SlideShare a Scribd company logo

Tcpip (Dharmender Kumar) 09990478253

•
•
G
guestda14e85
Technology
1 of 2
Download to read offline
UDP Header DNS Bit Number 1111111111222222222233 Bit Number 1 1 1 1 1 1 TCP/IP and 01234567890123456789012345678901 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 tcpdump Source Port Destination Port LENGTH (TCP ONLY) Length Checksum ID. POCKET REFERENCE GUIDE QR Opcode AA TC RD RA Z RCODE SANS Institute UDP Header Information QDCOUNT incidents@sans.org Common UDP Well-Known Server Ports +1 317.580.9756 7 echo 138 netbios-dgm ANCOUNT http://www.sans.org 19 chargen 161 snmp http://www.incidents.org NSCOUNT 37 time 162 snmp-trap 53 domain 500 isakmp ARCOUNT 67 bootps (DHCP) 514 syslog tcpdump Usage 68 bootpc (DHCP) 520 rip Question Section 69 tftp 33434 traceroute Answer Section tcpdump [-aenStvx] [-F file] 137 netbios-ns [-i int] [-r file] [-s snaplen] Authority Section Length [-w file] ['filter_expression'] (Number of bytes in entire datagram including header; Additional Information Section minimum value = 8) -e Display data link header. -F Filter expression in file. Checksum DNS Parameters -i Listen on int interface. (Covers pseudo-header and entire UDP datagram) Query/Response -n Don't resolve IP addresses. 0 Query -r Read packets from file. ARP 1 Response -s Get snaplen bytes from each packet. Opcode -S Use absolute TCP sequence numbers. Bit Number 0 Standard query (QUERY) -t Don't print timestamp. 1111111111222222222233 1 Inverse query (IQUERY) 2 Server status request (STATUS) -v Verbose mode. 01234567890123456789012345678901 -w Write packets to file. AA Hardware Address Type Protocol Address Type -x Display in hex. (1 = Authoritative Answer) -X Display in hex and ASCII. H/w Addr Len Prot. Addr Len Operation TC (1 = TrunCation) Source Hardware Address RD Acronyms Source Hardware Addr (cont.) Source Protocol Address (1 = Recursion Desired) AH Authentication Header (RFC 2402) ISAKMP Internet Security Association & Key Management RA Source Protocol Addr (cont.) Target Hardware Address ARP Address Resolution Protocol (RFC 826) Protocol (RFC 2408) (1 = Recursion Available) BGP Border Gateway Protocol (RFC 1771) L2TP Layer 2 Tunneling Protocol (RFC 2661) Target Hardware Address (cont.) Z CWR Congestion Window Reduced (RFC 2481) NNTP Network News Transfer Protocol (RFC 977) Target Protocol Address (Reserved; set to 0) DF Don't Fragment bit (IP) OSPF Open Shortest Path First (RFC 1583) Response code DHCP Dynamic Host Configuration Protocol (RFC 2131) POP3 Post Office Protocol v3 (RFC 1460) ARP Parameters (for Ethernet and IPv4) 0 No error DNS Domain Name System (RFC 1035) RFC Request for Comments 1 Format error ECN Explicit Congestion Notification (RFC 3168) RIP Routing Information Protocol (RFC 2453) Hardware Address Type 2 Server failure 1 Ethernet EIGRP Extended IGRP (Cisco) LDAP Lightweight Directory Access Protocol (RFC 2251) 3 Non-existant domain (NXDOMAIN) 6 IEEE 802 LAN ESP Encapsulating Security Payload (RFC 2406) SKIP Simple Key-Management for Internet Protocols 4 Query type not implemented FTP File Transfer Protocol (RFC 959) SMTP Simple Mail Transfer Protocol (RFC 821) Protocol Address Type 5 Query refused GRE Generic Routing Encapsulation (RFC 2784) SNMP Simple Network Management Protocol (RFC 1157) 2048 IPv4 (0x0800) QDCOUNT HTTP Hypertext Transfer Protocol (RFC 1945) SSH Secure Shell Hardware Address Length (No. of entries in Question section) ICMP Internet Control Message Protocol (RFC 792) SSL Secure Sockets Layer (Netscape) 6 for Ethernet/IEEE 802 ANCOUNT IGMP Internet Group Management Protocol (RFC 2236) TCP Transmission Control Protocol (RFC 793) (No. of resource records in Answer section) Protocol Address Length IGRP Interior Gateway Routing Protocol (Cisco) TFTP Trivial File Transfer Protocol (RFC 1350) 4 for IPv4 NSCOUNT IMAP Internet Message Access Protocol (RFC 2060) TOS Type of Service field (IP) (No. of name server resource records in Authority section) IP Internet Protocol (RFC 791) UDP User Datagram Protocol (RFC 768) Operation 1 Request ARCOUNT All RFCs can be found at http://www.rfc-editor.org 2 Reply (No. of resource records in Additional Information section. ©SANS Institute May 2006
