Detailed Design

 

 

                                    Requested by:     Ken Swarner

                                                       System Administrator

                                                       Siena College

                                                       Computer Science Department

 

                                                                    

 

 

TCP/IP Packet Descriptor

 

 

 

Paradigm Solutions

 

 

Prepared by:       Jonathan Baker, Team Leader

                          Ryan Fischer

                          Mike Sebast

                          Justin Waterman

                          Jim DeSario

                          Mark Mossman

 

 

 

 

 

 

February 28, 2005

 

Detailed Design

Table of Contents

 

Section 1:                  External Design Specifications........................................................................ 4

                                 Section 1.1:                     User Displays......................................................... 4

                                 Section 1.2:                     Detailed Data Flow Diagrams............................... 18

                                 Section 1.3:                     Hardware, Software, and Human Interfaces.......... 23

           

Section 2:                  Architectural Design Specification................................................................ 24

                                 Section 2.1:                     User Commands................................................... 24

                                 Section 2.2:                     Functional Descriptions......................................... 26

                                 Section 2.2.0:                  Ethernet PDU for the selected FTP PDU.............. 26

                                 Section 2.2.1:                   IP PDU for the selected FTP PDU...................... 32

                                 Section 2.2.2:                   TCP PDU for the selected FTP PDU................... 45

                                 Section 2.2.3:                   FTP PDU for the selected FTP PDU................... 56

                                 Section 2.2.4:                   IP PDU for the selected ICMP PDU................... 58

                                 Section 2.2.5:                   ICMP PDU for the selected ICMP PDU............. 71

                                 Section 2.2.6:                   IP PDU for the selected SMTP PDU................... 79

                                 Section 2.2.7:                   TCP PDU for the selected SMTP PDU............... 92

                                 Section 2.2.8:                   SMTP PDU for the selected SMTP PDU.......... 103

                                 Section 2.2.9:                   IP PDU for the selected HTTP PDU.................. 106

                                 Section 2.2.10:                 TCP PDU for the selected HTTP PDU.............. 120

                                 Section 2.2.11:                 HTTP PDU for the selected HTTP PDU............ 131

                                 Section 2.2.12:                 IP PDU for the selected SSH PDU.................... 147

                                 Section 2.2.13:                 TCP PDU for the selected SSH PDU................ 159

                                 Section 2.2.14:                 IP PDU for the selected TELNET PDU............. 168

                                 Section 2.2.15:                 TCP PDU for the selected TELNET PDU......... 181

                                 Section 2.2.16:                TELNET PDU for the selected TELNET PDU ... 192

                                 Section 2.2.17:                 ARP PDU for the selected ARP PDU................ 193

                                 Section 2.2.18:                 IP PDU for the selected UPD PDU................... 206

 

Section 3:                  Data Storage ........................................................................................... 225

                                 Section 3.1:                     Naming Convention............................................ 225

                                 Section 3.2:                     Physical Location of Data................................... 225

 

Section 4:                  Testing Requirements    ............................................................................. 226

                                 Section 4.1:                  Testing Specifications............................................. 227

                                 Section 4.2:                  Testing Forms........................................................ 230

 

Section 5:                  Appendix.................................................................................................. 238

                                 Section 5.1:                     Glossary............................................................. 238

                                 Section 5.2:                     Gantt Chart........................................................ 240

 

1.0 External Design Specifications

           

1.1  User displays

 

 

 

In order to effectively portray the user displays, the following pages contain a pictorial representation of a user navigating through the HTTP protocol selection.  After each picture there is a brief summary of what the user would have selected in order to make each screen appear.

 

 

 

 

 

This is the first screen that the user will see when he logs onto the program.  This screen consists of a protocol tree in the middle, with an accompanying Ethernet stack to the right of it, measuring where each protocol lies in the tree.  Additionally, we have an Ethernet frame at the top of the screen that displays information about the destination, source, and other information about it.  Any button when selected will cause the box at the bottom to display topic information about what was selected.  Also there is a history page link in the bottom right corner, which upon clicking will bring the user to a history page with previous teams web pages.  The history page link is a uniform feature throughout the screens.

 

 

 

This is the history page that the user will be sent to if the icon is selected.  The user can click on any previous teams link to view their homepages, to return to the previous screen the user clicks on the back button.

 

 

 

 

 

In the middle of the screen is a protocol tree, which the user may select any of the non-shaded out protocols to display a list of data sessions.  In this example, the HTTP protocol was selected, and a drop-down menu of data sessions has appeared.  The user then scrolls to the particular data field that he is interested in, and then clicks on it to take him or her to the Packet Selection screen.

 

 

 

 

 

 

The user can scroll down the list using the scroll bar.  This screen shows the user had scrolled down to view other data sessions.

 

 

 

 

 

 

When the user moves the mouse over a data session, the session becomes highlighted.  The data session then becomes un-highlighted when the mouse moves off of the data session.  This screen shows the mouse highlighting a particular data session.  The user would click the highlighted data session to advance to the Packet Selection screen.

 

 

 

 

 

 

 

 

 

 

 

This is a Packet Selection Screen as the user first sees it.  Its title at the top reflects the protocol that was selected.  From before, the HTTP protocol was selected.  The box in the middle of the screen displays the different packets of the selected protocol as well as other relevant information about the packet.  The screen is initialized to highlight the topmost packet, which is the default packet.  Above this, we have repeated the data session name for the data session that was selected from the Protocol Selector screen.  There are two buttons below this packet box:  a View Packet Button, which takes you to the Information Display Screen and display the highlighted packet; and a Choose Protocol Button, which when clicked returns you to the Protocol Selection Screen.  Additionally the user can display the contents of a packet by double clicking the packet on this screen.

 

 

 

 

 

 

 

If there are more packets in the data session than the box is capable of displaying, the scroll bar on the right allows the user to scroll through the different packets available in the data session.  This is an example of the user scrolling to see more packets.  The user can highlight a particular packet by clicking on its row.  This action will un-highlight the previously highlighted packet.  Clicking on a currently highlighted packet does nothing.  This screen demonstrates the highlighting of a packet other than the default packet.

 

 

 

This is the Information Display Screen.  This screen displays the contents of the packet that was selected in the Packet Selector Screen.  The two buttons on the upper left, the Choose Packet Button and the Choose Protocol Button, bring the user to the Packet Selector Screen and the Protocol Selection Screen, respectively.  There are tabs that would allow the user to traverse the protocol tree, less the Ethernet root.  Since, in this example the user had selected an HTTP packet; the tabs at the bottom of the screen are IP, TCP, and HTTP.  Everything on this screen except for the packet fields is geographically static, that is they will not change in size or location on this screen.  The user first sees the highest level of protocol, in this case HTTP.  This is the screen as the user first sees it.  The protocol stack in the upper right corner allows the user to navigate through the different protocols within the protocol hierarchy.  At the top of the screen there is an Ethernet Frame that is now filled with data.

 

 

 

 

Clicking on any of the fields’ causes the program to display both information about the field and the data contained in that field in the Information Box, located on the left of the screen.  This is an example of the user clicking on the Type of Service field.

