![]() However, there's no guarantee that this will be a value for a protocol such as TCP or UDP it might be a value for an "extension header". The IPv6 header has a Next Header field, which contains an Internet Protocol Number field. UDP - and TCP, and so on - can also run on top of IPv6. If the packet does not begin with an Ethernet header, then, unless the link-layer header is also 14 bytes long and is immediately followed by the payload, byte 23 is not the IPv4 Protocol field.įurthermore, if the packet is not an IPv4 packet, even if the packet does begin with an Ethernet header, byte 23 is not the IPv4 Protocol field. The Protocol field in the IPv4 header is an an offset of 9 from the beginning of the IPv4 header, so, in an IPv4-over-Ethernet packet, the Protocol field is an an offset of 14+9 = 23 bytes from the beginning of the packet. In a packet with an Ethernet header that has a type/length field value of 0x0800, the first 14 bytes are an Ethernet header, and the next 20 bytes are the fixed portion of an IPv4 header. A value of 6 means TCP a value of 17 means UDP. IPv4 is described by RFC 791 the header of an IPv4 packet has a 1- byte protocol field, which contains an Internet Protocol Number value. If the type/length field has the value 0x0800, then the packet is an IPv4 packet. If the field has the value 1, then the packet begins with an Ethernet header, which begins with a 6-byte Ethernet destination address, followed by a 6-byte Ethernet source address, followed by a 2-byte type/length field. The list of link-layer header types shows what different values in that field mean. When it is UDP, byte 23 in the packet is set to 17, however in non-UDP, byte 23 doesn't have the same meaningĪ pcap file has, in the file header, a field that indicates the type of link-layer header that the packets in the file have.
0 Comments
Leave a Reply. |