Chapter 8. Examining IP Header Fields
This is the first of two chapters that examines fields in the IP packet. This chapter focuses on fields in the IP header, whereas the following chapter looks at fields in the embedded protocol (TCP, UDP, and ICMP) headers. As we continue our journey of looking at traffic from many different perspectives, another view we can assume is to look at the functions of fields in the headers and normal and abnormal values found in those fields. If we are familiar with the purpose of the fields and acquainted with normal values, we should be able to detect mutant or malicious values. When you begin to look at NIDS output ...
Get Network Intrusion Detection, Third Edition now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.