This is just a curiosity question. I'm not out to hack anyone... I've read a little about these "wardrivers" that run around their neighborhoods with directional antennas, notebooks and a gps unit looking for "holes" in the net via unprotected wireless routers. The idea is that anyone and their dog could park outside someone's house and use the router anonymously to any malicious end they so desired.

What has me confused, though, is the concept of IP packets. I understand that with TCP/IP, the information is sent in small packets for faster two-way transmission and better error control and correction.

Here's the quetion: Does anyone have a good link to information that would help me understand IP packets a little better? When information is spit out of a computer via TCP/IP, like it is with the wireless units, what does it take to put it all back together again and "see" what it is?

Like I said, I'm not out to hack anyone. I don't even have a notebook. I just read some on it, and can't figure out this part (doesn't make sens e to me because I don't understand the concept or how ip packets could be reconstructed).

-Greg

Hopefully, this page will help you, if not try google and you will find more than enough info for your interests.

http://www.linuxadvisory.com/tutorial98.html

Essentially, the transmitting computer takes a stream of data from the application, splits it up into segments small enough to be handled by the network card (say about 1K each). It then adds TCP/IP headers to each, specifying the source and destination addresses as well as a few other details. It then passes these to the network card, which adds its own headers and then sends the data on its merry way.

When the data is received by the network card, normally the operating system on the other end checks the destination address, and if the packet is addressed to it, decodes the headers and sends the data to the appropriate program. The packets are numbered so that they arrive in the correct sequence even in case of varying network delays.

However, with software such as tcpdump or ethereal, you can have the network card receive all packets, not just those addressed to your computer; this is called promiscuous mode. A copy of each packet is then sent to the software, which processes the headers itself and prints them out, lists them in a GUI or whatever.

Ethereal is a very good graphical program to try this out. Even if you're not on a network, you can view locally generated packets.