Page 764 - (ISC)² CISSP Certified Information Systems Security Professional Official Study Guide
P. 764
Protocol Discovery
Hundreds of protocols are in use on a typical TCP/IP network at
any given moment. Using a sniffer, you can discover what
protocols are in use on your current network. Before using a
sniffer, though, make sure you have the proper permission or
authorization. Without approval, using a sniffer can be considered
a security violation because it enables you to eavesdrop on
unprotected network communications. If you can’t obtain
permission at work, try this on your home network instead.
Download and install a sniffer, such as Wireshark. Then use the
sniffer to monitor the activity on your network. Discover just how
many protocols (in other words, subprotocols of TCP/IP) are in use
on your network.
Another step in using a sniffer is to analyze the contents of
captured packets. Pick out a few different protocol packets and
inspect their headers. Look for TCP, ICMP, ARP, and UDP packets.
Compare the contents of their headers. Try to locate any special
flags or field codes used by the protocols. You’ll likely discover that
there is a lot more going on within a protocol than you ever
imagined.
If performing packet capturing is a task that you are unable to
accomplish or should not (due to rules, regulations, policies, laws,
etc.), then consider perusing the samples provided by Wireshark at
https://wiki.wireshark.org/SampleCaptures.
User Datagram Protocol (UDP) also operates at layer 4 (the Transport
layer) of the OSI model. It is a connectionless “best-effort”
communications protocol. It offers no error detection or correction,
does not use sequencing, does not use flow control mechanisms, does
not use a preestablished session, and is considered unreliable. UDP
has very low overhead and thus can transmit data quickly. However,
UDP should be used only when the delivery of data is not essential.
