常用網(wǎng)絡(luò)命令的使用及Wireshark 的簡單使用 目的：熟悉ping 、ipconfig 、netstat 、tracert 、arp 等命令的使用；了解真實環(huán)境下的網(wǎng)絡(luò)通信過程；Wireshark

常用網(wǎng)絡(luò)命令的使用及Wireshark 的簡單使用 目的：

熟悉ping 、ipconfig 、netstat 、tracert 、arp 等命令的使用；

了解真實環(huán)境下的網(wǎng)絡(luò)通信過程；

Wireshark 實驗工具安裝，以HTTP 協(xié)議為例簡單使用Wireshark 。

實驗步驟：

一．常用網(wǎng)絡(luò)命令的使用

1. ping 命令

ping 是一個測試程序，如果ping 運行正確，你大體上就可以排除網(wǎng)絡(luò)訪問層、網(wǎng)卡、modem 的輸入輸出線路、電纜和路由器等存在的故障，從而減小了問題的范圍。 基本用法： Ping IP 地址，如下：

使用ping 命令來查找問題所在或檢驗網(wǎng)絡(luò)運行情況的典型次序：

ping 127.0.0.1

ping 本機ip （斷掉網(wǎng)線后結(jié)果？）

ping 局域網(wǎng)內(nèi)其他ip

ping 網(wǎng)關(guān)ip

ping 遠程ip

Ping 域名

ping ip -t——連續(xù)對ip 地址執(zhí)行ping 命令，直到被用戶以ctrl c中斷。

ping ip -l 2000——指定ping 命令中的數(shù)據(jù)長度為2000字節(jié)，而不是缺省的32字節(jié)。 ping ip -n——執(zhí)行特定次數(shù)的ping 命令。

2. ipconfig 命令

該命令用于檢查網(wǎng)絡(luò)TCP/IP配置的信息, 如IP 地址、MAC 地址、DNS 等。

ipconfig 、ipconfig /all、ipconfig /renew、ipconfig /release等

3. netstat 命令

該命令用戶顯示各協(xié)議相關(guān)的統(tǒng)計及數(shù)據(jù)，一般用于檢查本地主機的各個端口的網(wǎng)絡(luò)連接情況。

不同種類：

netstat –r 顯示網(wǎng)絡(luò)各種通信協(xié)議的狀態(tài)

netstat –E 顯示以太網(wǎng)層的數(shù)據(jù)統(tǒng)計情況

netstat –A 顯示網(wǎng)絡(luò)中有效連接的信息

netstat –N 顯示所有已經(jīng)建立的連接

4. tracert 命令

該命令用于檢查由本地主機到目標主機所經(jīng)歷的路由信息。

5. arp 命令

arp 命令顯示和修改地址解析協(xié)議（ARP ）緩存中的項目。

二． W ireshark 的簡單使用

1. wireshark 下載安裝

軟件下載地址：https://www.wireshark.org/download.html Wireshark 使用教程： 安裝流程：

1. 下載時選擇與實驗機器型號對應(yīng)的版本

2. 打開wireshark 安裝程序

3. 按照默認設(shè)置完成安裝

2. Wireshark 的簡單使用： Http 協(xié)議分析（詳細流程見英文文檔：Wireshark_HTTP_v6.1.pdf）

在這部分中，我們將以Http 協(xié)議為例，學(xué)習(xí)掌握Wireshark 的簡單使用，探討HTTP 協(xié)議的幾個方面：基本/響應(yīng)交互，HTTP 消息格式，檢索大型HTML 文件，檢索HTML 文件嵌入對象，HTTP 身份驗證和安全。

過程和細節(jié)：

1. 基本的HTTP 請求/響應(yīng):

a. 啟動Web 瀏覽器;

b. 啟動Wireshark 的數(shù)據(jù)包嗅探器，然后輸入“http ”（不帶引號）;

c. 稍等片刻，然后開始捕獲Wireshark 的數(shù)據(jù)包;

d. 在瀏覽器輸入以下網(wǎng)址;

e. 停止Wireshark 捕獲數(shù)據(jù)包，wireshark 獲取數(shù)據(jù)如下圖：

2. HTTP 條件請求/響應(yīng)(file2)

a. 啟動網(wǎng)頁瀏覽器，并確保瀏覽器的緩存清零;

b. 啟動Wireshark 的數(shù)據(jù)包嗅探器;

c. 輸入以下網(wǎng)址到瀏覽器

d. 再次快速輸入相同的URL 到您的瀏覽器（或只需選擇瀏覽器上的刷新按鈕）: e. 停止Wireshark 的數(shù)據(jù)包捕獲，并在顯示過濾器規(guī)格窗口輸入“http ”。

