Upload File

what packets look like

2
8. What Packets Look Like For the exceptionally curious (and the curiously exceptional), here is a description of what a packet actually looks like. There are several tools which watch what packets are passing in and out of your Linux box: the most common one is `tcpdump' (which understands more than TCP these days), but a nicer one is `ethereal'. Such programs are known as `packet sniffers'. The start of each packet says where it's going, where it came from, the type of the packet, and other administrative details. This part is called the `packet header'. The rest of the packet, containing the actual data being transmitted, is usually called the `packet body'. So any IP packet begins with an `IP header': at least 20 bytes long. It looks like (this diagram stolen shamelessly from RFC 791): .-------+-------+---------------+-------------------------------. |Version| IHL |Type of Service| Total Length | |-------+-------+---------------+-------------------------------| | Identification |Flags| Fragment Offset | |---------------+---------------+-------------------------------| | Time to Live | Protocol | Header Checksum | |---------------+---------------+-------------------------------| | Source Address | |---------------------------------------------------------------| | Destination Address | `---------------------------------------------------------------' The important fields are the Protocol, which indicates whether this is a TCP packet (number 6), a UDP packet (number 17) or something else, the Source IP Address, and the Destination IP Address. Now, if the protocol fields says this is a TCP packet, then a TCP header will immediatel y follow this IP header: the TCP header is also at least 20 bytes long: .-------------------------------+-------------------------------. | Source Port | Destination Port | |-------------------------------+-------------------------------| | Sequence Number | |---------------------------------------------------------------| | Acknowledgment Number | |-------------------+-+-+-+-+-+-+-------------------------------| | Data | |U|A|P|R|S|F| | | Offset| Reserved |R|C|S|S|Y|I| Window | | | |G|K|H|T|N|N| | |-------+-----------+-+-+-+-+-+-+-------------------------------| | Checksum | Urgent Pointer | `---------------------------------------------------------------'

Upload: quest-time

Post on 05-Apr-2018

221 views

Category:

Documents


0 download

Report

TRANSCRIPT

Page 1: What Packets Look Like

8/2/2019 What Packets Look Like

http://slidepdf.com/reader/full/what-packets-look-like 1/2

8. What Packets Look Like

For the exceptionally curious (and the curiously exceptional), here is a description of what a packet actually looks like. There are several tools which watch what packets

are passing in and out of your Linux box: the most common one is `tcpdump' (whichunderstands more than TCP these days), but a nicer one is `ethereal'. Such programsare known as `packet sniffers'.

The start of each packet says where it's going, where it came from, the type of thepacket, and other administrative details. This part is called the `packet header'. Therest of the packet, containing the actual data being transmitted, is usually called the`packet body'.

So any IP packet begins with an `IP header': at least 20 bytes long. It looks like (thisdiagram stolen shamelessly from RFC 791):

.-------+-------+---------------+-------------------------------.|Version| IHL |Type of Service| Total Length ||-------+-------+---------------+-------------------------------|| Identification |Flags| Fragment Offset ||---------------+---------------+-------------------------------|| Time to Live | Protocol | Header Checksum ||---------------+---------------+-------------------------------|| Source Address ||---------------------------------------------------------------|| Destination Address |`---------------------------------------------------------------'

The important fields are the Protocol, which indicates whether this is a TCP packet(number 6), a UDP packet (number 17) or something else, the Source IP Address, andthe Destination IP Address.

Now, if the protocol fields says this is a TCP packet, then a TCP header willimmediately follow this IP header: the TCP header is also at least 20 bytes long:

.-------------------------------+-------------------------------.| Source Port | Destination Port ||-------------------------------+-------------------------------|| Sequence Number ||---------------------------------------------------------------|| Acknowledgment Number ||-------------------+-+-+-+-+-+-+-------------------------------|| Data | |U|A|P|R|S|F| || Offset| Reserved |R|C|S|S|Y|I| Window || | |G|K|H|T|N|N| ||-------+-----------+-+-+-+-+-+-+-------------------------------|| Checksum | Urgent Pointer |`---------------------------------------------------------------'

http://www.netfilter.org/documentation/HOWTO/networking-concepts-HOWTO.html#toc8
http://www.netfilter.org/documentation/HOWTO/networking-concepts-HOWTO.html#toc8
http://www.netfilter.org/documentation/HOWTO/networking-concepts-HOWTO.html#toc8
http://www.netfilter.org/documentation/HOWTO/networking-concepts-HOWTO.html#toc8
Page 2: What Packets Look Like

8/2/2019 What Packets Look Like

http://slidepdf.com/reader/full/what-packets-look-like 2/2

The most important fields here are the source port, and destination port, which sayswhich service the packet is going to (or coming from, in the case of reply packets).The sequence and acknowledgement numbers are used to keep packets in order, andtell the other end what packets have been received. The ACK, SYN, RST and FINflags (written downwards) are single bits which are used to negotiate the opening(SYN) and closing (RST or FIN) of connections.

Following this header comes the actual message which the application sent (the packetbody). A normal packet is up to 1500 bytes: this means that the most space the datacan take up is 1460 bytes (20 bytes for the IP header, and 20 for the TCP header):over 97%.


Look like a million

What does great look like

Look Board what does drowning look like

What Could a Formulation Curriculum Look Like?iformulate.biz/.../09/What-could-a-Formulation-Curriculum-look-like... · What Could a Formulation Curriculum Look Like? Jim Bullock

What do you look like?

What did Jesus Look Like?

What does he look like ?. Unit 7 What does he look like?

MY FRIEND LOOK-LIKE? SHE CUTE, TALL. MY FRIEND LOOK-LIKE? SHE CUTE, TALL THIN

What does he look like?

What does it look like, smell like and sound like?

The World Africa Kenya LOOK LIKE? SOUND LIKE?

What does it look like?

Be like and look like

what do they look like ?

How collaboration should look like

What does he look like? What does she look like?

To look like and To look different

Fractals Mathematical process that can model nature and look like artnature and look like art

Design Error Most people look like this... Some designers think that people look like this

Warm Up What did imperialism look like in Africa? What did imperialism look like in Africa? What did imperialism look like in India? What did imperialism

What do they look like?

What maths should look like

What does speech “look” like

What Does HUNGER Look Like?

WHAT DO YOU THINK ATOMS LOOK LIKE? Draw what you think atoms look likeDraw what you think atoms look like Why do you think they look like this?Why do

What does she look like

Does your fridge look like this?. Let's make it look like this!

WHEN SEIZURES DON’T LOOK LIKE SEIZURES - …t-Look-Like-Seizures.pdf · WHEN SEIZURES DON’T LOOK LIKE SEIZURES. 1 FACTS ABOUT SEIZURES IN ... • He does things that don’t look

Questions: What do you look like? What does your friend look like? What do they look like? What does your father look like? How about your mother?

What does wellness look like??

What Do You Look Like

Bear Cycles Look Like

Don’t Look Like a Spammer

What Does Failure Look Like?

What does engaging look like?