Security Basics mailing list archives
RE: Packet analysis and protocol analysis
From: "Payton, Zack" <Zack.Payton () MWAA com>
Date: Wed, 27 Jul 2005 15:41:10 -0400
Ramki, Your best bet on this one is to start looking at the various RFC's for the protocols you are interested in. They will give you the protocol header format which is how the packet is constructed. Some protocols are considered to be proprietary and thus have very little documentation on what the various fields are. Another option is to pick up Stevens' TCP/IP Illustrated Volume 1. as Richard goes over the various core internet protocols and teaches you how the output for each looks in tcpdump. I actually got refused an interview for a security position once because I'd not read this book. You'd better believe I went out and picked it up pronto after that. If volume one manages to keep your attention I would recommend picking up 2 & 3 for some more advanced networking protocols and the creation of your own custom network clients and servers. See this site for a very good link on protocol headers. http://www.networksorcery.com/enp/topic/ipsuite.htm Regards, Zack Payton
Current thread:
- Packet analysis and protocol analysis Ramki B (Jul 26)
- Re: Packet analysis and protocol analysis Kurt Buff (Jul 29)
- Re: Packet analysis and protocol analysis Kristine Amari (Jul 29)
- Re: Packet analysis and protocol analysis Ansgar -59cobalt- Wiechers (Jul 29)
- Re: Packet analysis and protocol analysis Carlos Fernandez Sanz (Jul 29)
- Re: Packet analysis and protocol analysis Tom Van de Wiele (Jul 29)
- <Possible follow-ups>
- RE: Packet analysis and protocol analysis Arun Vishwanathan (Jul 29)
- RE: Packet analysis and protocol analysis Payton, Zack (Jul 29)
- Re: Packet analysis and protocol analysis araheja (Jul 29)
- Re: Packet analysis and protocol analysis ricsipATmailboxDOThu (Jul 29)