Вы находитесь на странице: 1из 30

M

0915 -

2008

IP. i i i
i ` i `
ii./ . . . , . . - ii: , 2006 - 36c. .
.

. . ,
. . ,

.. , .
,
. . ,

.. , . . ,

.........................................................................................................................................4
1. ...............4
............................................................................................................4
...............................................................................................................................10
..................................................................................................................10
.............................................................................................................10
..........................................................................................................11
, ...................................................11
......................................................................11
.....................................................................12
.................................................................................12
............................................................................................................13
....................................................................................................................13
.........................................................................14
...............................14
...............................................................................................................................15
..................................................................................................................16
.............................................................................................................16

3
tcpdump Ethereal................................................................17
..............................................................................................................................17
..........................................................................................................17
tcpdump..................................................................................................................17
ethereal................................................................................................18
...............................................................................................................................25
..................................................................................................................25
.............................................................................................................25

4.
TCP telnet..........................25
..........................................................................................................25
...............................................................................................................................26
..................................................................................................................27

5.
UDP DNS............................27
..........................................................................................................27
UDP......................................................................................................................27
DNS.......................................................................................................................................28
...............................................................................................................................28
..................................................................................................................29
.........................................................................................................29
:....................................................................................................30


IP
, .
TCP/IP ,

.

TCP/IP,
, , , Ethernet.
, ,

, , . ,

TCP/IP , DNS
DHCP.

1.

.

,
.
(, Ethternet, ),
(, ).

2 : ,
broadcast (, Ethernet) -, point-to-pint.
, ,
.
: IP v.4, IP v.6, IPX, AppleTalk ..
IP v.4 ( IP), .
Windows NetBIOS, ,

IP,
NetBIOS. UNIX
NetBIOS ( samba).
IP.
, .. c
.
. ,
IP .

POSIX-
ifconfig. ifconfig
.
Ethernet .
Linux.

[root@localhost]# ifconfig
ppp0 Link encap:Point-to-Point Protocol
inet addr:193.41.61.30 P-t-P:193.41.61.130 Mask:255.255.255.255
UP POINTOPOINT RUNNING NOARP MULTICAST MTU:1500 Metric:1
RX packets:3 errors:0 dropped:0 overruns:0 frame:0
TX packets:4 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:3
RX bytes:54 (54.0 b) TX bytes:76 (76.0 b)

eth0 Link encap:Ethernet HWaddr 00:04:76:9F:4D:8E


inet addr:192.168.0.16 Bcast:192.168.0.255 Mask:255.255.255.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:196365 errors:0 dropped:0 overruns:1 frame:0
TX packets:131396 errors:0 dropped:0 overruns:0 carrier:0
collisions:194 txqueuelen:1000
RX bytes:18393948 (17.5 Mb) TX bytes:12045495 (11.4 Mb)
Interrupt:11 Base address:0xc000

eth0:1 Link encap:Ethernet HWaddr 00:04:76:9F:4D:8E


inet addr:195.69.76.139 Bcast:195.69.76.159 Mask:255.255.255.224
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:196365 errors:0 dropped:0 overruns:1 frame:0
TX packets:131396 errors:0 dropped:0 overruns:0 carrier:0
collisions:194 txqueuelen:1000
RX bytes:18393948 (17.5 Mb) TX bytes:12045495 (11.4 Mb)
Interrupt:11 Base address:0xc000

lo Link encap:Local Loopback


inet addr:127.0.0.1 Mask:255.0.0.0
UP LOOPBACK RUNNING MTU:16436 Metric:1
RX packets:11044 errors:0 dropped:0 overruns:0 frame:0
TX packets:11044 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:1532839 (1.4 Mb) TX bytes:1532839 (1.4 Mb)

,,
,,IP.ppp0
PPP, eth0 Ethernet c MAC .
eth0:1 eth0 IP .
, eth0 eth0:1 MAC . lo
,
IP , .
, IP
. ppp0 ,
. , .. eth0 eth0:1
, .
lo , IP .
. UP ,
.
ifconfig down ifconfig up.
. RUNNING ,

,10
. NOARP ,
ARP, IP .
MULTICAST ,
, .. ,
multicast . MTU (Maximum Transfer Unit)
,
. IP
MTU. , -
MTU= 500 . IP 1500 3
500 . Metric ,
,
.
1. ,
., 1,
2. .
.RX
,TX.,
(packets),
(errors), ,
(dropped), ,
(overruns),
(frame),(carrier),
(collisions)
.
. , , ,
,.
FreeBSD ifconfig
, .
Ethernet. , Linux
Etherneteth0,eth1..,BSD
,...,NE2000
ed,RealTec81xxrl,..

rl0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500


inet 195.69.76.130 netmask 0xffffffe0 broadcast 195.69.76.159
inet 192.168.0.10 netmask 0xffffff00 broadcast 192.168.0.255
ether 00:20:ed:5b:6f:e2
media: Ethernet autoselect (100baseTX <full-duplex>)
status: active

Windows,ipconfig,
.

