[Winpcap-users] Question about how to interpertate the pkt_data

Wu Bo (ST-VS/EAP2.3) Bo.Wu at us.bosch.com
Fri Jan 16 22:56:15 GMT 2009


Hey Guys,

I have a question about how to interperated the raw(hex) data. 
1) I get data from wireshark and found out that first 14 bytes from
pkt_data is about Ethernet II?
2) next 20 bytes from pkt_data is Internet Protocol?
3) What about the rest of the bytes, I know they represent some
different data, such as ICMP, TCP, SSL, TLSV1, UDP, etc. How can we
distinct the data between all these protocols? How do we know the data
we received is TCP protocol, or ICMP protocol, or SSL protocol?
4) How can we find out whether the data contains password and user name?
I look at the wireshark's data and know that somethere it contains user
name, and the password is decryted, anyone know where does these two
located? 

Thank you
Bo Chen Wu
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://www.winpcap.org/pipermail/winpcap-users/attachments/20090116/3dfc9d19/attachment-0001.htm


More information about the Winpcap-users mailing list