The protocol headers presented in this appendix are frequently encountered when analyzing TCP/IP traffic. An excellent online reference not mentioned elsewhere is the Network Sorcery site (http://www.networksorcery.com). This site clearly breaks down protocols by network, transport, and application layers by noting the following.
• Network-layer protocols are assigned EtherTypes, like
0x0806 for ARP,
0x0800 for IP version 4, and
0x86DD for IP version 6.
• Transport-layer protocols are assigned IP protocol values, like 1 for ICMP, 6 for TCP, 17 for UDP, 132 for Stream Control Transmission Protocol (SCTP), and so on.
• Application-layer protocols are assigned one or more SCTP, TCP, or UDP port numbers, like 23 for Telnet, ...