I need to analyse a network packet in wireshark. I have a packet with several flags like seq,win,ack,etc., Are these considered as commands? Basically i need to Comment on each command and response between the client and the server. asked 16 Apr '16, 03:07 Sujitha |
One Answer:
Wireshark attempts to "decode" a packet, to show what network protocols were in use (eg: IPv4, TCP, HTTP). It attempts to present them into a human-readable format out of the packet's raw binary for analysis. For your question, how are you defining the word "command"? A "command" between a "client" and a "server" is something that must be put in the context of the protocol or application in question. For example, I could say that "GET" or "PUT" are commands in the HTTP protocol, and I could use Wireshark to search on HTTP and pull up examples of such commands. Where you are asking about flags and sequence numbers it looks like you are asking about TCP specifically? If so, Wireshark will decode the fields but won't tell you what a flag does. An understanding of how a protocol works is paramount to analyzing it, but it's homework that needs to be done before using that tool. In TCP's case: https://tools.ietf.org/html/rfc793 Aside from the RFC, if you just google "TCP flag definitions" there are plenty of example descriptions of them online, assuming that it is TCP flags you are specifically asking about. answered 17 Apr '16, 08:15 Quadratic |