packet's fields meanings?
Hi! Is there any document where I can read a brief meaning of each packet's fields (as ip.flags, ip.ttl, frame.marked, etc)?
Thanks!
Hi! Is there any document where I can read a brief meaning of each packet's fields (as ip.flags, ip.ttl, frame.marked, etc)?
Thanks!
Most accurate reference would be this. It lists them all, with their description for that protocol. If you want to understand the purpose of the field you'll have to dig into the respective protocol documentation itself.
As @sindy mentioned, the RFC's are an excellent source of information, at least for protocols defined by them, but of course not all protocols are - Ethernet just to mention one as an example - so it really depends on which protocol you're researching as to where the relevant documentation will be found. Unfortunately, the documentation for some protocols is not publically available at all.
Another useful place to look is at http://www.inacon.de/ph/data/index.php. For a time, Wireshark used to provide right-click apropos help directly to this documentation, but it was removed long ago. I don't recall exactly why it was removed, but I think it had to do with Inacon not keeping it up to date and developers not having the time to do it. In any case, it's still a useful resource.
Yes, there is. Tons of them. I'd recommend to find some textbook on networking as textbooks usually dose the information in acceptable amount and depth at a time and choose the right middle to start from (as there is probably no proper beginning to all this).
Some fields you've given as example (ip.flags, ip.ttl) are real packet fields, while others are generated by Wireshark (frame.marked). By the time you start understanding the basic real ones, you'll appreciate the usefulness of the generated ones.
I could offer you my "turbo-introduction to packet networks for dummies" slideshow, but it is in Russian :-(
Please start posting anonymously - your entry will be published after you log in or create a new account.
Asked: 2018-01-04 22:47:50 +0000
Seen: 1,936 times
Last updated: Jan 06 '18
Capture incoming packets from remote web server
How to set packet metadata in realtime?
Why would I be getting "LEN 1 (Malformed Packet)"... "(Malformed Packet: RTCP)" on UDP Packets
What is wrong with my internets?!
How do I dissect multiple packets?
How do I get relative ack number greater than sequence number?
How do I use the fragment_add_seq_check function in UDP packet reassembly?
Is it possible to use reassembly on non-split packets?
How do I dissect packets if the dissection depends on information from earlier packets?