Answer the question
In order to leave comments, you need to log in
Determining the type of traffic with a sniffer?
A veo-question arose at work: the sniffer, as far as I understand, parses the received packets according to the protocols, and then already issues (if you request) an analysis: what exactly was transmitted. Is it possible to detect the very fact of transferring certain data in a RAW packet without analyzing the protocols? That is, according to the characteristic data sequence, to say - here we had ICMP traffic transmitted? Or is it possible to make such a conclusion only after the received IP packet has been parsed?
Answer the question
In order to leave comments, you need to log in
Explain what specific problem you are solving.
That is, according to the characteristic data sequence, to say - here we had ICMP traffic transmitted? Or is it possible to make such a conclusion only after the received IP packet has been parsed?And definition of the protocol is unless analysis of a packet (at least partial)?
Is it possible to detect the very fact of transferring certain data in a RAW packet without analyzing the protocols? That is, according to the characteristic data sequence, to say - here we had ICMP traffic transmitted?In your case, you need to look at the Protocol field of the IP packet, which, in my opinion, is byte number 10, counting from 1. In the case of ICMP, there will be a value of 1.
Didn't find what you were looking for?
Ask your questionAsk a Question
731 491 924 answers to any question