ICMP IP Header TCP Header Bit Number Bit Number Bit Number 1111111111222222222233 1111111111222222222233 1111111111222222222233 01234567890123456789012345678901 01234567890123456789012345678901 01234567890123456789012345678901 Type Code Checksum Version IHL Type of Service Total Length Source Port Destination Port Other message-specific information... Identification Flags Fragment Offset Sequence Number Time to Live Protocol Header Checksum Acknowledgment Number Type Name/Codes (Code=0 unless otherwise specified) Source Address Offset Reserved Flags Window 0 Echo Reply (Header Length) 3 Destination Unreachable Destination Address Checksum Urgent Pointer 0 Net Unreachable 1 Host Unreachable Options (optional) Options (optional) 2 Protocol Unreachable 3 Port Unreachable 4 Fragmentation Needed & DF Set IP Header Contents TCP Header Contents 5 Source Route Failed Version Common TCP Well-Known Server Ports 6 Destination Network Unknown 4 IP version 4 7 echo 110 pop3 7 Destination Host Unknown Internet Header Length 19 chargen 111 sunrpc 8 Source Host Isolated Number of 32-bit words in IP header; minimum 20 ftp-data 119 nntp 9 Network Administratively Prohibited value = 5 (20 bytes) & maximum value = 15 (60 bytes) 21 ftp-control 139 netbios-ssn 10 Host Administratively Prohibited 22 ssh 143 imap 11 Network Unreachable for TOS Type of Service (PreDTRCx) --> Differentiated Services 23 telnet 179 bgp 12 Host Unreachable for TOS Precedence (000-111) 000 25 smtp 389 ldap 13 Communication Administratively Prohibited D (1 = minimize delay) 0 53 domain 443 https (ssl) 4 Source Quench T (1 = maximize throughout) 0 79 finger 445 microsoft-ds 5 Redirect R (1 = maximize reliability) 0 80 http 1080 socks 0 Redirect Datagram for the Network C (1 = minimize cost) 1 = ECN capable 1 Redirect Datagram for the Host x (reserved and set to 0) 1 = congestion experienced Offset 2 Redirect Datagram for the TOS & Network Total Length Number of 32-bit words in TCP header; minimum value = 5 3 Redirect Datagram for the TOS & Host Number of bytes in packet; maximum length = 65,535 Reserved 8 Echo Flags (xDM) 4 bits; set to 0 9 Router Advertisement x (reserved and set to 0) 10 Router Selection D (1 = Don't Fragment) Flags (CEUAPRSF) 11 Time Exceeded M (1 = More Fragments) 0 Time to Live exceeded in Transit ECN bits (used when ECN employed; else 00) 1 Fragment Reassembly Time Exceeded Fragment Offset CWR (1 = sender has cut congestion window in half) 12 Parameter Problem Position of this fragment in the original datagram, ECN-Echo (1 = receiver cuts congestion window in half) 0 Pointer indicates the error in units of 8 bytes U (1 = Urgent pointer valid) 1 Missing a Required Option Protocol A (1 = Acknowledgement field value valid) 2 Bad Length 1 ICMP 17 UDP 57 SKIP P (1 = Push data) 13 Timestamp 2 IGMP 47 GRE 88 EIGRP R (1 = Reset connection) 14 Timestamp Reply 6 TCP 50 ESP 89 OSPF S (1 = Synchronize sequence numbers) 15 Information Request 9 IGRP 51 AH 115 L2TP F (1 = no more data; Finish connection) 16 Information Reply Header Checksum 17 Address Mask Request Checksum Covers IP header only 18 Address Mask Reply Covers pseudoheader and entire TCP segment 30 Traceroute Addressing NET_ID RFC 1918 PRIVATE ADDRESSES Urgent Pointer 0-127 Class A 10.0.0.0-10.255.255.255 Points to the sequence number of the byte 128-191 Class B 172.16.0.0-172.31.255.255 following urgent data. PING (Echo/Echo Reply) 192-223 Class C 192.168.0.0-192.168.255.255 Bit Number 224-239 Class D (multicast) Options 240-255 Class E (experimental) 0 End of Options list 3 Window scale 1111111111222222222233 HOST_ID 1 No operation (pad) 4 Selective ACK ok 01234567890123456789012345678901 0 Network value; broadcast (old) 2 Maximum segment size 8 Timestamp 255 Broadcast Type (8 or 0) Code (0) Checksum Options (0-40 bytes; padded to 4-byte boundary) Identifier Sequence Number 0 End of Options list 68 Timestamp 1 No operation (pad) 131 Loose source route Data... 7 Record route 137 Strict source route

