Appendix A: Useful Charts and Diagrams

 < Day Day Up > 



The following appendix will help you in your security-related endeavors. We chose to enclose this information because we use it consistently with nearly every engagement we work on. First, you will find the protocol headers, which are directly related to sniffers, discussed in Chapter 16. After the protocol headers, there is a standard ASCII chart that will not only help you in deciphering the contents of network traffic, but also aid you in converting the hexadecimal values found when using the generalized viewers in Chapter 25.

Protocol Headers

This portion of the appendix is provided as a reference for Chapter 16, which describes sniffers. Because the layout of packets on the network can be very cryptic, we felt this appendix would give you a head start when decoding nefarious packets on the Internet. References are given for each of the packet types listed in this appendix.

Ethernet Headers

click to expand

The type field makes the size of the data area dependent. The following table describes the fields following “type,” depending on type’s value:

Type

Field

Length (bytes)

0800

IP Datagram

46-1500 (variable)

0806

ARP Request/Reply

28

 

PAD

18

8035

RARP Request/Reply

28

 

PAD

18

Address Resolution Protocol (ARP) Headers

click to expand

Internet Protocol (IP) Headers

click to expand

Transmission Control Protocol (TCP) Headers

click to expand

User Datagram Protocol (UDP) Headers

click to expand

Internet Control Message Protocol Headers

click to expand

The “type” and “code” of an ICMP packet will change the rest of the packet’s characteristics. The next table provides a summary of the different types of ICMP packets you may encounter:

Type

Code

Description

0

0

Echo reply

3

 

Destination unreachable

 

0

Network unreachable

 

1

Host unreachable

 

2

Protocol unreachable

 

3

Port unreachable

 

4

Fragmentation needed but don’t-fragment bit is set

 

5

Source route failed

 

6

Destination network unknown

 

7

Destination host unknown

 

8

Source host isolated (obsolete)

 

9

Destination network admin prohibited

 

10

Destination host admin prohibited

 

11

Network unreachable for TOS

 

12

Host unreachable for TOS

 

13

Communication admin prohibited by filtering

 

14

Host precedence violation

 

15

Precedence cutoff in effect

4

0

Source quench

5

 

Redirect

 

0

Redirect for network

 

1

Redirect for host

 

2

Redirect for TOS and network

 

3

Redirect for TOS and host

8

0

Echo request

9

0

Router advertisement

10

0

Router solicitation

11

 

Time exceeded

 

0

Time-To-Live equals 0 during transit

 

1

Time-To-Live equals 0 during reassembly

12

 

Parameter problem

 

0

IP header bad

 

1

Required option missing

13

0

Timestamp request

14

0

Timestamp reply

15

0

Information request

16

0

Information reply

17

0

Address mask request

18

0

Address mask reply

The next table summarizes the fields within the packet (after the checksum) designated by specific values of “type” and “code”:

ICMP Type;Code

Field

Length (bits)

0 or 8;0

Identifier

16

 

Sequence Number

16

 

Data

Variable

3;0-15

Unused (must be 0)

32

 

IP Header + first 64 bits of original IP datagram data

Variable

4;0

Unused

32

 

IP Header + first 64 bits of original IP datagram data

Variable

5;0-3

Gateway Internet Address

32

 

IP Header + first 64 bits of original IP datagram data

Variable

11;0 or 1

Unused

32

 

IP Header + first 64 bits of original IP datagram data

Variable

12;0

Pointer

8

 

Unused

24

 

IP Header + first 64 bits of original IP datagram data

Variable

13 or 14;0

Identifier

16

 

Sequence Number

16

 

Originate Timestamp

32

 

Receive Timestamp

32

 

Transmit Timestamp

32

15 or 16;0

Identifier

16

 

Sequence Number

16

17 or 18;0

Identifier

16

 

Sequence Number

16

 

Subnet Mask

32



 < Day Day Up > 



Anti-Hacker Tool Kit
Anti-Hacker Tool Kit, Third Edition
ISBN: 0072262877
EAN: 2147483647
Year: 2004
Pages: 189

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net