SlideShare a Scribd company logo

Pcap Headers Description

Download as PPTX, PDF
S
Shravan Kumar

This Slides Covers common headers found in PCAP file ,Slides describe Ether header structure , Global header structure , Internet protocol version 4 Header structure (IPv4) ,Address Resolution Protocol header structure , Internet Control Message Protocol header structure , User Datagram Protocol header structure , Transmission Control Protocol header structure.

Technology
1 of 40
PCAP HEADERS DESCRIPTION By : Shravan Kumar (a.k.a cor3sm4sh3r )
INDEX Serial No Topic Slide Number 1 What Is PCAP 3 2 PCAP File Format 4 3 Global Header Structure 5 4 Packet Structure 7 5 Some packet Headers 8 6 Ether Header Structure 11 7 ARP Header Structure 15 8 IPv4 Header Structure 20 9 UDP Header Structure 26 10 ICMP Header Structure 30 11 TCP Header Structure 35
WHAT IS PCAP • PCAP stands for Packet capture • PCAP consist of all the captured network data on a particular interface • Many softwares uses WinPcap and libPcap libraries to capture the network data and store it in pcap format • Examples Wireshark ,TCPDUMP, KISMET , ETHEREAL , and all other software you may have encountered while dealing with network traffic analysis
PCAP FILE FORMAT
GLOBAL HEADER • These are the first 24 bytes of PCAP file
CONT … • These are the first 24 bytes of PCAP file • 4 bytes Magic Number • 2 bytes Major Version Number • 2 bytes Minor Version Number • 8 bytes GMT timezone offset • 4 bytes Maximum snap length (65535) • 4 bytes Link-Layer Header Type
PACKET STRUCTURE • A packet consist of two things • PACKET HEADER • PACKET DATA • First packet header starts immediately after the global header there are no padding in between them
SOME PACKET HEADERS • ARP packet headers • ICMP packet headers
CONT … • TCP packet headers • HTTP packet headers
CONT … • UDP packet header ( DNS query )
ETHER HEADER STRUCTURE • Its 14 bytes header
CONT … • It’s the first header in packet headers • Below is the packet Dump • The high lighted area is the ether header • 14 bytes can be broken into 3 fields
CONT … • First 6 bytes Destination MAC address • Next 6 bytes Source MAC address • Next 2 bytes Type of packet (ARP , DOD (IPv4), IPv6 … etc ) •
CONT … • Last 2 bytes decide the next type of header • For example if type is 0800 it’s a IPv4 ( DOD ) packet so IPv4 header is the next header • If type is 0806 it’s a ARP packet so ARP header is the next header • ARP header is 28 bytes • IPv4 header is 20 bytes
ARP HEADER STRUCTURE • Its 28 bytes header
CONT …
CONT … • Below is the packet dump ,highlighted area is the ARP header
CONT … • ARP header can be broken into 9 fields • First 2 bytes hardware type • 2 bytes protocol type • 1 byte hardware size • 1 byte protocol size • 2 bytes opcode
CONT … • 6 bytes source MAC address • 4 bytes source IP address • 6 bytes destination MAC address • 4 bytes destination IP address • Total ARP packet size is 64 bytes ( Ether header + Arp header + Padding ) • Rest of the bytes are padding to compensate the size •
IPV4 HEADER STRUCTURE • It’s a 20 bytes header
CONT …
CONT …
CONT … • First byte is constant 0x45 for ipv4 and 0x60 for IPv6 • Next byte is differentiated service field • 2 bytes for total length = total packet size – 14 (ether header ) • In the above example total packet size is 471 • The total length is 457 ( 471 -14) bytes • This total length field is used to correctly identify how many bytes are there in this packet.
CONT … • Next 2 bytes Identification bytes • Next 1 bytes used to store flags • 1 byte Fragment Offset • 1 byte Time To Live ( TTL ) its 128 here • 1 byte for Protocol its very important byte , this byte is used to determine the next type of header ( TCP , UDP , ICMP , or other ) • Next 2 bytes are Checksum
CONT … • 4 bytes Source IP address • 4 bytes Destination IP address • As mentioned earlier the next header is decided using the protocol field
UDP HEADER STRUCTURE • Its only 8 byte long
CONT …
CONT … PCAP DUMP
CONT … • Can be broken into 4 fields • 2 bytes source port • 2 bytes destination port • 2 bytes length field (size of UDP header + size of rest of the payload ) • The payload which is the packet data = length field value – 8 bytes • 2 bytes checksum
ICMP HEADER STRUCTURE • Its also only 8 bytes header
CONT …
CONT … • First 8 bytes of the high lighted area are ICMP header rest of the bytes are payload
CONT … • 8 bytes header can be broken into five fields • First 1 bytes is for type of ICMP i.e. request ,reply ,destination unreachable … etc • Next 1 byte for code • There are 45 type codes for ICMP • Next 2 bytes checksum • Next 2 bytes Identifier • Next 2 bytes sequence Number
CONT … • Rest of the bytes are payload
TCP HEADER STRUCTURE • Its 20 bytes long header
CONT …
CONT … • PCAP DUMP
CONT .. • First 2 bytes Source port • Next 2 bytes Destination port • 4 bytes Sequence Number • 4 bytes Acknowledgement Number • 2 bytes Flags • 2 bytes window size • 2 bytes checksum • 2 bytes urgent pointer
CONT … • The bytes following TCP headers are the packet data or payload of the packet
THANK YOU