Recommended

Leonardo Nve Egea - Playing in a Satellite Environment 1.2
Leonardo Nve Egea - Playing in a Satellite Environment 1.2Leonardo Nve Egea - Playing in a Satellite Environment 1.2
Leonardo Nve Egea - Playing in a Satellite Environment 1.2Jim Geovedi
 
Juniper policy based filter based forwarding
Juniper policy based filter based forwardingJuniper policy based filter based forwarding
Juniper policy based filter based forwardingMars Chen
 
Select and poll functions
Select and poll functionsSelect and poll functions
Select and poll functionsManju Srinivasan
 
Exploiting Network Protocols To Exhaust Bandwidth Links 2008 Final
Exploiting Network Protocols To Exhaust Bandwidth Links 2008 FinalExploiting Network Protocols To Exhaust Bandwidth Links 2008 Final
Exploiting Network Protocols To Exhaust Bandwidth Links 2008 Finalmasoodnt10
 
Introduction to firewalls through Iptables
Introduction to firewalls through IptablesIntroduction to firewalls through Iptables
Introduction to firewalls through IptablesBud Siddhisena
 
Network and DNS Vulnerabilities
Network and DNS VulnerabilitiesNetwork and DNS Vulnerabilities
Network and DNS Vulnerabilitiesn|u - The Open Security Community
 
Networking
NetworkingNetworking
NetworkingMarian Marinov
 
Recent advance in netmap/VALE(mSwitch)
Recent advance in netmap/VALE(mSwitch)Recent advance in netmap/VALE(mSwitch)
Recent advance in netmap/VALE(mSwitch)micchie
 

Recommended

Leonardo Nve Egea - Playing in a Satellite Environment 1.2
Leonardo Nve Egea - Playing in a Satellite Environment 1.2Leonardo Nve Egea - Playing in a Satellite Environment 1.2
Leonardo Nve Egea - Playing in a Satellite Environment 1.2Jim Geovedi
 
Juniper policy based filter based forwarding
Juniper policy based filter based forwardingJuniper policy based filter based forwarding
Juniper policy based filter based forwardingMars Chen
 
Select and poll functions
Select and poll functionsSelect and poll functions
Select and poll functionsManju Srinivasan
 
Exploiting Network Protocols To Exhaust Bandwidth Links 2008 Final
Exploiting Network Protocols To Exhaust Bandwidth Links 2008 FinalExploiting Network Protocols To Exhaust Bandwidth Links 2008 Final
Exploiting Network Protocols To Exhaust Bandwidth Links 2008 Finalmasoodnt10
 
Introduction to firewalls through Iptables
Introduction to firewalls through IptablesIntroduction to firewalls through Iptables
Introduction to firewalls through IptablesBud Siddhisena
 
Network and DNS Vulnerabilities
Network and DNS VulnerabilitiesNetwork and DNS Vulnerabilities
Network and DNS Vulnerabilitiesn|u - The Open Security Community
 
Networking
NetworkingNetworking
NetworkingMarian Marinov
 
Recent advance in netmap/VALE(mSwitch)
Recent advance in netmap/VALE(mSwitch)Recent advance in netmap/VALE(mSwitch)
Recent advance in netmap/VALE(mSwitch)micchie
 
Userspace networking
Userspace networkingUserspace networking
Userspace networkingStephen Hemminger
 
Np unit iv ii
Np unit iv iiNp unit iv ii
Np unit iv iivamsitricks
 
Mpeg For The Media Sonic Players
Mpeg For The Media Sonic PlayersMpeg For The Media Sonic Players
Mpeg For The Media Sonic Playersguest78aa88
 
Sockets
SocketsSockets
SocketsIndrasena Reddy
 
Fcsi601 Linux Firewall Nat
Fcsi601 Linux Firewall NatFcsi601 Linux Firewall Nat
Fcsi601 Linux Firewall Natnarayannpp
 
Sockets
SocketsSockets
SocketsRajesh Kumar
 
Linux Bridging: Teaching an old dog new tricks
Linux Bridging: Teaching an old dog new tricksLinux Bridging: Teaching an old dog new tricks
Linux Bridging: Teaching an old dog new tricksStephen Hemminger
 
Dpdk applications
Dpdk applicationsDpdk applications
Dpdk applicationsVipin Varghese
 
Basics of firewall, ebtables, arptables and iptables
Basics of firewall, ebtables, arptables and iptablesBasics of firewall, ebtables, arptables and iptables
Basics of firewall, ebtables, arptables and iptablesPrzemysław Piotrowski
 
Copy of a simple tcp spoofing attack
Copy of a simple tcp spoofing attackCopy of a simple tcp spoofing attack
Copy of a simple tcp spoofing attackVishal Gurujuwada
 
Junos vs ios Troubleshooting comands
Junos vs ios Troubleshooting comands Junos vs ios Troubleshooting comands
Junos vs ios Troubleshooting comands sandeep kumar
 
Programming TCP/IP with Sockets
Programming TCP/IP with SocketsProgramming TCP/IP with Sockets
Programming TCP/IP with Socketselliando dias
 
Np unit2
Np unit2Np unit2
Np unit2vamsitricks
 
Zenith Networks: Jump Start JUNOS
Zenith Networks: Jump Start JUNOSZenith Networks: Jump Start JUNOS
Zenith Networks: Jump Start JUNOSZenith Networks
 
Np unit iii
Np unit iiiNp unit iii
Np unit iiivamsitricks
 
Netmap presentation
Netmap presentationNetmap presentation
Netmap presentationAmir Razmjou
 
6. processes and threads
6. processes and threads6. processes and threads
6. processes and threadsMarian Marinov
 
DPDK KNI interface
DPDK KNI interfaceDPDK KNI interface
DPDK KNI interfaceDenys Haryachyy
 
Manipulating the Network with PacketFu
Manipulating the Network with PacketFuManipulating the Network with PacketFu
Manipulating the Network with PacketFuKeith Lee
 
Sockets and Socket-Buffer
Sockets and Socket-BufferSockets and Socket-Buffer
Sockets and Socket-BufferSourav Punoriyar
 
Tcpdump
TcpdumpTcpdump
TcpdumpSourav Roy
 
A22 Introduction to DTrace by Kyle Hailey
A22 Introduction to DTrace by Kyle HaileyA22 Introduction to DTrace by Kyle Hailey
A22 Introduction to DTrace by Kyle HaileyInsight Technology, Inc.
 

