How to determine what Protocol is used?

How to know which network Protocol is used? For example, there is a stream of bytes how to figure out these bytes, for instance, is passed to the TCP Protocol? What is the reserved sequence or something?
September 18th 19 at 23:44
3 answers
September 18th 19 at 23:46
To clarify the issue. You need to determine the Protocol at what level, physical, link, network or transport?
We just have the wire from which the data are flowing, or still, we intercept IP packets with what there data?
Do I need to define what is passed to the application layer Protocol, such as HTTP, encapsulated in TCP. And then to take the port number from TCP messages and parse some fields from HTTP.

Yes, just the wire from which the flow data. Although if given the answer and to intercept IP packets it would be very, very cool.

Thank you that responded to the question) - Adrain_Turcott commented on September 18th 19 at 23:49
Like something dug up. IP packet starts with the hexadecimal 45h, and then after a certain number of bytes with UDP and TCP 11h 06h. Right? - Adrain_Turcott commented on September 18th 19 at 23:52
The IP packet and TCP/UDP session are packages of different levels.

I just can say so. "Learn the model axis" and disassemble, how are the data at each level and back.
In your case it is necessary to study the formation of the personnel, "How is the frame".
Then the formation of the packages. An example of IPv4 packet
Then headers TCP, UDP, etc. an Example of a TCP header.

Just take the wire and for the first ten bits immediately to determine that there is TCP/UDP in the application layer Protocol will not work. Of course if you stuck to the device wire. - dina_Predovic commented on September 18th 19 at 23:55
September 18th 19 at 23:48
and to mirror to the server and parse the sniffer does? in General, the bytes, you can define the Protocol, and starting from L2, but knowing their abundance...
September 18th 19 at 23:50
The issue of practical or theoretical? If practical, the fact that you have (laptop with snipera, some specific device connected to the network or .pcap-file with a dump of traffic) and what should happen to output?

Find more questions by tags Computer networks