 

This is an example of the user selecting the TCP protocol, as the user first sees it.  The information box displays the selected packet’s TCP protocol information.

 

 

 

 

Clicking on a different field clears out the information box and displays the information of the newly selected field.  This is an example of the user selecting Source Port Number field.

 

 

 

 

 

The user went to the HTTP protocol, the information box displays information about the HTTP protocol.
 

 

 

The user selected the HTTP PDU field.  The information box displays the information within that field.

 

1.2 Detailed Data Flow Diagrams

 

 

Key:

□   — Source/Sink

○  — Process

═  — Data Stores

→ — Data Flow

 

 

 

 

 

 

 

 

1.3 Hardware, Software and Human Interfaces

 

The prototype was developed and designed using Macromedia Fireworks and Adobe Photoshop graphic design programs. 

 

The program will be written in HTML and PHP using the Macromedia Studio MX Suite of web design tools. Other Linux based code editing tools may be used.

 

The TCP/IP Packet Descriptor program will be hosted as a web site on the Siena College Computer Science Department’s Oraserv Linux server (Red Hat version 7.1), running the Apache web server (version 1.3.19) and PHP (version 4.1.2).

 

The program will be compatible with any Netscape Navigator 7.x or greater, Internet Explorer 5.x or greater, Firefox 1.x or greater, and Mozilla 1.7.x or greater web browsers.

2.0 Architectural Design Specification

 

2.1 User Commands

 

Active Protocols (those that the user can select) –

File Transfer Protocol (FTP)

Simple Mail Transfer Protocol (SMTP)

Hyper Text Transfer Protocol (HTTP)

Terminal Emulation Protocol (TELNET)

Address Resolution Protocol (ARP)

Secure Shell (SSH)

Internet Control Message Protocol (ICMP)

User Datagram Protocol (UDP)

 

Inactive Protocols (those that show up in the protocol hierarchy, but cannot be chosen for viewing) –

Simple Network Management Protocol (SNMP)

Secure Control Protocol (SCP)

Dynamic Host Configuration Protocol (DHCP)

Domain Name Service (DNS)

Resource Reservation Protocol (RSVP)

Lightweight Directory Access Protocol (LDAP)

Network Time Protocol (NTP)

 

Choose Protocol- The “Choose Protocol” function will display a hierarchical tree of available protocols.  Each node of the tree will be a link to display that particular protocol.

 

Protocol Fields- Each field will be a link.  When selected it will be highlighted and the Information of that field will be shown in an information box to the left of the PDU.

 

Team Logos – Each logo will be a link that, when selected, will take the user to that team’s website.

 

View Packet – This command is given from the Packet Selector screen by pressing the View Packet button. Here, it will bring up the Information Display screen, displaying the highlighted packet.

 

Choose Protocol – This button in on both the Packet Selector Screen and the Information Display screen.  This command will take the user back to the Protocol Selection screen.

 

Choose Packet – This command is executed when the user presses the Choose Packet button on the Information Display screen.  This allows the user to select a different packet from within the current data session.

 

Packet Select – On the Packet Selector screen, there will be a display of all the packets within the current data session.  The user can select the row that they wish to view by clicking on the row that contains that packet.  Note that this does not bring up the Information Display screen, but rather indicates which packet will be displayed when the user selects the View Packet button.

 

Data Session Select – After the user clicks on their desired protocol, a drop down menu will appear displaying all the data sessions that have been stored in a folder to be specified later by our client, Mr. Swarner.  The user then clicks on the data session that they would like to view.  The act of selecting takes them to the Packet Selector screen.

 

Request for Comments Link – Each PDU will have a link to a web site with extensive information about the selected protocol.

 

 

 

2.2 Functional Descriptions

 

2.2.0 Ethernet PDU for the selected FTP PDU

 

Hex Dump:

00    01    03    1e    e2    24    00    00

f8     1f     00    85   08    00    45    10

00    45    AA   41   40    00    40    06

0e     85    c0     a8   00    27    c0    a8

00     65    80    30   00    15    81    a5

16     6c    87    a3    53    5d    80   18

16     d0    11    f4    00    00    01   01

08     0a    1b    25    f3     a1    0b   dd

73     58    50    41   53     53    20   66

31     61    32    6b   33     75    73   65

72     0d    0a

 

Ethernet PDU > Preamble for the selected FTP PDU

 

Field Name: Preamble

 

Description:  Repeating bit sequence (10101010…) used to determine clock synchronization between transmitting and receiving stations

 

Data value (hexadecimal):  AAAAAAAAAAAAAA

 

Data values in other bases: Not applicable

 

Start Bit: Pre-Packet

 

Length: 56

 

Ethernet PDU > Start of Frame (Sof) for the selected FTP PDU

 

Field Name: Start of Frame (Sof)

 

Description:  Marks the beginning of the Ethernet Frame

 

Data value (decimal):  171

 

Data values in other bases:

 

Hexadecimal	A	B
Binary	1010	1011

 

Start Bit: Pre-Packet

 

Length: 8

 

Ethernet PDU > Destination MAC Address for the selected FTP PDU

 

Field Name: Destination MAC Address

 

Description:  48 bit destination node address, specifying the station(s) for which the frame is intended.  It may be an individual or multicast (including broadcast) address.

 

The LSB of 48-bit Ethernet addresses will be 0 if the frame is single cast (meant for a specific node) or 1 if it is multicast (broadcast to multiple nodes). Individual nodes on a network determine whether they need to participate in a multicast, and either receive or ignore the frame

 

Data value (hexadecimal):  00 : 01 : 03 : 1E : E2 : 24

 

Data values in other bases: Not applicable

 

Start Bit: 0

 

Length: 48

 

 

Ethernet PDU > Source MAC Address for the selected FTP PDU

 

Field Name: Source MAC Address

 

Description:  48 bit source node address, specifying the station sending the frame.  The Source Address field is not interpreted by the CSMA/CD MAC sublayer

 

Data value (hexadecimal):  00 : 00 : F8 : 1F : 00 : 85

 

Data values in other bases: Not applicable

 

Start Bit: 48

 

Length: 48

 

 

Ethernet PDU > Length for the selected FTP PDU

 

Field Name: Length

 

Description:  The Length field is a 2-octet field whose value indicates the number of LLC data octets in the data field.  If the value is less than the minimum required for proper operation of the protocol, a PAD field (a sequence of octets) will be added at the end of the data field but prior to the FCS field.  The length field is transmitted and received with the high order octet first.