More Related Content

What's hot

Np unit iv ii
Np unit iv iiNp unit iv ii
Np unit iv iivamsitricks
 
Mpeg For The Media Sonic Players
Mpeg For The Media Sonic PlayersMpeg For The Media Sonic Players
Mpeg For The Media Sonic Playersguest78aa88
 
Fcsi601 Linux Firewall Nat
Fcsi601 Linux Firewall NatFcsi601 Linux Firewall Nat
Fcsi601 Linux Firewall Natnarayannpp
 
Linux Bridging: Teaching an old dog new tricks
Linux Bridging: Teaching an old dog new tricksLinux Bridging: Teaching an old dog new tricks
Linux Bridging: Teaching an old dog new tricksStephen Hemminger
 
Dpdk applications
Dpdk applicationsDpdk applications
Dpdk applicationsVipin Varghese
 
Basics of firewall, ebtables, arptables and iptables
Basics of firewall, ebtables, arptables and iptablesBasics of firewall, ebtables, arptables and iptables
Basics of firewall, ebtables, arptables and iptablesPrzemysław Piotrowski
 
Copy of a simple tcp spoofing attack
Copy of a simple tcp spoofing attackCopy of a simple tcp spoofing attack
Copy of a simple tcp spoofing attackVishal Gurujuwada
 
Junos vs ios Troubleshooting comands
Junos vs ios Troubleshooting comands Junos vs ios Troubleshooting comands
Junos vs ios Troubleshooting comands sandeep kumar
 
Programming TCP/IP with Sockets
Programming TCP/IP with SocketsProgramming TCP/IP with Sockets
Programming TCP/IP with Socketselliando dias
 
Zenith Networks: Jump Start JUNOS
Zenith Networks: Jump Start JUNOSZenith Networks: Jump Start JUNOS
Zenith Networks: Jump Start JUNOSZenith Networks
 
Np unit iii
Np unit iiiNp unit iii
Np unit iiivamsitricks
 
Netmap presentation
Netmap presentationNetmap presentation
Netmap presentationAmir Razmjou
 
6. processes and threads
6. processes and threads6. processes and threads
6. processes and threadsMarian Marinov
 
DPDK KNI interface
DPDK KNI interfaceDPDK KNI interface
DPDK KNI interfaceDenys Haryachyy
 
Manipulating the Network with PacketFu
Manipulating the Network with PacketFuManipulating the Network with PacketFu
Manipulating the Network with PacketFuKeith Lee
 
Sockets and Socket-Buffer
Sockets and Socket-BufferSockets and Socket-Buffer
Sockets and Socket-BufferSourav Punoriyar
 

What's hot (20)

Userspace networking
Userspace networkingUserspace networking
Userspace networking
 
Np unit iv ii
Np unit iv iiNp unit iv ii
Np unit iv ii
 
Mpeg For The Media Sonic Players
Mpeg For The Media Sonic PlayersMpeg For The Media Sonic Players
Mpeg For The Media Sonic Players
 
Sockets
SocketsSockets
Sockets
 
Fcsi601 Linux Firewall Nat
Fcsi601 Linux Firewall NatFcsi601 Linux Firewall Nat
Fcsi601 Linux Firewall Nat
 
Sockets
SocketsSockets
Sockets
 
Linux Bridging: Teaching an old dog new tricks
Linux Bridging: Teaching an old dog new tricksLinux Bridging: Teaching an old dog new tricks
Linux Bridging: Teaching an old dog new tricks
 
Dpdk applications
Dpdk applicationsDpdk applications
Dpdk applications
 
Basics of firewall, ebtables, arptables and iptables
Basics of firewall, ebtables, arptables and iptablesBasics of firewall, ebtables, arptables and iptables
Basics of firewall, ebtables, arptables and iptables
 
Copy of a simple tcp spoofing attack
Copy of a simple tcp spoofing attackCopy of a simple tcp spoofing attack
Copy of a simple tcp spoofing attack
 
Junos vs ios Troubleshooting comands
Junos vs ios Troubleshooting comands Junos vs ios Troubleshooting comands
Junos vs ios Troubleshooting comands
 
Programming TCP/IP with Sockets
Programming TCP/IP with SocketsProgramming TCP/IP with Sockets
Programming TCP/IP with Sockets
 
Np unit2
Np unit2Np unit2
Np unit2
 
Zenith Networks: Jump Start JUNOS
Zenith Networks: Jump Start JUNOSZenith Networks: Jump Start JUNOS
Zenith Networks: Jump Start JUNOS
 
