when a client and server is communicating, how do you decphier what is data and what is a ping?

for example, when im using ethereal to monitor the packets i get such and such, that doesnt look very useful but frequent.

are pings basically just garabage data meant to keep a connecction alive? there is not 'official ping'?
Posted on 2003-04-13 17:45:18 by xkardisx
a ping uses the ICMP protocol
Posted on 2003-04-13 22:47:59 by jademtech
If you are staring at a packet sniffer TCP/IP session, what you are referring to as "pings" is most likely what we call handshaking packets.
Have you studied the TCP/IP 3-stage handshake? (SYN,SYN/ACK,ACK)
If you have, you will understand that ACKS are still sent in response to reception of each and every packet for the duration of the session.
As a general rule of thumb, you can look for packets which contain data from byte offset 36h (54 decimal) onwards, because this is the packet's data payload, and if there is no payload, you can generally assume that the packet is not a data packet but merely a handshaking packet.
Decent sniffers will show the data payload in another color or something.
I hope that answered your question :)
Posted on 2003-04-16 23:46:36 by Homer