 

Data value (decimal):  2048

 

Data values in other bases:

 

Hexadecimal	0	8	0	0
Binary	0000	1000	0000	0000

 

Start Bit: 96

 

Length: 16

 

 

Ethernet PDU > Cyclic Redundancy Check (CRC) for the selected FTP PDU

 

Field Name: Cyclic Redundancy Check (CRC)

 

Description:  Calculation to determine if any bit errors occurred to the packet during transmission

 

Data value (hexadecimal):  FFFF

 

Data values in other bases: Not applicable

 

Start Bit: Post-packet

 

Length: 32

 

 

2.2.1 IP PDU for the selected FTP PDU

 

IP PDU > IP Version for the selected FTP PDU

 

Field Name: IP Version

 

Description:  IP Version is a 4-bit field that indicates the format of the Internet header

 

Data value (decimal):  4

 

Data values in other bases:

 

Hexadecimal	4
Binary	0100

 

Start Bit: 0

 

Length: 4

 

IP PDU > Header Length for the selected FTP PDU

 

Field Name:  Header Length

 

Description:  The Header Length field is a 4-bit field indicating the length of the Internet header in 32 bit words, and thus points to the beginning of the data.  The minimum value of a correct header is 5 (20 bytes) and the maximum value is 15 (60 bytes).

 

Data value (decimal):  5

 

Data values in other bases:

 

Hexadecimal	0	5
Binary	0000	0101

 

Start Bit: 4

 

Length: 4

 

IP PDU > Type of Service for the selected FTP PDU

 

Field Name:  Type of Service

 

Description:  Type of Service is an 8-bit field that provides and indication of the abstract parameters of the quality of service desired.  These parameters guide the selection of the actual service parameters when transmitting a data gram through a particular network.

 

The major choice is a three-way tradeoff between low-delay, high-reliability, and high-throughput.

 

Bits 0-2: Precedence

Bit 3: (D) 0 = Normal Delay                 1 = Low Delay

Bit 4: (T) 0 = Normal Throughput         1 = High Throughput

Bit 5: (R) 0 = Normal Reliability            1 = High Reliability

 

Precedence:

            111 = Network Control                        011 = Flash

            110 = Inter-network Control                010 = Immediate

            101 = CRITIC/ECP                             001 = Priority

            100 = Flash Overridden                        000 = Routine

 

Data value (decimal): 16

 

Data values in other bases:

 

Hexadecimal	1	0
Binary	0001	0000

 

Start Bit: 8

 

Length: 8

 

IP PDU > Total Length for the selected FTP PDU

 

Field Name: Total Length

 

Description: Total Length is a 16-bit field that indicates the length of the frame, measured in octets, including Internet header and data.  The maximum size is 2¹⁶-1 or 65,535 octets; however, the recommended maximum size is 576 octets.

 

Data values (decimal):  69

 

Data values in other bases:

 

Hexadecimal	0	0	4	5
Binary	0000	0000	0100	0101

 

• The data value used here is that of Blue Technology’s data.  Blue’s data matches up with the dump file from ethereal while Mirage’s doesn’t.
• Mirage’s data value was 69 in hexadecimal

 

 

Start Bit: 16

 

Length: 16

 

IP PDU > Identification for the selected FTP PDU

 

Field Name:  Identification

 

Description:  Identification is a 16-bit field.  An identifying value is assigned by the sender to aid in assembling the fragments of a data gram.  The identifier is chosen based on the need to provide a way to uniquely identify the fragments and protocol for the time the data gram or any fragment could be alive in the Internet.

 

Data value (decimal): 43585

 

Data values in other bases:

 

Hexadecimal	A	A	4	1
Binary	1010	1010	0100	0001

 

Start Bit: 32

 

Length: 16

 

IP PDU > Flags for the selected FTP PDU

 

Field Name:  Flags

 

Description:  Flags is a 3-bit field that indicates directions for fragmentation.

 

Bit 0: reserved, must be 0

Bit 1: (DF) 0 = May Fragment              1 = Don’t Fragment

Bit 2: (MF) 0 = Last Fragment              1 = More Fragment

 

Data value (binary): 010

 

Data values in other bases:  Not applicable

 

Start Bit: 48

 

Length: 3

 

 

IP PDU > Fragment Offset for the selected FTP PDU

 

Field Name:  Fragment Offset

 

Description:  The Fragment Offset is a 13- bit field indicating where in the Ethernet frame this fragment begins.  The Fragment Offset is measured in units of 8 octets, and the first fragment has offset 0.

 

Data value (decimal): 0

 

Data values in other bases:

 

Hexadecimal	0	0	0	0
Binary	0000	0000	0000	0000

 

Start Bit: 51

 

Length: 13

 

IP PDU > Time to Live for the selected FTP PDU

 

Field Name: Time to Live

 

Description:  Time to Live is an 8-bit field that indicates the maximum time the data ram is allowed to remain in the Internet.  If this field contains the value 0, then the data gram must be destroyed.  This field is modified in Internet header processing.  The time is measure in units of seconds, and is set by the sender to the maximum time the data gram is allowed to be in the Internet.  This field is decreased at each point that the Internet header is processed.  The intention is to cause undeliverable packets to be discarded, and to bind the maximum data gram lifetime.

 

Data value (decimal): 64

 

Data values in other bases:

 

Hexadecimal	4	0
Binary	0100	0000

 

Start Bit: 64

 

Length: 8

 

IP PDU > Protocol for the selected FTP PDU

 

Field Name:  Protocol

 

Description:  Protocol is an 8-bit field that indicates the next level protocol that is used in the data portion of the Internet diagram.

Dec     Hex     Protocol                                       Dec          Hex     Protocol

0            00      Reserved                                                          22                    16           Multiplexing

1            01      ICMP                                                              23                    17           DCN

2            02      Unassigned                                                       24                    18           TAC Monitoring       

3            03      Gateway-to-Gateway                                       25-76               19-4C     Unassigned               

4            04      CMCC Gateway Monitoring Message  77                    4D          Any local network

5            05      ST                                                                    100                  64           SATNET and                 
                                                                                                                         Backroom EXPAK

6            06      TCP                                                                 101                  65           MIT Subnet
                                                                                                                           Support

7            07      UCL                                                                102-104           66-68      Unassigned

10          0A     Unassigned                                                       105                  69           SATNET
                                                                                                                           Monitoring

11          0B      Secure                                                              106                  6A          Unassigned

12          0C     BBN RCC Monitoring                          107                  6B           Internet Packet Core
                                                                                                                           Utility

13          0D     NVP                                                                110-113           6E-71     Unassigned

14          0E      PUP                                                                 114                  72           Backroom SATNET
                                                                                                                                       Monitoring

15         0F      Pluribus                                                            115                  73           Unassigned

16          10      Telnet                                                               116                  74           WIDEBAND
                                                                                                                           Monitoring

17          11      XNET                                                              117                  75           WIDEBAND     
                                                                                                                            EXPAK

20          14      Chaos                                                              120-376           78-0178  Unassigned

21          15      User Data gram                                                377                  0179        Reserved

 

Data value (decimal): 6

 

Data values in other bases:

 

 

Start Bit: 72

 

Length: 8

 

RFC Link: http://www.faqs.org/rfcs/rfc790.html

.

IP PDU > Header Checksum for the selected FTP PDU

 

Field Name:  Header Checksum

 

Description:  The Header Checksum is a 16-bit field.  The Checksum is the 16-bit one’s complement sum of all 16-bit words in the header.  For purposes of computing the checksum, the initial value of its field is zero.  When both header checksums are equal, then the header bits are correct.  If either checksums vary, then a new, correct packet will need to be sent.