Recommended

Explaining ip address
Explaining ip addressExplaining ip address
Explaining ip addressMohsinHusenManasiya
 
Ipv4 and Ipv6
Ipv4 and Ipv6Ipv4 and Ipv6
Ipv4 and Ipv6Rishav Bhurtel
 
IS-IS Protocol Adjacency
IS-IS Protocol Adjacency IS-IS Protocol Adjacency
IS-IS Protocol Adjacency NetProtocol Xpert
 
Trace route
Trace route Trace route
Trace route NetProtocol Xpert
 
MPLS on Router OS V7 - Part 1
MPLS on Router OS V7 - Part 1MPLS on Router OS V7 - Part 1
MPLS on Router OS V7 - Part 1GLC Networks
 
Basic security & info
Basic security & infoBasic security & info
Basic security & infoTola LENG
 
Network topologies
Network topologiesNetwork topologies
Network topologiesOnline
 
Ipv4 address
Ipv4 addressIpv4 address
Ipv4 addressRomanusKomba
 

Recommended

Explaining ip address
Explaining ip addressExplaining ip address
Explaining ip addressMohsinHusenManasiya
 
Ipv4 and Ipv6
Ipv4 and Ipv6Ipv4 and Ipv6
Ipv4 and Ipv6Rishav Bhurtel
 
IS-IS Protocol Adjacency
IS-IS Protocol Adjacency IS-IS Protocol Adjacency
IS-IS Protocol Adjacency NetProtocol Xpert
 
Trace route
Trace route Trace route
Trace route NetProtocol Xpert
 
MPLS on Router OS V7 - Part 1
MPLS on Router OS V7 - Part 1MPLS on Router OS V7 - Part 1
MPLS on Router OS V7 - Part 1GLC Networks
 
Basic security & info
Basic security & infoBasic security & info
Basic security & infoTola LENG
 
Network topologies
Network topologiesNetwork topologies
Network topologiesOnline
 
Ipv4 address
Ipv4 addressIpv4 address
Ipv4 addressRomanusKomba
 
STP (spanning tree protocol)
STP (spanning tree protocol)STP (spanning tree protocol)
STP (spanning tree protocol)Netwax Lab
 
Ccnp enterprise workbook v1.0 bgp zero to hero
Ccnp enterprise workbook v1.0 bgp zero to heroCcnp enterprise workbook v1.0 bgp zero to hero
Ccnp enterprise workbook v1.0 bgp zero to heroSagarR24
 
Overview of Spanning Tree Protocol
Overview of Spanning Tree ProtocolOverview of Spanning Tree Protocol
Overview of Spanning Tree ProtocolArash Foroughi
 
2019 types of network cables
2019 types of network cables2019 types of network cables
2019 types of network cablesOsama Ghandour Geris
 
