I have an idea on how to convert from hex to dec and viceversa. I can use a
simple calculator, too. I have tried to understand the hex dump and there
are some points that I don't understand. For example: 45 (hex) = 69 (dec)
and NOT 20. There is something that I don't understand there... Look at my
"??????????????????????????????" in the dump. I also counted the bits and
bytes to see if they correspond to the protocol specifications. And I have
it no cleared yet, but that's not the mysth. The mysth is how to obtain 20
(dec) from 45 (hex) and so on...
Ethernet II
Destination: 00:e0:7d:af:fb:a2 (Encore_af:fb:a2)
Source: 00:50:fc:24:33:30 (EDIMAX_24:33:30)
Type: IP (0x0800)
Internet Protocol, Src Addr: rhclient3 (192.168.1.4), Dst Addr:
mta4.fibertel.com.ar (24.232.0.164)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
0000 00.. = Differentiated Services Codepoint: Default (0x00)
.... ..0. = ECN-Capable Transport (ECT): 0
.... ...0 = ECN-CE: 0
Total Length: 48
Identification: 0xd3a3
Flags: 0x04
.1.. = Don't fragment: Set
..0. = More fragments: Not set
Fragment offset: 0
Time to live: 128
Protocol: TCP (0x06)
Header checksum: 0x4bec (correct)
Source: rhclient3 (192.168.1.4)
Destination: mta4.fibertel.com.ar (24.232.0.164)
Transmission Control Protocol, Src Port: 1407 (1407), Dst Port: pop3 (110),
Seq: 2313198808, Ack: 0
Source port: 1407 (1407)
Destination port: pop3 (110)
Sequence number: 2313198808
Header length: 28 bytes
Flags: 0x0002 (SYN)
0... .... = Congestion Window Reduced (CWR): Not set
.0.. .... = ECN-Echo: Not set
..0. .... = Urgent: Not set
...0 .... = Acknowledgment: Not set
.... 0... = Push: Not set
.... .0.. = Reset: Not set
.... ..1. = Syn: Set
.... ...0 = Fin: Not set
Window size: 16384
Checksum: 0x3b41 (correct)
Options: (8 bytes)
Maximum segment size: 1460 bytes
NOP
NOP
SACK permitted
Ethernet II
Destination: 00:e0:7d:af:fb:a2 (Encore_af:fb:a2)
I see: 1 byte = 00 -> 6 bytes -> 48 bits
00 e0 7d af fb a2
Source: 00:50:fc:24:33:30 (EDIMAX_24:33:30)
I see: 1 byte = 00 -> 6 bytes -> 48 bits
00 50 fc 24 33 30
Type: IP (0x0800)
08 00
I see: 2 bytes - > 16 bits
Version & Header Length?? (54 hex is 84 -> that's the reversed 48) and the
version? ?????????????????????????????????
45 00 00
Total Length:
30
I see: 1 byte -> 8 bits
Identification:
d3 a3
I see: 2 bytes -> 16 bits
Flags:
40
I see: 1 bytes -> 8 bits
Should it 1 byte be?
Time to Live:
00 80
I see: 2 bytes -> 16 bits
Protocol:
06
I see: 1 byte -> 8 bits
Header Checksum:
4b ec
I see: 2 bytes -> 16 bits
Source:
c0.a8.01.04
(192.168.1.4)
I see: 4 bytes -> 32 bits
Destination:
18.e8.00.a4
(24.232.0.164)
I see: 4 bytes -> 32 bits
Source Port:
05 7f
I see: 2 bytes -> 16 bits
Destination Port:
00 6e
I see: 2 bytes -> 16 bits
Sequence number:
89 e0 9c d8
I see: 4 bytes -> 32 bits
Header length (28 bytes) & Flags: 0x0002 (SYN)
??????????????????????????????????????
00 00 00 00 70 02
Window Size:
40 00
I see: 2 bytes -> 16 bits
Checksum:
3b 41
I see: 2 bytes -> 16 bits
WHAT'S THAT????: ?????????????????????????????????
00 00 02 04
Maximum Segment Size:
05 b4
I see: 2 bytes -> 16 bits
AND THAT????: ????????????????????????????????? It should be the data?
01 01 04 02
0000 00 e0 7d af fb a2 00 50 fc 24 33 30 08 00 45 00 ..}....P.$30..E.
0010 00 30 d3 a3 40 00 80 06 4b ec c0 a8 01 04 18 e8 [email protected].......
0020 00 a4 05 7f 00 6e 89 e0 9c d8 00 00 00 00 70 02 .....n........p.
0030 40 00 3b 41 00 00 02 04 05 b4 01 01 04 02 @.;A..........
-----Mensaje original-----
De: Martin Jr., Wally G. [mailto:[EMAIL PROTECTED]]
Enviado el: Lunes, 03 de Diciembre de 2001 08:54
Para: 'R. Toma'; [EMAIL PROTECTED]
Asunto: RE: Intro with hex dump
R.,
Hex, or hexadecimal (base 16), is just another number system like the
decimal system (base 10) that most are comfortable with and use for day to
day issues.
Check out the following URL for an explanation on how can you convert 48
(dec) (Total length) from "00 30" (hex) and vice versa.
http://www.bootheel.net/~mbranum/mathstuf.html
Hope helps?
Take care,
Wally
<snip>
and just the Header lenght: 20 is represented only by a hex: "45". Now, how
is it? How does it work? How can you make 20 (dec) from 45 (hex)? How can
you convert 48 (dec) (Total lenght) from "00 30" (hex)? I am sure it mustn't
be so complicated but if I don't understand this I can't understand nothing
at all. If anybody can help me with this I would appreciate it. I can attach
the full packets in a .txt file so you can use it for your better
explanations ;)
Thank you!
</snip>
_________________________________________________________
Do You Yahoo!?
Get your free @yahoo.com address at http://mail.yahoo.com
