【命令】
C:\Users\Octopus>ping CAR527
Pinging CAR527 [192.168.1.109] with 32 bytes of data:
Reply from 192.168.1.109: bytes=32 time=91ms TTL=255
Reply from 192.168.1.109: bytes=32 time=5ms TTL=255
Reply from 192.168.1.109: bytes=32 time=5ms TTL=255
Reply from 192.168.1.109: bytes=32 time=2ms TTL=255
Ping statistics for 192.168.1.109:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 2ms, Maximum = 91ms, Average = 25ms
【数据包】
netbios_recv!
The packet is a NetBIOS name query question!
The packet is for us! encname=EDEBFCDFDCDHCACACACACACACACACAAA, decname=CAR527
The payload is: E1A0011000010000000000002045444542464344464443444843414341434143414341434143414341434141410000200001
目前共有6篇帖子。
【数据】在控制台中执行“ping 计算机名”时网卡收到的UDP数据包内容
 |
|
|
当ping一个不存在的NetBIOS计算机名时,网卡会收到三次同样的UDP数据包。 payload是UDP数据包的具体内容(应用层的部分),是以16进制数的格式显示的。 【命令】 |
|
执行“ping CAR529”时网卡接收到的完整数据包(数据链路层)是: 接下来的6个字节是执行ping命令的计算机的MAC地址。 |
|
执行“ping CAR528”时收到的数据包(数据链路层):
{recv-len:92}[FFFFFFFFFFFFB88687A1D6B008004500004E512F0000801164B6C0A8016AC0A801FF00890089003A4CACE293011000010000000000002045444542464344464443444943414341434143414341434143414341434141410000200001] |
|
对于ENC28J60网卡,在ERXFCON寄存器中,当ANDOR=0时,必须要将BCEN置位才能正确的接收上述数据包: 否则,这些数据包都会被直接过滤掉。 |
|
【网卡接到NetBIOS请求,进入netbios_recv函数执行】
netbios_recv! The packet is a NetBIOS name query question! The packet is for us! encname=EDEBFCDFDCDHCACACACACACACACACAAA, decname=CAR527 low_level_output! len=104 【NetBIOS回应数据包的内容】 {memdisp-len:104}[B88687A1D6B0001A6BA4AAB408004500005A00130000FF113758C0A8016DC0A8016A0089008900466F68E760850000000001000000002045444542464344464443444843414341434143414341434143414341434141410000200001000493E000060000C0A8016D] addr=192.168.1.106, port=137 type=0x806! low_level_output! len=42 【PC端发送ARP数据包获取IP地址对应的MAC地址,网卡回应ARP的内容】 {memdisp-len:42}[B88687A1D6B0001A6BA4AAB408060001080006040002001A6BA4AAB4C0A8016DB88687A1D6B0C0A8016A] low_level_output! len=74 【以下为实际ping命令回应的数据包】 {memdisp-len:74}[B88687A1D6B0001A6BA4AAB408004500003C71460000FF01C652C0A8016DC0A8016A000053A5000101B66162636465666768696A6B6C6D6E6F7071727374757677616263646566676869] low_level_output! len=74 {memdisp-len:74}[B88687A1D6B0001A6BA4AAB408004500003C714A0000FF01C64EC0A8016DC0A8016A000053A4000101B76162636465666768696A6B6C6D6E6F7071727374757677616263646566676869] low_level_output! len=74 {memdisp-len:74}[B88687A1D6B0001A6BA4AAB408004500003C714C0000FF01C64CC0A8016DC0A8016A000053A3000101B86162636465666768696A6B6C6D6E6F7071727374757677616263646566676869] low_level_output! len=74 {memdisp-len:74}[B88687A1D6B0001A6BA4AAB408004500003C714D0000FF01C64BC0A8016DC0A8016A000053A2000101B96162636465666768696A6B6C6D6E6F7071727374757677616263646566676869] 【电脑端控制台的输出内容】 C:\Users\Octopus>ping CAR527 Pinging CAR527 [192.168.1.109] with 32 bytes of data: Reply from 192.168.1.109: bytes=32 time=100ms TTL=255 Reply from 192.168.1.109: bytes=32 time=21ms TTL=255 Reply from 192.168.1.109: bytes=32 time=22ms TTL=255 Reply from 192.168.1.109: bytes=32 time=21ms TTL=255 Ping statistics for 192.168.1.109: Packets: Sent = 4, Received = 4, Lost = 0 (0% loss), Approximate round trip times in milli-seconds: Minimum = 21ms, Maximum = 100ms, Average = 41ms C:\Users\Octopus> |
