實驗四 網路協定觀察與分析 instructor: teaching assistant: 1998/12/7 high speed network...
Post on 20-Dec-2015
235 views
TRANSCRIPT
![Page 1: 實驗四 網路協定觀察與分析 Instructor: Teaching Assistant: 1998/12/7 High Speed Network lab. Department of Computer Information Science, NCTU](https://reader036.vdocuments.site/reader036/viewer/2022081503/56649d445503460f94a20823/html5/thumbnails/1.jpg)
實驗四
網路協定觀察與分析Instructor:
Teaching Assistant:
1998/12/7
High Speed Network lab.
Department of Computer Information Science, NCTU
![Page 2: 實驗四 網路協定觀察與分析 Instructor: Teaching Assistant: 1998/12/7 High Speed Network lab. Department of Computer Information Science, NCTU](https://reader036.vdocuments.site/reader036/viewer/2022081503/56649d445503460f94a20823/html5/thumbnails/2.jpg)
Outline
• Sniffer Introduction
• NetXRay Operation Guide
• HTTP Protocol Overview
• Protocol Analysis Example (HTTP)
• Experiment Requirements
![Page 3: 實驗四 網路協定觀察與分析 Instructor: Teaching Assistant: 1998/12/7 High Speed Network lab. Department of Computer Information Science, NCTU](https://reader036.vdocuments.site/reader036/viewer/2022081503/56649d445503460f94a20823/html5/thumbnails/3.jpg)
SnifferOperationGuide
E x p ert M o d e F o cu s M o d e C lass ic M o d e
P ro to co l In terp reters
C a p tu r eF ilte r
C la ss ic & E x p e r tD isp la yF ilte r s
T rig g e rD e te c to r
C la ssic C a p tu re v iew s
D isp la y V iew sE x p ert O v erv iew
T ra fficG e n e ra to r
F 3
F 3
F 1 0
A d a p ter C a rd
C a p tu re B u ffer
O b jectD a ta b a se
D isk F ileP rin ter
D isca rd
D isca rd
C a p tu reF ro m< F ile>O p tio n
N etw o rk s
![Page 4: 實驗四 網路協定觀察與分析 Instructor: Teaching Assistant: 1998/12/7 High Speed Network lab. Department of Computer Information Science, NCTU](https://reader036.vdocuments.site/reader036/viewer/2022081503/56649d445503460f94a20823/html5/thumbnails/4.jpg)
NetXRay Operation Guide
![Page 5: 實驗四 網路協定觀察與分析 Instructor: Teaching Assistant: 1998/12/7 High Speed Network lab. Department of Computer Information Science, NCTU](https://reader036.vdocuments.site/reader036/viewer/2022081503/56649d445503460f94a20823/html5/thumbnails/5.jpg)
設定封包位址
![Page 6: 實驗四 網路協定觀察與分析 Instructor: Teaching Assistant: 1998/12/7 High Speed Network lab. Department of Computer Information Science, NCTU](https://reader036.vdocuments.site/reader036/viewer/2022081503/56649d445503460f94a20823/html5/thumbnails/6.jpg)
設定封包樣版
![Page 7: 實驗四 網路協定觀察與分析 Instructor: Teaching Assistant: 1998/12/7 High Speed Network lab. Department of Computer Information Science, NCTU](https://reader036.vdocuments.site/reader036/viewer/2022081503/56649d445503460f94a20823/html5/thumbnails/7.jpg)
設定封包採用的協定
![Page 8: 實驗四 網路協定觀察與分析 Instructor: Teaching Assistant: 1998/12/7 High Speed Network lab. Department of Computer Information Science, NCTU](https://reader036.vdocuments.site/reader036/viewer/2022081503/56649d445503460f94a20823/html5/thumbnails/8.jpg)
單一封包資料圖
![Page 9: 實驗四 網路協定觀察與分析 Instructor: Teaching Assistant: 1998/12/7 High Speed Network lab. Department of Computer Information Science, NCTU](https://reader036.vdocuments.site/reader036/viewer/2022081503/56649d445503460f94a20823/html5/thumbnails/9.jpg)
封包流向圖
![Page 10: 實驗四 網路協定觀察與分析 Instructor: Teaching Assistant: 1998/12/7 High Speed Network lab. Department of Computer Information Science, NCTU](https://reader036.vdocuments.site/reader036/viewer/2022081503/56649d445503460f94a20823/html5/thumbnails/10.jpg)
協定分佈圖
![Page 11: 實驗四 網路協定觀察與分析 Instructor: Teaching Assistant: 1998/12/7 High Speed Network lab. Department of Computer Information Science, NCTU](https://reader036.vdocuments.site/reader036/viewer/2022081503/56649d445503460f94a20823/html5/thumbnails/11.jpg)
封包大小分佈圖
![Page 12: 實驗四 網路協定觀察與分析 Instructor: Teaching Assistant: 1998/12/7 High Speed Network lab. Department of Computer Information Science, NCTU](https://reader036.vdocuments.site/reader036/viewer/2022081503/56649d445503460f94a20823/html5/thumbnails/12.jpg)
主機流量統計表
![Page 13: 實驗四 網路協定觀察與分析 Instructor: Teaching Assistant: 1998/12/7 High Speed Network lab. Department of Computer Information Science, NCTU](https://reader036.vdocuments.site/reader036/viewer/2022081503/56649d445503460f94a20823/html5/thumbnails/13.jpg)
HTTP Overview
• Application-level, distributed, collaborative, hypermedia information system.
