Wireshark數據包分析之IP協議包解讀

*此篇博客僅作爲個人筆記和學習參考

IP協議包首部格式

IP數據包概況

Internet Protocol Version 4, Src: 192.168.1.104 (192.168.1.104), Dst: 119.75.217.109 (119.75.217.109)
#IPv4,源IP地址:192.168.1.104,目標IP地址:119.75.217.109#
Version: 4 #IP協議版本:4#
Header Length: 20 bytes #頭部長度:20字節#
Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT) #服務類型:0x00#
Total Length: 60 #總長度:60字節#
Identification: 0x6ae0 (27360) #標識符:0x6ae0#
Flags: 0x00 #標誌:0x00#
Reserved bit: Not set #是否保留[0爲是,1爲否]#
Don't fragment: Not set #是否分片[0爲是,1爲否]#
More fragments: Not set #是否最後一個[0爲是,1爲否]#
Fragment offset: 0 #分段偏移:0#
Time to live: 64 #存活時間:64跳#
Protocol: ICMP (1) #協議類型:ICMP#
Header checksum: 0xfd17 [validation disabled] #首部校驗和:0xfd17#
Source: 192.168.1.104 (192.168.1.104) #源IP地址#
Destination: 119.75.217.109 (119.75.217.109) #目標IP地址#
[Source GeoIP: Unknown] #源IP地理位置#
[Destination GeoIP: Beijing Baidu Netcom Science and Technology Co.] #目標IP地理位置#
[Destination GeoIP ISP: Beijing Baidu Netcom Science and Technology Co.] #目標IP運營商地理位置#

分片的最後一個數據包

[7 IPv4 Fragments (10008 bytes): #1(1480), #3(1480), #2(1480), #4(1480), #5(1480), #6(1480), #7(1128)]
[Frame: 1, payload: 0-1479 (1480 bytes)]
[Frame: 3, payload: 1480-2959 (1480 bytes)]
[Frame: 2, payload: 2960-4439 (1480 bytes)]
[Frame: 4, payload: 4440-5919 (1480 bytes)]
[Frame: 5, payload: 5920-7399 (1480 bytes)]
[Frame: 6, payload: 7400-8879 (1480 bytes)]
[Frame: 7, payload: 8880-10007 (1128 bytes)]
[Fragment count: 7]
[Reassembled IPv4 length: 10008]
[Reassembled IPv4 data: 08006d35000100366162636465666768696a6b6c6d6e6f70...]
Ethernet II, Src: Tp-LinkT_80:37:36 (ec:26:ca:80:37:36), Dst: 58:00:e3:47:ad:e1 (58:00:e3:47:ad:e1)