{"id":604,"date":"2025-09-13T13:10:31","date_gmt":"2025-09-13T09:10:31","guid":{"rendered":"https:\/\/www.arparun.re\/?page_id=604"},"modified":"2025-09-13T13:10:33","modified_gmt":"2025-09-13T09:10:33","slug":"trace","status":"publish","type":"page","link":"https:\/\/www.arparun.re\/index.php\/trace\/","title":{"rendered":"Trace"},"content":{"rendered":"\n<!DOCTYPE html>\n<html lang=\"en\">\n<head>\n    <meta charset=\"UTF-8\">\n    <meta name=\"viewport\" content=\"width=device-width, initial-scale=1.0\">\n    <title>Network Protocol Trace Analyzer<\/title>\n\n<\/head>\n<body>\n    <div class=\"container\">\n        <h1>\ud83c\udf10 Network Protocol Trace Analyzer<\/h1>\n        \n        <div class=\"protocol-selector\">\n            <label for=\"protocolSelect\">Select Protocol:<\/label>\n            <select id=\"protocolSelect\">\n                <option value=\"\">&#8212; Choose a Protocol &#8212;<\/option>\n                <option value=\"dhcp\">DHCP &#8211; Dynamic Host Configuration Protocol<\/option>\n                <option value=\"dns\">DNS &#8211; Domain Name System<\/option>\n                <option value=\"radius\">RADIUS &#8211; Remote Authentication Dial-In User Service<\/option>\n                <option value=\"https\">HTTPS &#8211; HTTP Secure<\/option>\n                <option value=\"802.1x\">802.1X &#8211; Port-Based Network Access Control<\/option>\n                <option value=\"kerberos\">Kerberos &#8211; Authentication Protocol<\/option>\n                <option value=\"smb\">SMB &#8211; Server Message Block<\/option>\n                <option value=\"ssh\">SSH &#8211; Secure Shell<\/option>\n                <option value=\"ftp\">FTP &#8211; File Transfer Protocol<\/option>\n                <option value=\"telnet\">Telnet &#8211; Terminal Network<\/option>\n                <option value=\"snmp\">SNMP &#8211; Simple Network Management Protocol<\/option>\n                <option value=\"ldap\">LDAP &#8211; Lightweight Directory Access Protocol<\/option>\n            <\/select>\n        <\/div>\n\n        <div id=\"protocolInfo\" class=\"protocol-info\"><\/div>\n    <\/div>\n\n    <script>\n        const protocols = {\n            dhcp: {\n                name: \"DHCP\",\n                description: \"Dynamic Host Configuration Protocol - Automatically assigns IP addresses and network configuration\",\n                ports: \"UDP 67 (Server), UDP 68 (Client)\",\n                tcpdump: [\n                    \"tcpdump -i eth0 port 67 or port 68\",\n                    \"tcpdump -i eth0 -v udp and \\\\( port 67 or 68 \\\\)\",\n                    \"tcpdump -i eth0 -s 1500 port bootps or port bootpc\"\n                ],\n                wireshark: [\n                    \"udp.port == 67 or udp.port == 68\",\n                    \"bootp\",\n                    \"dhcp\"\n                ],\n                expected: [\n                    \"DHCP Discover: Client broadcasts request for IP configuration\",\n                    \"DHCP Offer: Server responds with available IP address and options\",\n                    \"DHCP Request: Client requests the offered configuration\",\n                    \"DHCP ACK: Server confirms the lease\",\n                    \"DHCP NAK: Server denies the request (if applicable)\",\n                    \"DHCP Release: Client releases the IP address\",\n                    \"DHCP Renew: Client renews existing lease\"\n                ],\n                analysis: [\n                    \"Look for the 4-way handshake: Discover \u2192 Offer \u2192 Request \u2192 ACK\",\n                    \"Check lease time in DHCP options\",\n                    \"Verify client identifier and hardware address consistency\",\n                    \"Monitor renewal attempts and timing\",\n                    \"Check for DHCP option 82 (relay agent information) in enterprise networks\"\n                ],\n                example: \"14:32:15.123456 IP 0.0.0.0.68 > 255.255.255.255.67: BOOTP\/DHCP, Request from aa:bb:cc:dd:ee:ff, length 300\\n14:32:15.124567 IP 192.168.1.1.67 > 255.255.255.255.68: BOOTP\/DHCP, Reply, length 300\",\n                fulltrace: `\nStep 1: DHCP Discover\n\u2192 Client broadcasts: \"Who can give me an IP?