Np unit iii
Np unit iiiNp unit iii
Np unit iii
 
Netmap presentation
Netmap presentationNetmap presentation
Netmap presentation
 
6. processes and threads
6. processes and threads6. processes and threads
6. processes and threads
 
DPDK KNI interface
DPDK KNI interfaceDPDK KNI interface
DPDK KNI interface
 
Manipulating the Network with PacketFu
Manipulating the Network with PacketFuManipulating the Network with PacketFu
Manipulating the Network with PacketFu
 
Sockets and Socket-Buffer
Sockets and Socket-BufferSockets and Socket-Buffer
Sockets and Socket-Buffer
 

Similar to Tcpip (Dharmender Kumar) 09990478253

A22 Introduction to DTrace by Kyle Hailey
A22 Introduction to DTrace by Kyle HaileyA22 Introduction to DTrace by Kyle Hailey
A22 Introduction to DTrace by Kyle HaileyInsight Technology, Inc.
 
Introduction to tcpdump
Introduction to tcpdumpIntroduction to tcpdump
Introduction to tcpdumpLev Walkin
 
Tc pdump mod
Tc pdump modTc pdump mod
Tc pdump modSini
 
Ngrep commands
Ngrep commandsNgrep commands
Ngrep commandsRishu Seth
 
Wireshark, Tcpdump and Network Performance tools
Wireshark, Tcpdump and Network Performance toolsWireshark, Tcpdump and Network Performance tools
Wireshark, Tcpdump and Network Performance toolsSachidananda Sahu
 
Understanding DPDK
Understanding DPDKUnderstanding DPDK
Understanding DPDKDenys Haryachyy
 
High Availability With DRBD & Heartbeat
High Availability With DRBD & HeartbeatHigh Availability With DRBD & Heartbeat
High Availability With DRBD & HeartbeatChris Barber
 
The Potential Impact of Software Defined Networking SDN on Security
The Potential Impact of Software Defined Networking SDN on SecurityThe Potential Impact of Software Defined Networking SDN on Security
The Potential Impact of Software Defined Networking SDN on SecurityBrent Salisbury
 
Traffic monitoring
Traffic monitoringTraffic monitoring
Traffic monitoringRadu Galbenu
 
The Next Generation Firewall for Red Hat Enterprise Linux 7 RC
The Next Generation Firewall for Red Hat Enterprise Linux 7 RCThe Next Generation Firewall for Red Hat Enterprise Linux 7 RC
The Next Generation Firewall for Red Hat Enterprise Linux 7 RCThomas Graf
 
RAZORPOINT TCP/UDP PORTS LIST
RAZORPOINT TCP/UDP PORTS LISTRAZORPOINT TCP/UDP PORTS LIST
RAZORPOINT TCP/UDP PORTS LISTRazorpoint Security
 
Steen_Dissertation_March5
Steen_Dissertation_March5Steen_Dissertation_March5
Steen_Dissertation_March5Steen Larsen
 
OSMC 2017 | SNMP explained by Rob Hassing
OSMC 2017 | SNMP explained by Rob HassingOSMC 2017 | SNMP explained by Rob Hassing
OSMC 2017 | SNMP explained by Rob HassingNETWAYS
 
LF_OVS_17_OVS/OVS-DPDK connection tracking for Mobile usecases
LF_OVS_17_OVS/OVS-DPDK connection tracking for Mobile usecasesLF_OVS_17_OVS/OVS-DPDK connection tracking for Mobile usecases
LF_OVS_17_OVS/OVS-DPDK connection tracking for Mobile usecasesLF_OpenvSwitch
 
8c21da14 1c9c-44ee-8e24-9a1ddd64ca82-150211062639-conversion-gate02
8c21da14 1c9c-44ee-8e24-9a1ddd64ca82-150211062639-conversion-gate028c21da14 1c9c-44ee-8e24-9a1ddd64ca82-150211062639-conversion-gate02
8c21da14 1c9c-44ee-8e24-9a1ddd64ca82-150211062639-conversion-gate02Anand Nandani
 
Hunting for APT in network logs workshop presentation
Hunting for APT in network logs workshop presentationHunting for APT in network logs workshop presentation
Hunting for APT in network logs workshop presentationOlehLevytskyi1
 
Dpdk accelerated Ostinato
Dpdk accelerated OstinatoDpdk accelerated Ostinato
Dpdk accelerated Ostinatopstavirs
 

Similar to Tcpip (Dharmender Kumar) 09990478253 (20)

Tcpdump
TcpdumpTcpdump
Tcpdump
 
A22 Introduction to DTrace by Kyle Hailey
A22 Introduction to DTrace by Kyle HaileyA22 Introduction to DTrace by Kyle Hailey
A22 Introduction to DTrace by Kyle Hailey
 
Introduction to tcpdump
Introduction to tcpdumpIntroduction to tcpdump
Introduction to tcpdump
 
Tc pdump mod
Tc pdump modTc pdump mod
Tc pdump mod
 
Ngrep commands
Ngrep commandsNgrep commands
Ngrep commands
 
Wireshark, Tcpdump and Network Performance tools
Wireshark, Tcpdump and Network Performance toolsWireshark, Tcpdump and Network Performance tools
Wireshark, Tcpdump and Network Performance tools
 
