Determining the type of traffic with a sniffer?

K

Konstantin Bulanov2015-10-06 16:41:20

Computer networks

Konstantin Bulanov, 2015-10-06 16:41:20

A veo-question arose at work: the sniffer, as far as I understand, parses the received packets according to the protocols, and then already issues (if you request) an analysis: what exactly was transmitted. Is it possible to detect the very fact of transferring certain data in a RAW packet without analyzing the protocols? That is, according to the characteristic data sequence, to say - here we had ICMP traffic transmitted? Or is it possible to make such a conclusion only after the received IP packet has been parsed?

Reply

Answer the question

In order to leave comments, you need to log in

1 answer(s)

T

throughtheether, 2015-10-06
@throughtheether

Explain what specific problem you are solving.

That is, according to the characteristic data sequence, to say - here we had ICMP traffic transmitted? Or is it possible to make such a conclusion only after the received IP packet has been parsed?

And definition of the protocol is unless analysis of a packet (at least partial)?

Is it possible to detect the very fact of transferring certain data in a RAW packet without analyzing the protocols? That is, according to the characteristic data sequence, to say - here we had ICMP traffic transmitted?

In your case, you need to look at the Protocol field of the IP packet, which, in my opinion, is byte number 10, counting from 1. In the case of ICMP, there will be a value of 1.