Lasher, I've been having a lot of the same problems as I've been writing (half abandoned) a network sniffer myself and I had trouble getting detailed information on a lot of different things that were critical when you're writing a sniffer.
Simplest example -- TCP Checksum calculation -- everyone will tell you about the pseudoheader and what goes in it, but almost nobody says anything about the fact that you have to calculate the checksum over the segment first and THEN the pseudoheader, not the other way around.. and it does matter because the checksum formula works with unsigned shorts so it may pick up the wrong two bytes and bam you're gone.
I would really suggest you get TCP/IP Illustrated.. but I know that either volume two or volume three is called -"The Implementation" or something similar, which is designed for programmers.... that will be the best book you could get.
Hey aren't the Protocol Analysis Institute people the ones who say that you can solve everything including world hunger with a sniffer ? My kind of people !!
Re: LOOKING FOR: a book describing protocols
14 years 5 months ago #2900