Understanding DPDK
Understanding DPDKUnderstanding DPDK
Understanding DPDK
 
High Availability With DRBD & Heartbeat
High Availability With DRBD & HeartbeatHigh Availability With DRBD & Heartbeat
High Availability With DRBD & Heartbeat
 
The Potential Impact of Software Defined Networking SDN on Security
The Potential Impact of Software Defined Networking SDN on SecurityThe Potential Impact of Software Defined Networking SDN on Security
The Potential Impact of Software Defined Networking SDN on Security
 
Tcpdump
TcpdumpTcpdump
Tcpdump
 
Traffic monitoring
Traffic monitoringTraffic monitoring
Traffic monitoring
 
The Next Generation Firewall for Red Hat Enterprise Linux 7 RC
The Next Generation Firewall for Red Hat Enterprise Linux 7 RCThe Next Generation Firewall for Red Hat Enterprise Linux 7 RC
The Next Generation Firewall for Red Hat Enterprise Linux 7 RC
 
RAZORPOINT TCP/UDP PORTS LIST
RAZORPOINT TCP/UDP PORTS LISTRAZORPOINT TCP/UDP PORTS LIST
RAZORPOINT TCP/UDP PORTS LIST
 
Steen_Dissertation_March5
Steen_Dissertation_March5Steen_Dissertation_March5
Steen_Dissertation_March5
 
OSMC 2017 | SNMP explained by Rob Hassing
OSMC 2017 | SNMP explained by Rob HassingOSMC 2017 | SNMP explained by Rob Hassing
OSMC 2017 | SNMP explained by Rob Hassing
 
LF_OVS_17_OVS/OVS-DPDK connection tracking for Mobile usecases
LF_OVS_17_OVS/OVS-DPDK connection tracking for Mobile usecasesLF_OVS_17_OVS/OVS-DPDK connection tracking for Mobile usecases
LF_OVS_17_OVS/OVS-DPDK connection tracking for Mobile usecases
 
8c21da14 1c9c-44ee-8e24-9a1ddd64ca82-150211062639-conversion-gate02
8c21da14 1c9c-44ee-8e24-9a1ddd64ca82-150211062639-conversion-gate028c21da14 1c9c-44ee-8e24-9a1ddd64ca82-150211062639-conversion-gate02
8c21da14 1c9c-44ee-8e24-9a1ddd64ca82-150211062639-conversion-gate02
 
Netcat
NetcatNetcat
Netcat
 
Hunting for APT in network logs workshop presentation
Hunting for APT in network logs workshop presentationHunting for APT in network logs workshop presentation
Hunting for APT in network logs workshop presentation
 
Dpdk accelerated Ostinato
Dpdk accelerated OstinatoDpdk accelerated Ostinato
Dpdk accelerated Ostinato
 

Recently uploaded

costume and set research powerpoint presentation
costume and set research powerpoint presentationcostume and set research powerpoint presentation
costume and set research powerpoint presentationphoebematthew05
 
Key Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptxKey Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptxLBM Solutions
 
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...shyamraj55
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticscarlostorres15106
 
Unraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfUnraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfAlex Barbosa Coqueiro
 
Pigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping ElbowsPigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping ElbowsPigging Solutions
 
Artificial intelligence in the post-deep learning era
Artificial intelligence in the post-deep learning eraArtificial intelligence in the post-deep learning era
Artificial intelligence in the post-deep learning eraDeakin University
 
Connect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationConnect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationSlibray Presentation
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsMark Billinghurst
 
Install Stable Diffusion in windows machine
Install Stable Diffusion in windows machineInstall Stable Diffusion in windows machine
Install Stable Diffusion in windows machinePadma Pradeep
 
Science&tech:THE INFORMATION AGE STS.pdf
Science&tech:THE INFORMATION AGE STS.pdfScience&tech:THE INFORMATION AGE STS.pdf
Science&tech:THE INFORMATION AGE STS.pdfjimielynbastida
 
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubKalema Edgar
 
SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024Scott Keck-Warren
 
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr LapshynFwdays
 
New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024BookNet Canada
 
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Mark Simos
 
SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024Lorenzo Miniero
 

Recently uploaded (20)

costume and set research powerpoint presentation
costume and set research powerpoint presentationcostume and set research powerpoint presentation
costume and set research powerpoint presentation
 
Key Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptxKey Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptx
 
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
 
Vulnerability_Management_GRC_by Sohang Sengupta.pptx
Vulnerability_Management_GRC_by Sohang Sengupta.pptxVulnerability_Management_GRC_by Sohang Sengupta.pptx
Vulnerability_Management_GRC_by Sohang Sengupta.pptx
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
 
Unraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfUnraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdf
 
Pigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping ElbowsPigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping Elbows
 
Artificial intelligence in the post-deep learning era
Artificial intelligence in the post-deep learning eraArtificial intelligence in the post-deep learning era
Artificial intelligence in the post-deep learning era
 
Connect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationConnect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck Presentation
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR Systems
 
