Assembler (NASM): The Best Friend of Network Analysis
Network Analysis is all about details. Understanding protocols and formats requires a deep knowledge of some details, as Big Endian vs Little Endian, Hex to Binary, and other issues that are the daily time of an assembler programmer.
By the way, the TCP/IP protocols standards use a so called a Network Endianness, which is actually a Big Endianness.
To make this knowledge robust and also funny, the solution is to get it in a real need environment, which could not be other than assembler programming.
Also any hiding higher level is removed, and one can get the reality of what happens.
NASM, available at http://www.nasm.us, the Netwide Assembler, is the one I use, to get this grasp on the wire/less.
I do not think that building network analysis can skip this step.
The build of nasm is quite simple. Also it can be found in the default repository, I prefer to download the lastest version, build and install.
Also the resulting installation is only of to single executable files:
nasm (the assembler compiler)
ndisasm (the NASM disassembler)
When the latest version is downloaded currently is version 2.12.01, and the file is nasm-2.12.01.tar.gz, the are steps are the following:
tar zxf nasm-2.12.01.tar.gz
sudo make install