3. 檢索長文檔(file3):

a. 啟動Web 瀏覽器，并確保瀏覽器的緩存清零;

b. 啟動Wireshark 的數(shù)據(jù)包嗅探器;

c. 輸入以下網(wǎng)址到瀏覽器

d. 停止Wireshark 的數(shù)據(jù)包捕獲，并在顯示過濾器規(guī)格窗口輸入“http ”，所以只捕

獲HTTP 信息將被顯示出來。

4. 嵌入對像的HTML 文檔(file4):

a. 啟動網(wǎng)頁瀏覽器，并確保瀏覽器的緩存清零;

b. 啟動Wireshark 的數(shù)據(jù)包嗅探器;

c. 輸入以下網(wǎng)址到瀏覽器

d. 停止Wireshark 捕獲數(shù)據(jù)包，并在顯示過濾器規(guī)格窗口輸入“http ”，以至于只顯

示捕獲的HTTP 信息。

5. HTTP 認證(file5)

a. 確保瀏覽器的緩存清零，并關(guān)閉瀏覽器。然后，啟動瀏覽器;

b. 啟動Wireshark 的數(shù)據(jù)包嗅探器;

c. 輸入以下網(wǎng)址到瀏覽器: 在彈出框鍵入要求的用戶名和密碼。用戶名是“wireshark-students ”，密碼為“network ”;

d. 停止Wireshark 的數(shù)據(jù)包捕獲，并在顯示過濾器窗口輸入“http ”，確保只有捕獲

的HTTP 消息在分組列表窗口顯示。

實驗結(jié)果檢查（實驗課結(jié)束前完成）：

1. 單獨演示常用網(wǎng)絡(luò)命令；

2. 檢查wireshark 安裝情況及基本操作；

3. 演示Http 協(xié)議抓包分析的操作流程；

4. 1人1組，上交實驗報告；

5. 實驗報告回答Http 協(xié)議指導(dǎo)書的問題（附件Wireshark_HTTP_v6.1.pd紅色標記）

附件：

Wireshark Lab: HTTP v6.1

Supplement to Computer Networking: A Top-Down

Approach, 6th ed., J.F. Kurose and K.W. Ross

“Tell me and I forget. Show me and I remember. Involve me

and I understand.” Chinese proverb

? 2005-21012, J.F Kurose and K.W. Ross, All Rights Reserved

Having gotten our feet wet with the Wireshark packet sniffer in the introductory lab, we’re now ready to use Wireshark to investigate protocols in operation. In this lab, we’ll explore several aspects of the HTTP protocol: the basic GET/response interaction, HTTP message formats, retrieving large HTML files, retrieving HTML files with embedded objects, and HTTP authentication and security. Before beginning these labs, you might want to review Section 2.2 of the text.1

1. The Basic HTTP GET/response interaction

Let’s begin our exploration of HTTP by downloading a very simple HTML file - one that is very short, and contains no embedded objects. Do the following:

1. Start up your web browser.

2. Start up the Wireshark packet sniffer, as described in the Introductory lab (but don’t yet

begin packet capture). Enter “http” (just the letters, not the quotation marks) in the display-filter-specification window, so that only captured HTTP messages will be

displayed later in the packet-listing window. (We’re only interested in the HTTP

protocol here, and don’t want to see the clutter of all captured packets).

3. Wait a bit more than one minute (we’ll see why shortly), and then begin Wireshark

packet capture. 1 References to figures and sections are for the 6th edition of our text, Computer Networks, A Top-down Approach, 6th ed., J.F. Kurose and K.W. Ross, Addison-Wesley/Pearson, 2012.

4. Enter the following to your browser

Your browser should display the very simple, one-line HTML file.

5. Stop Wireshark packet capture.

Your Wireshark window should look similar to the window shown in Figure 1. If you are unable to run Wireshark on a live network connection, you can download a packet trace that was created when the steps above were followed.2

Figure 1: Wireshark Display after http://gaia.cs.umass.edu/wireshark-labs/

HTTP-wireshark-file1.html has been retrieved by your browser

The example in Figure 1 shows in the packet-listing window that two HTTP messages were captured: the GET message (from your browser to the gaia.cs.umass.edu web server) and the response message from the server to your browser. The packet-contents window shows details of the selected message (in this case the HTTP OK message, which is highlighted in the packet-listing window). Recall that since the HTTP message was carried inside a TCP segment, which was carried inside an IP datagram, which was carried within an Ethernet frame, Wireshark displays the Frame, Ethernet, IP, and TCP packet information as well. We want to minimize the 2 Download the zip file and extract the file http-ethereal-trace-1. The traces in this zip file were collected by Wireshark running on one of the author’s computers, while performing the steps indicated in the Wireshark lab. Once you have

downloaded the trace, you can load it into Wireshark and view the trace using the File pull down menu, choosing Open , and then selecting the http-ethereal-trace-1 trace file. The resulting display should look similar to Figure 1. (The Wireshark user interface displays just a bit differently on different

operating systems, and in different versions of Wireshark).