• HTTP/0.9 (1990) : raw data transfer• HTTP/1.0 (RFC1945) : MIME-like message• HTTP/1.1 (RFC2068) : persistent connection, caching,
hierarchical proxies, new methods….• HTTP-NG• HDTP• Push (WebCasting), ICP(Internet Cache Protocol),….
![Page 14: 實驗四 網路協定觀察與分析 Instructor: Teaching Assistant: 1998/12/7 High Speed Network lab. Department of Computer Information Science, NCTU](https://reader036.vdocuments.site/reader036/viewer/2022081503/56649d445503460f94a20823/html5/thumbnails/14.jpg)
HTTP Overview (cont’)
client A
Webserver
Proxy
client B
![Page 15: 實驗四 網路協定觀察與分析 Instructor: Teaching Assistant: 1998/12/7 High Speed Network lab. Department of Computer Information Science, NCTU](https://reader036.vdocuments.site/reader036/viewer/2022081503/56649d445503460f94a20823/html5/thumbnails/15.jpg)
Multipurpose Internet Mail Extension -- MIME
• Non-textual data --> RFC 822 (7 bit)
MIME-type 1. Textual message bodies other than US-ASCII 2. Textual header information other than US-ASCII 3. Non-textual message part 4. Multi-part message bodies
![Page 16: 實驗四 網路協定觀察與分析 Instructor: Teaching Assistant: 1998/12/7 High Speed Network lab. Department of Computer Information Science, NCTU](https://reader036.vdocuments.site/reader036/viewer/2022081503/56649d445503460f94a20823/html5/thumbnails/16.jpg)
Protocol Parameters
• HTTP version
• URI (Uniform Resource Identifiers)
• Date/Time
• Character sets
• Content coding
• Transfer coding
• Media types
![Page 17: 實驗四 網路協定觀察與分析 Instructor: Teaching Assistant: 1998/12/7 High Speed Network lab. Department of Computer Information Science, NCTU](https://reader036.vdocuments.site/reader036/viewer/2022081503/56649d445503460f94a20823/html5/thumbnails/17.jpg)
Persistent Connections
• Separate TCP connection (HTTP/1.0) : increasing HTTP server load and traffic load
• Default behavior of HTTP/1.1
• Either client or server close connection by : Connection : close
• Pipelined requests/responses within a connection
![Page 18: 實驗四 網路協定觀察與分析 Instructor: Teaching Assistant: 1998/12/7 High Speed Network lab. Department of Computer Information Science, NCTU](https://reader036.vdocuments.site/reader036/viewer/2022081503/56649d445503460f94a20823/html5/thumbnails/18.jpg)
HTTP messages Generic message format = request-line | response-line *message-header CRLF [message body]
• request-line = Method SP Request-URI SP HTTP-Version CRLF• response-line = HTTP-Version SP Status-Code SP Reason-Phrase CRLF
![Page 19: 實驗四 網路協定觀察與分析 Instructor: Teaching Assistant: 1998/12/7 High Speed Network lab. Department of Computer Information Science, NCTU](https://reader036.vdocuments.site/reader036/viewer/2022081503/56649d445503460f94a20823/html5/thumbnails/19.jpg)
HTTP messages -- Methods• OPTION : request for information about the
communication options available on the request/response chain
• GET : retrieve information
• HEAD : retrieve information (test hypertext links for validity, accessibility, and recent modification)
• POST : subordinate to a directory, newsgroup, database...
