Security Basics mailing list archives

RE: Packet analysis and protocol analysis

From: "Payton, Zack" <Zack.Payton () MWAA com>
Date: Wed, 27 Jul 2005 15:41:10 -0400


Ramki,
        Your best bet on this one is to start looking at the various
RFC's for the protocols you are interested in.  They will give you the
protocol header format which is how the packet is constructed.  Some
protocols are considered to be proprietary and thus have very little
documentation on what the various fields are.

Another option is to pick up Stevens' TCP/IP Illustrated Volume 1.
as Richard goes over the various core internet protocols and teaches you
how the output for each looks in tcpdump.
I actually got refused an interview for a security position once because
I'd not read this book.  You'd better believe I went out and picked it
up pronto after that.  If volume one manages to keep your attention I
would recommend picking up 2 & 3 for some more advanced networking
protocols and the creation of your own custom network clients and
servers.

See this site for a very good link on protocol headers.
http://www.networksorcery.com/enp/topic/ipsuite.htm


Regards,
Zack Payton

Current thread:

Packet analysis and protocol analysis Ramki B (Jul 26)
- Re: Packet analysis and protocol analysis Kurt Buff (Jul 29)
- Re: Packet analysis and protocol analysis Kristine Amari (Jul 29)
- Re: Packet analysis and protocol analysis Ansgar -59cobalt- Wiechers (Jul 29)
- Re: Packet analysis and protocol analysis Carlos Fernandez Sanz (Jul 29)
- Re: Packet analysis and protocol analysis Tom Van de Wiele (Jul 29)
- <Possible follow-ups>
- RE: Packet analysis and protocol analysis Arun Vishwanathan (Jul 29)
- RE: Packet analysis and protocol analysis Payton, Zack (Jul 29)
- Re: Packet analysis and protocol analysis araheja (Jul 29)
- Re: Packet analysis and protocol analysis ricsipATmailboxDOThu (Jul 29)