wire (336 bits), 42 bytes captured (336 bits)

Ethernet II, Src: VMware_c0:00:08 (00:50:56:c0:00:08), Dst: Broadcast (ff:ff:ff:ff:ff:ff)
Address Resolution Protocol (request)

2 0.000339 VMware_0f:71:a3 VMware_c0:00:08 ARP 42 192.168.75.132 is at
00:0c:29:0f:71:a3

Ethernet II, Src: VMware_0f:71:a3 (00:0c:29:0f:71:a3), Dst: VMware_c0:00:08 (00:50:56:c0:00:08)
Address Resolution Protocol (reply)

3 0.000362 192.168.75.1 192.168.75.132 TCP 74 2427 → 80 [SYN] Seq=0 Win=8192
Len=0 MSS=1460 WS=4 SACK_PERM=1 TSval=344415 TSecr=0

Encapsulation type: Ethernet (1)
Arrival Time: Jan 2, 2010 23:33:05.061831000 ora solare Europa occidentale
[Time shift for this packet: 0.000000000 seconds]
Epoch Time: 1262471585.061831000 seconds
[Time delta from previous captured frame: 0.000023000 seconds]
[Time delta from previous displayed frame: 0.000023000 seconds]
[Time since reference or first frame: 0.000362000 seconds]
Frame Number: 3
Frame Length: 74 bytes (592 bits)
Capture Length: 74 bytes (592 bits)
[Frame is marked: False]
[Frame is ignored: False]
[Protocols in frame: eth:ethertype:ip:tcp]
[Coloring Rule Name: HTTP]
[Coloring Rule String: http || tcp.port == 80 || http2]
Ethernet II, Src: VMware_c0:00:08 (00:50:56:c0:00:08), Dst: VMware_0f:71:a3 (00:0c:29:0f:71:a3)
Internet Protocol Version 4, Src: 192.168.75.1, Dst: 192.168.75.132
0100 .... = Version: 4
.... 0101 = Header Length: 20 bytes (5)
Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT)
Total Length: 60
Identification: 0x011c (284)
Flags: 0x40, Don't fragment
Fragment Offset: 0
Time to Live: 128
Protocol: TCP (6)
Header Checksum: 0xe1c9 [validation disabled]
[Header checksum status: Unverified]
Source Address: 192.168.75.1
Destination Address: 192.168.75.132
Transmission Control Protocol, Src Port: 2427, Dst Port: 80, Seq: 0, Len: 0
Source Port: 2427
Destination Port: 80
[Stream index: 0]
[TCP Segment Len: 0]
Sequence Number: 0 (relative sequence number)
Sequence Number (raw): 1625193373
[Next Sequence Number: 1 (relative sequence number)]
Acknowledgment Number: 0
Acknowledgment number (raw): 0
1010 .... = Header Length: 40 bytes (10)
Flags: 0x002 (SYN)
000. .... .... = Reserved: Not set
...0 .... .... = Nonce: Not set
.... 0... .... = Congestion Window Reduced (CWR): Not set
.... .0.. .... = ECN-Echo: Not set
.... ..0. .... = Urgent: Not set
.... ...0 .... = Acknowledgment: Not set
.... .... 0... = Push: Not set
.... .... .0.. = Reset: Not set
.... .... ..1. = Syn: Set
.... .... ...0 = Fin: Not set
[TCP Flags: ··········S·]
Window: 8192
[Calculated window size: 8192]
Checksum: 0xe883 [unverified]
[Checksum Status: Unverified]
Urgent Pointer: 0
Options: (20 bytes), Maximum segment size, No-Operation (NOP), Window scale, SACK permitted,
Timestamps
TCP Option - Maximum segment size: 1460 bytes
TCP Option - No-Operation (NOP)
TCP Option - Window scale: 2 (multiply by 4)
TCP Option - SACK permitted
TCP Option - Timestamps: TSval 344415, TSecr 0
[Timestamps]
[Time since first frame in this TCP stream: 0.000000000 seconds]
[Time since previous frame in this TCP stream: 0.000000000 seconds]