IPv4 Addressing Architecture
IPv4 Addressing ArchitectureIPv4 Addressing Architecture
IPv4 Addressing ArchitectureShreehari Dhat
 
I2C introduction
I2C introductionI2C introduction
I2C introductionSUNODH GARLAPATI
 
IP address
IP addressIP address
IP addressluckychauhan33
 
Power point LAN
Power point LANPower point LAN
Power point LANRadhiyan
 
Ipv6
Ipv6Ipv6
Ipv6Selkis S.A
 
ccna networking ppt
ccna networking pptccna networking ppt
ccna networking pptEr. Anmol Bhagat
 
The ethernet frame a walkthrough
The ethernet frame a walkthroughThe ethernet frame a walkthrough
The ethernet frame a walkthroughMapYourTech
 
Cisco Networking (Routing and Switching)
Cisco Networking (Routing and Switching)Cisco Networking (Routing and Switching)
Cisco Networking (Routing and Switching)Alan Mark
 
3 additional dpdk_theory(1)
3 additional dpdk_theory(1)3 additional dpdk_theory(1)
3 additional dpdk_theory(1)videos
 
Ethernet
EthernetEthernet
EthernetArpiSaxena1
 
IP Address
IP AddressIP Address
IP AddressAmity University | FMS - DU | IMT | Stratford University | KKMI International Institute | AIMA | DTU
 
Border Gateway Protocol
Border Gateway ProtocolBorder Gateway Protocol
Border Gateway ProtocolKashif Latif
 
End to End IoT projects with Zephyr.pdf
End to End IoT projects with Zephyr.pdfEnd to End IoT projects with Zephyr.pdf
End to End IoT projects with Zephyr.pdfAlvaro Viebrantz
 
MPLS
MPLSMPLS
MPLSElyes Naouar
 
MPLS Deployment Chapter 1 - Basic
MPLS Deployment Chapter 1 - BasicMPLS Deployment Chapter 1 - Basic
MPLS Deployment Chapter 1 - BasicEricsson
 
Pipework: Software-Defined Network for Containers and Docker
Pipework: Software-Defined Network for Containers and DockerPipework: Software-Defined Network for Containers and Docker
Pipework: Software-Defined Network for Containers and DockerJérôme Petazzoni
 
pcap-map
pcap-mappcap-map
pcap-mapShi Junxiao
 
PCAP Graphs for Cybersecurity and System Tuning
PCAP Graphs for Cybersecurity and System TuningPCAP Graphs for Cybersecurity and System Tuning
PCAP Graphs for Cybersecurity and System TuningDr. Mirko Kämpf
 

More Related Content

What's hot

STP (spanning tree protocol)
STP (spanning tree protocol)STP (spanning tree protocol)
STP (spanning tree protocol)Netwax Lab
 
Ccnp enterprise workbook v1.0 bgp zero to hero
Ccnp enterprise workbook v1.0 bgp zero to heroCcnp enterprise workbook v1.0 bgp zero to hero
Ccnp enterprise workbook v1.0 bgp zero to heroSagarR24
 
Overview of Spanning Tree Protocol
Overview of Spanning Tree ProtocolOverview of Spanning Tree Protocol
Overview of Spanning Tree ProtocolArash Foroughi
 
IPv4 Addressing Architecture
IPv4 Addressing ArchitectureIPv4 Addressing Architecture
IPv4 Addressing ArchitectureShreehari Dhat
 
Power point LAN
Power point LANPower point LAN
Power point LANRadhiyan
 
The ethernet frame a walkthrough
The ethernet frame a walkthroughThe ethernet frame a walkthrough
The ethernet frame a walkthroughMapYourTech
 
Cisco Networking (Routing and Switching)
Cisco Networking (Routing and Switching)Cisco Networking (Routing and Switching)
Cisco Networking (Routing and Switching)Alan Mark
 
3 additional dpdk_theory(1)
3 additional dpdk_theory(1)3 additional dpdk_theory(1)
3 additional dpdk_theory(1)videos
 
Border Gateway Protocol
Border Gateway ProtocolBorder Gateway Protocol
Border Gateway ProtocolKashif Latif
 