,
, DHCP (Dynamic Host
Configuration Protocol).
DHCP,MAC
.

Linux
RedHat , POSIX
.,shell
,
.,init,
/etc/inittab
(runlevel).shell
/etc/rc.d/rc c ,.
/etc/rc.d/rcX.d/,.3
,5
.
shell/etc/rc.d/init.d/.
S(Start)K(Kill),2
. .
, /etc/rc.d/rc ,
K stop, ,
S start. ,
/etc/
rc.d/init.d/.
.
network,
./etc/rc.d/init.d/network,
/etc/sysconfig/network,
/etc/sysconfig/networkscripts,
ifcfg*..
.
/sbin/ifup_
/sbin/ifdown_ .
,ifconfig
.
ethernet.


. ifconfig
.

ping.
ICMP echo request, echo reply
. ping
.
GPRS.

[root@localhost]# ping 193.41.60.55


PING 193.41.60.55 (193.41.60.55) 56(84) bytes of data.
64 bytes from 193.41.60.55: icmp_seq=0 ttl=62 time=689 ms
64 bytes from 193.41.60.55: icmp_seq=1 ttl=62 time=644 ms
64 bytes from 193.41.60.55: icmp_seq=2 ttl=62 time=603 ms
64 bytes from 193.41.60.55: icmp_seq=3 ttl=62 time=544 ms
64 bytes from 193.41.60.55: icmp_seq=4 ttl=62 time=622 ms
64 bytes from 193.41.60.55: icmp_seq=5 ttl=62 time=580 ms
64 bytes from 193.41.60.55: icmp_seq=6 ttl=62 time=675 ms
64 bytes from 193.41.60.55: icmp_seq=7 ttl=62 time=614 ms
64 bytes from 193.41.60.55: icmp_seq=8 ttl=62 time=573 ms
64 bytes from 193.41.60.55: icmp_seq=9 ttl=62 time=670 ms
64 bytes from 193.41.60.55: icmp_seq=10 ttl=62 time=628 ms
64 bytes from 193.41.60.55: icmp_seq=11 ttl=62 time=586 ms
^C
--- 193.41.60.55 ping statistics --13 packets transmitted, 12 received, 7% packet loss, time 12021ms
rtt min/avg/max/mdev = 544.915/619.739/689.007/42.723 ms, pipe 2

echo reply ,
,.
, ,
. ping ,
CtrlC.,
//
,.
, ..
ping . 5
.0.1%,
.
,
. .
/sbin/ifconfig a,
.
frame, carrier.
.
,
.

.
1. .
/sbin/ifconfig a.
.
2. .
ping _
.
3. ping
.
ping
.
.
4.
.
5. ifconfig.

.
.1-3
.

1.
?
2. ?
3. 100 /?
4. Ethernet?
5. 100baseT
100 ?
1 .
6. ifconfig
.
7. ifconfig
-.
8. RedHat Linu
.
9. ?
?

2.
.


. ,
,
,
.
, Ethernet
.

, .
,
. Ethernet,
, , ,

.
, , ,
, . ,
. ,
.

.
Ethernet 100 /
.

TCP.
100000000 / /8 = 12500000 /. -

,
. 5%, ..

12500000 / * 0.95 = 11875000 /. , 1500


( MTU), Ethernet, 16
Ethernet. , 1500 IP ,
, TCP , .. 20+20=40 , .. 56/1516*100%=3.7%.
, 11875000*0.963=11435625 /
, . 11.4 M/. , , ,
. , ,

.
, .

.
,
,
TCP,
. , ,
, ,
. (UDP, ICMP, )
,
. 10-7 , 10-6
. TCP/IP .
10-4, 10-3, 10-2.

