orm@doc-tcpip.org

Erstellt: August 2002 - Letzte Modifikation: August 2003

[ Main | Local ]


Wichtige Header auf dem Netz

Was sich so im tcpdump findet

[ | ARP | UDP | ICMP (PING) | IP | TCP | GRE | AH | ESP ]


ARP Header

 
0                   1                   2                   3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| HW Address-Type               |  Protocol Address Type        |
+---------------+---------------+---------------+---------------+
| HW Addr Len   | Prot. Addr Len|      Operation                |
+-------------------------------+-------------------------------+
|                      Source HW Address                        |
+-------------------------------+-------------------------------+
|                               |  Source Protocol Address      |
+-------------------------------+-------------------------------+
|                               |     Target HW Address         |
+-------------------------------+-------------------------------+
|                                                               |
+---------------------------------------------------------------+
|      Target Protocol Address                                  |
+---------------------------------------------------------------+

ARP Parameter


[ Top | ARP | UDP | ICMP (PING) | IP | TCP | GRE | AH | ESP ]


UDP Header

 
0                   1                   2                   3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Source Port                   |    Destination Port           |
+---------------+---------------+---------------+---------------+
| Länge                         |    Checksumme                 |
+-------------------------------+-------------------------------+

Well-Known UDP Server Ports


[ Top | ARP | UDP | ICMP (PING) | IP | TCP | GRE | AH | ESP ]


ICMP (PING) Header

 
0                   1                   2                   3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Type          | Code          |  Checksumme                   |
+---------------+---------------+---------------+---------------+
| Die weitere Information der Nachricht                         |
+-------------------------------+-------------------------------+
PING Header
 
0                   1                   2                   3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Type (8 / 0)  | Code (0)      |  Checksumme                   |
+---------------+---------------+---------------+---------------+
| Daten - bei ping -R oder ping -s xxxx                         |
+-------------------------------+-------------------------------+

Type Name bzw. Code (Code = 0)

  • 4 Source Quench

  • 5 Redirect

  • 8 Echo

  • 9 Router Advertisment

  • 10 Router Selection

  • 11 Time Exceeded

  • 12 Parameter Problem

  • 13 Timestamp

  • 14 Timestamp Reply

  • 15 Information Request

  • 16 Information Reply

  • 17 Address Mask Request

  • 18 Address Mask Reply

  • 30 Traceroute


    [ Top | ARP | UDP | ICMP (PING) | IP | TCP | GRE | AH | ESP ]


    IP Header

     
    0                   1                   2                   3
    0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
    | Vers  | IHL   | TOS           |      Totale Länge             |
    +---------------+---------------+---------------+---------------+
    |         ID                    | Flag  | Fragment Offset       |
    +-------------------------------+-------------------------------+
    | TTL           | Protocol      |  Header Checksumme            |
    +-------------------------------+-------------------------------+
    |               Source Address                                  |
    +-------------------------------+-------------------------------+
    |               Destination Address                             |
    +-------------------------------+-------------------------------+
    |                 Optionen                                      |
    +---------------------------------------------------------------+
    


    [ Top | ARP | UDP | ICMP (PING) | IP | TCP | GRE | AH | ESP ]


    TCP Header

     
    0                   1                   2                   3
    0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
    |       Source Port             |      Destination Port         |
    +---------------+---------------+---------------+---------------+
    |                   Sequence Number                             |
    +-------------------------------+-------------------------------+
    |                 Acknowledgement Number                        |
    +-------------------------------+-------------------------------+
    |Offs.  | Res.  |   Flags       |         Window                |
    +-------------------------------+-------------------------------+
    |                 Optionen                                      |
    +---------------------------------------------------------------+
    

    [ Top | ARP | UDP | ICMP (PING) | IP | TCP | GRE | AH | ESP ]


    GRE Header

     
           0                   1                   2                   3
           0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
          +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
          |C|R|K|S|s|Recur|  Flags  | Ver |         Protokoll Typ         |
          +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
          |      Checksum (optional)      |       Offset (optional)       |
          +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
          |                         Key (optional)                        |
          +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
          |                    Sequence Number (optional)                 |
          +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
          |                         Routing (optional)
          +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
    
    Aus dem dazugehörigen RFC:
    (RFC 1701 Generic Routing Encapsulation (GRE) October 1994)
    
          Flags and version (2 octets)
    
          The GRE flags are encoded in the first two octets.  Bit 0 is the
          most significant bit, bit 15 is the least significant bit.  Bits
          13 through 15 are reserved for the Version field.  Bits 5 through
          12 are reserved for future use and MUST be transmitted as zero.
    