End to End IoT projects with Zephyr.pdf
End to End IoT projects with Zephyr.pdfEnd to End IoT projects with Zephyr.pdf
End to End IoT projects with Zephyr.pdfAlvaro Viebrantz
 
MPLS Deployment Chapter 1 - Basic
MPLS Deployment Chapter 1 - BasicMPLS Deployment Chapter 1 - Basic
MPLS Deployment Chapter 1 - BasicEricsson
 
Pipework: Software-Defined Network for Containers and Docker
Pipework: Software-Defined Network for Containers and DockerPipework: Software-Defined Network for Containers and Docker
Pipework: Software-Defined Network for Containers and DockerJérôme Petazzoni
 

What's hot (20)

STP (spanning tree protocol)
STP (spanning tree protocol)STP (spanning tree protocol)
STP (spanning tree protocol)
 
Ccnp enterprise workbook v1.0 bgp zero to hero
Ccnp enterprise workbook v1.0 bgp zero to heroCcnp enterprise workbook v1.0 bgp zero to hero
Ccnp enterprise workbook v1.0 bgp zero to hero
 
Overview of Spanning Tree Protocol
Overview of Spanning Tree ProtocolOverview of Spanning Tree Protocol
Overview of Spanning Tree Protocol
 
2019 types of network cables
2019 types of network cables2019 types of network cables
2019 types of network cables
 
IPv4 Addressing Architecture
IPv4 Addressing ArchitectureIPv4 Addressing Architecture
IPv4 Addressing Architecture
 
I2C introduction
I2C introductionI2C introduction
I2C introduction
 
IP address
IP addressIP address
IP address
 
Power point LAN
Power point LANPower point LAN
Power point LAN
 
Ipv6
Ipv6Ipv6
Ipv6
 
ccna networking ppt
ccna networking pptccna networking ppt
ccna networking ppt
 
The ethernet frame a walkthrough
The ethernet frame a walkthroughThe ethernet frame a walkthrough
The ethernet frame a walkthrough
 
Cisco Networking (Routing and Switching)
Cisco Networking (Routing and Switching)Cisco Networking (Routing and Switching)
Cisco Networking (Routing and Switching)
 
3 additional dpdk_theory(1)
3 additional dpdk_theory(1)3 additional dpdk_theory(1)
3 additional dpdk_theory(1)
 
Ethernet
EthernetEthernet
Ethernet
 
IP Address
IP AddressIP Address
IP Address
 
Border Gateway Protocol
Border Gateway ProtocolBorder Gateway Protocol
Border Gateway Protocol
 
End to End IoT projects with Zephyr.pdf
End to End IoT projects with Zephyr.pdfEnd to End IoT projects with Zephyr.pdf
End to End IoT projects with Zephyr.pdf
 
MPLS
MPLSMPLS
MPLS
 
MPLS Deployment Chapter 1 - Basic
MPLS Deployment Chapter 1 - BasicMPLS Deployment Chapter 1 - Basic
MPLS Deployment Chapter 1 - Basic
 
Pipework: Software-Defined Network for Containers and Docker
Pipework: Software-Defined Network for Containers and DockerPipework: Software-Defined Network for Containers and Docker
Pipework: Software-Defined Network for Containers and Docker
 

Viewers also liked

PCAP Graphs for Cybersecurity and System Tuning
PCAP Graphs for Cybersecurity and System TuningPCAP Graphs for Cybersecurity and System Tuning
PCAP Graphs for Cybersecurity and System TuningDr. Mirko Kämpf
 
Advanced PCAP Analysis and Signature Development (APA)1_1_HR
Advanced PCAP Analysis and Signature Development (APA)1_1_HRAdvanced PCAP Analysis and Signature Development (APA)1_1_HR
Advanced PCAP Analysis and Signature Development (APA)1_1_HRSteve Collins
 
PCAP, Activity 8. A worked example for History
PCAP, Activity 8. A worked example for HistoryPCAP, Activity 8. A worked example for History
PCAP, Activity 8. A worked example for Historypetertknight
 
MOLOCH: Search for Full Packet Capture (OA Cyber Summit)
MOLOCH: Search for Full Packet Capture (OA Cyber Summit)MOLOCH: Search for Full Packet Capture (OA Cyber Summit)
MOLOCH: Search for Full Packet Capture (OA Cyber Summit)Open Analytics
 
