通信人家园

什么是广播报文？广播报文简单地定义为当交换机收到某些特征报文时，交换机把这些报文转发给除发送端口外的其它所有端口，通常特征就是数据帧中目的MAC地址为全1的报文(思考：广播报文是不是目的MAC一定是全1呢？),就像老师(报文发送者)在教室中(交换机的区域中,即广播域)中大声说,”同学们,下课了”(广播报文),在座的所有同学都听的到了(这就是广播)。

广播域就是网络中能接收任何一设备发出的广播帧的所有设备的集合。例如PC1发出广播报文broadcast1,能够接收到broadcast1报文的设备集合就称为一个广播域，通常一个交换机的所有端口以及连在该交换机上的交换机的所有端口处在同一广播域中。

第2章实验篇2.1 实验网络环境

下面搭建一个的网络环境，三台PC电脑分别接到一台华为S2008交换机上（实验也可用普通二层交换机），在PC机上装上优秀的抓包工具wireshark 0.9905。通过它捕获PC机在通信时的所发送和接收到的报文。

图1：网络环境拓扑

图表 1网络环境拓扑

表格 1三台电脑的网络参数

PC机名称	MAC地址	IP地址	在S2008的端口
PC1	00:13:d4:1f:c1:38	192.168.1.100
PC2	00:0f:1f:aa:05:ec	192.168.1.15
PC3	00:40:05:db:0f:72	192.168.1.1

2.2 实验一：两台PC之间Ping测试的广播报文

当PC1在PING PC3时，PC1发出了什么报文？收到了什么报文？PC2又能收到什么报文？根据TCP/IP协议卷三，我们推测PC1在PINGPC3时，由于两个地址在同一个网段，PC1发送ARP广播报文，请求PC3IP 地址的MAC地址，同时PC2上能捕获到ARP广播报文。通过以下实验来验证一下。

在PC1和PC2上打开抓包工具wireshark,并在 PC1上运行PING命令:

Microsoft Windows XP [版本 5.1.2600]

C:\Documents and Settings\Administrator>cd\

C:\>ping 192.168.1.1

Pinging 192.168.1.1 with 32 bytes of data:

Reply from 192.168.1.1: bytes=32 time<1ms TTL=64

Ping statistics for 192.168.1.1:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 0ms, Maximum = 0ms, Average = 0ms

Control-C

C:\>

表格 2 PC1 PING PC3在PC1抓到的报文：

No.	Time	Source	Destination	Protocol	Info
1	0.000000	00:13:d4:1f:c1:38	ff:ff:ff:ff:ff:ff	ARP	Who has 192.168.1.1? Tell 192.168.1.100
Frame 1 (42 bytes on wire, 42 bytes captured) Ethernet II, Src: 00:13:d4:1f:c1:38 (00:13:d4:1f:c1:38), Dst: ff:ff:ff:ff:ff:ff (ff:ff:ff:ff:ff:ff) Address Resolution Protocol (request)
注解：PC1发送了一个目的MAC为全1的ARP广播报文
No.	Time	Source	Destination	Protocol	Info
2	0.000250	00:40:05:db:0f:72	00:13:d4:1f:c1:38	ARP	192.168.1.1 is at 00:40:05:db:0f:72
Frame 2 (60 bytes on wire, 60 bytes captured) Ethernet II, Src: 00:40:05:db:0f:72 (00:40:05:db:0f:72), Dst: 00:13:d4:1f:c1:38 (00:13:d4:1f:c1:38) Address Resolution Protocol (reply)
注解：PC3 192.168.1.1 响应ARP
No.	Time	Source	Destination	Protocol	Info
3	0.000255	192.168.1.100	192.168.1.1	ICMP	Echo (ping) request
Frame 3 (74 bytes on wire, 74 bytes captured) Ethernet II, Src: 00:13:d4:1f:c1:38 (00:13:d4:1f:c1:38), Dst: 00:40:05:db:0f:72 (00:40:05:db:0f:72) Internet Protocol, Src: 192.168.1.100 (192.168.1.100), Dst: 192.168.1.1 (192.168.1.1) Internet Control Message Protocol
注解：PC1 192.168.1.100 向 PC3 192.168.1.1发送PING请求
No.	Time	Source	Destination	Protocol	Info
4	0.000794	192.168.1.1	192.168.1.100	ICMP	Echo (ping) reply
Frame 4 (74 bytes on wire, 74 bytes captured) Ethernet II, Src: 00:40:05:db:0f:72 (00:40:05:db:0f:72), Dst: 00:13:d4:1f:c1:38 (00:13:d4:1f:c1:38) Internet Protocol, Src: 192.168.1.1 (192.168.1.1), Dst: 192.168.1.100 (192.168.1.100) Internet Control Message Protocol
注解：PC3应答PC1的PING请求
No.	Time	Source	Destination	Protocol	Info
5	0.987877	192.168.1.100	192.168.1.1	ICMP	Echo (ping) request
Frame 5 (74 bytes on wire, 74 bytes captured) Ethernet II, Src: 00:13:d4:1f:c1:38 (00:13:d4:1f:c1:38), Dst: 00:40:05:db:0f:72 (00:40:05:db:0f:72) Internet Protocol, Src: 192.168.1.100 (192.168.1.100), Dst: 192.168.1.1 (192.168.1.1) Internet Control Message Protocol
注解：PC1 192.168.1.100 向 PC3 192.168.1.1发送PING请求
No.	Time	Source	Destination	Protocol	Info
6	0.988264	192.168.1.1	192.168.1.100	ICMP	Echo (ping) reply
Frame 6 (74 bytes on wire, 74 bytes captured) Ethernet II, Src: 00:40:05:db:0f:72 (00:40:05:db:0f:72), Dst: 00:13:d4:1f:c1:38 (00:13:d4:1f:c1:38) Internet Protocol, Src: 192.168.1.1 (192.168.1.1), Dst: 192.168.1.100 (192.168.1.100) Internet Control Message Protocol
注解：PC3应答PC1的PING请求