4 0.000602 192.168.75.132 192.168.75.1 TCP 78 80 → 2427 [SYN, ACK] Seq=0 Ack=1
Win=64240 Len=0 MSS=1460 WS=1 TSval=0 TSecr=0 SACK_PERM=1

Frame Number: 4
0100 .... = Version: 4
Total Length: 64
Identification: 0x0130 (304)
Flags: 0x00
Fragment Offset: 0
Time to Live: 128
Protocol: TCP (6)
Header Checksum: 0x21b2 [validation disabled]
Transmission Control Protocol, Src Port: 80, Dst Port: 2427, Seq: 0, Ack: 1, Len: 0
Source Port: 80
[Stream index: 0]
Acknowledgment Number: 1 (relative ack number)
Flags: 0x012 (SYN, ACK)
...0 .... .... = Nonce: Not set
.... .0.. .... = ECN-Echo: Not set
.... ..0. .... = Urgent: Not set
.... ...1 .... = Acknowledgment: Set
.... .... 0... = Push: Not set
.... .... .0.. = Reset: Not set
.... .... ..1. = Syn: Set
.... .... ...0 = Fin: Not set
[TCP Flags: ·······A··S·]
Window: 64240
Checksum: 0x2cf8 [unverified]
Urgent Pointer: 0
Options: (24 bytes), Maximum segment size, No-Operation (NOP), Window scale, No-Operation
(NOP), No-Operation (NOP), Timestamps, No-Operation (NOP), No-Operation (NOP), SACK permitted
TCP Option - Maximum segment size: 1460 bytes
TCP Option - Window scale: 0 (multiply by 1)
TCP Option - SACK permitted
[SEQ/ACK analysis]
[Timestamps]

5 0.000681 192.168.75.1 192.168.75.132 TCP 66 2427 → 80 [ACK] Seq=1 Ack=1
Win=66608 Len=0 TSval=344415 TSecr=0

Frame Number: 5
0100 .... = Version: 4
Total Length: 52
Identification: 0x011d (285)
Fragment Offset: 0
Time to Live: 128
Protocol: TCP (6)
Header Checksum: 0xe1d0 [validation disabled]
Source Port: 2427
[Stream index: 0]
Flags: 0x010 (ACK)
...0 .... .... = Nonce: Not set
.... .0.. .... = ECN-Echo: Not set
.... ..0. .... = Urgent: Not set
.... .... 0... = Push: Not set
.... .... .0.. = Reset: Not set
.... .... ..0. = Syn: Not set
.... .... ...0 = Fin: Not set
[TCP Flags: ·······A····]
Window: 16652
[Window size scaling factor: 4]
Checksum: 0xe643 [unverified]
Urgent Pointer: 0
Options: (12 bytes), No-Operation (NOP), No-Operation (NOP), Timestamps
[SEQ/ACK analysis]
[Timestamps]

9 0.025061 192.168.47.171 176.255.203.40 HTTP 377 GET
/h4base/0.209.1/img/apple-touch-icon.png HTTP/1.1
Ethernet II, Src: VMware_1d:b3:b1 (00:0c:29:1d:b3:b1), Dst: VMware_fd:2f:16 (00:50:56:fd:2f:16)
Hypertext Transfer Protocol

