TCP/UDP Packet Analysis
Hi all,
Im trying to find some documentation concerning TCP/UDP Packet Analysis.
IE: Capture a RAW IP Packet and be able to identify the source / destination / protocol / header etc from it.
Any ideas or links?
Cheers.
Im trying to find some documentation concerning TCP/UDP Packet Analysis.
IE: Capture a RAW IP Packet and be able to identify the source / destination / protocol / header etc from it.
Any ideas or links?
Cheers.
Foolproof systems don't take into account the ingenuity of fools
Comments
-
royal Member Posts: 3,352 ■■■■□□□□□□You can just use regular sniffer software like Network Monitor or Wireshark. Unfortunately, if you need to sniff all traffic on the LAN, you'll have to do something like mirroring all traffic on a specific port which requires a managed switch so you can plug in your system to that port and sniff all the traffic.
There's quite a bit of good information here:
http://www.techexams.net/forums/viewtopic.php?t=35176
Since I'm pretty sure you already know about sniffing packets, are you looking for very detailed documentation on what each piece of a sniffer result contains? If so, I am of no help there other than me telling you that the help file should give some good information.“For success, attitude is equally as important as ability.” - Harry F. Banks -
dynamik Banned Posts: 12,312 ■■■■■■■■■□Are you asking for advice on how to capture traffic or do you want to better understand what you've captured?
Wireshark or Microsoft's network monitor will capture traffic for you. If you want to get a better understanding of the protocols involved, check the RFCs. -
Ahriakin Member Posts: 1,799 ■■■■■■■■□□"TCP/IP: The Protocols" , I think you can only get it 2nd hand now.
And oldie but goldie.We responded to the Year 2000 issue with "Y2K" solutions...isn't this the kind of thinking that got us into trouble in the first place? -
Sie Member Posts: 1,195royal wrote:are you looking for very detailed documentation on what each piece of a sniffer result contains?dynamik wrote:or do you want to better understand what you've captured?
This is what im looking for.
Thanks for the information so far.Foolproof systems don't take into account the ingenuity of fools -
Sie Member Posts: 1,195I have found some pages but havent had time to look through them yet.
This one possibly looks the most helpful:
(Check Section 4)
http://www.firewall.cx/tcp-intro.php
As I say I havent looked through it yet as im at work.
EDIT:
I have read this one however and it has explained it for me (so far!!) read through the first part a couple of times up to the Sequence Number in the TCP Header and I would recommend it up to here atleast
The link: http://mike.passwall.com/networking/samplepacket.htmlFoolproof systems don't take into account the ingenuity of fools