Article Directory
- mission target
- Experimental Materials
- Experiment preparation
- experiment procedure
-
- 1. Enter the same room number to chat
- 2. Open Wireshark to capture packets
- 3. Check the message
- 4. If it is the TCP protocol, analyze the connection three-way handshake and disconnect the four-way handshake
- 5. Explain why the program can transmit chat data between multiple computers (only the same chat room number) at the same time?
mission target
Practice wireshark to capture network packets. Run the "Crazy Chat Room" program on two computers (laptop win10 host and ubuntu virtual machine. Select bridge mode for the network card to get two subnet IPv4 addresses), and capture packets through wireshark:
1) Analyze which protocol (TCP, UDP) and port number the network connection of this program uses?
2) Try to find the stolen chat information in the capture package (English characters and Chinese characters may have undergone some kind of encoding conversion, and the data package is not plaintext)
3) If the network connection uses TCP, analyze the 3-way handshake when establishing a connection and the 4-way handshake when disconnecting; if it is UDP, explain why the program can be used between multiple computers (only the same computer) chat room number) to transmit chat data at the same time?
Experimental Materials
WireShark software, crazy chat software, virtual machine (Ubuntu)
Experiment preparation
1. Install wine
sudo apt-get install wine-development
2. Install the Crazy Chat software
Just send the Crazy Chat software to the virtual machine. Note that the folder needs to be changed to English, otherwise there may be errors in starting the program.
3. Network settings
Leave only one network for dialogue, and turn off the rest.
Set the virtual machine NIC to bridge mode.
experiment procedure
1. Enter the same room number to chat
Use windows to send a message to ubuntu to see if it can be received
2. Open Wireshark to capture packets
Select the network we use for chatting, enter ip.dst=255.255.255.255, and then send a few messages in the chat room, you can see the following picture.
According to the analysis of the above figure, we can know that the protocol used is UDP protocol, the port used is port 5006, and the destination IP address is 255.255.255.255, which is the broadcast address.
3. Check the message
Double-click the content of the message, you can see the following picture,
here the message is not directly displayed, because we are sending Chinese, the picture below is in English Results: You
can see that when the content we send is in Chinese, the content will be converted, from Analyze the encoding on the left, and we can know that utf-8 conversion is used here, and we will verify it as shown in the figure below.
It is found that when the decoding is set to utf-8, the Chinese we sent is displayed.
4. If it is the TCP protocol, analyze the connection three-way handshake and disconnect the four-way handshake
Three-way handshake when connected:
four-way handshake when disconnected
5. Explain why the program can transmit chat data between multiple computers (only the same chat room number) at the same time?
Because the destination IP address of UDP is 255.255.255.255, all hosts in the same broadcast domain will receive this packet, and all network devices that need to forward packets will forward this packet, so multiple computers in a LAN can transmit at the same time chat data.