• PUT : store entity
• DELETE : delete entity
• TRACE : see what is being received at the other end of the request chain
![Page 20: 實驗四 網路協定觀察與分析 Instructor: Teaching Assistant: 1998/12/7 High Speed Network lab. Department of Computer Information Science, NCTU](https://reader036.vdocuments.site/reader036/viewer/2022081503/56649d445503460f94a20823/html5/thumbnails/20.jpg)
HTTP messages -- Status Codes
• 1XX : Informational
• 2XX : Success
• 3XX : Redirection (further actions needed)
• 4XX : Client error
• 5XX : Server error Examples. 100 : Continue201 : Created302 : Multiple choices403 : Forbidden504 : Gateway time-out
![Page 21: 實驗四 網路協定觀察與分析 Instructor: Teaching Assistant: 1998/12/7 High Speed Network lab. Department of Computer Information Science, NCTU](https://reader036.vdocuments.site/reader036/viewer/2022081503/56649d445503460f94a20823/html5/thumbnails/21.jpg)
Access Authentication
• Basic authentication scheme– WWW-authenticate header, Authorization
header– base64 coding of user-pass
• Digest authentication scheme (RFC2069)
![Page 22: 實驗四 網路協定觀察與分析 Instructor: Teaching Assistant: 1998/12/7 High Speed Network lab. Department of Computer Information Science, NCTU](https://reader036.vdocuments.site/reader036/viewer/2022081503/56649d445503460f94a20823/html5/thumbnails/22.jpg)
Security Considerations
• Authentication of clients
• Offering a choice of authentication schemes
• Abuse of server log information
• Attacks based on file & path names (“..”)
• Personal information
• DNS spoofing
• Transfer of sensitive information (Server, Via, Referer, From header)
![Page 23: 實驗四 網路協定觀察與分析 Instructor: Teaching Assistant: 1998/12/7 High Speed Network lab. Department of Computer Information Science, NCTU](https://reader036.vdocuments.site/reader036/viewer/2022081503/56649d445503460f94a20823/html5/thumbnails/23.jpg)
Caching• Reduces the number of network round-trips and
bandwidth requirement• Semantic transparency • Expiration model
– age, expiration(lifetime) calculation• Validation model
– cache validator (Last-Modified header)• Response cachability : 200, 203, 206, 300, 301, 410• Cache control mechanism
![Page 24: 實驗四 網路協定觀察與分析 Instructor: Teaching Assistant: 1998/12/7 High Speed Network lab. Department of Computer Information Science, NCTU](https://reader036.vdocuments.site/reader036/viewer/2022081503/56649d445503460f94a20823/html5/thumbnails/24.jpg)
Caching
• Cache control– Cache control header 1. What is cachable 2. Expiration mechanism modify 3. Cache revalidation & reload control 4. Entity transform
![Page 25: 實驗四 網路協定觀察與分析 Instructor: Teaching Assistant: 1998/12/7 High Speed Network lab. Department of Computer Information Science, NCTU](https://reader036.vdocuments.site/reader036/viewer/2022081503/56649d445503460f94a20823/html5/thumbnails/25.jpg)
Related RFC list
• RFC822 : Standard for the Format of ARPA Internet Text Message
• RFC1630 : Universal Resource Identifier in WWW
• RFC1700 : Assigned Numbers
• RFC1738 : Universal Resource Locators
• RFC1808 : Relative Uniform Resource Locators
• RFC1945 : Hypertext Transfer Protocol -- HTTP/1.0
• RFC2045 : MIME part one
• RFC2047 : MIME part three
• RFC2069 : Digest Access Authentication