          Checksum Present (bit 0)
    
          If the Checksum Present bit is set to 1, then the Checksum field
          is present and contains valid information.
    
          If either the Checksum Present bit or the Routing Present bit are
          set, BOTH the Checksum and Offset fields are present in the GRE
          packet.
    
          Routing Present (bit 1)
    
          If the Routing Present bit is set to 1, then it indicates that the
          Offset and Routing fields are present and contain valid
          information.
    
          If either the Checksum Present bit or the Routing Present bit are
          set, BOTH the Checksum and Offset fields are present in the GRE
          packet.
    
          Key Present (bit 2)
    
          If the Key Present bit is set to 1, then it indicates that the Key
          field is present in the GRE header.  Otherwise, the Key field is
          not present in the GRE header.
    
          Sequence Number Present (bit 3)
    
          If the Sequence Number Present bit is set to 1, then it indicates
          that the Sequence Number field is present.  Otherwise, the
          Sequence Number field is not present in the GRE header.
    
          Strict Source Route (bit 4)
    
          The meaning of the Strict Source route bit is defined in other
          documents.  It is recommended that this bit only be set to 1 if
          all of the the Routing Information consists of Strict Source
          Routes.
    
          Recursion Control (bits 5-7)
    
          Recursion control contains a three bit unsigned integer which
          contains the number of additional encapsulations which are
          permissible.  This SHOULD default to zero.
    
          Version Number (bits 13-15)
    
          The Version Number field MUST contain the value 0.  Other values
          are outside of the scope of this document.
    
    
    
          Protocol Type (2 octets)
    
          The Protocol Type field contains the protocol type of the payload
          packet.  In general, the value will be the Ethernet protocol type
          field for the packet.  Currently defined protocol types are listed
          below.  Additional values may be defined in other documents.
    
          Offset (2 octets)
    
          The offset field indicates the octet offset from the start of the
          Routing field to the first octet of the active Source Route Entry
          to be examined.  This field is present if the Routing Present or
          the Checksum Present bit is set to 1, and contains valid
          information only if the Routing Present bit is set to 1.
    
          Checksum (2 octets)
    
          The Checksum field contains the IP (one's complement) checksum of
          the GRE header and the payload packet.  This field is present if
          the Routing Present or the Checksum Present bit is set to 1, and
          contains valid information only if the Checksum Present bit is set
          to 1.
    
          Key (4 octets)
    
          The Key field contains a four octet number which was inserted by
          the encapsulator.  It may be used by the receiver to authenticate
          the source of the packet.  The techniques for determining
          authenticity are outside of the scope of this document.  The Key
          field is only present if the Key Present field is set to 1.
    
          Sequence Number (4 octets)
    
          The Sequence Number field contains an unsigned 32 bit integer
          which is inserted by the encapsulator.  It may be used by the
          receiver to establish the order in which packets have been
          transmitted from the encapsulator to the receiver.  The exact
          algorithms for the generation of the Sequence Number and the
          semantics of their reception is outside of the scope of this
          document.
    
          Routing (variable)
    
          The Routing field is optional and is present only if the Routing
          Present bit is set to 1.
          The Routing field is a list of Source Route Entries (SREs).  Each
          SRE has the form:
    
        0                   1                   2                   3
        0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
       +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
       |       Address Family          |  SRE Offset   |  SRE Length   |
       +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
       |                        Routing Information ...
       +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
    
       The routing field is terminated with a "NULL" SRE containing an
       address family of type 0x0000 and a length of 0.
    
       Address Family (2 octets)
    
       The Address Family field contains a two octet value which indicates
       the syntax and semantics of the Routing Information field.  The
       values for this field and the corresponding syntax and semantics for
       Routing Information are defined in other documents.
    
       SRE Offset (1 octet)
    
       The SRE Offset field indicates the octet offset from the start of the
       Routing Information field to the first octet of the active entry in
       Source Route Entry to be examined.
    
       SRE Length (1 octet)
    
       The SRE Length field contains the number of octets in the SRE.  If
       the SRE Length is 0, this indicates this is the last SRE in the
       Routing field.
    
