Security Basics mailing list archives

Re: Packet analysis and protocol analysis

From: Carlos Fernandez Sanz <cfs-sec-basics () securityfocus com>
Date: Wed, 27 Jul 2005 13:27:04 +0200

The output varies from protocol to protocol. I suggest you start with afilter that captures only the traffic from/to your own box, and only forone protocol. Then play a bit, i.e. if you start with HTTP then browsesome pages, if you use MSN then chat a bit...

If you want to write your own sniffer of something, start by looking atsome source code.

For MSN, I wrote a small sniffer which is quite easy to understand (incode), you can get it here if you want :http://sourceforge.net/projects/im-snif/


Take a look at it. Nothing fancy but you can learn from it.




Ramki B wrote:

I am trying to understand network packet analysis and exprimenting with
Etherreal. I have a captured file and i do not to understand the output , is
there any references in can look into for packet analysis and protocol
analysis?

Thanks...

Current thread:

Packet analysis and protocol analysis Ramki B (Jul 26)
- Re: Packet analysis and protocol analysis Kurt Buff (Jul 29)
- Re: Packet analysis and protocol analysis Kristine Amari (Jul 29)
- Re: Packet analysis and protocol analysis Ansgar -59cobalt- Wiechers (Jul 29)
- Re: Packet analysis and protocol analysis Carlos Fernandez Sanz (Jul 29)
- Re: Packet analysis and protocol analysis Tom Van de Wiele (Jul 29)
- <Possible follow-ups>
- RE: Packet analysis and protocol analysis Arun Vishwanathan (Jul 29)
- RE: Packet analysis and protocol analysis Payton, Zack (Jul 29)
- Re: Packet analysis and protocol analysis araheja (Jul 29)
- Re: Packet analysis and protocol analysis ricsipATmailboxDOThu (Jul 29)