\"\n   Source: 0.0.0.0:68 \u2192 Destination: 255.255.255.255:67\n   MAC: aa:bb:cc:dd:ee:ff\n   Options: Requested IP: any, Max Size: 1500\n\nStep 2: DHCP Offer\n\u2190 Server responds: \"I have 192.168.1.100 for you!\"\n   Source: 192.168.1.1:67 \u2192 Destination: 255.255.255.255:68\n   Offered IP: 192.168.1.100\n   Subnet mask: 255.255.255.0\n   Router: 192.168.1.1\n   DNS: 8.8.8.8\n   Lease time: 86400 seconds\n\nStep 3: DHCP Request\n\u2192 Client broadcasts: \"I accept 192.168.1.100!\"\n   Source: 0.0.0.0:68 \u2192 Destination: 255.255.255.255:67\n   Requested IP: 192.168.1.100\n   Server ID: 192.168.1.1\n\nStep 4: DHCP ACK\n\u2190 Server confirms: \"Lease granted! You're online.\"\n   Source: 192.168.1.1:67 \u2192 Destination: 255.255.255.255:68\n   IP: 192.168.1.100\n   Lease time: 86400\n   DNS: 8.8.8.8, 8.8.4.4\n   Gateway: 192.168.1.1\n   \u2705 Client now has full network access!\n                `\n            },\n            dns: {\n                name: \"DNS\",\n                description: \"Domain Name System - Resolves domain names to IP addresses\",\n                ports: \"UDP\/TCP 53\",\n                tcpdump: [\n                    \"tcpdump -i eth0 port 53\",\n                    \"tcpdump -i eth0 -s 1500 'udp port 53'\",\n                    \"tcpdump -i eth0 'port 53 and host 8.8.8.8'\"\n                ],\n                wireshark: [\n                    \"dns\",\n                    \"udp.port == 53 or tcp.port == 53\",\n                    \"dns.qry.name contains \\\"example.com\\\"\"\n                ],\n                expected: [\n                    \"Query: Client asks for A, AAAA, MX, CNAME, or other record types\",\n                    \"Response: Server returns requested records or error codes\",\n                    \"Recursive queries to upstream DNS servers\",\n                    \"Authority and Additional sections in responses\",\n                    \"NXDOMAIN responses for non-existent domains\"\n                ],\n                analysis: [\n                    \"Check query ID matching between request and response\",\n                    \"Monitor response codes (NOERROR, NXDOMAIN, SERVFAIL)\",\n                    \"Verify TTL values for caching behavior\",\n                    \"Look for DNS over TCP for large responses (>512 bytes)\",\n                    \"Check for DNSSEC signatures if implemented\"\n                ],\n                example: \"14:32:15.123456 IP 192.168.1.100.54321 > 8.8.8.8.53: 12345+ A? www.example.com. (32)\\n14:32:15.145678 IP 8.8.8.8.53 > 192.168.1.100.54321: 12345 1\/0\/0 A 93.184.216.34 (48)\",\n                fulltrace: `\nStep 1: DNS Query\n\u2192 Client sends: \"What is the IP of www.example.com?\"\n   Source: 192.168.1.100:54321 \u2192 Destination: 8.8.8.8:53\n   Query ID: 12345\n   Question: www.example.com. IN A\n\nStep 2: DNS Response\n\u2190 Resolver replies: \"www.example.com \u2192 93.184.216.34\"\n   Source: 8.8.8.8:53 \u2192 Destination: 192.168.1.100:54321\n   Query ID: 12345 (matches)\n   Answer: www.example.com. 299 IN A 93.184.216.34\n   Authority: (none)\n   Additional: (none)\n   \u2705 TTL: 299 seconds \u2192 cached locally\n\nStep 3: Cache Hit (Optional)\n\u2192 Client uses cached result \u2192 No new query sent for next 5 minutes\n                `\n            },\n            https: {\n                name: \"HTTPS\",\n                description: \"HTTP Secure - Encrypted web traffic over TLS\/SSL\",\n                ports: \"TCP 443\",\n                tcpdump: [\n                    \"tcpdump -i eth0 port 443\",\n                    \"tcpdump -i eth0 -s 1500 'tcp port 443'\",\n                    \"tcpdump -i eth0 'host www.example.com and port 443'\"\n                ],\n                wireshark: [\n                    \"ssl or tls\",\n                    \"tcp.port == 443\",\n                    \"ssl.handshake.type == 1\"\n                ],\n                expected: [\n                    \"TCP 3-way handshake (SYN, SYN-ACK, ACK)\",\n                    \"TLS Client