views:

29

answers:

2

Excluding options field in IPv4 header, after 20 bytes of header, data follows. That data may be TCP packet, or UDP etc.

Now given a IPv4 packet (with header and data), How to find out which type of transport layer packet (TCP/UDP/etc.) is present in data? Actually I am parsing a IPv4 packet so I need to understand this.

A: 

Deep packet inspection? Ipoque release some open source code for this task: opendpi.

The MYYN
Actually I just found out, that in the header of IPv4, there is a field called protocol. In that, the protocol is specified. Anyways, I got to know a new library.
avd
+3  A: 

The protocol field of the IPv4 header (see RFC791) will tell you:

    0                   1                   2                   3   
    0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |Version|  IHL  |Type of Service|          Total Length         |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |         Identification        |Flags|      Fragment Offset    |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |  Time to Live |    Protocol   |         Header Checksum       |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |                       Source Address                          |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |                    Destination Address                        |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |                    Options                    |    Padding    |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

The protocol numbers are assigned by IANA and are listed here:

http://www.iana.org/assignments/protocol-numbers/protocol-numbers.xhtml

Some example protocol numbers are:

1  ICMP
6  TCP
17 UDP
Cayle Spandon