Example of a complete history and physical write
Example of a complete history and physical writeExample of a complete history and physical write
Example of a complete history and physical writeGary Measom
 
Workshop: Big Data Visualization for Security
Workshop: Big Data Visualization for SecurityWorkshop: Big Data Visualization for Security
Workshop: Big Data Visualization for SecurityRaffael Marty
 

Viewers also liked (8)

pcap-map
pcap-mappcap-map
pcap-map
 
PCAP Graphs for Cybersecurity and System Tuning
PCAP Graphs for Cybersecurity and System TuningPCAP Graphs for Cybersecurity and System Tuning
PCAP Graphs for Cybersecurity and System Tuning
 
Advanced PCAP Analysis and Signature Development (APA)1_1_HR
Advanced PCAP Analysis and Signature Development (APA)1_1_HRAdvanced PCAP Analysis and Signature Development (APA)1_1_HR
Advanced PCAP Analysis and Signature Development (APA)1_1_HR
 
PCAP, Activity 8. A worked example for History
PCAP, Activity 8. A worked example for HistoryPCAP, Activity 8. A worked example for History
PCAP, Activity 8. A worked example for History
 
MOLOCH: Search for Full Packet Capture (OA Cyber Summit)
MOLOCH: Search for Full Packet Capture (OA Cyber Summit)MOLOCH: Search for Full Packet Capture (OA Cyber Summit)
MOLOCH: Search for Full Packet Capture (OA Cyber Summit)
 
Example of a complete history and physical write
Example of a complete history and physical writeExample of a complete history and physical write
Example of a complete history and physical write
 
Workshop: Big Data Visualization for Security
Workshop: Big Data Visualization for SecurityWorkshop: Big Data Visualization for Security
Workshop: Big Data Visualization for Security
 
pCAP C Intern's Case Report
pCAP C Intern's Case ReportpCAP C Intern's Case Report
pCAP C Intern's Case Report
 

Similar to Pcap Headers Description

10 coms 525 tcpip - internet protocol - ip
10 coms 525 tcpip - internet protocol - ip10 coms 525 tcpip - internet protocol - ip
10 coms 525 tcpip - internet protocol - ipPalanivel Kuppusamy
 
Networking essentials lect2
Networking essentials lect2Networking essentials lect2
Networking essentials lect2Roman Brovko
 
1.1.2 - Concept of Network and TCP_IP Model (2).pptx
1.1.2 - Concept of Network and TCP_IP Model (2).pptx1.1.2 - Concept of Network and TCP_IP Model (2).pptx
1.1.2 - Concept of Network and TCP_IP Model (2).pptxVINAYTANWAR18
 
Internet protocol
Internet protocolInternet protocol
Internet protocolOnline
 
Internet Protocol.pdf
Internet Protocol.pdfInternet Protocol.pdf
Internet Protocol.pdfBIT DURG
 
Basics of Network Layer and Transport Layer
Basics of Network Layer and Transport LayerBasics of Network Layer and Transport Layer
Basics of Network Layer and Transport LayerRubal Sagwal
 

Similar to Pcap Headers Description (20)

network fundamental
network fundamentalnetwork fundamental
network fundamental
 
10 coms 525 tcpip - internet protocol - ip
10 coms 525 tcpip - internet protocol - ip10 coms 525 tcpip - internet protocol - ip
10 coms 525 tcpip - internet protocol - ip
 
lecture08.ppt
lecture08.pptlecture08.ppt
lecture08.ppt
 
Networking essentials lect2
Networking essentials lect2Networking essentials lect2
Networking essentials lect2
 
IPV6 Header format.pptx
IPV6 Header format.pptxIPV6 Header format.pptx
IPV6 Header format.pptx
 
I pv4 format
I pv4 formatI pv4 format
I pv4 format
 
Internet Protocol Version 4
Internet Protocol Version 4Internet Protocol Version 4
Internet Protocol Version 4
 
