PPP 抓包分析
# PPP幀結構與HDLC相似,作了少許修改 # LCP包有3類: # 1.鏈路配置包,用於創建和配置鏈路(Configure-Request,Configure-Ack,Configure-Nak,和Configure-Reject)。 # 2.鏈路結束包被用於結束一個鏈路(Terminate-Request 和 Terminate-Ack) # 3.鏈路維修包被用於管理和調試一個鏈路(Code-Reject,Protocol-Reject, Echo-Request, Echo-Reply, 和 Discard-Request)。 # LCP (link control protocal) R2#username r2 password 0 r2 R2#interface Serial2/2 R2#ip address 202.100.23.2 255.255.255.0 R2#encapsulation ppp R2#ppp authentication pap # 當配置encapsulation ppp 時,發送 Configure-Request Frame 49: 14 bytes on wire (112 bits), 14 bytes captured (112 bits) on interface 0 Point-to-Point Protocol Address: 0xff # 0xFF, standard broadcast address ,表示接受數據包 Control: 0x03 Protocol: Link Control Protocol (0xc021) # 協議字段,0xC021 for LCP, 0x80xy for various NCPs, 0x0021 for IP PPP Link Control Protocol Code: Configuration Request (1) # LCP 鏈接創建請求: Configure-Request Identifier: 1 (0x01) Length: 10 Options: (6 bytes), Magic Number # Magic Number用於環路檢測,判斷是否與自身Magic Numberi相同 Magic Number: 0xbc0f842c Type: Magic Number (5) # Magic Number Length: 6 Magic Number: 0xbc0f842c
R3#interface Serial3/3 R3#ip address 202.100.23.3 255.255.255.0 R3#encapsulation ppp # 當接收到 Configure-Request ,可是其中參數(未配置pap)不能接受,則回覆 Configuration Nak Frame 50: 13 bytes on wire (104 bits), 13 bytes captured (104 bits) on interface 0 Point-to-Point Protocol Address: 0xff Control: 0x03 Protocol: Link Control Protocol (0xc021) PPP Link Control Protocol Code: Configuration Nak (3) Identifier: 1 (0x01) Length: 9 Options: (5 bytes), Authentication Protocol Authentication Protocol: Challenge Handshake Authentication Protocol (0xc223) Type: Authentication Protocol (3) Length: 5 Authentication Protocol: Challenge Handshake Authentication Protocol (0xc223) Algorithm: CHAP with MD5 (5)
R3#interface Serial3/3 R3#ip address 202.100.23.3 255.255.255.0 R3#encapsulation ppp R3#ppp pap sent-username r2 password r2 # 若是Configure-Request中收到的每個配置選項和所有的值都是能接受的,那麼該必須傳送一個Configure-Ack Frame 51: 14 bytes on wire (112 bits), 14 bytes captured (112 bits) on interface 0 Point-to-Point Protocol Address: 0xff Control: 0x03 Protocol: Link Control Protocol (0xc021) PPP Link Control Protocol Code: Configuration Ack (2) # LCP 鏈接創建確認: Configuration Ack Identifier: 1 (0x01) # 最近收到的Configure-Request中全部LCP選項值均可識別和接受時發送該消息。 Length: 10 # PPP對端發送和收到Configure-Acks時,LCP協商便完成了 Options: (6 bytes), Magic Number Magic Number: 0xbc0f842c Type: Magic Number (5) Length: 6 Magic Number: 0xbc0f842cFrame