在PC2上抓到的报文：

表格 3PC1 PING PC3时在PC2上抓到的报文：

No.	Time	Source	Destination	Protocol	Info
1	0.000000	00:13:d4:1f:c1:38	Broadcast	ARP	Who has 192.168.1.1? Tell 192.168.1.100
Frame 1 (60 bytes on wire, 60 bytes captured) Ethernet II, Src: AsustekC_1f:c1:38 (00:13:d4:1f:c1:38), Dst: Broadcast (ff:ff:ff:ff:ff:ff) Address Resolution Protocol (request)
注解：PC2 上收到PC1发出的ARP广播报文

通过以上实验，我们发现广播报文，并了解广播报文的特性，向除发送端口外的其它广播域中的端口广播，即广播域中的设备都能接收到广播Frame。完全证实我们的推论是正确的。

2.3 实验二：广播报文的另种形式，flood

是不是广播报文目的MAC地址一定是全1呢？我们接着上面的实验再做个实验。

在PC1上PING下PC3，拨掉PC3接在交换机上的网上再立即拨上（目的是清掉交换机MAC地址表中学到的PC3的MAC地址），在PC1上再次PING PC3，同时打开PC1和PC2上的的抓包工具。

PC1上的PING命令过程如下：

表格 4在PC1上第二次PINGPC3时在PC1抓到的报文

No.	Time	Source	Destination	Protocol	Info
7	1.987850	192.168.1.100	192.168.1.1	ICMP	Echo (ping) request
Frame 7 (74 bytes on wire, 74 bytes captured) Ethernet II, Src: AsustekC_1f:c1:38 (00:13:d4:1f:c1:38), Dst: AniCommu_db:0f:72 (00:40:05:db:0f:72) Internet Protocol, Src: 192.168.1.100 (192.168.1.100), Dst: 192.168.1.1 (192.168.1.1) Internet Control Message Protocol
注解：由于PC1中第已PING过PC3，已经缓存了PC3的ARP，本次PING未发ARP请求，直接把目的MAC 封装进报文发送出去。
No.	Time	Source	Destination	Protocol	Info
8	1.988249	192.168.1.1	192.168.1.100	ICMP	Echo (ping) reply
Frame 8 (74 bytes on wire, 74 bytes captured) Ethernet II, Src: AniCommu_db:0f:72 (00:40:05:db:0f:72), Dst: AsustekC_1f:c1:38 (00:13:d4:1f:c1:38) Internet Protocol, Src: 192.168.1.1 (192.168.1.1), Dst: 192.168.1.100 (192.168.1.100) Internet Control Message Protocol
注解：PC1收到来自PC3的PING应答报文

在PC1抓包的同时，在PC2上抓到的报文

表格 5 PC1 PING PC，在PC2上抓到的Flood报文

No.	Time	Source	Destination	Protocol	Info
2	48.364774	192.168.1.100	192.168.1.1	ICMP	Echo (ping) request
Frame 2 (74 bytes on wire, 74 bytes captured) Ethernet II, Src: AsustekC_1f:c1:38 (00:13:d4:1f:c1:38), Dst: AniCommu_db:0f:72 (00:40:05:db:0f:72) Internet Protocol, Src: 192.168.1.100 (192.168.1.100), Dst: 192.168.1.1 (192.168.1.1) Internet Control Message Protocol
注解：在PC2上居然抓到了目的MAC是PC3的报文！！！

PC1 PING PC3,正常应答，PC2上抓到了PC1发出的单播PING报文，为什么呢？按理这个目的MAC地址是明确的，交换机应该直接转发给PC3上的端口。

我们再回想下交换机的工作原理，交换机收到目的MAC明确的单播报文时，查询MAC地址表，找到则直接单独转发到对应的端口，如果未找到则广播。在PC1 第二次PING PC3前，拨插了PC3的网线，导致交换掉清掉了PC3的MAC记录，当交换机收到PC1的PING报文时，未能找到PC3的MAC,于是交换机就广播出该报文，这就是Flood，泛洪，广播报文的另种形式。

