[Richard Urwin <rurwin@xxxxxxxxxxxxxxx>]

There are many good books on TCP/IP, and I'm sure people will suggest their own favorites, but the RFCs have everything you really need to know and they're free.

Do a web search for:

RFC791.txt                for IP

RFC768.txt                for UDP

RFC793.txt                for TCP

 

I found them at http://ns.utcru.sk/pub/doc/rfc/

 

For a useful-looking introduction try ftp://rtfm.mit.edu/pub/net/internet.text

 

-----Original Message-----
From: Douglas R. Pilot [mailto:dpilot@xxxxxxxx]
Sent: Monday, March 11, 2002 8:24 PM
To: ethereal-users@xxxxxxxxxxxx
Subject: [Ethereal-users] (no subject)

I have another question.  I have looked through the user guide.  It tells you all the stuff you can do but no basics on how to interpret the data that is captured.  Where can I find a step by step tutorial on how to interpret everything I see in each pane?  Some are easy like IP address etc but some are more difficult. I read an article about IDS signatures and it talked about  the SYN and FIN flags.  I have no idea where to look for these.

 

thanks

 

Douglas R. Pilot
Computer Instructor,
Shaftsbury Elementary School
dpilot@xxxxxxxx

 

 

---

This message has been 'sanitized'. This means that potentially dangerous content has been rewritten or removed. The following log describes which actions were taken.

Sanitizer (start="1015877165"):
  Part (pos="1182"):
    SanitizeFile (filename="unnamed.txt", mimetype="text/plain"):
      Match (rule="2"):
        Enforced policy: accept

  Part (pos="1850"):
    SanitizeFile (filename="unnamed.html", mimetype="text/html"):
      Match (rule="default"):
        Enforced policy: accept

    Rewrote HTML tag: >>_META http-equiv=Content-Type content="text/html; charset=iso-8859-1"_<<
                  as: >>_MANGLED_ON_PURPOSE_META http-equiv=Content-Type content="text/html; charset=iso-8859-1"_<<
    Rewrote HTML tag: >>_META content="MSHTML 6.00.2713.1100" name=GENERATOR_<<
                  as: >>_MANGLED_ON_PURPOSE_META content="MSHTML 6.00.2713.1100" name=GENERATOR_<<
    Total modifications so far: 2

Anomy 0.0.0 : Sanitizer.pm $Id: Sanitizer.pm,v 1.32 2001/10/11 19:27:15 bre Exp $

________________________________________________________________________
This email has been scanned for all viruses by the MessageLabs SkyScan
service. For more information on a proactive anti-virus service working
around the clock, around the globe, visit http://www.messagelabs.com
________________________________________________________________________

---

This message has been 'sanitized'. This means that potentially dangerous content has been rewritten or removed. The following log describes which actions were taken.

Sanitizer (start="1015921837"):
  Part (pos="1334"):
    SanitizeFile (filename="unnamed.txt", mimetype="text/plain"):
      Match (rule="2"):
        Enforced policy: accept

  Part (pos="4443"):
    SanitizeFile (filename="unnamed.html", mimetype="text/html"):
      Match (rule="default"):
        Enforced policy: accept

    Rewrote HTML tag: >>_META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=iso-8859-1"_<<
                  as: >>_MANGLED_ON_PURPOSE_META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=iso-8859-1"_<<
    Rewrote HTML tag: >>_META content="MSHTML 6.00.2713.1100" name=GENERATOR_<<
                  as: >>_MANGLED_ON_PURPOSE_META content="MSHTML 6.00.2713.1100" name=GENERATOR_<<
    Total modifications so far: 2

Anomy 0.0.0 : Sanitizer.pm $Id: Sanitizer.pm,v 1.32 2001/10/11 19:27:15 bre Exp $

________________________________________________________________________
This email has been scanned for all viruses by the MessageLabs SkyScan
service. For more information on a proactive anti-virus service working
around the clock, around the globe, visit http://www.messagelabs.com
________________________________________________________________________