4/07/2011

Understanding TCP/IP using Wireshark


I feel that it is best to use a packet sniffing tool like wireshark to understand TCP/IP. The following picture shows the layers of TCP/IP and the protocols involved.



Almost everybody would have learned this in college, but lets take this a step further.

First, I ping my Win 7 machine from my VM, Backtrack

IP of Windows 7 is 192.168.0.10

IP of Backtrack is 192.168.233.133

                                       
I have set my wireshark to capture only ICMP packets, as you would know ping is an ICMP packet

you can see the request from my backtrack, 233.133 to win7, 0.10 (echo ping request and reply)
Now lets take a closer look at the echo request




 You can see the source and destination, the ICMP and HEX values of the packet. Every protocol has a HEX value, as the picture shows below

As you can see, ICMP is 01 (keep this in mind)
Now comes the most important part, this is a typical TCP/IP packet

Now lets investigate the packet using wireshark by expanding the Internet Protocol portion, i.e, the third row of the ICMP packet captured by wireshark

Note: I have used the same colour to represent the corresponding portion a general TCP/IP packet and the ICMP packet that I sent.

You can see the details of the packet. The version is IPv4, the protocol is ICMP with its HEX(01), as depicted by my earlier diagram, and so on.

I believe wireshark is a great tool for learning this kind of stuff and is a must have. I will come up with a tutorial on wireshark in the near future.
Posted by Indrajith at 18:46

2 comments:

  1. Unknown28 June 2013 at 05:25

    nice post. clear and concise explanation. the coloring helps a lot

    ReplyDelete
  2. joseph taxton6 May 2018 at 04:54

    VPS Malaysia | Professional Hosting Services |SLA provider may not be top-of-mind for your clients since they put together their fancy new small business website.

    ReplyDelete

Subscribe to: Post Comments (Atom)