이더넷 프로토콜
결국 각각의 층은 모두 헤더 일 뿐이고 4층에 우리가 보내는 데이타가 들어있다
1계층 헤더 분석
type/Length
2 byte 값에 따른 2층 의 프로토콜
위의 패킷은 0800 으로 IPv4 프로토콜을 따르는 것을 알 수 있다.
cf ) ip to mac , mac to ip 하도록 하는 typeLenth - 많이씀
ETH_P_ARP 0x0806 /* Address Resolution packet */
ETH_P_RARP 0x8035 /* Reverse Addr Res packet */
분석함수
enum IF_EHTER
{
ETH_P_LOOP = 0x0060, // Ethernet Loopback packet
ETH_P_PUP = 0x0200, // Xerox PUP packet
ETH_P_PUPAT = 0x0201, // Xerox PUP Addr Trans packet
ETH_P_IP = 0x0800, // Internet Protocol packet
ETH_P_X25 = 0x0805, // CCITT X.25
ETH_P_ARP = 0x0806, // Address Resolution packet
ETH_P_BPQ = 0x08FF, // G8BPQ AX.25 Ethernet Packet [ NOT AN OFFICIALLY REGISTERED ID ]
ETH_P_IEEEPUP = 0x0A00, // Xerox IEEE802.3 PUP packet
ETH_P_IEEEPUPAT = 0x0A01, // Xerox IEEE802.3 PUP Addr Trans packet
ETH_P_DEC = 0x6000, // DEC Assigned proto
ETH_P_DNA_DL = 0x6001, // DEC DNA Dump/Load
ETH_P_DNA_RC = 0x6002, // DEC DNA Remote Console
ETH_P_DNA_RT = 0x6003, // DEC DNA Routing
ETH_P_LAT = 0x6004, // DEC LAT
ETH_P_DIAG = 0x6005, // DEC Diagnostics
ETH_P_CUST = 0x6006, // DEC Customer use
ETH_P_SCA = 0x6007, // DEC Systems Comms Arch
ETH_P_TEB = 0x6558, // Trans Ether Bridging
ETH_P_RARP = 0x8035, // Reverse Addr Res packet
ETH_P_ATALK = 0x809B, // Appletalk DDP
ETH_P_AARP = 0x80F3, // Appletalk AARP
ETH_P_8021Q = 0x8100, // 802.1Q VLAN Extended Header
ETH_P_IPX = 0x8137, // IPX over DIX
ETH_P_IPV6 = 0x86DD, // IPv6 over bluebook
ETH_P_PAUSE = 0x8808, // IEEE Pause frames. See 802.3 31B
ETH_P_SLOW = 0x8809, // Slow Protocol. See 802.3ad 43B
ETH_P_WCCP = 0x883E, // Web-cache coordination protocol
ETH_P_PPP_DISC = 0x8863, // PPPoE discovery messages
ETH_P_PPP_SES = 0x8864, // PPPoE session messages
ETH_P_MPLS_UC = 0x8847, // MPLS Unicast traffic
ETH_P_MPLS_MC = 0x8848, // MPLS Multicast traffic
ETH_P_ATMMPOA = 0x884C, // MultiProtocol Over ATM
ETH_P_ATMFATE = 0x8884, // Frame-based ATM Transport
ETH_P_PAE = 0x888E, // Port Access Entity (IEEE 802.1X)
ETH_P_AOE = 0x88A2, // ATA over Ethernet
ETH_P_TIPC = 0x88CA, // TIPC
ETH_P_1588 = 0x88F7, // IEEE 1588 Timesync
ETH_P_FCOE = 0x8906, // Fibre Channel over Ethernet
ETH_P_FIP = 0x8914, // FCoE Initialization Protocol
ETH_P_EDSA = 0xDADA // Ethertype DSA [ NOT AN OFFICIALLY REGISTERED ID ]
}
static void PrintEthernet(byte[] bEther)
{
Console.Write("Destination MAC Address : ");
for (int i = 0; i < 6; i++)
{
Console.Write("{0:X02}", bEther[i]);
if (5 == i)
{
continue;
}
Console.Write("-");
}
Console.WriteLine();
Console.Write("Soure MAC Address : ");
for (int i = 6; i < 12; i++)
{
Console.Write("{0:X02}", bEther[i]);
if (11 == i)
{
continue;
}
Console.Write("-");
}
Console.WriteLine();
// 2byte 숫자로 변환
//bEther[12],bEther[13]
byte[] bType = new byte[2];
Array.Copy(bEther, 12, bType, 0, 2);
if (BitConverter.IsLittleEndian) // 현재 .net 이 리틀엔디안인지 보통 인터넷은 빅엔디안임
{
Array.Reverse(bType); // 데이터 저장을 위해서
}
short sTemp = BitConverter.ToInt16(bType, 0);
Console.Write("Layer 2 Protocol : ");
switch ((IF_EHTER)sTemp)
{
case IF_EHTER.ETH_P_LOOP:
Console.Write("Ethernet Loopback packet");
break;
case IF_EHTER.ETH_P_PUP:
Console.Write("Xerox PUP packet");
break;
case IF_EHTER.ETH_P_PUPAT:
Console.Write("Xerox PUP Addr Trans packet");
break;
case IF_EHTER.ETH_P_IP:
Console.Write("Internet Protocol packet");
break;
case IF_EHTER.ETH_P_X25:
Console.Write("CCITT X.25");
break;
case IF_EHTER.ETH_P_ARP:
Console.Write("Address Resolution packet");
break;
case IF_EHTER.ETH_P_BPQ:
Console.Write("G8BPQ AX.25 IF_EHTER.ETHernet Packet [ NOT AN OFFICIALLY REGISTERED ID ]");
break;
case IF_EHTER.ETH_P_IEEEPUP:
Console.Write("Xerox IEEE802.3 PUP packet");
break;
case IF_EHTER.ETH_P_IEEEPUPAT:
Console.Write("Xerox IEEE802.3 PUP Addr Trans packet");
break;
case IF_EHTER.ETH_P_DEC:
Console.Write("DEC Assigned proto");
break;
case IF_EHTER.ETH_P_DNA_DL:
Console.Write("DEC DNA Dum");
break;
case IF_EHTER.ETH_P_DNA_RC:
Console.Write("DEC DNA Remote Console");
break;
case IF_EHTER.ETH_P_DNA_RT:
Console.Write("DEC DNA Routing");
break;
case IF_EHTER.ETH_P_LAT:
Console.Write("DEC LAT");
break;
case IF_EHTER.ETH_P_DIAG:
Console.Write("DEC Diagnostics");
break;
case IF_EHTER.ETH_P_CUST:
Console.Write("DEC Customer use");
break;
case IF_EHTER.ETH_P_SCA:
Console.Write("DEC Systems Comms Arch");
break;
case IF_EHTER.ETH_P_TEB:
Console.Write("Trans IF_EHTER.ETHer Bridging");
break;
case IF_EHTER.ETH_P_RARP:
Console.Write("Reverse Addr Res packet");
break;
case IF_EHTER.ETH_P_ATALK:
Console.Write("Appletalk DDP");
break;
case IF_EHTER.ETH_P_AARP:
Console.Write("Appletalk AARP");
break;
case IF_EHTER.ETH_P_8021Q:
Console.Write("802.1Q VLAN Extended Header");
break;
case IF_EHTER.ETH_P_IPX:
Console.Write("IPX over DIX");
break;
case IF_EHTER.ETH_P_IPV6:
Console.Write("IPv6 over bluebook");
break;
case IF_EHTER.ETH_P_PAUSE:
Console.Write("IEEE Pause frames. See 802.3 31B");
break;
case IF_EHTER.ETH_P_SLOW:
Console.Write("Slow Protocol. See 802.3ad 43B");
break;
case IF_EHTER.ETH_P_WCCP:
Console.Write("Web-cache coordination protocol defined in draft-wilson-wrec-wccp-v2-00.txt");
break;
case IF_EHTER.ETH_P_PPP_DISC:
Console.Write("PPPoE discovery messages");
break;
case IF_EHTER.ETH_P_PPP_SES:
Console.Write("PPPoE session messages");
break;
case IF_EHTER.ETH_P_MPLS_UC:
Console.Write("MPLS Unicast traffic");
break;
case IF_EHTER.ETH_P_MPLS_MC:
Console.Write("MPLS Multicast traffic");
break;
case IF_EHTER.ETH_P_ATMMPOA:
Console.Write("MultiProtocol Over ATM");
break;
case IF_EHTER.ETH_P_ATMFATE:
Console.Write("Frame-based ATM Transport over IF_EHTER.ETHernet");
break;
case IF_EHTER.ETH_P_PAE:
Console.Write("Port Access Entity (IEEE 802.1X)");
break;
case IF_EHTER.ETH_P_AOE:
Console.Write("ATA over IF_EHTER.ETHernet");
break;
case IF_EHTER.ETH_P_TIPC:
Console.Write("TIPC");
break;
case IF_EHTER.ETH_P_1588:
Console.Write("IEEE 1588 Timesync");
break;
case IF_EHTER.ETH_P_FCOE:
Console.Write("Fibre Channel over IF_EHTER.ETHernet");
break;
case IF_EHTER.ETH_P_FIP:
Console.Write("FCoE Initialization Protocol");
break;
case IF_EHTER.ETH_P_EDSA:
Console.Write("IF_EHTER.ETHertype DSA [ NOT AN OFFICIALLY REGISTERED ID ]");
break;
default:
Console.Write("Unknown Type");
break;
}
Console.WriteLine("(0x{0:X04})", sTemp);
}
출처 : https://blog.daum.net/trts1004/12109014
Ethernet, IP, TCP/UDP 헤더 소개 : Packet Header: Ethernet, IP & TCP/IP
아래 그림은 Ethernet 헤더부터 IP 헤더, 그리고 TCP/UDP 헤더를 통해 패킷의 응용을 어떻게 구별하는지를 그 과정을 보이고 있습니다. L2: Ethernet Header Ethernet 헤더는 Destination MAC Address(6B), Source..
blog.daum.net
'공부,일 > C# 네트워크' 카테고리의 다른 글
| packet 분석기 만들기 (4) (0) | 2021.09.28 |
|---|---|
| packet 분석기 만들기 (2) HexaViewer , NIC 선택 (0) | 2021.09.10 |
| packet 분석기 만들기 (1) (0) | 2021.09.10 |
| 20210818 네트워크 프로그래밍 채팅 프로그램 만들기 (M:M) (1) | 2021.08.18 |
| 1:1 채팅 만들기 socket (0) | 2021.08.17 |
댓글