10 0.056010 192.168.75.132 192.168.75.1 HTTP 79 HTTP/1.1 200 OK (text/html)
Frame Number: 10
[Protocols in frame: eth:ethertype:ip:tcp:http:data-text-lines]
0100 .... = Version: 4
Total Length: 65
Identification: 0x0133 (307)
Fragment Offset: 0
Time to Live: 128
Protocol: TCP (6)
Header Checksum: 0xe1ad [validation disabled]
Source Port: 80
[Stream index: 0]
Flags: 0x018 (PSH, ACK)
...0 .... .... = Nonce: Not set
.... .0.. .... = ECN-Echo: Not set
.... ..0. .... = Urgent: Not set
.... .... 1... = Push: Set
.... .... .0.. = Reset: Not set
.... .... ..0. = Syn: Not set
.... .... ...0 = Fin: Not set
[TCP Flags: ·······AP···]
Window: 63831
[Window size scaling factor: 1]
Checksum: 0x1ebb [unverified]
Urgent Pointer: 0
Options: (12 bytes), No-Operation (NOP), No-Operation (NOP), Timestamps
[SEQ/ACK analysis]
[iRTT: 0.000319000 seconds]
[Bytes in flight: 13]
[Bytes sent since last PSH flag: 2909]
[Timestamps]
TCP payload (13 bytes)
TCP segment data (13 bytes)
[3 Reassembled TCP Segments (2909 bytes): #7(1448), #8(1448), #10(13)]
Hypertext Transfer Protocol
HTTP/1.1 200 OK\r\n
Content-Length: 2606\r\n
Content-Type: text/html\r\n
Content-Location: http://192.168.75.132/iisstart.htm\r\n
Last-Modified: Sun, 13 Dec 2009 15:16:14 GMT\r\n
Accept-Ranges: bytes\r\n
ETag: "fc31243677cca1:745"\r\n
Server: Microsoft-IIS/6.0\r\n
X-Powered-By: ASP.NET\r\n
Date: Sat, 02 Jan 2010 22:33:01 GMT\r\n
\r\n
[HTTP response 1/3]
[Time since request: 0.055175000 seconds]
[Request in frame: 6]
[Next request in frame: 11]
[Next response in frame: 25]
[Request URI: http://192.168.75.132/2.css]
File Data: 2606 bytes
Line-based text data: text/html (81 lines)

40 0.503209 172.16.121.155 87.106.189.123 TCP 66 3924 → 443 [SYN] Seq=0
Win=8192 Len=0 MSS=1460 WS=4 SACK_PERM=1
Arrival Time: Oct 20, 2015 09:09:33.614399000 ora legale Europa occidentale
Frame Number: 40
[Coloring Rule Name: TCP SYN/FIN]
[Coloring Rule String: tcp.flags & 0x02 || tcp.flags.fin == 1]
Ethernet II, Src: VMware_9d:b9:d0 (00:0c:29:9d:b9:d0), Dst: VMware_e5:80:5b (00:50:56:e5:80:5b)
0100 .... = Version: 4
Total Length: 52
Identification: 0x26db (9947)
Fragment Offset: 0
Time to Live: 128
Protocol: TCP (6)
Header Checksum: 0x0000 [validation disabled]
Transmission Control Protocol, Src Port: 3924, Dst Port: 443, Seq: 0, Len: 0
Source Port: 3924
[Stream index: 5]
Acknowledgment Number: 0
Flags: 0x002 (SYN)
...0 .... .... = Nonce: Not set
.... .0.. .... = ECN-Echo: Not set
.... ..0. .... = Urgent: Not set
.... ...0 .... = Acknowledgment: Not set
.... .... 0... = Push: Not set
.... .... .0.. = Reset: Not set
.... .... ..1. = Syn: Set
.... .... ...0 = Fin: Not set
[TCP Flags: ··········S·]
Window: 8192
Checksum: 0x3ab8 [unverified]
Urgent Pointer: 0
Options: (12 bytes), Maximum segment size, No-Operation (NOP), Window scale, No-Operation
(NOP), No-Operation (NOP), SACK permitted
[Timestamps]

41 0.555247 87.106.189.123 172.16.121.155 TCP 60 443 → 3924 [SYN, ACK]
Seq=0 Ack=1 Win=64240 Len=0 MSS=1460
Frame Number: 27
[Coloring Rule Name: TCP SYN/FIN]
[Coloring Rule String: tcp.flags & 0x02 || tcp.flags.fin == 1]
Ethernet II, Src: VMware_e5:80:5b (00:50:56:e5:80:5b), Dst: VMware_9d:b9:d0 (00:0c:29:9d:b9:d0)
0100 .... = Version: 4
Total Length: 44
Identification: 0xb6f9 (46841)
Flags: 0x00
Fragment Offset: 0
Time to Live: 128
Protocol: TCP (6)
Source Port: 443
[Stream index: 5]
Flags: 0x012 (SYN, ACK)
...0 .... .... = Nonce: Not set
.... .0.. .... = ECN-Echo: Not set
.... ..0. .... = Urgent: Not set
.... .... 0... = Push: Not set
.... .... .0.. = Reset: Not set
.... .... ..1. = Syn: Set
.... .... ...0 = Fin: Not set
[TCP Flags: ·······A··S·]
Window: 64240
Checksum: 0x0053 [unverified]
Urgent Pointer: 0
Options: (4 bytes), Maximum segment size
[SEQ/ACK analysis]
[This is an ACK to the segment in frame: 6]
[The RTT to ACK the segment was: 0.052038000 seconds]
[Timestamps]