amount of non-HTTP data displayed (we’re interested in HTTP here, and will be investigating these other protocols is later labs), so make sure the boxes at the far left of the Frame, Ethernet, IP and TCP information have a plus sign or a right-pointing triangle (which means there is hidden, undisplayed information), and the HTTP line has a minus sign or a down-pointing triangle (which means that all information about the HTTP message is displayed).

(Note: You should ignore any HTTP GET and response for favicon.ico. If you see a reference to this file, it is your browser automatically asking the server if it (the server) has a small icon file that should be displayed next to the displayed URL in your browser. We’ll ignore references to this pesky file in this lab.).

By looking at the information in the HTTP GET and response messages, answer the following questions. When answering the following questions, you should print out the GET and response messages (see the introductory Wireshark lab for an explanation of how to do this) and indicate where in the message you’ve found the information that answers the following questions. When you hand in your assignment, annotate the output so that it’s clear where in the output you’re getting the information for your answer (e.g., for our classes, we ask that students markup paper copies with a pen, or annotate electronic copies with text in a colored font).

1. Is your browser running HTTP version 1.0 or 1.1? What version of HTTP is the server

running?

2. What languages (if any) does your browser indicate that it can accept to the server?

3. What is the IP address of your computer? Of the gaia.cs.umass.edu server?

4. What is the status code returned from the server to your browser?

5. When was the HTML file that you are retrieving last modified at the server?

6. How many bytes of content are being returned to your browser?

7. By inspecting the raw data in the packet content window, do you see any headers within

the data that are not displayed in the packet-listing window? If so, name one.

In your answer to question 5 above, you might have been surprised to find that the document you just retrieved was last modified within a minute before you downloaded the document. That’s because (for this particular file), the gaia.cs.umass.edu server is setting the file’s last-modified time to be the current time, and is doing so once per minute. Thus, if you wait a minute between accesses, the file will appear to have been recently modified, and hence your browser will download a “new” copy of the document.

2. The HTTP CONDITIONAL GET/response interaction

Recall from Section 2.2.6 of the text, that most web browsers perform object caching and thus perform a conditional GET when retrieving an HTTP object. Before performing the steps below, make sure your browser’s cache is empty. (To do this under Firefox, select Tools->Clear Recent History and check the Cache box, or for Internet Explorer, select Tools->Internet Options->Delete File; these actions will remove cached files from your browser’s cache.) Now do the following:

? Start up your web browser, and make sure your browser’s cache is cleared, as discussed

above.

? Start up the Wireshark packet sniffer

? Enter the following URL into your browser

Your browser should display a very simple five-line HTML file.

? Quickly enter the same URL into your browser again (or simply select the refresh button

on your browser)

? Stop Wireshark packet capture, and enter “http” in the display-filter-specification

window, so that only captured HTTP messages will be displayed later in the packet-listing window.

? (Note: If you are unable to run Wireshark on a live network connection, you can use

the http-ethereal-trace-2 packet trace to answer the questions below; see footnote 1. This trace file was gathered while performing the steps above on one of the author’s

computers.)

Answer the following questions:

8. Inspect the contents of the first HTTP GET request from your browser to the server. Do

you see an “IF-MODIFIED-SINCE” line in the HTTP GET?

9. Inspect the contents of the server response. Did the server explicitly return the contents

of the file? How can you tell?

10. Now inspect the contents of the second HTTP GET request from your browser to the

server . Do you see an “IF-MODIFIED-SINCE:” line in the HTTP GET? If so, what

information follows the “IF-MODIFIED-SINCE:” header?

11. What is the HTTP status code and phrase returned from the server in response to this

second HTTP GET? Did the server explicitly return the contents of the file? Explain.

3. Retrieving Long Documents

In our examples thus far, the documents retrieved have been simple and short HTML files. Let’s next see what happens when we download a long HTML file. Do the following:

? Start up your web browser, and make sure your browser’s cache is cleared, as discussed

above.

? Start up the Wireshark packet sniffer

? Enter the following URL into your browser

Your browser should display the rather lengthy US Bill of Rights.

? Stop Wireshark packet capture, and enter “http” in the display-filter-specification

window, so that only captured HTTP messages will be displayed.

? (Note: If you are unable to run Wireshark on a live network connection, you can use

the http-ethereal-trace-3 packet trace to answer the questions below; see footnote 1.