lab2
.pdfDestination: CameoCom_8c:3e:15 (00:18:e7:8c:3e:15) Address: CameoCom_8c:3e:15 (00:18:e7:8c:3e:15)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Source: HonHaiPr_36:8a:c6 (38:59:f9:36:8a:c6)
Address: HonHaiPr_36:8a:c6 (38:59:f9:36:8a:c6)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Type: IP (0x0800)
Internet Protocol Version 4, Src: 192.168.0.100 (192.168.0.100), Dst: 94.100.184.77 (94.100.184.77) Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00: Not-ECT (Not ECN-Capable Tran 0000 00.. = Differentiated Services Codepoint: Default (0x00)
.... ..00 = Explicit Congestion Notification: Not-ECT (Not ECN-Capable Transport) (0x00) Total Length: 64
Identification: 0xdfcf (57295) Flags: 0x02 (Don’t Fragment)
0... |
.... = Reserved bit: Not set |
.1.. |
.... = Don’t fragment: Set |
..0. |
.... = More fragments: Not set |
Fragment |
offset: 0 |
Time to live: 64 Protocol: TCP (6)
Header checksum: 0x832a [correct] [Good: True]
[Bad: False]
Source: 192.168.0.100 (192.168.0.100) Destination: 94.100.184.77 (94.100.184.77)
Transmission Control Protocol, Src Port: 40559 (40559), Dst Port: pop3 (110), Seq: 13, Ack: 175, Len:
Source port: 40559 (40559) |
|
|
Destination port: pop3 |
(110) |
|
[Stream index: 28] |
|
|
Sequence number: 13 |
(relative sequence number) |
|
[Next sequence number: |
25 |
(relative sequence number)] |
Acknowledgement number: 175 |
(relative ack number) |
|
Header length: 32 bytes |
|
|
Flags: 0x18 (PSH, ACK)
000. .... .... = Reserved: Not set
...0 .... .... = Nonce: Not set
.... 0... .... = Congestion Window Reduced (CWR): Not set
.... .0.. .... = ECN-Echo: Not set
.... ..0. .... = Urgent: Not set
.... ...1 .... = Acknowledgement: Set
.... .... 1... = Push: Set
.... .... .0.. = Reset: Not set
.... .... ..0. = Syn: Not set
.... .... ...0 = Fin: Not set Window size value: 15544 [Calculated window size: 15544]
[Window size scaling factor: -2 (no window scaling used)] Checksum: 0x68be [validation disabled]
[Good Checksum: False]
[Bad Checksum: False] Options: (12 bytes)
No-Operation (NOP)
10
No-Operation (NOP)
Timestamps: TSval 37246366, TSecr 1616552 Kind: Timestamp (8)
Length: 10
Timestamp value: 37246366 Timestamp echo reply: 1616552
[SEQ/ACK analysis]
[This is an ACK to the segment in frame: 1377]
[The RTT to ACK the segment was: 0.007363000 seconds] [Bytes in flight: 12]
Post Office Protocol
AUTH PLAIN\r\n
Request command: AUTH Request parameter: PLAIN
Из декодированного вида можно выяснить, что в этом пакете выполняется команда AUTH PLAIN, которая предваряет собой аутентификацию открытым текстом.
3.6SMTP
SMTP (Simple Mail Transfer Protocol простой протокол передачи почты) это сетевой протокол, предназначенный для передачи электронной почты в сетях TCP/IP.