2.4 实验三：广播报文的危害,环路等因素引发广播风暴

广播报文带来便捷的通信方式，如使用不当，会有什么问题吗？做个如下实验

在交换机上直接用网线将两个端口A和B连在一起，在PC1 上试着随便PING个地址，如192.168.1.2，同时打开抓包工具。

表格 6出现广播风暴时在PC1瞬间抓到大量的广播包

PC1瞬间抓到无数的广播包

No.Time Source Destination Protocol Info

1 0.000000 00:74:04:e5:65:0c Broadcast ARP Who has 192.168.1.2? Tell 192.168.1.1

2 0.000013 00:74:04:e5:65:0c Broadcast ARP Who has 192.168.1.2? Tell 192.168.1.1

3 0.000023 00:74:04:e5:65:0c Broadcast ARP Who has 192.168.1.2? Tell 192.168.1.1

4 0.000967 00:74:04:e5:65:0c Broadcast ARP Who has 192.168.1.2? Tell 192.168.1.1

5 0.000972 00:74:04:e5:65:0c Broadcast ARP Who has 192.168.1.2? Tell 192.168.1.1

6 0.001377 00:74:04:e5:65:0c Broadcast ARP Who has 192.168.1.2? Tell 192.168.1.1

7 0.001381 00:74:04:e5:65:0c Broadcast ARP Who has 192.168.1.2? Tell 192.168.1.1

8 0.001957 00:74:04:e5:65:0c Broadcast ARP Who has 192.168.1.2? Tell 192.168.1.1

9 0.001962 00:74:04:e5:65:0c Broadcast ARP Who has 192.168.1.2? Tell 192.168.1.1

10 0.002314 00:74:04:e5:65:0c Broadcast ARP Who has 192.168.1.2? Tell 192.168.1.1

…………………………….

……………………………..

No. Time Source Destination Protocol Info

27938 4.559987 00:74:04:e5:65:0c Broadcast ARP Who has 192.168.1.2? Tell 192.168.1.1

27939 4.560092 00:74:04:e5:65:0c Broadcast ARP Who has 192.168.1.2? Tell 192.168.1.1

27940 4.560291 00:74:04:e5:65:0c Broadcast ARP Who has 192.168.1.2? Tell 192.168.1.1

27941 4.560364 00:74:04:e5:65:0c Broadcast ARP Who has 192.168.1.2? Tell 192.168.1.1

27942 4.560449 00:74:04:e5:65:0c Broadcast ARP Who has 192.168.1.2? Tell 192.168.1.1

27943 4.560523 00:74:04:e5:65:0c Broadcast ARP Who has 192.168.1.2? Tell 192.168.1.1

27944 4.560877 00:74:04:e5:65:0c Broadcast ARP Who has 192.168.1.2? Tell 192.168.1.1

27945 4.560961 00:74:04:e5:65:0c Broadcast ARP Who has 192.168.1.2? Tell 192.168.1.1

27946 4.561160 00:74:04:e5:65:0c Broadcast ARP Who has 192.168.1.2? Tell 192.168.1.1

27947 4.561244 00:74:04:e5:65:0c Broadcast ARP Who has 192.168.1.2? Tell 192.168.1.1

27948 4.561328 00:74:04:e5:65:0c Broadcast ARP Who has 192.168.1.2? Tell 192.168.1.1

27949 4.561434 00:74:04:e5:65:0c Broadcast ARP Who has 192.168.1.2? Tell 192.168.1.1

27948 4.561328 00:74:04:e5:65:0c Broadcast0c ARP Who has 192.168.1.2? Tell 192.168.1.1

27949 4.561434 00:74:04:e5:65:0c Broadcast0c ARP Who has 192.168.1.2? Tell 192.168.1.1

参考文献

<<TCP/IP协议卷三>> wireshark帮助说明中兴8220操作手册

时间: 2013-6-17 15:15

作者: zxking

好多字，不是太懂。

时间: 2013-10-29 15:09

作者: iqplhui

急需，需要关于广播的应用的知识，想知道广播都有哪些应用！

时间: 2014-3-25 09:01

作者: cxdgood

还有下面的内容怎么没见

时间: 2014-3-25 09:01

作者: cxdgood

还有下面的内容怎么没见

时间: 2014-12-2 11:33

作者: ina128

在项目中对广播报文有兴趣。谢了。

时间: 2015-1-13 09:12

作者: wind2233

提示: 作者被禁止或删除内容自动屏蔽

时间: 2015-4-23 09:05

作者: gubing2005

很好的资料，看了上文，突然发现要回复方可下载

时间: 2015-7-23 17:45

作者: liuxing_620

很好的总结，感谢

时间: 2015-9-25 21:45

作者: lddgguoheng

很好，了解了解

时间: 2016-3-25 16:55

作者: lilifeng

感谢分享，学习中。/微笑

时间: 2016-3-28 12:38

作者: abby717

看起来很不错的样子哦

时间: 2016-6-3 20:37

作者: linxi_hnh

好文章，感谢。谢谢

时间: 2016-12-14 08:34

作者: gz9866

精品，挺起！

时间: 2017-8-18 23:27

作者: 绝对的菜

明白了很多东西，抓包软件还是需要研究一下

通信人家园 (https://www.txrjy.com/)