Sort by

Tagged with #networking #Wireshark

Analyzing packets by Ryo

I am getting used to reading the hexs shown in Wireshark. Here is the summary of what is going with the below packet sent by my TUN program. 0x00, 0x00, 0x08, 0x00, 0x45, 0x00, 0x00, 0x54, 0x89, 0x4b, 0x40, 0x00, 0x40, 0x01, 0x39, 0x59, 0xcb, 0x00, 0x71, 0x02, 0xcb, 0x00, 0x71, 0x01, 0x08, 0x00, 0x2a, 0xc7, 0x00, 0x19, 0x00, 0x07, 0xc8, 0xb6, 0x8c, 0x63, 0x00, 0x00, 0x00, 0x00, 0xaf, 0x2b, 0x0a, 0x00, 0x00, 0x00, 0x00, 0x00, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f, 0x20, 0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27, 0x28, 0x29, 0x2a, 0x2b, 0x2c, 0x2d, 0x2e, 0x2f, 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37 The first 4 bit (4 of 0x45) ・Version: the fist field tells us which IP version we are using, only IPv4 uses this header so you will always find decimal value 4 here. The first 4 bit (5 of 0x45) ・The length of the ip header. In the case of this example, 5=>5*4(bytes)=>20(bytes)=>20 pair(0x45)s, as each hex is 4 bits. ・Because of the maximum possible value f=>15, the maximum ip header length is 15*4byte=60byte. Protocol: 0x01 ・1 stands for ICMP, 6 stands for tcp, 17 stands for UDP Source and destination address: 0xcb, 0x00, 0x71, 0x02, 0xcb, 0x00, 0x71, 0x01 ・In decimal, and respectively.

Tagged with #network #Wireshark

Observing packets with Wireshark by Ryo

I used Wireshark to observe how packets are exchanged between client and server. Packets are sent by client form some random port. Packets are received by the server with the specified port by the running program. Client socket program written in python import socket # AF_INET refers to ipv4 # SOCK_STREAM refers to TCP protocol clientSocket = socket.socket(socket.AF_INET, socket.SOCK_STREAM) # 3 way handshake(SYN) as socket.SOCK_STREAM is the selected type # clientSocket.connect(('', 12345)) clientSocket.connect(('', 1234)) dataFromServer = clientSocket.recv(1024) print(dataFromServer.decode()) Server socket program written in python import socket s = socket.socket() port = 12345 s.bind(('', port)) s.listen(5) while True: # 3 way handshake(ACK) as socket.SOCK_STREAM is the selected type clientSocket, addr = s.accept() print(addr) clientSocket.send('Thank you for connecting'.encode()) clientSocket.close() break Packets form Wireshark 1 0.000000000 TCP 74 44070 → 1234 [SYN] Seq=0 Win=65495 Len=0 MSS=65495 SACK_PERM=1 TSval=4210716831 TSecr=0 WS=128 2 0.000113299 TCP 74 1234 → 44070 [SYN, ACK] Seq=0 Ack=1 Win=65483 Len=0 MSS=65495 SACK_PERM=1 TSval=4210716831 TSecr=4210716831 WS=128