Skip to main content

IP header formatting and finding and understanding the content of a packet

 My plan for this week was to go over and talk about IP headers and datagrams. However, while looking through some resources, I find a document that can explain it far better than I can. So instead of diving into the technical nitty-gritty of packets and headers, I'll let Burton Rosenberg of the University of Miami's Computer Science department handy article explain it. 

With my original plans for this article taken care of, I instead thought that it would be a good idea to cover how to actually examine a packet and apply this information. It is one thing to know the theory, and another entirely to apply it. With that in mind, I decided to play around with Wireshark and throw together a little demonstration depicting the process. 

This is a Wireshark window that shows the HTTP traffic to and from my VM. To generate this information, I started Wireshark, confirmed in the capture options that it was using the correct adapter, and performed a google search. The packet that I'll be looking through is a response from one of the searches. When you initially click on it, the packet details and packet bytes viewer are populated. 

Packet Detail viewer

Packet Bytes viewer

While these might look confusing at first, they are easy-to-use tools that can simplify the process of extracting the IP header. In the packet detail field, simply scroll down to the IPv4 or v6 drop-down menu. After opening the menu, you will see each of the fields within the IP segment of the packet as their own submenus. Clicking on any of these will also highlight the corresponding hex values in the packet bytes viewer.             


In this image, I have selected the source field in the packet details viewer and the actual bytes have also been highlighted below. Wireshark parses through all of the information for us and provides an easy-to-read format in the packet details viewer. By utilizing Wireshark's built-in tools, it is incredibly easy to find and process IP information and packets. 


Popular posts from this blog

Frag Attacks - A critical Wifi vulnerability

Wifi fragmentation and aggregation attacks (FragAttacks) are a new collection of vulnerabilities in which a threat actor can exfiltrate data or attack victims within radio range. Mathy Vanhoef, a postdoctoral researcher at New York University Abu Dhabi, recently published his paper, Fragment and Forge: Breaking Wi-Fi through Frame Aggregation and Fragmentation , detailing several attack vectors and examining the intricacies of the aggregation vulnerabilities that have been part of the 802.11 standards since the inception in 1997.  Quite interestingly, every device tested was susceptible to one or more of the FragAttacks. While several 802.11 standards make these attacks harder to perform, they can be executed on all devices across all standards. It's a good thing then, that there was a nine-month embargo on information related to these attacks, allowing manufacturers to provide security updates to affected devices. Mathy Vanhoef has also created a website documenting the FragAttack

RFC 791 pt2

 This week's post will cover the operation of the Internet Protocol. Specifically, Time to Live (TOL), Type of Service(TOS), the Header Checksum, and the other remaining options available when transmitting data across IP. While this post will cover the basic operations and provide descriptions of their functions and use, a more technical dive will be saved for next week's post, which will cover the specification section of RFC 791. The final post in this series will cover the security implications of the Internet Protocol, and briefly cover the updates made to the original document and protocol.  Continuing from the last post, there are two main functions of the Internet Protocol. Addressing and Fragmentation. To begin,  the device you use to connect to the internet, or the internet module, uses the addressing function of IP to send and receive data. The internet module reads the address of the datagram and uses it to route to the desired endpoint. This address is carried in th

Examining RFC 791

 This will be the start of several posts that will examine the RFC 791 documentation. RFC 791 covers the Internet Protocol and provides an introduction, overview, and specifications of the protocol. For this post, we'll be reviewing the introduction, as well as outlining some key terminology needed to understand the protocol. This review will be somewhat limited, and may not be overly technical, but it should provide a decent overview of the Internet Protocol.  To start, we'll cover the "who", the "why", and the "how's" of IP and give a small background on the history of the protocol.  We will also cover the basics of packet switching networks, the OSI and TCP/IP, and the structure of Internet datagrams. Hopefully, by the end of this post, you will be able to understand what these concepts are and how they fit into the Internet Protocol, as well as other protocols and standards.  The document we will be examining is RFC 791, this is not the fir