TCP/UDP Packet Analysis

Hi all,

Im trying to find some documentation concerning TCP/UDP Packet Analysis.

IE: Capture a RAW IP Packet and be able to identify the source / destination / protocol / header etc from it.

Any ideas or links?

Cheers.

Find more posts tagged with

Free for TechExams community: Cybersecurity salary guide

Compare cert salaries and plan your next career move

Button

Comments

royal

You can just use regular sniffer software like Network Monitor or Wireshark. Unfortunately, if you need to sniff all traffic on the LAN, you'll have to do something like mirroring all traffic on a specific port which requires a managed switch so you can plug in your system to that port and sniff all the traffic.

There's quite a bit of good information here:
http://www.techexams.net/forums/viewtopic.php?t=35176

Since I'm pretty sure you already know about sniffing packets, are you looking for very detailed documentation on what each piece of a sniffer result contains? If so, I am of no help there other than me telling you that the help file should give some good information.

dynamik

Are you asking for advice on how to capture traffic or do you want to better understand what you've captured?

Wireshark or Microsoft's network monitor will capture traffic for you. If you want to get a better understanding of the protocols involved, check the RFCs.

Ahriakin

"TCP/IP: The Protocols" , I think you can only get it 2nd hand now.

And oldie but goldie.

Sie

royal wrote:

are you looking for very detailed documentation on what each piece of a sniffer result contains?

dynamik wrote:

or do you want to better understand what you've captured?

This is what im looking for.

Thanks for the information so far.

Darthn3ss

Sie wrote:

royal wrote:

are you looking for very detailed documentation on what each piece of a sniffer result contains?

dynamik wrote:

or do you want to better understand what you've captured?

This is what im looking for.

Thanks for the information so far.

i'm interested as well.

Sie

I have found some pages but havent had time to look through them yet.

This one possibly looks the most helpful:
(Check Section 4)

http://www.firewall.cx/tcp-intro.php

As I say I havent looked through it yet as im at work.

EDIT:

I have read this one however and it has explained it for me (so far!!) read through the first part a couple of times up to the Sequence Number in the TCP Header and I would recommend it up to here atleast

The link: http://mike.passwall.com/networking/samplepacket.html