3.6.1Оригинальный вид
0000 |
38 |
59 |
f9 |
36 |
8a |
c6 |
00 |
18 |
e7 |
8c |
3e |
15 |
08 |
00 |
45 00 |
8Y.6 |
......>...E. |
0010 |
00 |
54 |
30 |
bd 40 |
00 |
39 |
06 |
40 |
75 |
5e |
64 |
b1 |
01 |
c0 a8 |
.T0.@.9.@u^d.... |
||
0020 |
00 |
64 |
00 |
19 |
9a |
7c |
23 |
2e |
66 |
8f |
74 |
b8 |
c7 |
65 |
80 18 |
.d... |
|#.f.t..e.. |
0030 |
16 |
a0 |
a8 |
4a |
00 |
00 |
01 |
01 |
08 |
0a |
f8 |
ac 56 |
32 |
02 38 |
...J........ |
V2.8 |
|
0040 |
8c |
92 |
32 |
32 |
30 |
20 |
73 |
6d |
74 |
70 |
31 |
39 |
2e |
6d |
61 69 |
..220 smtp19.mai |
|
0050 |
6c |
2e |
72 |
75 |
20 |
45 |
53 |
4d |
54 |
50 |
20 |
72 |
65 |
61 |
64 79 |
l.ru ESMTP ready |
|
0060 |
0d |
0a |
|
|
|
|
|
|
|
|
|
|
|
|
|
.. |
|
3.6.2Декодированный вид
Frame 5410: 98 bytes on wire (784 bits), 98 bytes captured (784 bits) Arrival Time: Feb 22, 2012 16:44:22.015539000 MSK
Epoch Time: 1329914662.015539000 seconds
[Time delta from previous captured frame: 0.017565000 seconds] [Time delta from previous displayed frame: 0.000000000 seconds] [Time since reference or first frame: 91.754391000 seconds] Frame Number: 5410
Frame Length: 98 bytes (784 bits) Capture Length: 98 bytes (784 bits) [Frame is marked: False]
[Frame is ignored: False]
[Protocols in frame: eth:ip:tcp:smtp] [Coloring Rule Name: TCP]
[Coloring Rule String: tcp]
Ethernet II, Src: CameoCom_8c:3e:15 (00:18:e7:8c:3e:15), Dst: HonHaiPr_36:8a:c6 (38:59:f9:36:8a:c6) Destination: HonHaiPr_36:8a:c6 (38:59:f9:36:8a:c6)
Address: HonHaiPr_36:8a:c6 (38:59:f9:36:8a:c6)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Source: CameoCom_8c:3e:15 (00:18:e7:8c:3e:15)
Address: CameoCom_8c:3e:15 (00:18:e7:8c:3e:15)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
11
Type: IP (0x0800)
Internet Protocol Version 4, Src: 94.100.177.1 (94.100.177.1), Dst: 192.168.0.100 (192.168.0.100) Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00: Not-ECT (Not ECN-Capable Tran 0000 00.. = Differentiated Services Codepoint: Default (0x00)
.... ..00 = Explicit Congestion Notification: Not-ECT (Not ECN-Capable Transport) (0x00) Total Length: 84
Identification: 0x30bd (12477)
Flags: 0x02 (Don’t Fragment)
0... .... = Reserved bit: Not set
.1.. .... = Don’t fragment: Set
..0. .... = More fragments: Not set Fragment offset: 0
Time to live: 57 Protocol: TCP (6)
Header checksum: 0x4075 [correct] [Good: True]
[Bad: False]
Source: 94.100.177.1 (94.100.177.1) Destination: 192.168.0.100 (192.168.0.100)
Transmission Control Protocol, Src Port: smtp (25), Dst Port: 39548 (39548), Seq: 1, Ack: 1, Len: 32 Source port: smtp (25)
Destination port: 39548 (39548) [Stream index: 32]
Sequence number: 1 |
(relative sequence number) |
|
[Next sequence number: 33 |
(relative sequence number)] |
|
Acknowledgement number: 1 |
(relative ack number) |
|
Header length: 32 bytes |
|
|
Flags: 0x18 (PSH, ACK)
000. .... .... = Reserved: Not set
...0 .... .... = Nonce: Not set
.... 0... .... = Congestion Window Reduced (CWR): Not set
.... .0.. .... = ECN-Echo: Not set
.... ..0. .... = Urgent: Not set
.... ...1 .... = Acknowledgement: Set
.... .... 1... = Push: Set
.... .... .0.. = Reset: Not set
.... .... ..0. = Syn: Not set
.... .... ...0 = Fin: Not set Window size value: 5792 [Calculated window size: 5792]
[Window size scaling factor: -2 (no window scaling used)] Checksum: 0xa84a [validation disabled]
[Good Checksum: False]
[Bad Checksum: False] Options: (12 bytes)
No-Operation (NOP)
No-Operation (NOP)
Timestamps: TSval 4172043826, TSecr 37260434 Kind: Timestamp (8)
Length: 10
Timestamp value: 4172043826 Timestamp echo reply: 37260434
[SEQ/ACK analysis] [Bytes in flight: 32]
12
Simple Mail Transfer Protocol
Response: 220 smtp19.mail.ru ESMTP ready\r\n
Response code: <domain> Service ready (220)
Response parameter: smtp19.mail.ru ESMTP ready
По декодированному виду пакета можно определить, что:
Код ответа 220 означает готовность ввода последующих после подключения команд
хост ESMTP сервера - smtp19.mail.ru и он готов для отправки писем
4Вывод
Вданной лабораторной работе был произведен перехват пакетов при помощи сетевого анализатора Wireshark и произведен разбор описания их содержимого
13