hai,

I'm working on networking related stuff. Here in between I met with a need where I have to analyze the protocol of the application layer.

Upto TCP it was ok. Because there is a protocol field in the ethernet layer telling that the payload is IP and the there is protocol field in IP header telling that the payload is TCP/UDP/ICMP/......

But in TCP/UDP there is no protocol field giving the protocol details of the payload.

I can't blindly go through the port number as there are chances that the servers can be run on other ports also like ftp server can run on port 80.

I googled it. But not able to trace the solution.

So can any body help me how to decide what protocol the application layer(TCP/UDP payload) is?

thanks in advance.

This is the domain of a packet disassembler & protocol analyzer. To glean insight, use a real one such as Wireshark, and it may reveal something about how it operates. I doubt that one can be made to be fool-proof, since the actual application that receives a packet is the only thing that knows for sure how to parse the packet. Commonly used and documented protocols will have some kind of identifiable signature against which the protocol analyzer must compare each packet, or series of packets. The port number is most likely used as a strong hint in the analysis. It will be a very big job to create a competent analyzer, even for a small number of well known protocols. If you simply want the information that such a tool provides, it will be a lot easier to use a ready-made one. If you are interested in a particular protocol for which no template exists, it would probably be welcomed if you were to develop and contribute even a single one.
--- rod.