![Page 26: 實驗四 網路協定觀察與分析 Instructor: Teaching Assistant: 1998/12/7 High Speed Network lab. Department of Computer Information Science, NCTU](https://reader036.vdocuments.site/reader036/viewer/2022081503/56649d445503460f94a20823/html5/thumbnails/26.jpg)
HTTP ProtocolExample
設定擷取封包位址
設定擷取封包協定
![Page 27: 實驗四 網路協定觀察與分析 Instructor: Teaching Assistant: 1998/12/7 High Speed Network lab. Department of Computer Information Science, NCTU](https://reader036.vdocuments.site/reader036/viewer/2022081503/56649d445503460f94a20823/html5/thumbnails/27.jpg)
HTTP Protocol Example (cont’)
交通大學首頁 校園公告
![Page 28: 實驗四 網路協定觀察與分析 Instructor: Teaching Assistant: 1998/12/7 High Speed Network lab. Department of Computer Information Science, NCTU](https://reader036.vdocuments.site/reader036/viewer/2022081503/56649d445503460f94a20823/html5/thumbnails/28.jpg)
存取校園公告所產生的 HTTP協定封包
![Page 29: 實驗四 網路協定觀察與分析 Instructor: Teaching Assistant: 1998/12/7 High Speed Network lab. Department of Computer Information Science, NCTU](https://reader036.vdocuments.site/reader036/viewer/2022081503/56649d445503460f94a20823/html5/thumbnails/29.jpg)
第一個 HTTP封包內容
![Page 30: 實驗四 網路協定觀察與分析 Instructor: Teaching Assistant: 1998/12/7 High Speed Network lab. Department of Computer Information Science, NCTU](https://reader036.vdocuments.site/reader036/viewer/2022081503/56649d445503460f94a20823/html5/thumbnails/30.jpg)
第二個 HTTP封包內容
![Page 31: 實驗四 網路協定觀察與分析 Instructor: Teaching Assistant: 1998/12/7 High Speed Network lab. Department of Computer Information Science, NCTU](https://reader036.vdocuments.site/reader036/viewer/2022081503/56649d445503460f94a20823/html5/thumbnails/31.jpg)
第三個 HTTP封包內容
![Page 32: 實驗四 網路協定觀察與分析 Instructor: Teaching Assistant: 1998/12/7 High Speed Network lab. Department of Computer Information Science, NCTU](https://reader036.vdocuments.site/reader036/viewer/2022081503/56649d445503460f94a20823/html5/thumbnails/32.jpg)
第四個 HTTP封包內容
![Page 33: 實驗四 網路協定觀察與分析 Instructor: Teaching Assistant: 1998/12/7 High Speed Network lab. Department of Computer Information Science, NCTU](https://reader036.vdocuments.site/reader036/viewer/2022081503/56649d445503460f94a20823/html5/thumbnails/33.jpg)
第五個 HTTP封包內容
![Page 34: 實驗四 網路協定觀察與分析 Instructor: Teaching Assistant: 1998/12/7 High Speed Network lab. Department of Computer Information Science, NCTU](https://reader036.vdocuments.site/reader036/viewer/2022081503/56649d445503460f94a20823/html5/thumbnails/34.jpg)
第六個 HTTP封包內容
![Page 35: 實驗四 網路協定觀察與分析 Instructor: Teaching Assistant: 1998/12/7 High Speed Network lab. Department of Computer Information Science, NCTU](https://reader036.vdocuments.site/reader036/viewer/2022081503/56649d445503460f94a20823/html5/thumbnails/35.jpg)
網路協定列表:• HTTP必須列入實驗觀察對象。另外,各位同學可以從下列協定中選擇另一個協定作為觀察與分析的對象,所有 RFC可由 [1]或 NCTUCCCA取得。由於 ARP協定的分析流程已詳述在實驗報告範例,所以這個協定〝不可〞列入實驗報告觀察對象。
SNMP 、 ARP 、 RARP 、 DNS 、 SMTP 、 RPC 、 RIP 、 HTTP 、 DVMRP 、 POP3 、 NFS以及NetBIOS等。
![Page 36: 實驗四 網路協定觀察與分析 Instructor: Teaching Assistant: 1998/12/7 High Speed Network lab. Department of Computer Information Science, NCTU](https://reader036.vdocuments.site/reader036/viewer/2022081503/56649d445503460f94a20823/html5/thumbnails/36.jpg)
實驗報告要求:•實驗報告應該包括下列項目:實驗名稱、組員與系級、實驗目的、設備與操作環境、所觀察協定之背景知識、方法與步驟、觀察與紀錄、討論(針對問題與討論的項目回答,或自行提出問題並討論之)及參考書目。報告篇幅限定為 8~10頁 (A4),一律繳交雷射或噴墨列印之完稿。