 

This is a simple way to compute the checksum and experimental evidence indicates that it is adequate, but it is provisional and may be replaced by a CRC procedure, depending on further experience.

 

Data value (decimal): 3717

 

Data values in other bases:

 

Hexadecimal	0	E	8	5
Binary	0000	1110	1000	0101

 

Start Bit: 80

 

Length: 16

 

IP PDU > Source IP Address for the selected FTP PDU

 

Field Name:  Source IP Address

 

Description:  The Source Address is a 32-bit field that contains the IP address of the host that sent the IP Packet.

 

Data value (decimal):  192.168.0.39

 

Data values in other bases:

 

Hexadecimal	C	0	A	8	0	0	2	7
Binary	1100	0000	1010	1000	0000	0000	0010	0111

 

Start Bit: 96

 

Length: 32

 

IP PDU > Destination IP Address for the selected FTP PDU

 

Field Name:  Destination IP Address

 

Description:  The Destination Address is a 32-bit field that contains the address of the host that is to receive the data contained within the IP packet.

 

Data value (decimal):  192.168.0.101

 

Data values in other bases:

 

Hexadecimal	C	0	A	8	0	0	6	5
Binary	1100	0000	1010	1000	0000	0000	0110	0101

 

Start Bit: 128

 

Length: 32

 

IP PDU > Options for the selected FTP PDU

 

Field Name:  Options

 

Description:  The options may or may not appear in Ethernet packets.  They must be implemented by all IP modules (host and gateways).  What is optional is their transmission in any particular packet, not their implementation.

 

The option field is variable in length.  There may be zero or more options.  There are two cases for the format of an option.

            Case 1: A single octet of option type

            Case 2: An option-type octet, an option-length octet, and the actual option-data                                    octets.

 Some example options are:

0 End of Options list                 68 Timestamp

1 No operation (pad)                131 Loose source route

7 Record route                         137 Strict source route

 

Data values:  Not applicable

 

Data values in other bases:  Not applicable

 

Start Bit: 160

 

Length: Variable (0-40 bytes)

 

2.2.2 TCP PDU for the selected FTP PDU

 

IP > TCP PDU > Source Port Number for the selected FTP PDU

 

Field Name:  Source Port Number

 

Description: A 16-bit address assigned by the sending computer that represents the name of the application that sent the data in the IP packet.

 

Common TCP Well-Known Server Ports (Decimal):

 7 echo                                      110     pop3

19 chargen                                111     sunrpc

20 ftp-data                               119      nntp

21 ftp-control                           139      netbios-ssn

22 ssh                                      143      imap

23 telnet                                   179      bgp

25 smtp                                     389     ldap

53 domain                                443      https (ssl)

79 finger                                    445     microsoft-ds

80 http                                     1080    socks

 

Data value (decimal): 32816

 

Data values in other bases:

 

Hexadecimal	8	0	3	0
Binary	1000	0000	0011	0000

 

Start Bit: 0

 

Length: 16

 

IP > TCP PDU > Destination Port Number for the selected FTP PDU

 

Field Name: Destination Port Number

 

Description: This 16-bit number represents the name of the application that is to receive the data contained within the IP packet. This is one of the major differences between a Layer 3 and a Layer 4 header: the Layer 3 header contains the IP address of the computer that is to receive the IP packet; once that packet has been received, the port address in the Layer 4 header ensures that the data contained within that IP packet is passed to the correct application on that computer.

 

Common TCP Well-Known Server Ports (Decimal):

 7 echo                                      110     pop3

19 chargen                                111     sunrpc

20 ftp-data                                119     nntp

21 ftp-control                           139      netbios-ssn

22 ssh                                       143     imap

23 telnet                                    179     bgp

25 smtp                                     389     ldap

53 domain                                 443     https (ssl)

79 finger                                    445     microsoft-ds

80 http                                     1080    socks

 

This key indicates assigned port number values:

Dec                       Port Numbers

0                                            Reserved

1-32767                 Internet registered ("well-known") protocols

32768-98303         Reserved, to allow TCPv7-TCPv4 conversion

98304 & up            Dynamic assignment

 

Data value (decimal): 21 (indicates FTP)

 

Data values in other bases:

 

Hexadecimal	0	0	1	5
Binary	0000	0000	0001	0101

 

Start Bit: 16

 

Length: 16

 

Source: http://www.zvon.org/tmRFC/RFC1475/Output/chapter4.html

 

IP > TCP PDU > Sequence Number for the selected FTP PDU

 

Field Name:  Sequence Number

 

Description: TCP is responsible for ensuring that all IP packets sent are actually received. When an application's data is packaged into IP packets, TCP will give each IP packet a sequence number. Once all the packets have arrived at the receiving computer, TCP uses the number in this 32-bit field to ensure that all of the packets actually arrived and are in the correct sequence.

 

Data value (decimal): 2175080044

 

Data values in other bases:

 

Hexadecimal	8	1	A	5	1	6	6	C
Binary	1000	0001	1010	0101	0001	0110	0110	1100

 

Start Bit: 32

 

Length: 32

 

IP > TCP PDU > Acknowledgement Number for the selected FTP PDU

 

Field Name: Acknowledgement Number

Description: This number is used by the receiving computer to acknowledge which packets have successfully arrived. This number will be the sequence number of the next packet the receiver is ready to receive.

Data value (decimal): 2275627869

 

Data values in other bases:

 

Hexadecimal	8	7	A	3	5	3	5	D
Binary	1000	0111	1010	0011	0101	0011	0101	1101

 

Start Bit: 64

 

Length: 32

 

IP > TCP PDU > Length for the selected FTP PDU

 

Field Name: Length

 

Description: This is identical in concept to the header length in an IP packet, except this time it indicates the length of the TCP header. The minimum value of a correct header is 5 (20 bytes) and the maximum value is 15 (60 bytes).

 

Data value (decimal): 8

 

Data values in other bases:

 

Hexadecimal	0	8
Binary	0000	1000

 

• The data value used here is that of Blue Technology’s data.  Blue’s data matches up with the dump file from ethereal while Mirage’s doesn’t.
• Mirage’s data value was 128 in decimal

 

Start Bit: 96

 

Length: 4

 

IP > TCP PDU > Reserved for the selected FTP PDU

 

Field Name:  Reserved

 

Description:
These 6 bits are unused and are always set to 0.

 

Data value (decimal): 0

 

Data values in other bases:

 

Hexadecimal	0	0	0	0	0	0
Binary	0000	0000	0000	0000	0000	0000

 

Start Bit: 100

 

Length: 6

 

IP > TCP PDU > Flags for the selected FTP PDU

 

Field Name:  Flags

 

Description: Every TCP packet contains this 6-bit value that indicates how many octets it can receive at once. When IP packets are received, they are placed in a temporary area of RAM known as a buffer until the receiving computer has a chance to process them; this value represents how big a buffer the receiving host has made available for this temporary storage of IP packets.

