RE: Packet analysis and protocol analysis

From: Payton, Zack (Zack.Payton_at_MWAA.com)
Date: 07/27/05

  • Next message: Juan B: "How to find which cookie in used"
    Date: Wed, 27 Jul 2005 15:41:10 -0400
    To: <bramki@eth.net>, <security-basics@securityfocus.com>
    
    

    Ramki,
            Your best bet on this one is to start looking at the various
    RFC's for the protocols you are interested in. They will give you the
    protocol header format which is how the packet is constructed. Some
    protocols are considered to be proprietary and thus have very little
    documentation on what the various fields are.

    Another option is to pick up Stevens' TCP/IP Illustrated Volume 1.
    as Richard goes over the various core internet protocols and teaches you
    how the output for each looks in tcpdump.
    I actually got refused an interview for a security position once because
    I'd not read this book. You'd better believe I went out and picked it
    up pronto after that. If volume one manages to keep your attention I
    would recommend picking up 2 & 3 for some more advanced networking
    protocols and the creation of your own custom network clients and
    servers.

    See this site for a very good link on protocol headers.
    http://www.networksorcery.com/enp/topic/ipsuite.htm

    Regards,
    Zack Payton


  • Next message: Juan B: "How to find which cookie in used"

    Relevant Pages

    • [NEWS] Downgrading the Oracle Native Authentication
      ... Get your security news from a reliable source. ... Oracle native authentication protocols are typical challenge-response ... After some negotiation the client sends the username. ... calls it packet version ...
      (Securiteam)
    • Re: Binary protocol design: TLV, LTV, or else?
      ... Since I saw these kinds of things in many Internet protocols (DNS, ... Is ommiting a packet header a good idea? ... If I put a packet header, what do I put in it? ... TLV and others do LTV? ...
      (comp.arch.embedded)
    • iptables questions
      ... FORWARD chain because if no connection has been established from my ... the packet will be handled by the INPUT ... supported and how would I go about having other protocols recognised? ...
      (comp.os.linux.security)
    • Re: failed shields up test
      ... Try to ping one - you'll probably get a response, ... Now, plug the cable back in, and fire up that packet sniffer on "this" ... protocols that can be found in an IP packet (see figure 3.1 in RFC0791 ...
      (alt.os.linux.suse)
    • Re: failed shields up test
      ... Try to ping one - you'll probably get a response, ... Now, plug the cable back in, and fire up that packet sniffer on "this" ... protocols that can be found in an IP packet (see figure 3.1 in RFC0791 ...
      (alt.os.linux.suse)