Hello with supported ciphers and extensions\",\n                    \"TLS Server Hello with chosen cipher suite\",\n                    \"TLS Certificate exchange\",\n                    \"TLS Key Exchange and Finished messages\",\n                    \"Encrypted application data (HTTP requests\/responses)\"\n                ],\n                analysis: [\n                    \"Verify certificate validity and chain of trust\",\n                    \"Check TLS version (1.2, 1.3) and cipher suites\",\n                    \"Monitor for certificate warnings or errors\",\n                    \"Look for SNI (Server Name Indication) in Client Hello\",\n                    \"Check for proper session resumption if applicable\"\n                ],\n                example: \"14:32:15.123456 IP client.example.com.54321 > server.example.com.443: Flags [S], seq 123456789\\n14:32:15.124567 IP server.example.com.443 > client.example.com.54321: Flags [S.], seq 987654321, ack 123456790\\n[TLS handshake follows...]\",\n                fulltrace: `\nStep 1: TCP 3-Way Handshake\n\u2192 SYN: client \u2192 server (seq=123456789)\n\u2190 SYN-ACK: server \u2192 client (seq=987654321, ack=123456790)\n\u2192 ACK: client \u2192 server (ack=987654322)\n\nStep 2: TLS Client Hello\n\u2192 Client sends: Supported versions (TLS 1.2, 1.3), ciphersuites, SNI: www.example.com\n   Extensions: ALPN, EC point formats, key share (for TLS 1.3)\n\nStep 3: TLS Server Hello\n\u2190 Server replies: Chosen version (TLS 1.3), cipher (TLS_AES_256_GCM_SHA384)\n   Sends server certificate (RSA 2048-bit)\n   Sends ECDHE public key for key exchange\n   Sends signature (using private key)\n\nStep 4: Certificate Verification\n\u2192 Client validates cert chain \u2192 trusted CA \u2192 matches SNI\n\u2192 Client generates premaster secret \u2192 encrypts with server public key\n\nStep 5: Key Exchange & Finished\n\u2192 Client sends encrypted key exchange data\n\u2192 Both sides derive session keys\n\u2192 Client sends \"Finished\" message (hash of all prior messages)\n\u2190 Server sends \"Finished\" message\n\nStep 6: Encrypted Application Data\n\u2192 Client: GET \/ HTTP\/1.1\\r\\nHost: www.example.com\\r\\n...\n\u2190 Server: HTTP\/1.1 200 OK\\r\\nContent-Type: text\/html\\r\\n...\n\n\u2705 All subsequent packets are encrypted AES-256-GCM\nNo plaintext visible in packet capture!\n                `\n            },\n            ssh: {\n                name: \"SSH\",\n                description: \"Secure Shell - Encrypted remote login and command execution\",\n                ports: \"TCP 22\",\n                tcpdump: [\n                    \"tcpdump -i eth0 port 22\",\n                    \"tcpdump -i eth0 -s 1500 'tcp port 22'\",\n                    \"tcpdump -i eth0 'host ssh-server and port 22'\"\n                ],\n                wireshark: [\n                    \"ssh\",\n                    \"tcp.port == 22\",\n                    \"ssh.message_code == 1\"\n                ],\n                expected: [\n                    \"TCP 3-way handshake\",\n                    \"SSH Protocol Version Exchange\",\n                    \"SSH Key Exchange Init (client and server)\",\n                    \"Diffie-Hellman Key Exchange\",\n                    \"SSH New Keys message\",\n                    \"SSH User Authentication Request\",\n                    \"Encrypted application data\"\n                ],\n                analysis: [\n                    \"Check SSH protocol version (1.99, 2.0)\",\n                    \"Verify key exchange algorithms and ciphers\",\n                    \"Monitor authentication methods (password, public key)\",\n                    \"Look for host key verification\",\n                    \"Check for proper session encryption after key exchange\"\n                ],\n                example: \"14:32:15.123456 IP client.example.com.54321 > server.example.com.22: SSH-2.0-OpenSSH_8.3\\n14:32:15.124567 IP server.example.com.22 > client.example.com.54321: SSH-2.0-OpenSSH_7.4\",\n                fulltrace: `\nStep 1: TCP 3-Way Handshake\n\u2192 SYN: client \u2192 server\n\u2190 SYN-ACK: server \u2192 client\n\u2192 ACK: client \u2192 server\n\nStep 2: Version Exchange\n\u2192 Client: SSH-2.0-OpenSSH_8.3\n\u2190 Server: SSH-2.0-OpenSSH_7.4\n\nStep 3: Key Exchange Init\n\u2192 Client: Sends KEXINIT packet (supported algorithms: curve25519-sha256, hmac-sha2-256)\n\u2190 Server: Responds with selected algorithm: curve25519-sha256@libssh.org\n\nStep 4: Diffie-Hellman Exchange\n\u2192 Client: Sends public key (ECDH)\n\u2190 Server: Sends public key (ECDH) + host key signature (RSA\/ECDSA)\n\nStep 5: New Keys\n\u2192 Client: Sends NEWKEYS (switches to encrypted channel)\n\u2190 Server: Sends NEWKEYS\n\nStep 6: Authentication\n\u2192 Client: Sends AUTH_REQUEST (public key: ~\/.ssh\/id_rsa.pub)\n\u2190 Server: Sends AUTH_SUCCESS (authenticated!)\n\nStep 7: Session Start\n\u2192 Client: Requests shell: exec request (shell)\n\u2190 Server: Opens pseudo-terminal, starts bash\n\n\u2705 All further input\/output (typing commands, output) is encrypted\nNo password or keystrokes visible in capture!\n                `\n            },\n            radius: {\n                name: \"RADIUS\",\n                description: \"Remote Authentication Dial-In User Service - Centralized authentication and authorization\",\n                ports: \"UDP 1812 (Auth), UDP 1813 (Acct)\",\n                tcpdump: [\n                    \"tcpdump -i eth0 port 1812 or port 1813\",\n                    \"tcpdump -i eth0 -s 1500 'udp and (port 1812 or port 1813)'\",\n                    \"tcpdump -i eth0 host radius-server and port 1812\"\n                ],\n                wireshark: [\n                    \"radius\",\n                    \"udp.port == 1812 or udp.port == 1813\",\n                    \"radius.code == 1\"\n                ],\n                expected: [\n                    \"Access-Request: Client authentication attempt\",\n                    \"Access-Accept: Successful authentication\",\n                    \"Access-Reject: Failed authentication\",\n                    \"Access-Challenge: Multi-factor authentication request\",\n                    \"Accounting-Request: Start\/Stop\/Update accounting records\",\n                    \"Accounting-Response: Accounting acknowledgment\"\n                ],\n                analysis: [\n                    \"Match Request Authenticator and Response Authenticator\",\n                    \"Check User-Name and User-Password attributes\",\n                    \"Monitor Framed-IP-Address assignments\",\n                    \"Look for vendor-specific attributes (VSAs)\",\n                    \"Verify accounting start\/stop pairs for session tracking\"\n                ],\n                example: \"14:32:15.123456 IP nas.example.com.1645 > radius.example.com.1812: RADIUS, Access-Request (1), id: 0x42, length: 85\\n14:32:15.145678 IP radius.example.com.1812 > nas.example.com.1645: RADIUS, Access-Accept (2), id: 0x42, length: 64\",\n                fulltrace: `\nStep 1: Access-Request\n\u2192 NAS (Router\/AP): \"User 'alice' wants to connect\"\n   Username: alice\n   Password: encrypted (MD5 hash using shared secret)\n   NAS-IP: 192.168.1.10\n   NAS-Port: 123\n   Calling-Station-ID: aa:bb:cc:dd:ee:ff\n\nStep 2: Access-Challenge (Optional - for 2FA)\n\u2190 RADIUS: \"Send OTP token\"\n   Attribute: State (token challenge)\n\nStep 3: Access-Request (with OTP)\n\u2192 NAS: \"OTP: 789012\"\n   Re-sends username + new password hash\n\nStep 4: Access-Accept\n\u2190 RADIUS: \"Welcome, alice!\"\n   Framed-IP-Address: 192.168.1.101\n   Filter-ID: allow-internet\n   Session-Timeout: 3600\n   Idle-Timeout: 600\n\nStep 5: Accounting-Start\n\u2192 NAS: \"Session started at 14:32:15\"\n   Acct-Session-ID: abc123\n   Acct-Status-Type: Start\n\nStep 6: Accounting-Stop\n\u2192 NAS: \"Session ended at 14:45:00\"\n   Acct-Session-ID: abc123\n   Acct-Status-Type: Stop\n   Acct-Output-Octets: 1234567\n   Acct-Input-Octets: 890123\n                `\n            },\n            kerberos: {\n                name: \"Kerberos\",\n                description: \"Network authentication protocol using tickets and symmetric key cryptography\",\n                ports: \"UDP\/TCP 88, UDP\/TCP 749\",\n                tcpdump: [\n                    \"tcpdump -i eth0 port 88\",\n                    \"tcpdump -i eth0 'port 88 or port 749'\",\n                    \"tcpdump -i eth0 -s 1500 'udp port 88'\"\n                ],\n                wireshark: [\n                    \"kerberos\",\n                    \"udp.port == 88 or tcp.port == 88\",\n                    \"kerberos.msg_type == 10\"\n                ],\n                expected: [\n                    \"AS-REQ: Authentication Server Request (ticket-granting ticket request)\",\n                    \"AS-REP: Authentication Server Reply (TGT + session key)\",\n                    \"TGS-REQ: Ticket-Granting Server Request (service ticket request)\",\n                    \"TGS-REP: Ticket-Granting Server Reply (service ticket)\",\n                    \"AP-REQ: Application Server Request (service authentication)\",\n                    \"AP-REP: Application Server Reply (mutual authentication)\"\n                ],\n                analysis: [\n                    \"Check principal names (user@REALM format)\",\n                    \"Verify encryption types and algorithms used\",\n                    \"Monitor ticket lifetime and renewal\",\n                    \"Look for pre-authentication failures\",\n                    \"Check for clock skew errors between client and server\"\n                ],\n                example: \"14:32:15.123456 IP client.example.com.54321 > kdc.example.com.88: UDP, length 234 [AS-REQ]\\n14:32:15.145678 IP kdc.example.com.88 > client.example.com.54321: UDP, length 567 [AS-REP]\",\n                fulltrace: `\nStep 1: AS-REQ (Authentication Server Request)\n\u2192 Client: \"I'm alice@EXAMPLE.COM, authenticate me\"\n   Realm: EXAMPLE.COM\n   Nonce: 0x12345678\n   Pre-auth: timestamp encrypted with user's password hash\n\nStep 2: AS-REP (Authentication Server Reply)\n\u2190 KDC: \"Here's your TGT and session key\"\n   TGT: Encrypted with KDC's secret key\n   Session Key (SK1): Encrypted with user's password hash\n   Valid until: 14:32:15 + 8 hours\n\nStep 3: TGS-REQ (Ticket Granting Server Request)\n\u2192 Client: \"I want to access fileserver@EXAMPLE.COM\"\n   TGT: From AS-REP\n   Authenticator: Timestamp encrypted with SK1\n\nStep 4: TGS-REP (Ticket Granting Server Reply)\n\u2190 KDC: \"Here's service ticket for fileserver\"\n   Service Ticket: Encrypted with fileserver's key\n   Session Key (SK2): Encrypted with SK1\n\nStep 5: AP-REQ (Application Request)\n\u2192 Client: \"Authenticate me to fileserver\"\n   Service Ticket: From TGS-REP\n   Authenticator: Timestamp encrypted with SK2\n\nStep 6: AP-REP (Application Reply)\n\u2190 Fileserver: \"Authenticated! Here's mutual proof\"\n   Encrypted timestamp (from authenticator) + 1 second added\n   \u2705 Mutual authentication complete!\n                `\n            },\n            smb: {\n                name: \"SMB\",\n                description: \"Server Message Block - File and printer sharing protocol\",\n                ports: \"TCP 445 (SMB), TCP 139 (NetBIOS)\",\n                tcpdump: [\n                    \"tcpdump -i eth0 port 445\",\n                    \"tcpdump -i eth0 'port 445 or port 139'\",\n                    \"tcpdump -i eth0 -s 1500 'tcp port 445'\"\n                ],\n                wireshark: [\n                    \"smb or smb2\",\n                    \"tcp.port == 445 or tcp.port == 139\",\n                    \"smb2.cmd == 0\"\n                ],\n                expected: [\n                    \"SMB Negotiate: Client-server protocol negotiation\",\n                    \"SMB Session Setup: User authentication\",\n                    \"SMB Tree Connect: Connect to shared resource\",\n                    \"SMB Create\/Open: File or directory operations\",\n                    \"SMB Read\/Write: Data transfer operations\",\n                    \"SMB Close: File handle closure\",\n                    \"SMB Tree Disconnect: Disconnect from share\"\n                ],\n                analysis: [\n                    \"Check SMB version (1.0, 2.0, 2.1, 3.0, 3.1.1)\",\n                    \"Verify authentication method (NTLM, Kerberos)\",\n                    \"Monitor file access permissions and errors\",\n                    \"Look for signing and encryption capabilities\",\n                    \"Check for opportunistic locking (OpLocks) usage\"\n                ],\n                example: \"14:32:15.123456 IP client.example.com.54321 > server.example.com.445: SMB2 Negotiate Protocol Request\\n14:32:15.124567 IP server.example.com.445 > client.example.com.54321: SMB2 Negotiate Protocol Response\",\n                fulltrace: `\nStep 1: SMB2 Negotiate\n\u2192 Client: \"I support SMB 2.1, 3.0, 3.1.1\"\n   Capabilities: Encryption, Signing, Directory Leasing\n   Security Mode: Signing enabled\n\n\u2190 Server: \"I support SMB 3.1.1, AES-128-GCM, Signing\"\n\nStep 2: Session Setup\n\u2192 Client: \"Authenticate as DOMAIN\\\\alice\"\n   NTLMSSP_AUTH: Hash of password (NTLMv2)\n\n\u2190 Server: \"Authenticated via NTLMv2\"\n   Session ID: 0x12345678\n   Flags: Signed, Encrypted\n\nStep 3: Tree Connect\n\u2192 Client: \"Mount share '\\\\\\\\server\\\\SharedDocs'\"\n   Share type: Disk\n\n\u2190 Server: \"Share mounted successfully\"\n   Tree ID: 0x0001\n\nStep 4: Create\/Open\n\u2192 Client: \"Open file 'report.docx' for read\"\n   Desired Access: FILE_READ_DATA\n   Share Mode: FILE_SHARE_READ\n\n\u2190 Server: \"File opened, handle: 0x1234\"\n\nStep 5: Read\n\u2192 Client: \"Read 1024 bytes from offset 0\"\n   Offset: 0\n   Length: 1024\n\n\u2190 Server: \"Data returned (encrypted)\"\n   Data: 1024 bytes of file content\n\nStep 6: Close\n\u2192 Client: \"Close handle 0x1234\"\n\n\u2190 Server: \"Handle closed\"\n\nStep 7: Tree Disconnect\n\u2192 Client: \"Disconnect from share\"\n\n\u2190 Server: \"Disconnected\"\n\n\u2705 Session ends cleanly. All data encrypted via AES-128-GCM.\n                `\n            },\n            ldap: {\n                name: \"LDAP\",\n                description: \"Lightweight Directory Access Protocol - Directory service access\",\n                ports: \"TCP 389 (LDAP), TCP 636 (LDAPS)\",\n                tcpdump: [\n                    \"tcpdump -i eth0 port 389\",\n                    \"tcpdump -i eth0 'port 389 or port 636'\",\n                    \"tcpdump -i eth0 -s 1500 'tcp port 389'\"\n                ],\n                wireshark: [\n                    \"ldap\",\n                    \"tcp.port == 389 or tcp.port == 636\",\n                    \"ldap.messageID\"\n                ],\n                expected: [\n                    \"BindRequest: Authentication to directory\",\n                    \"BindResponse: Authentication result\",\n                    \"SearchRequest: Query directory entries\",\n                    \"SearchResultEntry: Individual search results\",\n                    \"SearchResultDone: End of search results\",\n                    \"ModifyRequest: Update directory entries\",\n                    \"AddRequest\/DelRequest: Create\/delete entries\"\n                ],\n                analysis: [\n                    \"Check bind DN (Distinguished Name) format\",\n                    \"Monitor search base and filter criteria\",\n                    \"Verify proper authentication (simple vs SASL)\",\n                    \"Look for referrals to other LDAP servers\",\n                    \"Check for StartTLS usage for encryption\"\n                ],\n                example: \"14:32:15.123456 IP client.example.com.54321 > ldap.example.com.389: LDAP BindRequest(1) simple bind\\n14:32:15.124567 IP ldap.example.com.389 > client.example.com.54321: LDAP BindResponse(1) success\",\n                fulltrace: `\nStep 1: BindRequest (Simple Auth)\n\u2192 Client: \"Bind as cn=admin,dc=example,dc=com\"\n   Password: secretpassword\n\n\u2190 Server: \"Success\" (code 0)\n\nStep 2: SearchRequest\n\u2192 Client: \"Find all users with department=IT\"\n   Base: dc=example,dc=com\n   Scope: subtree\n   Filter: (&(objectClass=person)(department=IT))\n   Attributes: cn, mail, telephoneNumber\n\nStep 3: SearchResultEntry\n\u2190 Server: \"Found 3 entries\"\n   Entry 1: cn=Alice Smith,ou=IT,dc=example,dc=com\n      mail: alice@example.com\n      telephoneNumber: +1-555-1234\n   Entry 2: cn=Bob Jones,ou=IT,dc=example,dc=com\n      mail: bob@example.com\n   Entry 3: cn=Carol Lee,ou=IT,dc=example,dc=com\n\nStep 4: SearchResultDone\n\u2190 Server: \"Search completed. 