R3#interface Serial3/3 R3#ip address 202.100.23.3 255.255.255.0 R3#encapsulation ppp # 若是Configure-Request中收到的一些配置選項是不可辨認的或者不被商議所接受(由網絡管理員配置的),則該執行必須傳送一個Configure-Reject # 具備用戶認證功能 -- PAP Frame 61: 12 bytes on wire (96 bits), 12 bytes captured (96 bits) on interface 0 Point-to-Point Protocol Address: 0xff Control: 0x03 Protocol: Link Control Protocol (0xc021) PPP Link Control Protocol Code: Configuration Reject (4) Identifier: 6 (0x06) Length: 8 Options: (4 bytes), Authentication Protocol Authentication Protocol: Password Authentication Protocol (0xc023) Type: Authentication Protocol (3) Length: 4 Authentication Protocol: Password Authentication Protocol (0xc023)
# 用戶認證失敗後(密碼錯誤),結束鏈路 328 84.473122 N/A N/A PPP PAP 14 Authenticate-Request (Peer-ID='r2', Password='r1') # 明文傳輸 329 84.477776 N/A N/A PPP PAP 30 Authenticate-Nak (Message='Authentication failed') 330 84.478314 N/A N/A PPP LCP 8 Termination Request 331 84.479937 N/A N/A PPP LCP 8 Termination Ack # Echo-Request 和 Echo-Reply包必須僅在LCP的Opened(打開)狀態下發送, # 在其餘不是Opened(打開)狀態下接收到的Echo-Request 和 Echo-Reply包應該被靜靜的丟棄。 # 具備keep-alive功能 568 214.489492 N/A N/A PPP LCP 16 Echo Request 569 214.490944 N/A N/A PPP LCP 16 Echo Reply
#IPCP只包括7種報文,但它的報文類型只是LCP數據報文的一個子集 #(只有LCP代碼域從1到7這七種報文:Config-Request,Config-Ack,Config-Nak,Config-Reject,Terminate-Request,Terminate-Ack和Code-Reject), # 並且實際的數據報文交換過程當中鏈路終止報文通常而言是不在網絡協議階段使用的。 # LCP處於OPEN狀態後,進行NCP協議協商,分爲靜態協商和動態協商 25 71.185532 N/A N/A PPP LCP 14 Configuration Ack 26 71.187428 N/A N/A PPP LCP 14 Configuration Ack 27 71.198927 N/A N/A PPP IPCP 14 Configuration Request 29 71.219095 N/A N/A PPP IPCP 14 Configuration Request # 靜態協商,也便是不協商。點對點的通訊設備兩端在PPP協商以前已配置好了IP地址, # 因此就無須在網絡層協議階段協商IP地址,而雙方惟一要作的就是告訴對方自身的IP地址。 Frame 27: 14 bytes on wire (112 bits), 14 bytes captured (112 bits) on interface 0 Point-to-Point Protocol Address: 0xff Control: 0x03 Protocol: Internet Protocol Control Protocol (0x8021) PPP IP Control Protocol # ipcp 互推地址,生成路由表,(不在同網段也能夠通信) Code: Configuration Request (1) # Configuration Request Identifier: 1 (0x01) Length: 10 Options: (6 bytes), IP address IP address: 202.100.23.2 # 在靜態協商時,若是IPCP的Config-Request報文中只含有地址配置參數選項時 Type: IP address (3) # 不管是發送方仍是接收方都同時發送Config-Request報文,其中配置選項中只含有各自的IP地址。 Length: 6 IP Address: 202.100.23.2 Frame 27: 14 bytes on wire (112 bits), 14 bytes captured (112 bits) on interface 0 Point-to-Point Protocol Address: 0xff Control: 0x03 Protocol: Internet Protocol Control Protocol (0x8021) PPP IP Control Protocol Code: Configuration Request (1) Identifier: 1 (0x01) Length: 10 Options: (6 bytes), IP address IP address: 202.100.23.2 Type: IP address (3) Length: 6 IP Address: 202.100.23.2 Frame 31: 14 bytes on wire (112 bits), 14 bytes captured (112 bits) on interface 0 Point-to-Point Protocol Address: 0xff Control: 0x03 Protocol: Internet Protocol Control Protocol (0x8021) PPP IP Control Protocol Code: Configuration Ack (2) # 當對端收到該報文後,會發送一個Config-Ack報文,這個目的是告訴對端我已經知道了你的IP地址, Identifier: 1 (0x01) # 對路由器而言會增長一條到對端接口的主機路由。 