Hot Sexy call girls in Panjabi Bagh 🔝 9953056974 🔝 Delhi escort Service
Hot Sexy call girls in Panjabi Bagh 🔝 9953056974 🔝 Delhi escort ServiceHot Sexy call girls in Panjabi Bagh 🔝 9953056974 🔝 Delhi escort Service
Hot Sexy call girls in Panjabi Bagh 🔝 9953056974 🔝 Delhi escort Service
 
Install Stable Diffusion in windows machine
Install Stable Diffusion in windows machineInstall Stable Diffusion in windows machine
Install Stable Diffusion in windows machine
 
Science&tech:THE INFORMATION AGE STS.pdf
Science&tech:THE INFORMATION AGE STS.pdfScience&tech:THE INFORMATION AGE STS.pdf
Science&tech:THE INFORMATION AGE STS.pdf
 
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding Club
 
SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024
 
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
 
DMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special EditionDMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special Edition
 
New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
 
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
 
SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024
 

Tcpip (Dharmender Kumar) 09990478253

  • 1. UDP Header DNS Bit Number 1111111111222222222233 Bit Number 1 1 1 1 1 1 TCP/IP and 01234567890123456789012345678901 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 tcpdump Source Port Destination Port LENGTH (TCP ONLY) Length Checksum ID. POCKET REFERENCE GUIDE QR Opcode AA TC RD RA Z RCODE SANS Institute UDP Header Information QDCOUNT incidents@sans.org Common UDP Well-Known Server Ports +1 317.580.9756 7 echo 138 netbios-dgm ANCOUNT http://www.sans.org 19 chargen 161 snmp http://www.incidents.org NSCOUNT 37 time 162 snmp-trap 53 domain 500 isakmp ARCOUNT 67 bootps (DHCP) 514 syslog tcpdump Usage 68 bootpc (DHCP) 520 rip Question Section 69 tftp 33434 traceroute Answer Section tcpdump [-aenStvx] [-F file] 137 netbios-ns [-i int] [-r file] [-s snaplen] Authority Section Length [-w file] ['filter_expression'] (Number of bytes in entire datagram including header; Additional Information Section minimum value = 8) -e Display data link header. -F Filter expression in file. Checksum DNS Parameters -i Listen on int interface. (Covers pseudo-header and entire UDP datagram) Query/Response -n Don't resolve IP addresses. 0 Query -r Read packets from file. ARP 1 Response -s Get snaplen bytes from each packet. Opcode -S Use absolute TCP sequence numbers. Bit Number 0 Standard query (QUERY) -t Don't print timestamp. 1111111111222222222233 1 Inverse query (IQUERY) 2 Server status request (STATUS) -v Verbose mode. 01234567890123456789012345678901 -w Write packets to file. AA Hardware Address Type Protocol Address Type -x Display in hex. (1 = Authoritative Answer) -X Display in hex and ASCII. H/w Addr Len Prot. Addr Len Operation TC (1 = TrunCation) Source Hardware Address RD Acronyms Source Hardware Addr (cont.) Source Protocol Address (1 = Recursion Desired) AH Authentication Header (RFC 2402) ISAKMP Internet Security Association & Key Management RA Source Protocol Addr (cont.) Target Hardware Address ARP Address Resolution Protocol (RFC 826) Protocol (RFC 2408) (1 = Recursion Available) BGP Border Gateway Protocol (RFC 1771) L2TP Layer 2 Tunneling Protocol (RFC 2661) Target Hardware Address (cont.) Z CWR Congestion Window Reduced (RFC 2481) NNTP Network News Transfer Protocol (RFC 977) Target Protocol Address (Reserved; set to 0) DF Don't Fragment bit (IP) OSPF Open Shortest Path First (RFC 1583) Response code DHCP Dynamic Host Configuration Protocol (RFC 2131) POP3 Post Office Protocol v3 (RFC 1460) ARP Parameters (for Ethernet and IPv4) 0 No error DNS Domain Name System (RFC 1035) RFC Request for Comments 1 Format error ECN Explicit Congestion Notification (RFC 3168) RIP Routing Information Protocol (RFC 2453) Hardware Address Type 2 Server failure 1 Ethernet EIGRP Extended IGRP (Cisco) LDAP Lightweight Directory Access Protocol (RFC 2251) 3 Non-existant domain (NXDOMAIN) 6 IEEE 802 LAN ESP Encapsulating Security Payload (RFC 2406) SKIP Simple Key-Management for Internet Protocols 4 Query type not implemented FTP File Transfer Protocol (RFC 959) SMTP Simple Mail Transfer Protocol (RFC 821) Protocol Address Type 5 Query refused GRE Generic Routing Encapsulation (RFC 2784) SNMP Simple Network Management Protocol (RFC 1157) 2048 IPv4 (0x0800) QDCOUNT HTTP Hypertext Transfer Protocol (RFC 1945) SSH Secure Shell Hardware Address Length (No. of entries in Question section) ICMP Internet Control Message Protocol (RFC 792) SSL Secure Sockets Layer (Netscape) 6 for Ethernet/IEEE 802 ANCOUNT IGMP Internet Group Management Protocol (RFC 2236) TCP Transmission Control Protocol (RFC 793) (No. of resource records in Answer section) Protocol Address Length IGRP Interior Gateway Routing Protocol (Cisco) TFTP Trivial File Transfer Protocol (RFC 1350) 4 for IPv4 NSCOUNT IMAP Internet Message Access Protocol (RFC 2060) TOS Type of Service field (IP) (No. of name server resource records in Authority section) IP Internet Protocol (RFC 791) UDP User Datagram Protocol (RFC 768) Operation 1 Request ARCOUNT All RFCs can be found at http://www.rfc-editor.org 2 Reply (No. of resource records in Additional Information section. ©SANS Institute May 2006
