【命令】
C:\Users\Octopus>ping CAR527
Pinging CAR527 [192.168.1.109] with 32 bytes of data:
Reply from 192.168.1.109: bytes=32 time=91ms TTL=255
Reply from 192.168.1.109: bytes=32 time=5ms TTL=255
Reply from 192.168.1.109: bytes=32 time=5ms TTL=255
Reply from 192.168.1.109: bytes=32 time=2ms TTL=255
Ping statistics for 192.168.1.109:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 2ms, Maximum = 91ms, Average = 25ms
【數據包】
netbios_recv!
The packet is a NetBIOS name query question!
The packet is for us! encname=EDEBFCDFDCDHCACACACACACACACACAAA, decname=CAR527
The payload is: E1A0011000010000000000002045444542464344464443444843414341434143414341434143414341434141410000200001
作者共發了6篇帖子。
【數據】在控制台中執行「ping 計算機名」時網卡收到的UDP數據包內容
 |
|
|
當ping一個不存在的NetBIOS計算機名時,網卡會收到三次同樣的UDP數據包。 payload是UDP數據包的具體內容(應用層的部分),是以16進制數的格式顯示的。 【命令】 |
|
執行「ping CAR529」時網卡接收到的完整數據包(數據鏈路層)是: 接下來的6個字節是執行ping命令的計算機的MAC地址。 |
|
執行「ping CAR528」時收到的數據包(數據鏈路層):
{recv-len:92}[FFFFFFFFFFFFB88687A1D6B008004500004E512F0000801164B6C0A8016AC0A801FF00890089003A4CACE293011000010000000000002045444542464344464443444943414341434143414341434143414341434141410000200001] |
|
對於ENC28J60網卡,在ERXFCON寄存器中,當ANDOR=0時,必須要將BCEN置位才能正確的接收上述數據包: 否則,這些數據包都會被直接過濾掉。 |
|
【網卡接到NetBIOS請求,進入netbios_recv函數執行】
netbios_recv! The packet is a NetBIOS name query question! The packet is for us! encname=EDEBFCDFDCDHCACACACACACACACACAAA, decname=CAR527 low_level_output! len=104 【NetBIOS回應數據包的內容】 {memdisp-len:104}[B88687A1D6B0001A6BA4AAB408004500005A00130000FF113758C0A8016DC0A8016A0089008900466F68E760850000000001000000002045444542464344464443444843414341434143414341434143414341434141410000200001000493E000060000C0A8016D] addr=192.168.1.106, port=137 type=0x806! low_level_output! len=42 【PC端發送ARP數據包獲取IP位址對應的MAC地址,網卡回應ARP的內容】 {memdisp-len:42}[B88687A1D6B0001A6BA4AAB408060001080006040002001A6BA4AAB4C0A8016DB88687A1D6B0C0A8016A] low_level_output! len=74 【以下為實際ping命令回應的數據包】 {memdisp-len:74}[B88687A1D6B0001A6BA4AAB408004500003C71460000FF01C652C0A8016DC0A8016A000053A5000101B66162636465666768696A6B6C6D6E6F7071727374757677616263646566676869] low_level_output! len=74 {memdisp-len:74}[B88687A1D6B0001A6BA4AAB408004500003C714A0000FF01C64EC0A8016DC0A8016A000053A4000101B76162636465666768696A6B6C6D6E6F7071727374757677616263646566676869] low_level_output! len=74 {memdisp-len:74}[B88687A1D6B0001A6BA4AAB408004500003C714C0000FF01C64CC0A8016DC0A8016A000053A3000101B86162636465666768696A6B6C6D6E6F7071727374757677616263646566676869] low_level_output! len=74 {memdisp-len:74}[B88687A1D6B0001A6BA4AAB408004500003C714D0000FF01C64BC0A8016DC0A8016A000053A2000101B96162636465666768696A6B6C6D6E6F7071727374757677616263646566676869] 【電腦端控制台的輸出內容】 C:\Users\Octopus>ping CAR527 Pinging CAR527 [192.168.1.109] with 32 bytes of data: Reply from 192.168.1.109: bytes=32 time=100ms TTL=255 Reply from 192.168.1.109: bytes=32 time=21ms TTL=255 Reply from 192.168.1.109: bytes=32 time=22ms TTL=255 Reply from 192.168.1.109: bytes=32 time=21ms TTL=255 Ping statistics for 192.168.1.109: Packets: Sent = 4, Received = 4, Lost = 0 (0% loss), Approximate round trip times in milli-seconds: Minimum = 21ms, Maximum = 100ms, Average = 41ms C:\Users\Octopus> |
