Skip to main content

IP header formatting and finding and understanding the content of a packet

 My plan for this week was to go over and talk about IP headers and datagrams. However, while looking through some resources, I find a document that can explain it far better than I can. So instead of diving into the technical nitty-gritty of packets and headers, I'll let Burton Rosenberg of the University of Miami's Computer Science department handy article explain it. 

With my original plans for this article taken care of, I instead thought that it would be a good idea to cover how to actually examine a packet and apply this information. It is one thing to know the theory, and another entirely to apply it. With that in mind, I decided to play around with Wireshark and throw together a little demonstration depicting the process. 



This is a Wireshark window that shows the HTTP traffic to and from my VM. To generate this information, I started Wireshark, confirmed in the capture options that it was using the correct adapter, and performed a google search. The packet that I'll be looking through is a response from one of the searches. When you initially click on it, the packet details and packet bytes viewer are populated. 


Packet Detail viewer

Packet Bytes viewer

While these might look confusing at first, they are easy-to-use tools that can simplify the process of extracting the IP header. In the packet detail field, simply scroll down to the IPv4 or v6 drop-down menu. After opening the menu, you will see each of the fields within the IP segment of the packet as their own submenus. Clicking on any of these will also highlight the corresponding hex values in the packet bytes viewer.             

 

In this image, I have selected the source field in the packet details viewer and the actual bytes have also been highlighted below. Wireshark parses through all of the information for us and provides an easy-to-read format in the packet details viewer. By utilizing Wireshark's built-in tools, it is incredibly easy to find and process IP information and packets. 

Labels:

Comments

Post a Comment

Popular posts from this blog

Using PGPy to encrypt and decrypt files and messages

 PGPy is a library for python that enables the creation, storage, and encryption/decryption of PGP keys and files in python. Recently, in a small project to reacquaint myself with python, I used PGPy for key generation and encryption and decryption. That project can be found in my github at  https://github.com/lpowell . The goal of the project was to use command-line switches to control the program, and to provide basic encryption and decryption capabilities, along with rot13 and base64 encoding.  First, to load in a key use key, _ = pgpy.PGPKey.from_file(keyfilename) . This loads the key from either a binary or ASCII armored file. You can swap out .from_file for .from_blob , if you plan on using a key stored in a string or bytes object rather than a file. In my example code, I pull the key from a file, as I found it to be the simpler method.  Next, you'll need to open a file or create a string or bytes object that contains the message you wish to encrypt. We'll call this file
3 comments
Read more

Installing the Ubertooth on the Mac mini M1

 For my video project, one of the demonstrations included using an Ubertooth One to scan for Bluetooth and BLE packets. This blog post will cover the installation of the Ubertooth One on the Mac mini M1. The official install guide for Mac devices didn't work very well for me, and I had to install some extra tools in order to get it to work. The examples assume you are using Python 3, and have homebrew installed.  To begin, follow the instructions found here:  https://github.com/greatscottgadgets/ubertooth/wiki/Build-Guide . Additionally, you may find that you need to install pytq5, numpy, and qtpy. To do this, simply run Python3 pip install pyqt5, numpy, qtpy. This will install the required libraries needed to run the Ubertooth tools. There are multiple ways to install pip on an OS X device, but I suggest using homebrew to install python3, which should install pip as well. Next, you will need to update the firmware of the device. When downloading the tools, a firmware directory sh
Post a Comment
Read more

PowerShell TCP Port scanner in one line

If you ever need a TCP port scanner that takes years to run, and you want to do it all in one line, PowerShell has you covered.  1..254 | % {if(Test-Connection 192.168.10.$_ -count 1 -quiet){foreach($x in 1..65535){if(Test-NetConnection -Port $x -ComputerName 192.168.10.$_ -InformationLevel Quiet){Write-Host "Found 192.168.10.$_`:$x"}}}} This one-liner pings every address in the specified network and if it receives a response, it then does a TCP port scan on the address. Keep in mind, it scans the address for all 65,535 ports. The addressing scheme and port ranges can change though, and if you only need to scan a network for all servers with port 80 open, it will be considerably faster. I still recommend using Nmap though. 
Post a Comment
Read more