O'Reilly logo

The Tao of Network Security Monitoring Beyond Intrusion Detection by Richard Bejtlich

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

A. Protocol Header Reference

The protocol headers presented in this appendix are frequently encountered when analyzing TCP/IP traffic. An excellent online reference not mentioned elsewhere is the Network Sorcery site (http://www.networksorcery.com). This site clearly breaks down protocols by network, transport, and application layers by noting the following.

• Network-layer protocols are assigned EtherTypes, like 0x0806 for ARP, 0x0800 for IP version 4, and 0x86DD for IP version 6.

• Transport-layer protocols are assigned IP protocol values, like 1 for ICMP, 6 for TCP, 17 for UDP, 132 for Stream Control Transmission Protocol (SCTP), and so on.

• Application-layer protocols are assigned one or more SCTP, TCP, or UDP port numbers, like 23 for Telnet, ...

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, interactive tutorials, and more.

Start Free Trial

No credit card required