 

Flags: U A P R S F

U (1 = Urgent pointer valid)

A (1 = Acknowledgement field value valid)

P (1 = Push data)

R (1 = Reset connection)

S (1 = Synchronize sequence numbers)

F (1 = no more data; Finish connection)}

 

Data value (binary): 01 1000

 

Data values in other bases:  Not applicable

 

Start Bit: 106

 

Length: 6

 

IP > TCP PDU > Window Size for the selected FTP PDU

 

Field Name:  Window Size

Description: Every TCP packet contains this 16-bit value that indicates how many octets it can receive at once. When IP packets are received, they are placed in a temporary area of RAM known as a buffer until the receiving computer has a chance to process them; this value represents how big a buffer the receiving host has made available for this temporary storage of IP packets.

 

Data value (decimal): 5840

 

Data values in other bases:

 

Hexadecimal	1	6	D	0
Binary	0001	0110	1101	000

 

Start Bit: 112

 

Length: 16

 

IP > TCP PDU > TCP Checksum for the selected FTP PDU

 

Field Name: TCP Checksum

 

Description: Unlike IP, TCP is responsible for ensuring that the entire IP packet arrived intact. TCP will run a CRC on the entire IP packet (not just the header) and place the resulting checksum in this field. When the IP packet is received, TCP re-runs the CRC on the entire packet to ensure the checksum is the same.

 

Data value (decimal): 4596

 

Data values in other bases:

 

Hexadecimal	1	1	F	4
Binary	0001	0001	1111	0100

 

Start Bit: 128

 

Length: 16

 

IP > TCP PDU > Urgent Pointer for the selected FTP PDU

Field Name: Urgent Pointer

Description:  If the Urgent flag is set to on, this value indicates where the urgent data is located.

Data value (decimal):  0

 

Data values in other bases:  Not applicable

 

Start Bit: 144

 

Length: 16

 

IP > TCP PDU > Options for the selected FTP PDU

 

Field Name: Options

 

Description:  Like IP options, this field is optional and represents additional instructions not covered in the other TCP fields. Again, if an option does not fill up a 32-bit word, it will be filled in with padding bits. If present, may be used in negotiating a connection.

The Options field must fit the 32-bit boundary and is padded with 0s if it does not

 

Some example options (Decimal):

 

0 End of Options list                 3 Window scale

1 No operation (pad)                4 Selective ACK ok

2 Maximum segment size          8 Timestamp

 

Data value (hexadecimal): 01 01 08 0A 1B 25 F3 A1 0B DD 73 58

 

Data values in other bases: Not applicable

 

Start Bit: 160

 

Length: Variable

 

2.2.3 FTP PDU for the selected FTP PDU

 

IP >FTP > Request/Response for the selected FTP PDU

 

Description: Request: PASS (Password)

               The argument field is a Telnet string specifying the user’s password.  This command must be immediately preceded by the user name command, and, for some sites, completes the user’s identification for access control,

 

Data Values (hexadecimal): 50 41 53 53

 

Data Values in Other Bases:

 

ASCII	P	A	S	S
Binary	0101 0000	0100 0001	0101 0011	0101 0011

  

Start Bit: 144

 

Length: 16

 

RFC Link: http://www.ietf.org/rfc/rfc0959.txt?number=959

 

IP >FTP > Data for the selected FTP PDU

 

Description: Payload for the FTP data gram

                      Request Arg:            f1a2k3user

 

Data Value (hexadecimal): 20 66 31 61 32 6B 33 75 73 65 72 0D 0A

 

Data Values in Other Bases:

 

ASCII	SPC	f	1	a	2	k	3
Binary	0010 0000	0110 0110	0011 0001	0110 0001	0011 0010	0110 1011	0011 0011

 

ASCII	u	s	e	r	\r	\n
Binary	0111 0101	0111 0011	0110 0101	0111 0010	0000 1101	0000 1010

 

Start Bit: 144

 

Length: 16

 

 2.2.4 IP PDU for the selected ICMP PDU

 

IP PDU > IP Version for the selected ICMP PDU

 

Field Name: IP Version

 

Description:  Version is a 4-bit field that indicates the format of the Internet header.

 

Data value (decimal):  4

 

Data values in other bases:

 

Hexadecimal	4
Binary	0100

 

Start Bit: 0

 

Length: 5

 

IP PDU > Header Length for the selected ICMP PDU

 

Field Name: Header Length

 

Description:  The IHL field is a 4 bit field indicating the length of the Internet header in 32 bit words, and thus points to the beginning of the data.  The minimum value of a correct header is 5 (20 bytes) and the maximum value is 15 (60 bytes).

 

Data value (decimal):  5

 

Data values in other bases:

 

Hexadecimal	0	5
Binary	0000	0101

 

Start Bit: 4

 

Length: 4

 

IP PDU > Type of Service for the selected ICMP PDU

 

Field Name:  Type of Service

 

Description:  Type of Service is an 8-bit field that provides and indication of the abstract parameters of the quality of service desired.  These parameters guide the selection of the actual service parameters when transmitting a data gram through a particular network.

 

The major choice is a three-way tradeoff between low-delay, high-reliability, and high-throughput.

 

Bits 0-2: Precedence

Bit 3: (D) 0 = Normal Delay                  1 = Low Delay

Bit 4: (T) 0 = Normal Throughput                          1 = High Throughput

Bit 5: (R) 0 = Normal Reliability                            1 = High Reliability

 

Precedence:

               111 = Network Control                         011 = Flash

               110 = Internetwork Control                   010 = Immediate

               101 = CRITIC/ECP                              001 = Priority

               100 = Flash Overridden                         000 = Routine

 

Data value (decimal): 0

 

Data values in other bases:

 

Hexadecimal	0	0
Binary	0000	0000

 

Start Bit: 8

 

Length: 8

 

 

IP PDU > Total Length for the selected ICMP PDU

 

Field Name: Total Length

 

Description: Total Length is a 16-bit field that indicates the length of the frame, measured in octets, including Internet header and data.  The maximum size is 2¹⁶-1 or 65,535 octets; however, the recommended maximum size is 576 octets.

 

Data values (decimal):  84

 

Data values in other bases:

 

Hexadecimal	0	0	5	4
Binary	0000	0000	0101	0100

 

Start Bit: 16

 

Length: 16

 

IP PDU > Identification for the selected ICMP PDU

 

Field Name:  Identification

 

Description:  Identification is a 16-bit field.  An identifying value is assigned by the sender to aid in assembling the fragments of a data gram.  The identifier is chosen based on the need to provide a way to uniquely identify the fragments and protocol for the time the data gram or any fragment could be alive in the Internet

 

Data value (decimal): 21929

 

Data values in other bases:

 

Hexadecimal	5	5	A	9
Binary	0101	0101	1010	1001

 

• The data value used here is that of Blue Technology’s data.  Blue’s data matches up with the dump file from ethereal while Mirage’s doesn’t.
• Mirage’s binary data value was 0000 0000 0000 0000

 

 

Start Bit: 32

 

Length: 16

 

IP PDU > Flags for the selected ICMP PDU

 

Field Name:  Flags

 

Description:  Flags is a 3-bit field that indicates directions for fragmentation.

