For example: How would one decode the following ethernet frame? 00 26 b9 e8 7e f1 00 12 f2 21 da 00 08 00 45 00 05 dc e3 cd 20 10 35 06 25 eb 0a 0a 0a 02 c0 a8 01 03 c3 9e 0f 40 00 00 10 00 00 00 14 00 70 10 00 5c 59 99 00 00 02 04 05 b4 01 03 03 06 00 00 01 98 64 34 e8 90 84 98 20 12 18 19 04 85 80 00 I know that the first 6 bytes are the MAC destination address : 00 26 b9 e8 7e f1 The next 6 bytes are the source MAX address : 00 12 f2 21 da 00 The next 2 bytes show the ethernet type : 08 00 The next 4 bytes are : 45 00...Ipv4... "5" the number of bytes in the header.. and "00" means there are no differentiated services. What I don't know is what anything after that is or how to read it. Anyone help? asked 30 Apr '14, 08:29  aharmon1 |
One Answer:
Uhm, try Wireshark? It decodes it for you? You can select the decoded fields and see what by bytes are selected in the hex view, which is where the decode is based upon. Other than that you're probably going to read RFCs if you want to know how the protocols are structured in greater detail. answered 30 Apr '14, 08:29  Jasper ♦♦ edited 30 Apr '14, 08:31 |
I know Wireshark does it for you but I want to learn how to read it without the use of Wireshark.
Ok, as I added in my edit: play with Wireshark, see what it decodes to what, and other than that, books and RFCs ;-)
E.g: http://www.ietf.org/rfc/rfc791.txt Section 3.1