3 results.\"\n\nStep 5: UnbindRequest\n\u2192 Client: \"End session\"\n\n\u2190 Server: \"Connection closed\"\n\n\u2705 No encryption used \u2192 credentials transmitted in plaintext!\nRecommended: Use LDAPS (TCP 636) or StartTLS.\n                `\n            },\n            snmp: {\n                name: \"SNMP\",\n                description: \"Simple Network Management Protocol - Network device monitoring and management\",\n                ports: \"UDP 161 (Agent), UDP 162 (Trap)\",\n                tcpdump: [\n                    \"tcpdump -i eth0 port 161\",\n                    \"tcpdump -i eth0 'port 161 or port 162'\",\n                    \"tcpdump -i eth0 -s 1500 'udp port 161'\"\n                ],\n                wireshark: [\n                    \"snmp\",\n                    \"udp.port == 161 or udp.port == 162\",\n                    \"snmp.version == 2\"\n                ],\n                expected: [\n                    \"GetRequest: Retrieve specific OID values\",\n                    \"GetNextRequest: Walk through MIB tree\",\n                    \"GetBulkRequest: Efficient bulk data retrieval (v2c\/v3)\",\n                    \"SetRequest: Modify configuration values\",\n                    \"GetResponse: Response to GET operations\",\n                    \"Trap: Unsolicited notifications from agents\",\n                    \"InformRequest: Acknowledged trap (v2c\/v3)\"\n                ],\n                analysis: [\n                    \"Check SNMP version (v1, v2c, v3)\",\n                    \"Monitor community strings (security concern in v1\/v2c)\",\n                    \"Verify OID (Object Identifier) validity\",\n                    \"Look for error-status in responses\",\n                    \"For v3: Check authentication and encryption\"\n                ],\n                example: \"14:32:15.123456 IP manager.example.com.54321 > agent.example.com.161: GetRequest(25) system.sysDescr.0\\n14:32:15.124567 IP agent.example.com.161 > manager.example.com.54321: GetResponse(25) system.sysDescr.0=\\\"Cisco Router\\\"\",\n                fulltrace: `\nStep 1: GetRequest (v2c)\n\u2192 Manager: \"Give me sysDescr (1.3.6.1.2.1.1.1.0)\"\n   Community: public (read-only)\n   Request ID: 12345\n\n\u2190 Agent: \"sysDescr = Cisco IOS Software, C2960 Software...\"\n   Error status: noError\n   Error index: 0\n   Value: string \"Cisco IOS...\"\n\nStep 2: GetNextRequest (Walk)\n\u2192 Manager: \"Give me next OID after sysDescr\"\n   OID: 1.3.6.1.2.1.1.1.0 \u2192 next is 1.3.6.1.2.1.1.2.0 (sysObjectID)\n\n\u2190 Agent: \"sysObjectID = 1.3.6.1.4.1.9.1.1234\"\n\nStep 3: Trap (Unsolicited)\n\u2190 Agent: \"Interface GigabitEthernet0\/1 went DOWN\"\n   Enterprise: cisco\n   Generic trap: linkDown (2)\n   Specific trap: 0\n   Timestamp: 123456789\n   Varbinds: ifIndex=1, ifAdminStatus=down, ifOperStatus=down\n\nStep 4: InformRequest (Acknowledged Trap)\n\u2192 Agent: \"System reboot detected\" (requires ACK)\n\u2190 Manager: \"Inform received, thank you\" (response PDU)\n\n\u2705 SNMPv2c uses plaintext community strings \u2014 vulnerable!\nRecommend: Upgrade to SNMPv3 with auth+privacy.\n                `\n            },\n            ftp: {\n                name: \"FTP\",\n                description: \"File Transfer Protocol - File transfer over network\",\n                ports: \"TCP 21 (Control), TCP 20 (Data)\",\n                tcpdump: [\n                    \"tcpdump -i eth0 port 21\",\n                    \"tcpdump -i eth0 'port 21 or port 20'\",\n                    \"tcpdump -i eth0 -A 'tcp port 21'\"\n                ],\n                wireshark: [\n                    \"ftp or ftp-data\",\n                    \"tcp.port == 21 or tcp.port == 20\",\n                    \"ftp.request.command == \\\"USER\\\"\"\n                ],\n                expected: [\n                    \"FTP Control Connection on port 21\",\n                    \"USER command with username\",\n                    \"PASS command with password (plaintext!)