TCP/UDP Packet Analysis

SieSie Member Posts: 1,195
in Off-Topic
Hi all,

Im trying to find some documentation concerning TCP/UDP Packet Analysis.

IE: Capture a RAW IP Packet and be able to identify the source / destination / protocol / header etc from it.

Any ideas or links?

Cheers.
Foolproof systems don't take into account the ingenuity of fools
· Share on FacebookShare on Twitter

Comments

  • royalroyal Member Posts: 3,352 ■■■■□□□□□□
    You can just use regular sniffer software like Network Monitor or Wireshark. Unfortunately, if you need to sniff all traffic on the LAN, you'll have to do something like mirroring all traffic on a specific port which requires a managed switch so you can plug in your system to that port and sniff all the traffic.

    There's quite a bit of good information here:
    http://www.techexams.net/forums/viewtopic.php?t=35176

    Since I'm pretty sure you already know about sniffing packets, are you looking for very detailed documentation on what each piece of a sniffer result contains? If so, I am of no help there other than me telling you that the help file should give some good information.
    “For success, attitude is equally as important as ability.” - Harry F. Banks
    · Share on FacebookShare on Twitter
  • dynamikdynamik Banned Posts: 12,312 ■■■■■■■■■□
    Are you asking for advice on how to capture traffic or do you want to better understand what you've captured?

    Wireshark or Microsoft's network monitor will capture traffic for you. If you want to get a better understanding of the protocols involved, check the RFCs.
    · Share on FacebookShare on Twitter
  • AhriakinAhriakin Member Posts: 1,799 ■■■■■■■■□□
    "TCP/IP: The Protocols" , I think you can only get it 2nd hand now.

    And oldie but goldie.
    We responded to the Year 2000 issue with "Y2K" solutions...isn't this the kind of thinking that got us into trouble in the first place?
    · Share on FacebookShare on Twitter
  • SieSie Member Posts: 1,195
    royal wrote:
    are you looking for very detailed documentation on what each piece of a sniffer result contains?
    dynamik wrote:
    or do you want to better understand what you've captured?

    This is what im looking for.

    Thanks for the information so far. :D
    Foolproof systems don't take into account the ingenuity of fools
    · Share on FacebookShare on Twitter
  • Darthn3ssDarthn3ss Member Posts: 1,096
    Sie wrote:
    royal wrote:
    are you looking for very detailed documentation on what each piece of a sniffer result contains?
    dynamik wrote:
    or do you want to better understand what you've captured?

    This is what im looking for.

    Thanks for the information so far. :D
    i'm interested as well.
    Fantastic. The project manager is inspired.

    In Progress: 70-640, 70-685
    · Share on FacebookShare on Twitter
  • SieSie Member Posts: 1,195
    I have found some pages but havent had time to look through them yet.

    This one possibly looks the most helpful:
    (Check Section 4)

    http://www.firewall.cx/tcp-intro.php

    As I say I havent looked through it yet as im at work.

    EDIT:

    I have read this one however and it has explained it for me (so far!!) read through the first part a couple of times up to the Sequence Number in the TCP Header and I would recommend it up to here atleast :D

    The link: http://mike.passwall.com/networking/samplepacket.html
    Foolproof systems don't take into account the ingenuity of fools
    · Share on FacebookShare on Twitter
Sign In or Register to comment.