Length: 10 Options: (6 bytes), IP address IP address: 202.100.23.2 Type: IP address (3) Length: 6 IP Address: 202.100.23.2 Frame 32: 14 bytes on wire (112 bits), 14 bytes captured (112 bits) on interface 0 Point-to-Point Protocol Address: 0xff Control: 0x03 Protocol: Internet Protocol Control Protocol (0x8021) PPP IP Control Protocol Code: Configuration Ack (2) Identifier: 1 (0x01) Length: 10 Options: (6 bytes), IP address IP address: 202.100.23.3 Type: IP address (3) Length: 6 IP Address: 202.100.23.3 # 能夠獲取路由,造成不一樣網段直連路由 2#sh ip route 202.100.23.3 Routing entry for 202.100.23.3/32 Known via "connected", distance 0, metric 0 (connected, via interface) Routing Descriptor Blocks: * directly connected, via Serial2/2 Route metric is 0, traffic share count is 1 R2#sh ip route 202.100.33.3 Routing entry for 202.100.33.3/32 Known via "connected", distance 0, metric 0 (connected, via interface) Routing Descriptor Blocks: * directly connected, via Serial2/2 Route metric is 0, traffic share count is 1 R2#sh ip route 1.1.1.1 Routing entry for 1.1.1.1/32 Known via "connected", distance 0, metric 0 (connected, via interface) Routing Descriptor Blocks: * directly connected, via Serial2/2 Route metric is 0, traffic share count is 1
# 動態協商是一端配置爲動態獲取IP地址,另外一端經過手動方式配置IP地址,且容許給對端分配IP地址。 # 在這種狀況下,發送方連續發送了兩次Config-Request報文,才能完成發送方的協商過程。 # 而接收方仍然只須要發送一次Config-Request便可完成本端的協商過程。 R3(config-if)#ip address negotiated 470 1059.708060 N/A N/A PPP IPCP 14 Configuration Request #發送方第一次Config-Request 471 1059.708540 N/A N/A PPP IPCP 14 Configuration Request #接受方第一次Config-Request 472 1059.712205 N/A N/A PPP IPCP 14 Configuration Reject #接收方拒絕發送方第一次Config-Request 473 1059.712677 N/A N/A PPP IPCP 14 Configuration Ack #發送方確認接收方的第一次Config-Request 474 1059.713186 N/A N/A PPP IPCP 8 Configuration Request #發送方第二次Config-Request 475 1059.718640 N/A N/A PPP IPCP 8 Configuration Ack #接收方確認第二次Config-Request #因爲發送方沒有配置IP地址(而是動態獲取IP地址),因此在IPCP的Config-Request報文的IP地址配置參數配置選項中的IP地址填充全0(也便是0.0.0.0), Frame 470: 14 bytes on wire (112 bits), 14 bytes captured (112 bits) on interface 0 Point-to-Point Protocol Address: 0xff Control: 0x03 Protocol: Internet Protocol Control Protocol (0x8021) PPP IP Control Protocol Code: Configuration Request (1) # IPCP的Config-Request報文 Identifier: 1 (0x01) Length: 10 Options: (6 bytes), IP address IP address: 0.0.0.0 # IP地址填充全0 Type: IP address (3) Length: 6 IP Address: 0.0.0.0 # 指定IP的正常IPCP報文 Frame 471: 14 bytes on wire (112 bits), 14 bytes captured (112 bits) on interface 0 Point-to-Point Protocol Address: 0xff Control: 0x03 Protocol: Internet Protocol Control Protocol (0x8021) PPP IP Control Protocol Code: Configuration Request (1) Identifier: 2 (0x02) Length: 10 Options: (6 bytes), IP address IP address: 202.100.23.2 Type: IP address (3) Length: 6 IP Address: 202.100.23.2 # 當接收方收到該配置請求報文後會檢測IP地址的內容,若是發送爲全0,則認爲對端的這個IP地址不是我所但願的值, # 這樣就回應一個Config-Nak報文,並將但願分配給對方的IP地址填充到Config-Nak報文內。 