Archived

This topic is now archived and is closed to further replies.

How to decode a packet...

This topic is 5009 days old which is more than the 365 day threshold we allow for new replies. Please post a new topic.

If you intended to correct an error in the post then please contact us.

Recommended Posts

Hi ppl, I need to manually decode a packet given by: ffffffffffff0060089260fa08060001 0800060400010060089260fa81c25a01 00000000000081c25a07 And my layers are: 4 Application layer 3 Host-to-Host Transport Layer 2 Internet Layer 1 Network Access Layer So, I guess I must use some of these: -Internet Protocol (IP), RFC 791 -Internet Control Message Protocol (ICMP), RFC 792 -User Datagram Protocol (UDP), RFC 768 -Transmission Control Protocol (TCP), RFC 793 -Trivial File Transfer Protocol (TFTP), RFC 1350, (UDP port 59) -Address Resolution Protocol (ARP), RFC 826 -IPX protocol standard The question is, How can I get information (manually) from this packet on: - type of protocol in the packet - the adresses source and destination header ethernet (decimal X.X.X.X) - the type of encapsulated protocol for the ethernet header - the detailed content of the encapsulated protocol, and if the header encapsulates other protocols, decode those protocols too (example: TFTP in UDP in IP in Ethernet) Note: I''ve tried to decode it automatically with Ethereal, but I can''t open the plaintext file... Thanks a lot Ruben Gomes

Share this post


Link to post
Share on other sites
Not to be insulting, but you have quite a bit to learn before you can start decoding packets.

The good news is that''s it is a relatively easy task given you already know about the RFCs which will explain lot, just not always very clearly.

My first piece of advice is to download a network sniffer like Ethereal (www.ethereal.com). Capture some other packets and see how it decodes them. You''ll learn about packet structures much quicker than trying to do it by hand. Once you know where the byte boundries are, you can use the RFCs to decode your packet.

My second piece of advice is to know what the layers mean and how they work together to form a packet. I''ll give you a hint: Layer 1 infomration is first, Layer 2 information is second... That will also help you get started when reading the RFCs.

Good luck.
-B

Share this post


Link to post
Share on other sites