.
network overhead.
:
. ,
. ,
telnet
,
1%. ,
. , NetBIOS
(broadcast)
.
broadcast , 30%
10 /. , ,
.
200 100 /
NetBIOS .
TCP/IP Windows.
, , Ethernet
(hub)
(collisions), .. ,

. , ,
50%
.
. ,

. , ,
,
.

.
,
(
), .
,
.
Ethernet, -,
. .

,
,

.

(, IP)
. ,
100 /, 64 /. ,
,
,
.
IP ICMP. ,

.
, , ,
. ,
,
,
. ,
10 / 600 1 /.
, ,
100%.
, 250
.

,
. , ,
, .

.
,
,
.
. ,
. TCP/IP
TCP
UDP. ,
.

ping (. ).
, , ..
.
, .
- TCP
FTP. ftpd,
ftp, , mc (Midnight
Commander). ,
1 .
,
tcpblast. .
ping.
-i, -s,
.
(flood), .. , .
. ,
ping -i 0.01 -s 125000 10/ 100%.
TTL ,
.
traceroute.

.
TCP/IP v.4, ,
(Quality of Service,
QoS). Ethernet QoS. ,
IP ,
- ( IP , TOS ..).

,
. ,
, .. ,
.

.
3- .
, ,
.

.
,

.
. Host-1, Host-2 ,
, Host-3 -,
.
1. .

Host-1

Host-2

:
sh>ping
Host-3
,

Ctrl-C.

sh>/sbin/ifconfig
eth0.
2. ftpd Host-3 :
sh>
/etc/rc.d/init.d/vsftpd
start
, , vsftp
sh>rpm
-qa
|grep
ftp
. /var/ftp/pub
(100). Host-1

mc

:
mc>cd
ftp://Host-3
pub .

sh>ping
Host-3
.
, mc.
100/ 10 /
. ping.
, ,

10
.

sh>/sbin/ifconfig
Host-1 Host-3

3.
4.

5.
6.
7.

eth0. ,
.
. 2 Host-1 Host-2.
. Host-3
, .
100%
. ping :
sh>ping
-i

-s

Host-3
Host-1 Host-2. :
sh>ping
Host-3
, Host-3 200%.
, ping.
.
. , 200%
, .
. 4 190%, 180%, ... 10% , ping c
. .

. .
ping,
.2 .

.
.1-.7
, .6 .

.
1. Ethernet 100BaseT?
2. Ethernet
100?
3. Ethernet
?
4. , ?
5. (>250ms) ?
6. ?
7.
FTP?
8. , 3 .
9. 16 100BaseT
1.2 /. .
10. , Ethernet 100BaseT
100
. ?

3
tcpdump
Ethereal.
:
. tcpdump
ethereal. XWindow
GNOME.

.
,

.

.
tcpdump.
tcpdump
POSIX . ,
, ,
(promiscous mode). .
:
root@kid>tcpdump -i ed1 -vvv -X -e host kid.stu and host ics-76-3.stu
tcpdump: listening on ed1
13:55:29.052244
0:50:ba:57:91:80
0:2:44:3b:b4:b7
ip
98:
ics-76-3.stu: icmp: echo request (ttl 64, id 45630, len 84)

kid.stu

>

0x0000 4500 0054 b23e 0000 4001 390b c0a8 0701 E..T.>..@.9.....
0x0010 c0a8 070e 0800 49d9 8acc 001b 3130 3f40 ......I.....10?@
0x0020 c7cb 0000 0809 0a0b 0c0d 0e0f 1011 1213 ................
0x0030 1415 1617 1819 1a1b 1c1d 1e1f 2021 2223 .............!"#
0x0040 2425 2627 2829 2a2b 2c2d 2e2f 3031 3233 $%&'()*+,-./0123
0x0050 3435 45
13:55:29.052625 0:2:44:3b:b4:b7 0:50:ba:57:91:80 ip
kid.stu: icmp: echo reply (ttl 128, id 1659, len 84)

98:

ics-76-3.stu

0x0000 4500 0054 067b 0000 8001 a4ce c0a8 070e E..T.{..........
0x0010 c0a8 0701 0000 51d9 8acc 001b 3130 3f40 ......Q.....10?@

