Archived

This topic is now archived and is closed to further replies.

VisualFX

How to decode a packet...

Recommended Posts

VisualFX    122
Hi ppl, I need to manually decode a packet given by: ffffffffffff0060089260fa08060001 0800060400010060089260fa81c25a01 00000000000081c25a07 And my layers are: 4 Application layer 3 Host-to-Host Transport Layer 2 Internet Layer 1 Network Access Layer So, I guess I must use some of these: -Internet Protocol (IP), RFC 791 -Internet Control Message Protocol (ICMP), RFC 792 -User Datagram Protocol (UDP), RFC 768 -Transmission Control Protocol (TCP), RFC 793 -Trivial File Transfer Protocol (TFTP), RFC 1350, (UDP port 59) -Address Resolution Protocol (ARP), RFC 826 -IPX protocol standard The question is, How can I get information (manually) from this packet on: - type of protocol in the packet - the adresses source and destination header ethernet (decimal X.X.X.X) - the type of encapsulated protocol for the ethernet header - the detailed content of the encapsulated protocol, and if the header encapsulates other protocols, decode those protocols too (example: TFTP in UDP in IP in Ethernet) Note: I''ve tried to decode it automatically with Ethereal, but I can''t open the plaintext file... Thanks a lot Ruben Gomes

Share this post


Link to post
Share on other sites
TangentZ    450
Those RFC''s you listed would be a good start.

Read up on the specific header formats to extract the
information that you need.




Kami no Itte ga ore ni zettai naru!

Share this post


Link to post
Share on other sites
BlueNexus    122
Not to be insulting, but you have quite a bit to learn before you can start decoding packets.

The good news is that''s it is a relatively easy task given you already know about the RFCs which will explain lot, just not always very clearly.

My first piece of advice is to download a network sniffer like Ethereal (www.ethereal.com). Capture some other packets and see how it decodes them. You''ll learn about packet structures much quicker than trying to do it by hand. Once you know where the byte boundries are, you can use the RFCs to decode your packet.

My second piece of advice is to know what the layers mean and how they work together to form a packet. I''ll give you a hint: Layer 1 infomration is first, Layer 2 information is second... That will also help you get started when reading the RFCs.

Good luck.
-B

Share this post


Link to post
Share on other sites