The UDP Header Offsets

Previous page
Table of content
Next page

The UDP header is simplistic by comparison to the TCP header, as shown in Figure 9. It's only 8 bytes long - that's it! The main fields we filter on in the UDP header are the source and destination port numbers.

click to expand
Figure 9: The simplistic UDP header has the source and destination ports at the same offset as the TCP header.

Most analyzers have application filters pre-built based on the source and destination port number field value. For example, if you select the FTP filter in Sniffer, you will have a filter built on the value 0x15 (21d). What happens if someone is sneaking through data using port 33d for their FTP commands? The pre- built filter just won't work then, eh?

That's why you must be able to build filters based on the source and destination port field. Again, Chapter 4 has lots of examples of building filters based on the source and destination port field values. In that chapter, you’ll build a filter for ‘hidden’ FTP commands crossing your network.

Note 

If you’re not sure if your ‘content filtering’ firewall is stopping these types of packets, build an FTP command filter and test it! -- Laura


Previous page
Table of content
Next page
Packet Filtering. Catching the Cool Packets.
Packet Filtering: Catching the Cool Packets
ISBN: 1893939383
EAN: 2147483647
Year: 2000
Pages: 65
Authors: Laura A. Chappell
BUY ON AMAZON
Beginners Guide to DarkBASIC Game Programming (Premier Press Game Development)
Introducing Microsoft Office InfoPath 2003 (Bpg-Other)
Professional Java Native Interfaces with SWT/JFace (Programmer to Programmer)
Cisco IOS in a Nutshell (In a Nutshell (OReilly))
Making Sense of Change Management: A Complete Guide to the Models, Tools and Techniques of Organizational Change
MySQL Cookbook
flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net
Privacy policy