 

Bit 0: reserved, must be 0

Bit 1: (DF) 0 = May Fragment              1 = Don’t Fragment

Bit 2: (MF) 0 = Last Fragment                              1 = More Fragment

 

Data value (binary): 000

 

Data values in other bases:  Not applicable

 

• The data value used here is that of Blue Technology’s data.  Blue’s data matches up with the dump file from ethereal while Mirage’s doesn’t.
• Mirage’s binary data value was 010

 

 

Start Bit: 48

 

Length: 3

 

 

IP PDU > Fragment Offset for the selected ICMP PDU

 

Field Name:  Fragment Offset

 

Description:  The Fragment Offset is a 13- bit field indicating where in the Ethernet frame this fragment begins.  The Fragment Offset is measured in units of 8 octets, and the first fragment has offset 0.

 

Data value (decimal): 0

 

Data values in other bases:

 

Hexadecimal	0	0	0	0
Binary	0000	0000	0000	0000

 

Start Bit: 51

 

Length: 13

 

IP PDU > Time to Live for the selected ICMP PDU

 

Field Name: Time to Live

 

Description:  Time to Live is an 8-bit field that indicates the maximum time the data gram is allowed to remain in the Internet.  If this field contains the value 0, then the data gram must be destroyed.  This field is modified in Internet header processing.  The time is measure in units of seconds, and is set by the sender to the maximum time the data gram is allowed to be in the Internet.  This field is decreased at each point that the Internet header is processed.  The intention is to cause undeliverable packets to be discarded, and to bind the maximum data gram lifetime.

 

Data value (decimal): 255

 

Data values in other bases:

 

Hexadecimal	F	F
Binary	1111	1111

 

 

• The data value used here is that of Blue Technology’s data.  Blue’s data matches up with the dump file from ethereal while Mirage’s doesn’t.
• Mirage’s data value was 64 in decimal

 

Start Bit: 64

 

Length: 8

 

IP PDU > Protocol for the selected ICMP PDU

 

Field Name:  Protocol

 

Description:  Protocol is an 8-bit field that indicates the next level protocol that is used in the data portion of the Internet diagram.

Dec Hex         Protocol                                                          Dec                 Hex        Protocol

0            00      Reserved                                                          22                    16           Multiplexing

1            01      ICMP                                                              23                    17           DCN

2            02      Unassigned                                                       24                    18           TAC Monitoring       

3            03      Gateway-to-Gateway                                       25-76               19-4C     Unassigned               

4            04      CMCC Gateway Monitoring Message  77                    4D          Any local network

5            05      ST                                                                    100                  64           SATNET and                 
                                                                                                                         Backroom EXPAK

6            06      TCP                                                                 101                  65           MIT Subnet
                                                                                                                           Support

7            07      UCL                                                                102-104           66-68      Unassigned

10          0A     Unassigned                                                       105                  69           SATNET
                                                                                                                           Monitoring

11          0B      Secure                                                              106                  6A          Unassigned

12          0C     BBN RCC Monitoring                          107                  6B           Internet Packet Core
                                                                                                                           Utility

13          0D     NVP                                                                110-113           6E-71     Unassigned

14          0E      PUP                                                                 114                  72           Backroom SATNET
                                                                                                                                       Monitoring

15          0F      Pluribus                                                            115                  73           Unassigned

16          10      Telnet                                                               116                  74           WIDEBAND
                                                                                                                           Monitoring

17          11      XNET                                                              117                  75           WIDEBAND     
                                                                                                                            EXPAK

20          14      Chaos                                                              120-376           78-0178  Unassigned

21          15      User Data gram                                                377                  0179        Reserved

 

Data value (decimal): 1

 

Data values in other bases:

 

 

Start Bit: 72

 

Length: 8

 

RFC Link: http://www.faqs.org/rfcs/rfc790.html

IP PDU > Header Checksum for the Selected ICMP PDU

 

Field Name:  Header Checksum

 

Description:  The Header Checksum is a 16-bit field.  This CRC algorithm is the 16-bit one’s complement sum of all the 16-bit words in the header.  For purposes of computing the checksum, the value of the checksum field is initially zero.  When both header checksums are the same, then the header bits are correct.  If either checksums vary, then a packet will need to be resent.

 

This is a simple way to compute the checksum and experimental evidence indicates that it is adequate, but it is provisional and may be replaced by a CRC procedure, depending on further experience.

 

Data value (decimal): 58402

 

Data values in other bases:

 

Hexadecimal	E	4	2	2
Binary	1110	0100	0010	0010

 

• The data value used here is that of Blue Technology’s data.  Blue’s data matches up with the dump file from ethereal while Mirage’s doesn’t.
• Mirage’s data value was B8 CC in hexadecimal

 

 

Start Bit: 80

 

Length: 16

 

IP PDU > Source IP Address for the Selected ICMP PDU

 

Field Name:  Source IP Address

 

Description:  The Source Address is a 32-bit field that contains the IP address of the host that sent the IP Packet.

 

Data value:  192.168.0.101

 

Data values in other bases:

 

Hexadecimal	C	0	A	8	0	0	6	5
Binary	1100	0000	1010	1000	0000	0000	0110	0101

 

• The data value used here is that of Blue Technology’s data.  Blue’s data matches up with the dump file from ethereal while Mirage’s doesn’t.
• Mirage’s data value was 192.168.0.39

 

Start Bit: 96

 

Length: 32

 

IP PDU > Destination IP Address for the selected ICMP PDU

 

Field Name:  Destination IP Address

 

Description:  The Destination Address is a 32-bit field that contains the address of the host that is to receive the data contained within the IP packet.

 

Data value:  192.168.0.39

 

Data values in other bases:

 

Hexadecimal	C	0	A	8	0	0	2	7
Binary	1100	0000	1010	1000	0000	0000	0010	0111

 

• The data value used here is that of Blue Technology’s data.  Blue’s data matches up with the dump file from ethereal while Mirage’s doesn’t.
• Mirage’s data value was 192.168.0.101

 

Start Bit: 128

 

Length: 32

 

IP PDU > Options for the selected ICMP PDU

 

Field Name:  Options

 

Description:  The options may or may not appear in Ethernet packets.  They must be implemented by all IP modules (host and gateways).  What is optional is their transmission in any particular packet, not their implementation.

 

The option field is variable in length.  There may be zero or more options.  There are two cases for the format of an option.

               Case 1: A single octet of option type

               Case 2: An option-type octet, an option-length octet, and the actual option-data

                            octets.

Some example options are:

0 End of Options list                 68 Timestamp

1 No operation (pad)                131 Loose source route

7 Record route                         137 Strict source route

 

Data values:  Not applicable

 

Data values in other bases:  Not applicable

 

Start Bit: 160

 

Length: Variable (0-40 bytes)

  

2.2.5 ICMP PDU for the selected ICMP PDU

 

IP > ICMP Header > Type for the selected ICMP PDU

 

Field Name:  Type

 

Description:  The type is an 8-bit field that identifies what sort of message the ICMP protocol is sending.

