A. Protocol Header Reference

The protocol headers presented in this appendix are frequently encountered when analyzing TCP/IP traffic. An excellent online reference not mentioned elsewhere is the Network Sorcery site (http://www.networksorcery.com). This site clearly breaks down protocols by network, transport, and application layers by noting the following.

• Network-layer protocols are assigned EtherTypes, like 0x0806 for ARP, 0x0800 for IP version 4, and 0x86DD for IP version 6.

• Transport-layer protocols are assigned IP protocol values, like 1 for ICMP, 6 for TCP, 17 for UDP, 132 for Stream Control Transmission Protocol (SCTP), and so on.

• Application-layer protocols are assigned one or more SCTP, TCP, or UDP port numbers, like 23 for Telnet, ...

Get The Tao of Network Security Monitoring Beyond Intrusion Detection now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.