Stan,
I believe you have it, but just to re-iterate:
The most common capture is usually TCP/IP over Ethernet.
So if we look at a capture of TCP/IP traffic over Ethernet, a typical
Frame looks like this:
Ethernet Frame which "carries" a Network Protocol (such as IP)
IP Datagram which "carries" a Transport Protocol (such as UDP or TCP or
OSPF)
UDP Datagram or TCP Segment which "carries" a Service/Application (a
Port)
Service/Application Data or Possibly Additional Layers (e.g. Http, XML,
etc...)
So when we're talking about a "protocol" in this case, we're talking
about the Transport Protocol that IP is "carrying"
So for OSPF, it's protocol 89 or 0x59 in Hexadecimal (as displayed by
Wireshark)
This is important to understand - I often find that there is some
confusion in the difference between a Transport Protocol or Layer 4
Protocol and a Port/Service/Application which typically uses UDP or TCP.
/etc/protocols in UNIX/Linux or %windir%\system32\drivers\etc\protocol
in Windows NT+ or IANA (best source) has the list of protocols that IP
can "carry" which range from 0-255.
/etc/services (Windows dir, IANA too) has the list of ports (0-65535)
for TCP and UDP and what the assigned service/application/daemon is.
Popular protocols:
1 - ICMP
6 - TCP
17 - UDP
47 - GRE
50 - ESP (IPSec)
51 - AH (IPSec)
88 - EIGRP
89 - OSPF
Some Popular Services which ride on UDP/TCP:
TCP/21 - FTP
TCP/22 - SSH
TCP/25 - SMTP
TCP/80 - HTTP
UDP/53 - DNS
UDP/67 - DHCP/BOOTP Server
UDP/69 - TFTP
UDP/161 - SNMP
I hope this helps and please let me know if it's not clear,
--Jim
-----Original Message-----
On Thu, Nov 02, 2006 at 05:50:23PM +0000, LEGO wrote:
> cat /etc/protos
>
>
Ah, /etc/services brother. Thanks, I did not even know that was there.
--
Unix is very simple, but it takes a genius to understand the simplicity.
(Dennis Ritchie)
_______________________________________________
Wireshark-users mailing list
Wireshark-users@xxxxxxxxxxxxx
http://www.wireshark.org/mailman/listinfo/wireshark-users
