Skip to content

Learning advanced packet analysis

by Nat on September 7th, 2010

For the first project of many, I’m going to describe a project that I just started a few days ago.

First of all, you’re probably aware that electronic network traffic travels in packets through the mysterious ether. When you send someone an e-mail, you’re actually sending packets of data to an e-mail server somewhere, or if you’re using a web interface (which you probably are), you’re sending packets of data to a web portal, which is then probably sending more packets across the wire to a database server (or cluster of servers) somewhere where your e-mail data is stored. (This is a pretty high-level explanation, but I could really go on for hours about this stuff, so I’d better stop here so far as packets go.)

Packet capture is the practice (and in my opinion, the fine art) of intercepting network packets as they travel from point A to point B. Once these packets have been captured, they can be analyzed, and since all network communication takes place via these packets, you can get an accurate and complete picture of a network conversation. This is pretty cool; it’s a great way (and often, the only way) of troubleshooting network problems, and it feels sort of sneaky, like reading someone else’s mail.

To provide some context for this particular project, I’d like to describe my motivation for this particular endeavor, in as much detail as confidentiality for my job allows.

At my work, one of our service providers recently had a lot of server issues that required us to collect packet captures of network activity and send them on to the provider for analysis. I worked on getting a few captures on my own, as well as getting captures from other companies experiencing problems, but when I went to look at the captures I realized I didn’t really have a great understanding of this stuff. I want to get better; I want to level up!

So I purchased a book through my work, and downloaded the great, free utility Wireshark in order to work on my packet capture abilities. I already have a beginner’s understanding of how to do packet capture and analysis, and have done it a few times for work and school, but I want to get some advanced knowledge in packet analysis.

So now, because I like bullet points: concrete project goals!

  • Read/work through the entirety of Practical Packet Analysis
  • Analyze and understand at least 10 different packet captures that I take myself of various network conversations. A few ideas I had: downloading a blog entry, FTPing a small file, a telnet session, an SSH session, a login into Nintendo Wi-Fi Connection using a Nintendo DS, and downloading news posts with Thunderbird.

I have many ongoing projects, but this is the first one I’ll be discussing here. I’ll update this blog when I’ve made substantial progress on my concrete goals!

From → Packet Analysis

No comments yet

Leave a Reply

Note: XHTML is allowed. Your email address will never be published.

Subscribe to this comment feed via RSS