>

0x0020 c7cb 0000 0809 0a0b 0c0d 0e0f 1011 1213 ................
0x0030 1415 1617 1819 1a1b 1c1d 1e1f 2021 2223 .............!"#
0x0040 2425 2627 2829 2a2b 2c2d 2e2f 3031 3233 $%&'()*+,-./0123
0x0050 3435

kid.stu ics-76-3.stu
ed1 kid.stu (-vvv)
(-X).
,
.
:
host - IP DNS
net - ,
net 192.168.7, net 192.168.7.0 mask 255.255.255.224

port ( TCP UDP)


proto . : ether, fddi, tr, ip, ip6, arp, rarp, decnet, lat, sca,
moprc, mopdl, iso, esis, isis, icmp, icmp6, tcp and udp. , tcpdump tcp port 80
dir , src dst . , tcpdump src host
kid.stu.
, Ethernet:
tcpdump ether dst 00:02:44:5b:ee:9b

IP :
tcpdump net src 192.168.7.0/27

tcpdunp
, man tcpdump.

ethereal.
ethereal (libpacap),
tcpdump, .
1.
Cpture Start.
, promiscuos mode.
, ,
.
, .
- .

Ethernet (hub), .
(switch), ,
, / .
,
, .
.
Capture Filters.

1 ethereal.

, ,
. ethereal libpcap,
, tcpdump, ethereal .
, man tcpdump.
2.
,
.
Filter String
host kid.stu.cn.ua and host cs.stu.cn.ua.
, ,
, .
3.
, .
.

3 .

, .
,
.
:
root@stalker>telnet
Trying
Connected
Escape character is '^]'.

kid.stu
to

80
192.168.0.12...
kid.stu.

get
<!DOCTYPE
HTML
PUBLIC
"-//IETF//DTD
HTML
2.0//EN">
<html><head>
<title>501
Method
Not
Implemented</title>
</head><body>
<h1>Method
Not
Implemented</h1>
<p>get
to
/index.html
not
supported.<br
/>
</p>
<hr
/>
<address>Apache/2.0.48 (Unix) PHP/5.0.0a4-alexdupre Server at kid.stu.cn.ua
Port
80</address>
</body></html>
Connection
closed
by
foreign
host.
root@stalker>

4 .

- .
, .


. ,

.
, ,
, . 4 .
Stop. ,
. ,
.
.
,
. ()
().

5 .

6 .

.
,
.
.
, TCP/IP
,
,
. ,

.

, , .
.

.
1. ethereal
. .
.
2. .
, .
3. ICMP. ,
ping .
4. , ping
, .
? .
5. tcpdump
, .
.

.

.

.
1. , Ethernet?
2. Ethernet?
3.
Ethernet?
4. ,
?
5. , ?
6. ?

4.
TCP
telnet.
.

TCP ,
.

..
(three way handshake).
, ,
SYN. - .
(Well Known Servie), web-
80, .
(>1023).
SYN,ACK.
, ,
.
, , ,
ACK.
.
FIN.
TELNET ,
.
, ,

.

.
1. telnet ( host2).
/etc/xinetd.d telnet "disabled = yes" "disabled =
no" xinetd :
/etc/rc.d/init.d/xinetd restart.

2. :
telnet host2. host2.

3. ( -host1) ethereal
, host 1 host2 tcp,
"".
.

4. telnet host2. ,
. logout.

5. tcpdump.
tcpdump
.

6. telnet, ethereal
, :
TCP ;
, ;

7. host2.

.
telnt tcpdump. ,

. , ,
TCP telnet.

5.
UDP
DNS.
.
UDP

UDP
.

port
checksum.
"" .
TCP ,
. UDP
6 , TCP -
. , ,
.

DNS
DNS TCP/IP,
IP .
, ,
libc, (resolver).
/etc/resolv.conf,
.
order bind,hosts
serach stu stu.cn.ua
nameserver

192.168.0.10

nameserv er 192.168.0.14


. ,
, .
, ".
" , .
.

. .

.
1. ethereal c ,
DNS ( -dns_host) www ( - www_host).
2.
ping www_host
ping dns_host

3. .
4. web www_host.
5. libpcap.
6. tcpdump
:
tcpdump -vvv -X -r _ >_
-
DNS.
7. , ,
.
9. .
10.
host www.yahoo.com
host 193.193.193.100

.
11. DNS.

.

. ,
.

.
1. DNS UDP?
2.
?

UDP

3. , ?
5. ?

6. -?
7. ?

:
1.UNIX. . / . . .
.: BHV, 2002 .
2.. . . / . . . .: BHV,
2002 .
3... , .. . . ,
, . ., , 2001-672.:, 5-8046-0133-4
4.http://www.rfc-editor.org RFC center