 

ICMP message types are:

0 Echo Reply
3 Destination Unreachable
4 Source Quench
5 Redirect
8 Echo
11 Time Exceeded
12 Parameter Problem
13 Timestamp
14 Timestamp Reply
15 Information Request
16 Information Reply

 

Dec     Hex            Message Type                     Dec           Hex         Message Type  

0          00               Echo Reply                            16             10           Information Reply

1          01               Unassigned                             17             11           Address Mask Request

2          02               Unassigned                             18             12           Address Mask Reply

3          03               Destination Unreachable         19             13           Reserved (for Security)

4          04               Source Quench                      20-29        14-1D     Reserved (for Robustness
                                                                                                             Experiment)

5          05               Redirect                                 30             1E            Traceroute

6          06               Alternate Host Address          31             1F            Data gram Conversion Error

7          07               Unassigned                             32             20            Mobile Host Redirect

8          08               Echo                                      33             21            IPv6 Where-Are-You

9          09               Router Advertisement             34             22            IPv6 I-Am-Here

10        0A              Router Solicitation                  35             23            Mobile Registration Request

11        0B              Time Exceeded                      36             24            Mobile Registration Reply

12        0C              Parameter Problem 37             25            Domain Name Request

13        0D              Timestamp                             38             26            Domain Name Reply

14        0E              Timestamp Reply                    39             27            SKIP

15        0F              Information Request               40             28            Photuris

                                                                            41-255      29-FF      Reserved

 

Data value: 0

 

 

Data values in other bases:

 

Hexadecimal	0	0
Binary	0000	0000

 

• The data value used here is that of Blue Technology’s data.  Blue’s data matches up with the dump file from ethereal while Mirage’s doesn’t.
• Mirage’s data value was 8 in decimal

 

Start Bit: 0

 

Length: 8

 

RFC Link: http://www.iana.org/assignments/icmp-parameters

 

 

IP > ICMP Header > Code for the selected ICMP PDU

 

Field Name:  Code

 

Description: Code is an 8-bit field that provides further information about the associated type field. Based on what type the ICMP PDU is, the code can have a number of meanings.

 

For example, with ICMP type 3 (Destination Unreachable) is as follows:
0 = net unreachable;
1 = host unreachable;
2 = protocol unreachable;
3 = port unreachable;
4 = fragmentation needed and DF set;
5 = source route failed.

                    Type     Name                                                                                                  Type     Name

                      0             Echo Reply (used by “PING”)                                                      7            Unassigned 

                     0     No Code                                                                                                    8            Echo (used by "PING")

                      1             Unassigned                                                                                        0     No Code                                                                                

                      2             Unassigned                                                                                     9            Router Advertisement 

                      3             Destination Unreachable                                                                                    0    No Code

                     0     Net Unreachable                                                                 10           Router Selection

                     1     Host Unreachable                                                                   0    No Code

                     2     Protocol Unreachable                                                                             11           Time Exceeded

                     3     Port Unreachable                                                                    0    Time to Live exceeded in Transit

4         Fragmentation needed and                                                                1    Fragment Reassembly Time Exceeded

                Don't Fragment was Set                                                                 12            Parameter Problem

                     5     Source Route Failed                                                                                    0    Pointer indicates the error

                     6     Destination Network Unknown                                                                1    Missing a Required Option

                     7     Destination Host Unknown                                                  2    Bad Length

                     8     Source Host Isolated                                                                              13           Timestamp

9         Communication with Destination                                                     0    No Code

         Network is Administratively Prohibited                                     14           Timestamp Reply                    

10      Communication with Destination                                                     0    No Code

         Host is Administratively Prohibited                                            15           Information Request              

11      Destination Network Unreachable                                                   0    No Code

         for Type of Service                                                    16           Information Reply                    

12      Destination Host Unreachable for                                                    0    No Code

         Type of Service                                                                              17           Address Mask Request        

                    4            Source Quench                                                                                                           0    No Code

                     0     No Code                                                                                                   18           Address Mask Reply             

                      5            Redirect                                                                                                                    0     No Code

                     0    Redirect Data gram for the Network                                                      19           Reserved (for Security)         

                     1    Redirect Data gram for the Host                                                            20-29   Reserved (for Robustness 

                                                                                                                                                             Experiment)

                     2    Redirect Data gram for the Type of                                                       30        Trace route

                             Service and Network                                                                             31        Data gram Conversion Error

3         Redirect Data gram for the Type of                                              32        Mobile Host Redirect

         Service and Host                                                                            33        IPv6 Where-Are-You

                     6            Alternate Host Address                                                                 34        IPv6 I-Am-Here

                     0    Alternate Address for Host                                               35        Mobile Registration Request 

                                                                                                                           36        Mobile Registration Reply

 

Data value (decimal): 0

 

Data values in other bases:

 

Hexadecimal	0	0
Binary	0000	0000

 

 

Start Bit: 8

 

Length: 8

 

IP > ICMP Header > ICMP Checksum for the selected ICMP PDU

 

Field Name:  ICMP Checksum

 

Description:  The checksum is the 16-bit one’s complement of the one’s complement sum of the ICMP message, starting with the ICMP type.  For computing the checksum, the checksum field should initially be zero. 

 

Data value (decimal): 17173

 

Data values in other bases:

 

Hexadecimal	4	3	1	5
Binary	0100	0011	0001	0101

 

• The data value used here is that of Blue Technology’s data.  Blue’s data matches up with the dump file from ethereal while Mirage’s doesn’t.
• Mirage’s data value was C9 15 in hexadecimal

 

Start Bit: 16

 

Length: 16

 

IP > ICMP Header > Identifier for the selected ICMP PDU

 

Field Name:  Identifier

 

Description:  The identifier is a 16-bit field that is used in matching echoes and replies for when the code field is zero.

 

Data value (decimal): 28768

 

Data values in other bases:

 

Hexadecimal	7	0	6	0
Binary	0111	0000	0110	0000

 

Start Bit: 32

 

Length: 16

 

 

IP > ICMP Header > Sequence Number for the selected ICMP PDU

 

Field Name:  Sequence Number

 

Description:  The sequence is a 16-bit field that is used in matching echoes and replies for when the code field is zero. 

Data value (decimal): 256

 

Data values in other bases:

 

Hexadecimal	0	1	0	0
Binary	000	0001	0000	0000

 

• The data value used here is that of Blue Technology’s data.  Blue’s data matches up with the dump file from ethereal while Mirage’s doesn’t.
• Mirage’s data value was 70 60 in hexadecimal

 

 

Start Bit: 48

 

Length: 16

 

IP > ICMP Header > Data for the selected ICMP PDU

 

Field Name:  Data

 

Description:  The data is a variable-length field that contains the actual information that is sent in the ping packet.

 

Data value (hexadecimal): 43 B1 89 3F 00 00 00 00 B8 C6 07 00 00 00 00 00 10 11 12 13 14 15 16 17 18 19 1A 1B 1C 1D 1E 1F 20 21 22 23 24 25 26 27 28 29 2A 2B 2C 2D 2E 2F 30 31 32 33 34 35 36 37

 

Data values in other bases: Not applicable

 

Start Bit: 64

 

Length: Variable

 

2.2.6 IP PDU for the selected SMTP PDU

 

IP PDU > IP Version for the selected SMTP PDU

 

Field Name: IP Version

 

Description:  Version is a 4-bit field that indicates the format of the Internet header

 

Data value (decimal):  4

 

Data values in other bases:

 

Hexadecimal	4
Binary	0100

 

Start Bit: 0

 

Length: 4

 

IP PDU > Header Length for the selected SMTP PDU

 

Field Name: Header Length

 

Description:  The IHL field is a 4-bit field indicating the length of the Internet header in 32 bit words, and thus points to the beginning of the data.  The minimum value of a correct header is 5 (20 bytes) and the maximum value is 15 (60 bytes).

