Add to collection(s) Add to saved
  1. Engineering & Technology
  2. Computer Science
  3. Computer Networks

实验1 项伟亮2012329620049 计科(2)班

advertisement 
实验 1 ARP 协议封包抓取并分析
2012329620049 项伟亮 计算机科学与技术(2)班
实验目的:
加深理解并分析 ARP 协议。
实验内容:
1. 了解 wireshark 的安装与使用。
2. 了解 arp 命令的使用。
3. 抓取 ARP 报并进行分析。
4. 了解 ARP 攻击的原理。
实验结果
2. 了解 arp 命令的使用。
C:\Documents and Settings\Administrator>ipconfig
Windows IP Configuration
Ethernet adapter 本地连接:
Connection-specific DNS Suffix . :
IP Address. . . . . . . . . . . . : 192.168.0.29
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.0.1
C:\Documents and Settings\Administrator>arp
Displays and modifies the IP-to-Physical address translation tables used by
address resolution protocol (ARP).
ARP -s inet_addr eth_addr [if_addr]
ARP -d inet_addr [if_addr]
ARP -a [inet_addr] [-N if_addr]
-a
-g
inet_addr
-N if_addr
-d
-s
eth_addr
if_addr
Displays current ARP entries by interrogating the current
protocol data. If inet_addr is specified, the IP and Physical
addresses for only the specified computer are displayed. If
more than one network interface uses ARP, entries for each ARP
table are displayed.
Same as -a.
Specifies an internet address.
Displays the ARP entries for the network interface specified
by if_addr.
Deletes the host specified by inet_addr. inet_addr may be
wildcarded with * to delete all hosts.
Adds the host and associates the Internet address inet_addr
with the Physical address eth_addr. The Physical address is
given as 6 hexadecimal bytes separated by hyphens. The entry
is permanent.
Specifies a physical address.
If present, this specifies the Internet address of the
interface whose address translation table should be modified.
If not present, the first applicable interface will be used.
Example:
> arp -s 157.55.85.212
> arp -a
00-aa-00-62-c6-09 .... Adds a static entry.
.... Displays the arp table.
C:\Documents and Settings\Administrator>arp -a
Interface: 192.168.0.29 --- 0x2
Internet Address
Physical Address
192.168.0.1
80-89-17-76-55-2a
192.168.0.28
00-18-6b-1f-b8-0f
192.168.0.233
e0-db-55-03-a9-b5
192.168.0.234
e0-db-55-03-a9-b4
193.168.0.29
00-18-8b-1f-b6-0f
Type
dynamic
static
dynamic
dynamic
static
C:\Documents and Settings\Administrator>ping 192.168.0.28
Pinging 192.168.0.28 with 32 bytes of data:
Request timed out.
Request timed out.
Request timed out.
Request timed out.
Ping statistics for 192.168.0.28:
Packets: Sent = 4, Received = 0, Lost = 4 (100% loss),
C:\Documents and Settings\Administrator>
C:\Documents and Settings\Administrator>
C:\Documents and Settings\Administrator>ping 192.168.0.1
Pinging 192.168.0.1 with 32 bytes of data:
Reply from 192.168.0.1: bytes=32 time<1ms TTL=64
Reply from 192.168.0.1: bytes=32 time<1ms TTL=64
Reply from 192.168.0.1: bytes=32 time<1ms TTL=64
Reply from 192.168.0.1: bytes=32 time<1ms TTL=64
Ping statistics for 192.168.0.1:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 0ms, Average = 0ms
C:\Documents and Settings\Administrator>arp -s 192.168.0.29 00-18-f5-g2-2d-0f
ARP: bad argument: 00-18-f5-g2-2d-0f
C:\Documents and Settings\Administrator>arp -a
Interface: 192.168.0.29 --- 0x2
Internet Address
Physical Address
192.168.0.1
80-89-17-76-55-2a
192.168.0.28
00-18-6b-1f-b8-0f
192.168.0.50
00-1a-a0-9c-9d-47
192.168.0.233
e0-db-55-03-a9-b5
192.168.0.234
e0-db-55-03-a9-b4
193.168.0.29
00-18-8b-1f-b6-0f
Type
dynamic
static
dynamic
dynamic
dynamic
static
C:\Documents and Settings\Administrator>arp -d 192.168.0.28
C:\Documents and Settings\Administrator>arp -a
Interface: 192.168.0.29 --- 0x2
Internet Address
Physical Address
192.168.0.1
80-89-17-76-55-2a
192.168.0.50
00-1a-a0-9c-9d-47
192.168.0.233
e0-db-55-03-a9-b5
192.168.0.234
e0-db-55-03-a9-b4
193.168.0.29
00-18-8b-1f-b6-0f
Type
dynamic
dynamic
dynamic
dynamic
static
C:\Documents and Settings\Administrator>ping 192.168.0.28
Pinging 192.168.0.28 with 32 bytes of data:
Reply from 192.168.0.28: bytes=32 time<1ms TTL=128
Reply from 192.168.0.28: bytes=32 time<1ms TTL=128
Reply from 192.168.0.28: bytes=32 time<1ms TTL=128
Reply from 192.168.0.28: bytes=32 time<1ms TTL=128
Ping statistics for 192.168.0.28:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 0ms, Average = 0ms
3.抓取 arp 包进行解析
其他主机 ping 通本机,本机作出的应答的 arp 解析
101560 5320.703607000 DellEsgP_1f:b6:3c Dell_03:a9:b4 ARP 42 192.168.0.29
00:18:8b:1f:b6:3c
is
at
本机 ping 192.168.0.28,arp 上的显示
107087
5605.077171000 DellEsgP_1f:b6:3c Dell_9c:9d:47 ARP 42 192.168.0.29 is at
00:18:8b:1f:b6:3c
4.了解 arp 的攻击方式
在本机上修改对方电脑的 MAC 地址,则在 ping 通该电脑时,连接的是已经修改的 MAC
地址上。
5 实验心得
不知道修改自己主机的 MAC 地址还是修改对方的 MAC 有点麻烦
Related documents
PresentationTopicARPattack
PresentationTopicARPattack
Lab work 6 - Home - Computer Networks Course
Lab work 6 - Home - Computer Networks Course
Project-2 Overview
Project-2 Overview
File
File
UC Retirement Planning
UC Retirement Planning
To show the relationship between linear speed and angular velocity:
To show the relationship between linear speed and angular velocity:
ARP Basics Addressing Local Packets
ARP Basics Addressing Local Packets
The long roots of the present crisis
The long roots of the present crisis
LAB 7-10
LAB 7-10
Download
advertisement