       Routing Information (variable)
    
       The Routing Information field contains data which may be used in
       routing this packet.  The exact semantics of this field is defined in
       other documents.
    
    Forwarding of GRE packets
    
       Normally, a system which is forwarding delivery layer packets will
       not differentiate GRE packets from other packets in any way.
       However, a GRE packet may be received by a system.  In this case, the
       system should use some delivery-specific means to determine that this
       is a GRE packet.  Once this is determined, the Key, Sequence Number
       and Checksum fields if they contain valid information as indicated by
       the corresponding flags may be checked.  If the Routing Present bit
       is set to 1, then the Address Family field should be checked to
       determine the semantics and use of the SRE Length, SRE Offset and
       Routing Information fields.  The exact semantics for processing a SRE
       for each Address Family is defined in other documents.
    
       Once all SREs have been processed, then the source route is complete,
       the GRE header should be removed, the payload's TTL MUST be
       decremented (if one exists) and the payload packet should be
       forwarded as a normal packet.  The exact forwarding method depends on
       the Protocol Type field.
    
    Current List of Protocol Types
    
       The following are currently assigned protocol types for GRE.  Future
       protocol types must be taken from DIX ethernet encoding.  For
       historical reasons, a number of other values have been used for some
       protocols.  The following table of values MUST be used to identify
       the following protocols:
    
           Protocol Family                     PTYPE
           ---------------                     -----
           Reserved                            0000
           SNA                                 0004
           OSI network layer                   00FE
           PUP                                 0200
           XNS                                 0600
           IP                                  0800
           Chaos                               0804
           RFC 826 ARP                         0806
           Frame Relay ARP                     0808
           VINES                               0BAD
           VINES Echo                          0BAE
           VINES Loopback                      0BAF
           DECnet (Phase IV)                   6003
           Transparent Ethernet Bridging       6558
           Raw Frame Relay                     6559
           Apollo Domain                       8019
           Ethertalk (Appletalk)               809B
           Novell IPX                          8137
           RFC 1144 TCP/IP compression         876B
           IP Autonomous Systems               876C
           Secure Data                         876D
           Reserved                            FFFF
    
       See the IANA list of Ether Types for the complete list of these
       values.
    
       URL = ftp://ftp.isi.edu/in-notes/iana/assignments/ethernet-numbers.
    
    

    [ Top | ARP | UDP | ICMP (PING) | IP | TCP | GRE | AH | ESP ]


    AH Header

    RFC 2402, Checksumme über das Paket, Authentifizierung, Integrität.

     
    .0                   1                   2                   3
    .0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
    | Next Header   | Payload Läng. |           RESERVIERT          |
    +---------------+---------------+---------------+---------------+
    |                Security Parameter Index - SPI                 |
    +-------------------------------+-------------------------------+
    |                  Sequence Number Field                        |
    +-------------------------------+-------------------------------+
    |                  Authentication Data                          |
    +                  (Länge variabel)                             +
    |                                                               |
    +-------------------------------+-------------------------------+
    

    [ Top | ARP | UDP | ICMP (PING) | IP | TCP | GRE | AH | ESP ]


    ESP Header

    RFC 2406. Verschlüßelte Daten.

     
    .0                   1                   2                   3
    .0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
    |                Security Parameter Index - SPI                 |
    +-------------------------------+-------------------------------+
    |                  Sequence Number Field                        |
    +-------------------------------+-------------------------------+
    |                  Initialization Vector                        |
    +-------------------------------+-------------------------------+
    |                  Payload (variable Länge)                     |
    +                                      +------------------------+
    |                                      |   Padding (0)          |
    +-------------------------------+-------------------------------+
    |                               |    Pad Läng.  | Next Header   |
    +-------------------------------+-------------------------------+
    |                  Authentication Data                          |
    +                  (Länge variabel)                             +
    |                                                               |
    +-------------------------------+-------------------------------+
    

    [ Top | ARP | UDP | ICMP (PING) | IP | TCP | GRE | AH | ESP ]


    [ Main | Local ]

    [ Allgemein | UNIX | AIX | TCP-IP | TCP | ROUTING | DNS | NTP | NFS | FreeBSD | Linux | SMTP | Tracing | GPS ]

    Copyright 2001-2014 by Orm Hager - Es gilt die GPL
    Feedback bitte an: Orm Hager (orm@doc-tcpip.org )