Frame 472: 14 bytes on wire (112 bits), 14 bytes captured (112 bits) on interface 0 Point-to-Point Protocol Address: 0xff Control: 0x03 Protocol: Internet Protocol Control Protocol (0x8021) PPP IP Control Protocol Code: Configuration Reject (4) Identifier: 1 (0x01) Length: 10 Options: (6 bytes), IP address IP address: 0.0.0.0 Type: IP address (3) Length: 6 IP Address: 0.0.0.0 # 指定IP的正常ACK報文 Frame 473: 14 bytes on wire (112 bits), 14 bytes captured (112 bits) on interface 0 Point-to-Point Protocol Address: 0xff Control: 0x03 Protocol: Internet Protocol Control Protocol (0x8021) PPP IP Control Protocol Code: Configuration Ack (2) Identifier: 2 (0x02) Length: 10 Options: (6 bytes), IP address IP address: 202.100.23.2 Type: IP address (3) Length: 6 IP Address: 202.100.23.2 # 這時當接收方收到Config-Nak報文後,就會從新發送一個Config-Request報文,這個報文中的IP地址配置選項爲對方在Nak報文中所提供的。 Frame 474: 8 bytes on wire (64 bits), 8 bytes captured (64 bits) on interface 0 Point-to-Point Protocol Address: 0xff Control: 0x03 Protocol: Internet Protocol Control Protocol (0x8021) PPP IP Control Protocol Code: Configuration Request (1) Identifier: 2 (0x02) Length: 4 Frame 475: 8 bytes on wire (64 bits), 8 bytes captured (64 bits) on interface 0 Point-to-Point Protocol Address: 0xff Control: 0x03 Protocol: Internet Protocol Control Protocol (0x8021) PPP IP Control Protocol Code: Configuration Ack (2) Identifier: 2 (0x02) Length: 4 # 顯示協商獲取IP地址,存在本網段路由 R3(config-if)#do sh ip int s3/3 Serial3/3 is up, line protocol is up Internet address will be negotiated using IPCP Broadcast address is 255.255.255.255 R2(config-if)#do sh ip route Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2 E1 - OSPF external type 1, E2 - OSPF external type 2 i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2 ia - IS-IS inter area, * - candidate default, U - per-user static route o - ODR, P - periodic downloaded static route, H - NHRP, l - LISP a - application route + - replicated route, % - next hop override Gateway of last resort is not set 192.168.1.0/24 is variably subnetted, 2 subnets, 2 masks C 192.168.1.0/24 is directly connected, Ethernet1/1 L 192.168.1.2/32 is directly connected, Ethernet1/1 202.100.23.0/24 is variably subnetted, 2 subnets, 2 masks C 202.100.23.0/24 is directly connected, Serial2/2 L 202.100.23.2/32 is directly connected, Serial2/2 R2(config-if)#
# PPP認證,相比於HDLC具備用戶認證 # 挑戰握手認證協議 Challenge-Handshake Authentication Protocol # 挑戰握手認證協議(CHAP)經過三次握手週期性的認證對端的身份,在初始鏈路創建時完成,能夠在鏈路創建以後的任什麼時候候重複進行。 