42 0.555382 172.16.121.155 87.106.189.123 TCP 54 3924 → 443 [ACK] Seq=1
Ack=1 Win=64240 Len=0
Frame Number: 28
[Coloring Rule Name: TCP]
[Coloring Rule String: tcp]
Ethernet II, Src: VMware_9d:b9:d0 (00:0c:29:9d:b9:d0), Dst: VMware_e5:80:5b (00:50:56:e5:80:5b)
0100 .... = Version: 4
Total Length: 40
Identification: 0x26ff (9983)
Fragment Offset: 0
Time to Live: 128
Protocol: TCP (6)
Source Port: 3924
[Stream index: 5]
Flags: 0x010 (ACK)
...0 .... .... = Nonce: Not set
.... .0.. .... = ECN-Echo: Not set
.... ..0. .... = Urgent: Not set
.... .... 0... = Push: Not set
.... .... .0.. = Reset: Not set
.... .... ..0. = Syn: Not set
.... .... ...0 = Fin: Not set
[TCP Flags: ·······A····]
Window: 64240
[Window size scaling factor: -2 (no window scaling used)]
Checksum: 0x3aac [unverified]
Urgent Pointer: 0
[SEQ/ACK analysis]
[This is an ACK to the segment in frame: 27]
[The RTT to ACK the segment was: 0.000135000 seconds]
[Timestamps]

55 0.870524 87.106.189.123 172.16.121.155 TCP 571 [TCP Retransmission] 443 →
3923 [PSH, ACK] Seq=3058 Ack=794 Win=64240 Len=517
Frame Number: 55
[Coloring Rule Name: Bad TCP]
[Coloring Rule String: tcp.analysis.flags && !tcp.analysis.window_update &&
!tcp.analysis.keep_alive && !tcp.analysis.keep_alive_ack]
Ethernet II, Src: VMware_e5:80:5b (00:50:56:e5:80:5b), Dst: VMware_9d:b9:d0 (00:0c:29:9d:b9:d0)
0100 .... = Version: 4
Total Length: 557
Identification: 0xb72c (46892)
Flags: 0x00
Fragment Offset: 0
Time to Live: 128
Protocol: TCP (6)
Header Checksum: 0x470d [validation disabled]
Source Port: 443
[Stream index: 4]
Flags: 0x018 (PSH, ACK)
...0 .... .... = Nonce: Not set
.... .0.. .... = ECN-Echo: Not set
.... ..0. .... = Urgent: Not set
.... .... 1... = Push: Set
.... .... .0.. = Reset: Not set
.... .... ..0. = Syn: Not set
.... .... ...0 = Fin: Not set
[TCP Flags: ·······AP···]
Window: 64240
[Window size scaling factor: -2 (no window scaling used)]
Checksum: 0x7374 [unverified]
Urgent Pointer: 0
[SEQ/ACK analysis]
[Bytes in flight: 517]
[Bytes sent since last PSH flag: 517]
[TCP Analysis Flags]
[Timestamps]
TCP payload (517 bytes)
Retransmitted TCP segment data (517 bytes)

152 13.706916 192.168.75.1 192.168.75.132 ICMP 74 Echo (ping) request id=0x0001,
seq=17/4352, ttl=128 (reply in 11)
Frame Number: 152
[Protocols in frame: eth:ethertype:ip:icmp:data]
[Coloring Rule Name: ICMP]
[Coloring Rule String: icmp || icmpv6]
Internet Control Message Protocol
Type: 8 (Echo (ping) request)
Code: 0
Checksum: 0x4d4a [correct]
[Checksum Status: Good]
Identifier (BE): 1 (0x0001)
Identifier (LE): 256 (0x0100)
Sequence Number (BE): 17 (0x0011)
Sequence Number (LE): 4352 (0x1100)
[Response frame: 153]
Data (32 bytes)
Data: 6162636465666768696a6b6c6d6e6f7071727374757677616263646566676869
[Length: 32]

