RE: Packet analysis and protocol analysis
From: Payton, Zack (Zack.Payton_at_MWAA.com)
Date: Wed, 27 Jul 2005 15:41:10 -0400 To: <firstname.lastname@example.org>, <email@example.com>
Your best bet on this one is to start looking at the various
RFC's for the protocols you are interested in. They will give you the
protocol header format which is how the packet is constructed. Some
protocols are considered to be proprietary and thus have very little
documentation on what the various fields are.
Another option is to pick up Stevens' TCP/IP Illustrated Volume 1.
as Richard goes over the various core internet protocols and teaches you
how the output for each looks in tcpdump.
I actually got refused an interview for a security position once because
I'd not read this book. You'd better believe I went out and picked it
up pronto after that. If volume one manages to keep your attention I
would recommend picking up 2 & 3 for some more advanced networking
protocols and the creation of your own custom network clients and
See this site for a very good link on protocol headers.