Application Method of communication protocol analysis for Iptool grasping package tool

Catch Bag Preparation

Capture Analysis Toolbar:

Before starting the bag, the user needs to filter the settings, including the following options:

Select Network card

If you have more than one network card, you need to select the network card that catches the desired data.

Protocol filtering

For the Internet Communications Section, the common IP packet types are: tcp/udp/icmp. The vast majority of TCP connections, such as HTTP (s)/smtp/pop3/ftp/telnet, and so on, part of the chat software in addition to the use of TCP communication methods, but also used the transmission of UDP, such as Qq/skype; The common ICMP packets are generated by a customer ping. The Setup interface is as follows:

IP filtering

"IP Filtering" is the most common use of packet filtering, IP matching is mainly divided into two categories: one is not with the direction of communication, pure is the scope of the match, such as the "from:to" type in the above, the other is a one-to-one matching with the direction of communication, such as the "<->" type, not only match the IP address, Also matches the direction of the source IP and destination IP of the communication.

Port filtering

Port filtering is only for two types of DOD-IP packages: TCP/UDP.

Data area Size

The "Data area Size" match is for all DOD-IP type packages, but it should be explained that the IP data area of the TCP/UDP is calculated at the actual data area location, while the other types use the part immediately following the IP header as the data area.