RE: Packet analysis and protocol analysis

From: Payton, Zack (Zack.Payton_at_MWAA.com)
Date: 07/27/05

  • Next message: Juan B: "How to find which cookie in used"
    Date: Wed, 27 Jul 2005 15:41:10 -0400
    To: <bramki@eth.net>, <security-basics@securityfocus.com>
    
    

    Ramki,
            Your best bet on this one is to start looking at the various
    RFC's for the protocols you are interested in. They will give you the
    protocol header format which is how the packet is constructed. Some
    protocols are considered to be proprietary and thus have very little
    documentation on what the various fields are.

    Another option is to pick up Stevens' TCP/IP Illustrated Volume 1.
    as Richard goes over the various core internet protocols and teaches you
    how the output for each looks in tcpdump.
    I actually got refused an interview for a security position once because
    I'd not read this book. You'd better believe I went out and picked it
    up pronto after that. If volume one manages to keep your attention I
    would recommend picking up 2 & 3 for some more advanced networking
    protocols and the creation of your own custom network clients and
    servers.

    See this site for a very good link on protocol headers.
    http://www.networksorcery.com/enp/topic/ipsuite.htm

    Regards,
    Zack Payton


  • Next message: Juan B: "How to find which cookie in used"