The UDP Header Offsets

Previous page
Table of content
Next page

The UDP header is simplistic by comparison to the TCP header, as shown in Figure 9. It's only 8 bytes long - that's it! The main fields we filter on in the UDP header are the source and destination port numbers.

click to expand
Figure 9: The simplistic UDP header has the source and destination ports at the same offset as the TCP header.

Most analyzers have application filters pre-built based on the source and destination port number field value. For example, if you select the FTP filter in Sniffer, you will have a filter built on the value 0x15 (21d). What happens if someone is sneaking through data using port 33d for their FTP commands? The pre- built filter just won't work then, eh?

That's why you must be able to build filters based on the source and destination port field. Again, Chapter 4 has lots of examples of building filters based on the source and destination port field values. In that chapter, you’ll build a filter for ‘hidden’ FTP commands crossing your network.

Note 

If you’re not sure if your ‘content filtering’ firewall is stopping these types of packets, build an FTP command filter and test it! -- Laura


Previous page
Table of content
Next page
Packet Filtering. Catching the Cool Packets.
Packet Filtering: Catching the Cool Packets
ISBN: 1893939383
EAN: 2147483647
Year: 2000
Pages: 65
Authors: Laura A. Chappell
BUY ON AMAZON
Database Modeling with MicrosoftВ® Visio for Enterprise Architects (The Morgan Kaufmann Series in Data Management Systems)
Project Management JumpStart
The Complete Cisco VPN Configuration Guide
Microsoft WSH and VBScript Programming for the Absolute Beginner
What is Lean Six Sigma
FileMaker 8 Functions and Scripts Desk Reference
flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net
Privacy policy