R2#interface Serial2/2 R2#ip address 202.100.23.2 255.255.255.0 R2#encapsulation ppp R2#ppp authentication chap R2#serial restart-delay 0 # 一、鏈路創建階段結束以後,認證者向被認證者發送「挑戰」消息 1 0.000000 N/A N/A PPP LCP 14 Configuration Request # 相互發送Configuration Request和Configuration Ack後,完成LCP鏈路創建過程 2 0.021263 N/A N/A PPP LCP 19 Configuration Request 3 0.021402 N/A N/A PPP LCP 14 Configuration Ack 4 0.028010 N/A N/A PPP LCP 19 Configuration Ack 5 0.059900 N/A N/A PPP CHAP 27 Challenge (NAME='R2', VALUE=0xe8affa5379025f888c6d22ff52aff757) # LCP鏈路創建完成後,R2主動發送Challenge Frame 3317: 27 bytes on wire (216 bits), 27 bytes captured (216 bits) on interface 0 Point-to-Point Protocol Address: 0xff Control: 0x03 Protocol: Challenge Handshake Authentication Protocol (0xc223) PPP Challenge Handshake Authentication Protocol Code: Challenge (1) Identifier: 1 Length: 23 Data Value Size: 16 Value: e85aa3c02b52edb78c6d22ff000a1cfb Name: R2 R3#interface Serial3/3 R3#ip address 202.100.23.3 255.255.255.0 R3#encapsulation ppp R3#ppp chap hostname r2 R3#ppp chap password 0 r2 #缺點:密鑰配置爲明文 R3#serial restart-delay 0 # 二、被認證者 計算hash值做爲應答 Frame 3318: 27 bytes on wire (216 bits), 27 bytes captured (216 bits) on interface 0 Point-to-Point Protocol Address: 0xff Control: 0x03 Protocol: Challenge Handshake Authentication Protocol (0xc223) PPP Challenge Handshake Authentication Protocol Code: Response (2) Identifier: 1 Length: 23 Data Value Size: 16 Value: 2f9020d01b7b41ba6c754b014a8e6767 # hash值 Name: r2 # 用戶名 # 三、認證者根據它本身的預期哈希值的計算來檢查應答,若是值匹配,認證獲得認可;不然,鏈接應該終止。 # 認證失敗,終止鏈接 3317 1534.518709 N/A N/A PPP CHAP 27 Challenge (NAME='R2', VALUE=0xe85aa3c02b52edb78c6d22ff000a1cfb) 3318 1534.525085 N/A N/A PPP CHAP 27 Response (NAME='r2', VALUE=0x2f9020d01b7b41ba6c754b014a8e6767) 3319 1534.526536 N/A N/A PPP CHAP 29 Failure (MESSAGE='Authentication failed') 3320 1534.527368 N/A N/A PPP LCP 8 Termination Request 3321 1534.528521 N/A N/A PPP LCP 8 Termination Ack # 認證成功,進行NCP協議互推地址 3874 1669.630159 N/A N/A PPP CHAP 27 Challenge (NAME='R2', VALUE=0x3695e79508d494098c6d22fffd432110) 3875 1669.635094 N/A N/A PPP CHAP 27 Response (NAME='r2', VALUE=0x0695a3e64fb3a059987d1ff616e1a846) 3876 1669.643600 N/A N/A PPP CHAP 8 Success (MESSAGE='') 3877 1669.645975 N/A N/A PPP IPCP 14 Configuration Request 3878 1669.646095 N/A N/A PPP IPCP 14 Configuration Request 3880 1669.646844 N/A N/A PPP IPCP 14 Configuration Ack 3881 1669.647354 N/A N/A PPP IPCP 14 Configuration Ack
PPP其餘知識點 環路檢測:magic number(是否與自己magic number相同) Multiple port-channel
相關文章
- 1. PPPoE抓包分析
- 2. tcpdump 抓包分析
- 3. VTP 抓包分析
- 4. STP 抓包分析
- 5. WireShark抓包分析
- 6. wireshark抓包分析
- 7. TLS抓包分析
- 8. Fiddler抓包分析
- 9. DHCP抓包分析
- 10. RTMP 抓包分析
- 更多相關文章...
- • 互聯網系統應用架構基礎分析 - 紅包項目實戰
- • 高併發系統的分析和設計 - 紅包項目實戰
- • Git五分鐘教程
- • 算法總結-二分查找法
相關標籤/搜索
每日一句
-
每一个你不满意的现在,都有一个你没有努力的曾经。
最新文章
歡迎關注本站公眾號,獲取更多信息
相關文章
- 1. PPPoE抓包分析
- 2. tcpdump 抓包分析
- 3. VTP 抓包分析
- 4. STP 抓包分析
- 5. WireShark抓包分析
- 6. wireshark抓包分析
- 7. TLS抓包分析
- 8. Fiddler抓包分析
- 9. DHCP抓包分析
- 10. RTMP 抓包分析