  • 2. ICMP IP Header TCP Header Bit Number Bit Number Bit Number 1111111111222222222233 1111111111222222222233 1111111111222222222233 01234567890123456789012345678901 01234567890123456789012345678901 01234567890123456789012345678901 Type Code Checksum Version IHL Type of Service Total Length Source Port Destination Port Other message-specific information... Identification Flags Fragment Offset Sequence Number Time to Live Protocol Header Checksum Acknowledgment Number Type Name/Codes (Code=0 unless otherwise specified) Source Address Offset Reserved Flags Window 0 Echo Reply (Header Length) 3 Destination Unreachable Destination Address Checksum Urgent Pointer 0 Net Unreachable 1 Host Unreachable Options (optional) Options (optional) 2 Protocol Unreachable 3 Port Unreachable 4 Fragmentation Needed & DF Set IP Header Contents TCP Header Contents 5 Source Route Failed Version Common TCP Well-Known Server Ports 6 Destination Network Unknown 4 IP version 4 7 echo 110 pop3 7 Destination Host Unknown Internet Header Length 19 chargen 111 sunrpc 8 Source Host Isolated Number of 32-bit words in IP header; minimum 20 ftp-data 119 nntp 9 Network Administratively Prohibited value = 5 (20 bytes) & maximum value = 15 (60 bytes) 21 ftp-control 139 netbios-ssn 10 Host Administratively Prohibited 22 ssh 143 imap 11 Network Unreachable for TOS Type of Service (PreDTRCx) --> Differentiated Services 23 telnet 179 bgp 12 Host Unreachable for TOS Precedence (000-111) 000 25 smtp 389 ldap 13 Communication Administratively Prohibited D (1 = minimize delay) 0 53 domain 443 https (ssl) 4 Source Quench T (1 = maximize throughout) 0 79 finger 445 microsoft-ds 5 Redirect R (1 = maximize reliability) 0 80 http 1080 socks 0 Redirect Datagram for the Network C (1 = minimize cost) 1 = ECN capable 1 Redirect Datagram for the Host x (reserved and set to 0) 1 = congestion experienced Offset 2 Redirect Datagram for the TOS & Network Total Length Number of 32-bit words in TCP header; minimum value = 5 3 Redirect Datagram for the TOS & Host Number of bytes in packet; maximum length = 65,535 Reserved 8 Echo Flags (xDM) 4 bits; set to 0 9 Router Advertisement x (reserved and set to 0) 10 Router Selection D (1 = Don't Fragment) Flags (CEUAPRSF) 11 Time Exceeded M (1 = More Fragments) 0 Time to Live exceeded in Transit ECN bits (used when ECN employed; else 00) 1 Fragment Reassembly Time Exceeded Fragment Offset CWR (1 = sender has cut congestion window in half) 12 Parameter Problem Position of this fragment in the original datagram, ECN-Echo (1 = receiver cuts congestion window in half) 0 Pointer indicates the error in units of 8 bytes U (1 = Urgent pointer valid) 1 Missing a Required Option Protocol A (1 = Acknowledgement field value valid) 2 Bad Length 1 ICMP 17 UDP 57 SKIP P (1 = Push data) 13 Timestamp 2 IGMP 47 GRE 88 EIGRP R (1 = Reset connection) 14 Timestamp Reply 6 TCP 50 ESP 89 OSPF S (1 = Synchronize sequence numbers) 15 Information Request 9 IGRP 51 AH 115 L2TP F (1 = no more data; Finish connection) 16 Information Reply Header Checksum 17 Address Mask Request Checksum Covers IP header only 18 Address Mask Reply Covers pseudoheader and entire TCP segment 30 Traceroute Addressing NET_ID RFC 1918 PRIVATE ADDRESSES Urgent Pointer 0-127 Class A 10.0.0.0-10.255.255.255 Points to the sequence number of the byte 128-191 Class B 172.16.0.0-172.31.255.255 following urgent data. PING (Echo/Echo Reply) 192-223 Class C 192.168.0.0-192.168.255.255 Bit Number 224-239 Class D (multicast) Options 240-255 Class E (experimental) 0 End of Options list 3 Window scale 1111111111222222222233 HOST_ID 1 No operation (pad) 4 Selective ACK ok 01234567890123456789012345678901 0 Network value; broadcast (old) 2 Maximum segment size 8 Timestamp 255 Broadcast Type (8 or 0) Code (0) Checksum Options (0-40 bytes; padded to 4-byte boundary) Identifier Sequence Number 0 End of Options list 68 Timestamp 1 No operation (pad) 131 Loose source route Data... 7 Record route 137 Strict source route