Its been many years that I have worked as network engineer (now test engineer, but still in networking arena), and I keep bumping into various occasions that I have to use packet capture to really analyze what's on the wire ? (some of you may know this as packet sniffing)

A lot of tools has been filling in my life during this sniffing tasks, and many of them meets their own purpose from their creator.

However, due to the vast array of traffic capture appication that I use, I tend to not really paying attention to all IP packet header structure anymore, it is like a second nature to me.

Usually, once I start seeing the packet capture, I always look at certain area in the packet itself. Thus, I seldom verify whether the version is correct, whether the length is correct, whether the TOS is complete, whether the flags is there or not, etc. Mainly, I only looked after who sent it (source) and where it supposed to go (destination). If source and destination are there, and it is the appropriate value that I am after, I  might (occasionally) have a look at the other information that I skipped above. Still, not all of the value is being read (hey, I'm not the one that supposed to processed those packets, the network devices are the one responsible for it)

Lately, some of the troubleshooting discussion made me use packet capture tools once again. Until today where one of the discussion was about how's the IP packet supposed to look like ?

Here's the link

From there, then I have some flashback when I was taking my CCNA. I used to memorize that (ha!)

But as the work progresses and the need to analyze packet starts diminishing, so does the memory allocation in my brain that used to store it

However, I have 3-4 class session in the past that I purposely bring up the topic of how to read the packet capture. Guess what? The students felt like about to die like zombies! At that time, I mentioned to them in the last class session "why do we care about this?". Then I give them some possibility on what kind of work might have needed it ... and now I am working in the area where packet analyzer is really helping out on finding out which packet came through and their whereabouts in certain point in the network topology (yes, I work as system test, so all of my test bed involving very xomples ... I mean complex infrastructure).