共享網(wǎng)卡是怎么路由的

xieShell

我的網(wǎng)絡結(jié)構(gòu)是這樣的：
                                INTERNET
                                      |
                                      |
       A：192.168.1.1/24 -- HUB -- B：192.168.1.2/24
            222.65.*.*
A是我的WINDOWS電腦，它直接連在INTERNET上，有個公網(wǎng)IP和一個私網(wǎng)IP，我把它的網(wǎng)卡設成共享了。B是我另一臺電腦，它與A用HUB連接，它只有一個私網(wǎng)IP。A與B的私網(wǎng)IP是在一個網(wǎng)段里的。B的網(wǎng)關(guān)我設成了A的私網(wǎng)地址，這樣，B就能訪問公網(wǎng)了。
我用WIRKSHARK抓了A網(wǎng)卡上的包。想了解A是根據(jù)什么來路由B的包的。

這里，A的私網(wǎng)IP是192.168.1.1/24，公網(wǎng)IP是222.65.*.*，MAC地址是00:30:18:aa:3a:cc
B的私網(wǎng)IP是192.168.1.2/24，MAC地址是00:0c:29:b3:a7:76

我抓了B PING百度的包，

No.     Time        Source                Destination           Protocol Info
1       18.926754   192.168.1.2           203.208.*.*        ICMP     Echo (ping) request
Frame 31 (98 bytes on wire, 98 bytes captured)
Ethernet II, Src: 00:0c:29:b3:a7:76, Dst: 00:30:18:aa:3a:cc
Internet Protocol, Src: 192.168.1.2 (192.168.1.2), Dst: 203.208.*.* (203.208.*.*)
    Version: 4
    Header length: 20 bytes
    Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
    Total Length: 84
    Identification: 0x0000 (0)
    Flags: 0x04 (Don't Fragment)
    Fragment offset: 0
    Time to live: 64
    Protocol: ICMP (0x01)
    Header checksum: 0x85c6 [correct]
    Source: 192.168.1.2 (192.168.1.2)
    Destination: 203.208.*.* (203.208.*.*)
Internet Control Message Protocol
    Type: 8 (Echo (ping) request)
    Code: 0 ()
    Checksum: 0x4da5 [correct]
    Identifier: 0x0a0b
    Sequence number: 2 (0x0002)
    Data (56 bytes)

No.     Time        Source                Destination           Protocol Info
2       18.926870   222.65.*.*        203.208.*.*        ICMP     Echo (ping) request
Frame 32 (106 bytes on wire, 106 bytes captured)
Ethernet II, Src: 00:30:18:aa:3a:cc, Dst: 00:90:1a:41:d5:6e
PPP-over-Ethernet Session
Point-to-Point Protocol
Internet Protocol, Src: 222.65.*.* (222.65.*.*), Dst: 203.208.*.* (203.208.*.*)
    Version: 4
    Header length: 20 bytes
    Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
    Total Length: 84
    Identification: 0x0000 (0)
    Flags: 0x04 (Don't Fragment)
    Fragment offset: 0
    Time to live: 63
    Protocol: ICMP (0x01)
    Header checksum: 0xf079 [correct]
    Source: 222.65.*.* (222.65.*.*)
    Destination: 203.208.*.* (203.208.*.*)
Internet Control Message Protocol
    Type: 8 (Echo (ping) request)
    Code: 0 ()
    Checksum: 0x56b0 [correct]
    Identifier: 0x0100
    Sequence number: 2 (0x0002)
    Data (56 bytes)

No.     Time        Source                Destination           Protocol Info
3       19.066742   203.208.*.*        222.65.*.*        ICMP     Echo (ping) reply
Frame 33 (106 bytes on wire, 106 bytes captured)
Ethernet II, Src: 00:90:1a:41:d5:6e, Dst: 00:30:18:aa:3a:cc
PPP-over-Ethernet Session
Point-to-Point Protocol
Internet Protocol, Src: 203.208.*.* (203.208.*.*), Dst: 222.65.*.* (222.65.*.*)
    Version: 4
    Header length: 20 bytes
    Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
    Total Length: 84
    Identification: 0x0000 (0)
    Flags: 0x04 (Don't Fragment)
    Fragment offset: 0
    Time to live: 246
    Protocol: ICMP (0x01)
    Header checksum: 0x3979 [correct]
    Source: 203.208.*.* (203.208.*.*)
    Destination: 222.65.*.* (222.65.*.*)
Internet Control Message Protocol
    Type: 0 (Echo (ping) reply)
    Code: 0 ()
    Checksum: 0x5eb0 [correct]
    Identifier: 0x0100
    Sequence number: 2 (0x0002)
    Data (56 bytes)

No.     Time        Source                Destination           Protocol Info
4       19.068816   203.208.*.*        192.168.1.2           ICMP     Echo (ping) reply
Frame 34 (98 bytes on wire, 98 bytes captured)
Ethernet II, Src: 00:30:18:aa:3a:cc, Dst: 00:0c:29:b3:a7:76
Internet Protocol, Src: 203.208.*.* (203.208.*.*), Dst: 192.168.1.2 (192.168.1.2)
    Version: 4
    Header length: 20 bytes
    Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
    Total Length: 84
    Identification: 0x0000 (0)
    Flags: 0x04 (Don't Fragment)
    Fragment offset: 0
    Time to live: 245
    Protocol: ICMP (0x01)
    Header checksum: 0xd0c5 [correct]
    Source: 203.208.*.* (203.208.*.*)
    Destination: 192.168.1.2 (192.168.1.2)
Internet Control Message Protocol
    Type: 0 (Echo (ping) reply)
    Code: 0 ()
    Checksum: 0x55a5 [correct]
    Identifier: 0x0a0b
    Sequence number: 2 (0x0002)
    Data (56 bytes)

這里，第1和第2個包是PING出去的包，A的網(wǎng)卡收到B發(fā)來的包后，把包的源IP翻譯成自己的IP，源MAC地址翻譯成自己的MAC地址，再轉(zhuǎn)發(fā)到公網(wǎng)上；收到回的PING包后，同樣，把目的MAC和IP地址翻譯成B網(wǎng)卡的，轉(zhuǎn)發(fā)給B�，F(xiàn)在的問題是，我從包的IP層沒法找到能用來標記需要轉(zhuǎn)發(fā)的標記。

請高人指點，A收到包后根據(jù)那個部分來識別這個包是需要轉(zhuǎn)發(fā)的。

luffy.deng

根據(jù)包的目的地址

nicecat

LZ問的大概是送回來的包怎么找回原主機的吧

xieShell

原帖由 nicecat 于 2008-11-30 00:46 發(fā)表
LZ問的大概是送回來的包怎么找回原主機的吧

是的，請指教啊

[ 本帖最后由 xieShell 于 2008-11-30 11:25 編輯 ]