153 13.707279 192.168.75.132 192.168.75.1 ICMP 74 Echo (ping) reply id=0x0001,
seq=17/4352, ttl=128 (request in 10)
Frame Number: 153
[Protocols in frame: eth:ethertype:ip:icmp:data]
[Coloring Rule Name: ICMP]
[Coloring Rule String: icmp || icmpv6]
Internet Control Message Protocol
Type: 0 (Echo (ping) reply)
Code: 0
Checksum: 0x554a [correct]
[Checksum Status: Good]
Identifier (BE): 1 (0x0001)
Identifier (LE): 256 (0x0100)
Sequence Number (BE): 17 (0x0011)
Sequence Number (LE): 4352 (0x1100)
[Request frame: 152]
[Response time: 0.363 ms]
Data (32 bytes)
Data: 6162636465666768696a6b6c6d6e6f7071727374757677616263646566676869
[Length: 32]

235 20.141944 192.168.0.20 192.168.0.1 DNS 73 Standard query 0x0003 AAAA
www.intel.com
Ethernet II, Src: IntelCor_4f:30:1d (00:1f:3c:4f:30:1d), Dst: Netgear_b0:d6:8c (00:18:4d:b0:d6:8c)
User Datagram Protocol, Src Port: 63228, Dst Port: 53
Domain Name System (query)

236 20.242609 192.168.0.1 192.168.0.20 DNS 299 Standard query response 0x0003 AAAA
www.intel.com CNAME www.intel.com.edgesuite.net CNAME www.intel-sino.com.edgesuite.net CNAME
www.intel-sino.com.edgesuite.net.chinaredirector.akadns.net CNAME a961.g.akamai.net SOA
n0g.akamai.net
Ethernet II, Src: Netgear_b0:d6:8c (00:18:4d:b0:d6:8c), Dst: IntelCor_4f:30:1d (00:1f:3c:4f:30:1d)
User Datagram Protocol, Src Port: 53, Dst Port: 63228
Domain Name System (response)

Esercitazione Wireshark2021

Caricato da

Informazioni sul documento

Titolo originale

Copyright

Formati disponibili

Condividi questo documento

Condividi o incorpora il documento

Opzioni di condivisione

Hai trovato utile questo documento?

Questo contenuto è inappropriato?

Copyright:

Formati disponibili

Esercitazione Wireshark2021

Caricato da

Copyright:

Formati disponibili

NO.

Domanda Frame Risposta

1 frame della ritrasmissione dei pacchetti

7 protocollo di trasporto del frame 9

9 lunghezza in byte della risposta DNS

14 Porta lato destinatario della chiamata DNS

Tempo di risposta della ping reply

23 Indirizzo MAC di 192.168.75.132

Frame 1: 42 bytes on wire (336 bits), 42 bytes captured (336 bits)

No. Time Source Destination Protocol Lenght Info

Frame 2: 42 bytes on wire (336 bits), 42 bytes captured (336 bits)

No. Time Source Destination Protocol Lenght Info

Frame 3: 74 bytes on wire (592 bits), 74 bytes captured (592 bits)

No. Time Source Destination Protocol Lenght Info

Frame 4: 78 bytes on wire (624 bits), 78 bytes captured (624 bits)

No. Time Source Destination Protocol Lenght Info

Frame 5: 66 bytes on wire (528 bits), 66 bytes captured (528 bits)

No. Time Source Destination Protocol Lenght Info

No. Time Source Destination Protocol Lenght Info

No. Time Source Destination Protocol Lenght Info

No. Time Source Destination Protocol Lenght Info

No. Time Source Destination Protocol Lenght Info

No. Time Source Destination Protocol Lenght Info

No. Time Source Destination Protocol Lenght Info

No. Time Source Destination Protocol Lenght Info

No. Time Source Destination Protocol Lenght Info

No. Time Source Destination Protocol Lenght Info

Potrebbero piacerti anche