Ask Your Question
0

packet's fields meanings?

asked 2018-01-04 22:47:50 +0000

sooaran gravatar image

updated 2018-01-04 22:48:30 +0000

Hi! Is there any document where I can read a brief meaning of each packet's fields (as ip.flags, ip.ttl, frame.marked, etc)?

Thanks!

edit retag flag offensive close merge delete
add a comment

2 Answers

Sort by ยป oldest newest most voted
0

answered 2018-01-05 07:24:59 +0000

Jaap gravatar image

Most accurate reference would be this. It lists them all, with their description for that protocol. If you want to understand the purpose of the field you'll have to dig into the respective protocol documentation itself.

edit flag offensive delete link more

Comments

As @sindy mentioned, the RFC's are an excellent source of information, at least for protocols defined by them, but of course not all protocols are - Ethernet just to mention one as an example - so it really depends on which protocol you're researching as to where the relevant documentation will be found. Unfortunately, the documentation for some protocols is not publically available at all.

Another useful place to look is at http://www.inacon.de/ph/data/index.php. For a time, Wireshark used to provide right-click apropos help directly to this documentation, but it was removed long ago. I don't recall exactly why it was removed, but I think it had to do with Inacon not keeping it up to date and developers not having the time to do it. In any case, it's still a useful resource.

cmaynard gravatar imagecmaynard ( 2018-01-05 15:16:30 +0000 )edit

Thanks a lot!!

sooaran gravatar imagesooaran ( 2018-01-06 18:55:17 +0000 )edit
add a comment
0

answered 2018-01-04 23:08:54 +0000

sindy gravatar image

Yes, there is. Tons of them. I'd recommend to find some textbook on networking as textbooks usually dose the information in acceptable amount and depth at a time and choose the right middle to start from (as there is probably no proper beginning to all this).

Some fields you've given as example (ip.flags, ip.ttl) are real packet fields, while others are generated by Wireshark (frame.marked). By the time you start understanding the basic real ones, you'll appreciate the usefulness of the generated ones.

I could offer you my "turbo-introduction to packet networks for dummies" slideshow, but it is in Russian :-(

edit flag offensive delete link more
add a comment

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Question Tools

1 follower

subscribe to rss feed

Stats

Asked: 2018-01-04 22:47:50 +0000

Seen: 1,602 times

Last updated: Jan 06 '18

Related questions

Capture incoming packets from remote web server

How to set packet metadata in realtime?

Monitor device

Why would I be getting "LEN 1 (Malformed Packet)"... "(Malformed Packet: RTCP)" on UDP Packets

What is wrong with my internets?!

How do I dissect multiple packets?

How do I get relative ack number greater than sequence number?

How do I use the fragment_add_seq_check function in UDP packet reassembly?

Is it possible to use reassembly on non-split packets?

How do I dissect packets if the dissection depends on information from earlier packets?

Copyright Wireshark Foundation, 2017-2023 Content on this site is licensed under a Creative Commons Attribution Share Alike 3.0 license.
about | faq | help | privacy policy | terms of service
Powered by Askbot version 0.10.2