IPv4.pdf
IPv4.pdfIPv4.pdf
IPv4.pdf
 
QSpiders - Upper layer-protocols
QSpiders - Upper layer-protocolsQSpiders - Upper layer-protocols
QSpiders - Upper layer-protocols
 
1.1.2 - Concept of Network and TCP_IP Model (2).pptx
1.1.2 - Concept of Network and TCP_IP Model (2).pptx1.1.2 - Concept of Network and TCP_IP Model (2).pptx
1.1.2 - Concept of Network and TCP_IP Model (2).pptx
 
Internet protocol
Internet protocolInternet protocol
Internet protocol
 
IP Routing.pptx
IP Routing.pptxIP Routing.pptx
IP Routing.pptx
 
Tcpip
TcpipTcpip
Tcpip
 
nat.ppt
nat.pptnat.ppt
nat.ppt
 
Ipspk1
Ipspk1Ipspk1
Ipspk1
 
Lecture-05.pdf
Lecture-05.pdfLecture-05.pdf
Lecture-05.pdf
 
Internet Protocol.pdf
Internet Protocol.pdfInternet Protocol.pdf
Internet Protocol.pdf
 
Basics of Network Layer and Transport Layer
Basics of Network Layer and Transport LayerBasics of Network Layer and Transport Layer
Basics of Network Layer and Transport Layer
 
Network Layer And I Pv6
Network Layer And I Pv6Network Layer And I Pv6
Network Layer And I Pv6
 
I pv4 vs ipv6
I pv4 vs ipv6I pv4 vs ipv6
I pv4 vs ipv6
 

Recently uploaded

Pigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions
 
Benefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other FrameworksBenefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other FrameworksSoftradix Technologies
 
SIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge GraphSIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge GraphNeo4j
 
New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024BookNet Canada
 
CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):comworks
 
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersEnhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersThousandEyes
 
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsRizwan Syed
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreternaman860154
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsMark Billinghurst
 
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubKalema Edgar
 
Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Enterprise Knowledge
 
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 3652toLead Limited
 
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptx
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptxMaking_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptx
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptxnull - The Open Security Community
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxMalak Abu Hammad
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticscarlostorres15106
 
APIForce Zurich 5 April Automation LPDG
APIForce Zurich 5 April Automation LPDGAPIForce Zurich 5 April Automation LPDG
APIForce Zurich 5 April Automation LPDGMarianaLemus7
 
Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupFlorian Wilhelm
 
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr LapshynFwdays
 

Recently uploaded (20)

DMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special EditionDMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special Edition
 
Pigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food Manufacturing
 
Benefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other FrameworksBenefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other Frameworks
 
SIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge GraphSIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge Graph
 
New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
 
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptxE-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
 
CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):
 
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersEnhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
 
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL Certs
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreter
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR Systems
 
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding Club
 
Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024
 
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
 
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptx
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptxMaking_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptx
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptx
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptx
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
 
APIForce Zurich 5 April Automation LPDG
APIForce Zurich 5 April Automation LPDGAPIForce Zurich 5 April Automation LPDG
APIForce Zurich 5 April Automation LPDG
 
Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project Setup
 
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
 

Pcap Headers Description

  • 1. PCAP HEADERS DESCRIPTION By : Shravan Kumar (a.k.a cor3sm4sh3r )
  • 2. INDEX Serial No Topic Slide Number 1 What Is PCAP 3 2 PCAP File Format 4 3 Global Header Structure 5 4 Packet Structure 7 5 Some packet Headers 8 6 Ether Header Structure 11 7 ARP Header Structure 15 8 IPv4 Header Structure 20 9 UDP Header Structure 26 10 ICMP Header Structure 30 11 TCP Header Structure 35
  • 3. WHAT IS PCAP • PCAP stands for Packet capture • PCAP consist of all the captured network data on a particular interface • Many softwares uses WinPcap and libPcap libraries to capture the network data and store it in pcap format • Examples Wireshark ,TCPDUMP, KISMET , ETHEREAL , and all other software you may have encountered while dealing with network traffic analysis
  • 5. GLOBAL HEADER • These are the first 24 bytes of PCAP file
  • 6. CONT … • These are the first 24 bytes of PCAP file • 4 bytes Magic Number • 2 bytes Major Version Number • 2 bytes Minor Version Number • 8 bytes GMT timezone offset • 4 bytes Maximum snap length (65535) • 4 bytes Link-Layer Header Type
  • 7. PACKET STRUCTURE • A packet consist of two things • PACKET HEADER • PACKET DATA • First packet header starts immediately after the global header there are no padding in between them
  • 8. SOME PACKET HEADERS • ARP packet headers • ICMP packet headers
  • 9. CONT … • TCP packet headers • HTTP packet headers
  • 10. CONT … • UDP packet header ( DNS query )
  • 11. ETHER HEADER STRUCTURE • Its 14 bytes header
  • 12. CONT … • It’s the first header in packet headers • Below is the packet Dump • The high lighted area is the ether header • 14 bytes can be broken into 3 fields
  • 13. CONT … • First 6 bytes Destination MAC address • Next 6 bytes Source MAC address • Next 2 bytes Type of packet (ARP , DOD (IPv4), IPv6 … etc ) •
  • 14. CONT … • Last 2 bytes decide the next type of header • For example if type is 0800 it’s a IPv4 ( DOD ) packet so IPv4 header is the next header • If type is 0806 it’s a ARP packet so ARP header is the next header • ARP header is 28 bytes • IPv4 header is 20 bytes
  • 15. ARP HEADER STRUCTURE • Its 28 bytes header
  • 17. CONT … • Below is the packet dump ,highlighted area is the ARP header
  • 18. CONT … • ARP header can be broken into 9 fields • First 2 bytes hardware type • 2 bytes protocol type • 1 byte hardware size • 1 byte protocol size • 2 bytes opcode
  • 19. CONT … • 6 bytes source MAC address • 4 bytes source IP address • 6 bytes destination MAC address • 4 bytes destination IP address • Total ARP packet size is 64 bytes ( Ether header + Arp header + Padding ) • Rest of the bytes are padding to compensate the size •
  • 20. IPV4 HEADER STRUCTURE • It’s a 20 bytes header
  • 23. CONT … • First byte is constant 0x45 for ipv4 and 0x60 for IPv6 • Next byte is differentiated service field • 2 bytes for total length = total packet size – 14 (ether header ) • In the above example total packet size is 471 • The total length is 457 ( 471 -14) bytes • This total length field is used to correctly identify how many bytes are there in this packet.
  • 24. CONT … • Next 2 bytes Identification bytes • Next 1 bytes used to store flags • 1 byte Fragment Offset • 1 byte Time To Live ( TTL ) its 128 here • 1 byte for Protocol its very important byte , this byte is used to determine the next type of header ( TCP , UDP , ICMP , or other ) • Next 2 bytes are Checksum
  • 25. CONT … • 4 bytes Source IP address • 4 bytes Destination IP address • As mentioned earlier the next header is decided using the protocol field
  • 26. UDP HEADER STRUCTURE • Its only 8 byte long
  • 29. CONT … • Can be broken into 4 fields • 2 bytes source port • 2 bytes destination port • 2 bytes length field (size of UDP header + size of rest of the payload ) • The payload which is the packet data = length field value – 8 bytes • 2 bytes checksum
  • 30. ICMP HEADER STRUCTURE • Its also only 8 bytes header
  • 32. CONT … • First 8 bytes of the high lighted area are ICMP header rest of the bytes are payload
  • 33. CONT … • 8 bytes header can be broken into five fields • First 1 bytes is for type of ICMP i.e. request ,reply ,destination unreachable … etc • Next 1 byte for code • There are 45 type codes for ICMP • Next 2 bytes checksum • Next 2 bytes Identifier • Next 2 bytes sequence Number
  • 34. CONT … • Rest of the bytes are payload
  • 35. TCP HEADER STRUCTURE • Its 20 bytes long header
  • 38. CONT .. • First 2 bytes Source port • Next 2 bytes Destination port • 4 bytes Sequence Number • 4 bytes Acknowledgement Number • 2 bytes Flags • 2 bytes window size • 2 bytes checksum • 2 bytes urgent pointer
  • 39. CONT … • The bytes following TCP headers are the packet data or payload of the packet