hdlc 抓包分析

# HDLC 包分析Frame 17: 24 bytes on wire (192 bits), 24 bytes captured (192 bits) on interface 0Cisco HD

.

# HDLC 包分析Frame 17: 24 bytes on wire (192 bits), 24 bytes captured (192 bits) on interface 0Cisco HDLC    Address: Multicast (0x8f)           # 地址：0x8f为组播，0x0f为单播    Control: 0x00                       # 控制：通常设置为0x00    Protocol: SLARP (0x8035)            # 协议：0x8035 为SLARP，0x0800为IPCisco SLARP    Packet type: Line keepalive (2)     # 0x02 为keep-alives包    Outgoing sequence number: 12        # 已发送keep-alives包的序号，每发送一个包，加1    Returned sequence number: 0         # 上一次接受到keep-alives包的序号    Reliability: 0xffff

# HDLC每隔10秒钟就互相发送链路探测的协商报文(KeepAlive报文)，用于探查链路是否中断，# 每次收发的报文按序号递增，序号失序则链路中断。# 当接口连续3次(数据包速率超过1000packets/s时为6次)没有收到对方对自己的递增序号的确认时，# HDLC协议就把链路状态由Up转变为Down，链路将不可用。5 10.422351 N/A N/A SLARP 24 Line keepalive, outgoing sequence 1, returned sequence 06 20.428553 N/A N/A SLARP 24 Line keepalive, outgoing sequence 2, returned sequence 07 30.439159 N/A N/A SLARP 24 Line keepalive, outgoing sequence 3, returned sequence 0# 连续3次没收到确认，两路状态由Up转变为DownR2(config-if)#*Aug 22 15:22:21.393: %LINK-3-UPDOWN: Interface Serial2/2, changed state to up*Aug 22 15:22:22.403: %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial2/2, changed state to upR2(config-if)#endR2#*Aug 22 15:22:49.957: %SYS-5-CONFIG_I: Configured from console by console*Aug 22 15:22:50.842: %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial2/2, changed state to down  R2#wrBuilding configuration...[OK]R2#sh int s2/2Serial2/2 is up, line protocol is down   Hardware is M4T  Internet address is 202.100.23.2/24  MTU 1500 bytes, BW 1544 Kbit/sec, DLY 20000 usec,      reliability 255/255, txload 1/255, rxload 1/255  Encapsulation HDLC, crc 16, loopback not set      # 默认封装协议为HDLC  Keepalive set (10 sec)                            # HDLC keepalive时间 默认为10s  Restart-Delay is 0 secs  Last input never, output 00:00:06, output hang never  Last clearing of "show interface" counters never  Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0  Queueing strategy: fifo  Output queue: 0/40 (size/max)  5 minute input rate 0 bits/sec, 0 packets/sec  5 minute output rate 0 bits/sec, 0 packets/sec     0 packets input, 0 bytes, 0 no buffer     Received 0 broadcasts (0 IP multicasts)     0 runts, 0 giants, 0 throttles      0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort     12 packets output, 1275 bytes, 0 underruns     0 output errors, 0 collisions, 2 interface resets     0 unknown protocol drops     0 output buffer failures, 0 output buffers swapped out     3 carrier transitions     DCD=up  DSR=up  DTR=up  RTS=up  CTS=up# DCD=up DSR=up DTR=up RTS=up CTS=up 只有链路第一层正常工作时，均为up，则keepalive机制生效。# 如果 DCD=up DSR=up DTR=up RTS=up CTS=up这些项中有一项未激活，keepalive就不会工作。# 收到keep-alive后，将返回收到的keep-alives 序号，21 130.235657 N/A N/A SLARP 24 Line keepalive, outgoing sequence 1, returned sequence 0    # 发送序号为 1，接受序号为 022 130.511801 N/A N/A SLARP 24 Line keepalive, outgoing sequence 13, returned sequence 1   # 发送序号为 13，接受序号为 125 140.249595 N/A N/A SLARP 24 Line keepalive, outgoing sequence 2, returned sequence 13    26 140.515803 N/A N/A SLARP 24 Line keepalive, outgoing sequence 14, returned sequence 2

# 202.100.23.2 ping 202.100.23.3 HDLC过程分析R2#ping 202.100.23.3Type escape sequence to abort.Sending 5, 100-byte ICMP Echos to 202.100.23.3, timeout is 2 seconds:!!!!!# 1、查路由表，存在路由，则转发；否则，丢弃R2#sh ip route 202.100.23.3Routing entry for 202.100.23.0/24  Known via "connected", distance 0, metric 0 (connected, via interface)  Routing Descriptor Blocks:  * directly connected, via Serial2/2      Route metric is 0, traffic share count is 1、# 2、封装# 三层封装：ICMP request请求 source ip address 为出接口地址为源地址(路由表决定); destination ip address: 202.100.23.3 Frame 49: 104 bytes on wire (832 bits), 104 bytes captured (832 bits) on interface 0Cisco HDLC    Address: Unicast (0x0f)    # 地址：0x0f为单播    Control: 0x00    Protocol: IP (0x0800)      # 协议：0x0800 为IP协议Internet Protocol Version 4, Src: 202.100.23.2, Dst: 202.100.23.3    # 目的地址为 ping 地址    0100 .... = Version: 4    .... 0101 = Header Length: 20 bytes (5)    Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT)    Total Length: 100    Identification: 0x0000 (0)    Flags: 0x00    Fragment offset: 0    Time to live: 255    Protocol: ICMP (1)    Header checksum: 0xf8ca [validation disabled]    [Header checksum status: Unverified]    Source: 202.100.23.2    Destination: 202.100.23.3    [Source GeoIP: Unknown]    [Destination GeoIP: Unknown]Internet Control Message Protocol    Type: 8 (Echo (ping) request)    Code: 0    Checksum: 0xb3a7 [correct]    [Checksum Status: Good]    Identifier (BE): 0 (0x0000)    Identifier (LE): 0 (0x0000)    Sequence number (BE): 0 (0x0000)    Sequence number (LE): 0 (0x0000)    [Response frame: 50]    Data (72 bytes)    Frame 50: 104 bytes on wire (832 bits), 104 bytes captured (832 bits) on interface 0Cisco HDLC    Address: Unicast (0x0f)    Control: 0x00    Protocol: IP (0x0800)Internet Protocol Version 4, Src: 202.100.23.3, Dst: 202.100.23.2    0100 .... = Version: 4    .... 0101 = Header Length: 20 bytes (5)    Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT)    Total Length: 100    Identification: 0x0000 (0)    Flags: 0x00    Fragment offset: 0    Time to live: 255    Protocol: ICMP (1)    Header checksum: 0xf8ca [validation disabled]    [Header checksum status: Unverified]    Source: 202.100.23.3    Destination: 202.100.23.2    [Source GeoIP: Unknown]    [Destination GeoIP: Unknown]Internet Control Message Protocol    Type: 0 (Echo (ping) reply)    Code: 0    Checksum: 0xbba7 [correct]    [Checksum Status: Good]    Identifier (BE): 0 (0x0000)    Identifier (LE): 0 (0x0000)    Sequence number (BE): 0 (0x0000)    Sequence number (LE): 0 (0x0000)    [Request frame: 49]    [Response time: 13.349 ms]    Data (72 bytes)    # HDLC缺点：没有认证功能，接口互连即可使用；点对点协议，不支持点到多点；

.