I have a question about network protocols. When I'm receiving packets to decode it how I can determine if its TCP or UDP or ICMP?
Is there any sign of byte number can I use it to know?
The IPv4 packet header has a Protocol field which tells you which protocol is in the packet payload.
With IPv6 it is a little more complex. The IPv6 packet Next Header field will tell you the same thing if there are no IPv6 extension headers. If there are IPv6 extension headers, you will need to follow the chain of headers to get the last header in order to determine the payload type.
Related
I know that SMTP is based on TCP, like HTTP, but how does Wireshark judge it as SMTP rather than TCP?
How does Wireshark judge it as SMTP rather than TCP?
It doesn't. SMTP is inside the payload of a TCP packet. So Wireshark will first dissect TCP and if it has dissectors available to parse the payload, it will also parse that, like SMTP in this case. In conclusion, your "SMTP packet" is also a TCP packet. E. g., you can filter your SMTP packets by TCP attributes like ports.
My question is that how the destination port address in UDP is chosen/given?
I mean what matters to set a destination port in a UDP packet?
Because when we send a packet, just the destination address(ip) is important and we want to send data to our destination.
It has nothing to do with the port!
Do we assign a random port?
Typically, whatever documentation tells you what to put in the UDP datagram you're sending should also tell you what port to send it to.
For example, if you're trying to talk to an NTP server, RFC5905 tells you what to put in the UDP datagrams you send. It also tells you, on page 16, to send it to port 123.
If you're writing a DNS resolver, RFC1035 is one place you might look for the information needed to know what to put in your UDP datagrams. It also tells you, in section 4.2, to send the datagrams to port 53.
So however you're figuring out what to put in the UDP datagrams you're going to send, that's typically what tells you either what port to send them to or, in some cases, how to determine what port to send them to.
For example, a media streaming protocol might start with the information about the stream being delivered by a web server. In that case, the information delivered by the web server to the client might include the destination port to send datagrams to.
Generally, there's either a well-known port that at least one side listens for datagrams on or there's some external method using a different protocol that tells whichever end sends the first datagram what port to send it to. The other end then just replies, sending its response datagrams to whatever port that first datagram was sent from.
Generally, the sending port is chose randomly for the ephemeral ports available.
The destination port is the port to which the destination application is listening. To facilitate this, IANA maintains the Service Name and Transport Protocol Port Number Registry for standard applications and protocols.
If you create your own application or protocol, there is a range for you to use, but you should always check the registry to make sure you will not step on some other application or protocol.
When you design your listening application or protocol, you choose a port on which it listens, and the sending application will need to send to that port.
Are datagrams a protocol or not?
Is "Ping" (protocol ICMP) used in an IP DATAGRAM? Or is it using other protocols, such as TCP or UDP?
How do you know the message "Reply" the way back?
Why the Tel number stays the same?
https://en.wikipedia.org/wiki/IPv4#Protocol
Datagrams are basically the packets that go back an forth over the network at IP level. Each of these packets can specify a protocol. You can have TCP, UDP, ICMP, etc. (see https://en.wikipedia.org/wiki/List_of_IP_protocol_numbers)
So to answer your question, yes the protocol for datagrams is basically IP.
You can have higher level protocols that run over IP such the one above.
See https://en.wikipedia.org/wiki/Internet_protocol_suite
Ping uses the ICMP protocol.
Are datagrams a protocol or no?
'Datagram' is the name of the unit of transmission in the UDP protocol.
Is "Ping" ( protocol ICMP ) used in a IP DATAGRAM?
The question doesn't make sense. It would make more sense to say that the ICMP protocol is transmitted via IP packets.
Or is it using other protocols, such as TCP or UDP ?
ICMP is a protocol: you said so yourself; and it is layered over the IP protocol.
IP protocol datagram header contains a Protocol field to define the protocol used in the data portion of the IP datagram.
How does a TCP packet identify the its application level protocols? I don't see similar fields in the TCP header format. So it all depends on the port number?
If so, does it mean I can silently switch the application protocol on the same port, just like what happens when WebSocket uses a handshake request in the format of HTTP to tell the server to switch from HTTP to WebSocket protocol?
TCP itself does not care about the application layer protocol used. The closest thing is the port number. Port numbers are used to distinguish different connections on the same host. When a packet is received, the operating system uses the port number to determine which program it belongs to. Although many protocols have standard port numbers, you are not required to use them.
So yes, you can switch protocols on the same port.
When a host needs to resend a packet (whatever the payload), is there any field in the header that gets modified, so that you can tell that it is a duplicate packet?
No. IP packet are not resent, that's a function of the higher protocol layers.
Some transport protocols, e.g. TCP or SCTP have retransmission built into them that re-sends packets at that protocol layer, some application protocols, e.g. DNS, applies retransmission at the application protocol layer.
The IP layer does not know or care about this, there is no protocol fields that identifies a retransmission from a higher layer.