 

Data value:  5

 

Data values in other bases:

 

Hexadecimal	0	5
Binary	0000	0101

 

Start Bit: 4

 

Length: 4

IP PDU > Type of Service for the selected SMTP PDU

 

Field Name:  Type of Service

 

Description:  Type of Service is an 8-bit field that provides and indication of the abstract parameters of the quality of service desired.  These parameters guide the selection of the actual service parameters when transmitting a data gram through a particular network.

 

The major choice is a three-way tradeoff between low-delay, high-reliability, and high-throughput.

 

Bits 0-2: Precedence

Bit 3: (D) 0 = Normal Delay                                  1 = Low Delay

Bit 4: (T) 0 = Normal Throughput                          1 = High Throughput

Bit 5: (R) 0 = Normal Reliability                            1 = High Reliability

 

Precedence:

               111 = Network Control                         011 = Flash

               110 = Internetwork Control                   010 = Immediate

               101 = CRITIC/ECP                              001 = Priority

               100 = Flash Overridden                         000 = Routine

 

Data value (decimal): 16

 

Data values in other bases:

 

Hexadecimal	1	0
Binary	0001	0000

 

• The data value used here is that of Blue Technology’s data.  Blue’s data matches up with the dump file from ethereal while Mirage’s doesn’t.
• Mirage’s data value was 0 in decimal

 

Start Bit: 8

 

Length: 8

 

IP PDU > Total Length for the selected SMTP PDU

 

Field Name: Total Length

 

Description: Total Length is a 16-bit field that indicates the length of the frame, measured in octets, including Internet header and data.  The maximum size is 2¹⁶-1 or 65,535 octets; however, the recommended maximum size is 576 octets

 

Data values (decimal):  70

 

Data values in other bases:

 

Hexadecimal	0	0	4	6
Binary	0000	0010	0100	0110

 

• The data value used here is that of Blue Technology’s data.  Blue’s data matches up with the dump file from ethereal while Mirage’s doesn’t.
• Mirage’s data value was 02 12 in hexadecimal

 

Start Bit: 16

 

Length: 16

 

IP PDU > Identification for the selected SMTP PDU

 

Field Name:  Identification

 

Description:  Identification is a 16-bit field.  An identifying value is assigned by the sender to aid in assembling the fragments of a data gram.  The identifier is chosen based on the need to provide a way to uniquely identify the fragments and protocol for the time the data gram or any fragment could be alive in the Internet.

 

Data value (decimal): 46047

 

Data values in other bases:

 

Hexadecimal	B	3	D	F
Binary	1011	0011	1101	1111

 

• The data value used here is that of Blue Technology’s data.  Blue’s data matches up with the dump file from ethereal while Mirage’s doesn’t.
• Mirage’s data value was 61 28 in hexadecimal

 

Start Bit: 32

 

Length: 16

IP PDU > Flags for the selected SMTP PDU

 

Field Name:  Flags

 

Description:  Flags is a 3-bit field that indicates directions for fragmentation.

 

Bit 0: reserved, must be 0

Bit 1: (DF) 0 = May Fragment              1 = Don’t Fragment

Bit 2: (MF) 0 = Last Fragment              1 = More Fragment

 

Data value (binary): 010

 

Data values in other bases:  Not applicable

 

Start Bit: 48

 

Length: 3

 

IP PDU > Fragment Offset for the selected SMTP PDU

 

Field Name:  Fragment Offset

 

Description:  The Fragment Offset is a 13- bit field indicating where in the Ethernet frame this fragment begins.  The Fragment Offset is measured in units of 8 octets, and the first fragment has offset 0.

 

Data value (decimal): 0

 

Data values in other bases:

 

Hexadecimal	0	0	0	0
Binary	0000	0000	0000	0000

 

Start Bit: 51

 

Length: 13

IP PDU > Time to Live for the selected SMTP PDU

 

Field Name: Time to Live

 

Description:  Time to Live is an 8-bit field that indicates the maximum time the data gram is allowed to remain in the Internet.  If this field contains the value 0, then the data gram must be destroyed.  This field is modified in Internet header processing.  The time is measure in units of seconds, and is set by the sender to the maximum time the data gram is allowed to be in the Internet.  This field is decreased at each point that the Internet header is processed.  The intention is to cause undeliverable packets to be discarded, and to bind the maximum data gram lifetime.

 

Data value (decimal): 128

 

Data values in other bases:

 

Hexadecimal	8	0
Binary	1000	0000

 

• The data value used here is that of Blue Technology’s data.  Blue’s data matches up with the dump file from ethereal while Mirage’s doesn’t.
• Mirage’s data value was 64 in decimal 

 

Start Bit: 64

 

Length: 8

IP PDU > Protocol for the selected SMTP PDU

 

Field Name:  Protocol

 

Description:  Protocol is an 8-bit field that indicates the next level protocol that is used in the data portion of the Internet diagram.

Dec     Hex     Protocol                                                          Dec                 Hex        Protocol

0            00      Reserved                                                          22                    16           Multiplexing

1            01      ICMP                                                              23                    17           DCN

2            02      Unassigned                                                       24                    18           TAC Monitoring       

3            03      Gateway-to-Gateway                                       25-76               19-4C     Unassigned               

4            04      CMCC Gateway Monitoring Message  77                    4D          Any local network

5            05      ST                                                                    100                  64           SATNET and                 
                                                                                                                         Backroom EXPAK

6            06      TCP                                                                 101                  65           MIT Subnet
                                                                                                                           Support

7            07      UCL                                                                102-104           66-68      Unassigned

10          0A     Unassigned                                                       105                  69           SATNET
                                                                                                                           Monitoring

11          0B      Secure                                                              106                  6A          Unassigned

12          0C     BBN RCC Monitoring                          107                  6B           Internet Packet Core
                                                                                                                           Utility

13          0D     NVP                                                                110-113           6E-71     Unassigned

14          0E      PUP                                                                 114                  72           Backroom SATNET
                                                                                                                                       Monitoring

15          0F      Pluribus                                                            115                  73           Unassigned

16          10      Telnet                                                               116                  74           WIDEBAND
                                                                                                                           Monitoring

17          11      XNET                                                              117                  75           WIDEBAND     
                                                                                                                            EXPAK

20          14      Chaos                                                              120-376           78-0178  Unassigned

21          15      User Data gram                                                377                  0179        Reserved

 

Data value (decimal): 6

 

Data values in other bases:

 

 

Start Bit: 72

 

Length: 8

 

RFC Link: http://www.faqs.org/rfcs/rfc790.html