\",\n                    \"PASV\/PORT commands for data channel setup\",\n                    \"Data connection on port 20 or high port\",\n                    \"LIST, RETR, STOR commands for operations\",\n                    \"Response codes (220, 230, 425, 550, etc.)\"\n                ],\n                analysis: [\n                    \"Monitor active vs passive mode usage\",\n                    \"Check for successful login (230 response)\",\n                    \"Look for data transfer completion codes\",\n                    \"Verify proper connection teardown\",\n                    \"Security note: Credentials sent in plaintext\"\n                ],\n                example: \"14:32:15.123456 IP client.example.com.54321 > ftp.example.com.21: USER anonymous\\n14:32:15.124567 IP ftp.example.com.21 > client.example.com.54321: 331 Please specify the password\",\n                fulltrace: `\nStep 1: Control Connection (Port 21)\n\u2192 Client connects to ftp.example.com:21\n\nStep 2: Login Sequence\n\u2192 Client: USER anonymous\n\u2190 Server: 331 Please specify the password\n\n\u2192 Client: PASS guest123\n\u2190 Server: 230 Login successful.\n\nStep 3: Passive Mode Setup\n\u2192 Client: PASV\n\u2190 Server: 227 Entering Passive Mode (192,168,1,10,12,34)\n   \u2192 Data port = 12*256 + 34 = 3106\n\nStep 4: Data Connection (Port 3106)\n\u2192 Client connects to 192.168.1.10:3106\n\nStep 5: List Files\n\u2192 Client: LIST\n\u2190 Server: Sends directory listing over data connection\n   drwxr-xr-x 2 ftp ftp 4096 Jan 1 12:00 docs\n   -rw-r--r-- 1 ftp ftp 1024 Jan 1 12:00 report.pdf\n\nStep 6: Download File\n\u2192 Client: RETR report.pdf\n\u2190 Server: Transfers file over data connection\n   ... binary data ...\n\nStep 7: Quit\n\u2192 Client: QUIT\n\u2190 Server: 221 Goodbye.\n\n\u2705 Entire session unencrypted \u2014 username, password, files, commands all visible!\n\u26d4 Never use FTP in production. Use SFTP\/FTPS instead.\n                `\n            },\n            telnet: {\n                name: \"Telnet\",\n                description: \"Terminal Network Protocol - Unencrypted remote terminal access\",\n                ports: \"TCP 23\",\n                tcpdump: [\n                    \"tcpdump -i eth0 port 23\",\n                    \"tcpdump -i eth0 -A 'tcp port 23'\",\n                    \"tcpdump -i eth0 -s 1500 'port 23'\"\n                ],\n                wireshark: [\n                    \"telnet\",\n                    \"tcp.port == 23\",\n                    \"telnet.data\"\n                ],\n                expected: [\n                    \"TCP connection establishment\",\n                    \"Telnet option negotiation (IAC commands)\",\n                    \"Login prompt and credentials (plaintext)\",\n                    \"Interactive terminal session data\",\n                    \"Character-by-character transmission\",\n                    \"Telnet control commands (IAC, WILL, WONT, DO, DONT)\"\n                ],\n                analysis: [\n                    \"All data transmitted in plaintext - security risk\",\n                    \"Look for telnet option negotiations\",\n                    \"Monitor for authentication attempts\",\n                    \"Check for proper session termination\",\n                    \"Consider recommending SSH replacement\"\n                ],\n                example: \"14:32:15.123456 IP client.example.com.54321 > server.example.com.23: [telnet data]\\n14:32:15.124567 IP server.example.com.23 > client.example.com.54321: login:\",\n                fulltrace: `\nStep 1: TCP Connection\n\u2192 Client connects to server:23\n\nStep 2: Option Negotiation\n\u2190 Server: IAC WILL TERMINAL-TYPE\n\u2192 Client: IAC DO TERMINAL-TYPE\n\u2190 Server: IAC SB TERMINAL-TYPE VT100 IAC SE\n\nStep 3: Login Prompt\n\u2190 Server: login: \n\u2192 Client: admin\n\u2190 Server: Password: \n\n\u2192 Client: mypassword123\n   \u2705 This is sent in PLAINTEXT \u2014 visible in packet capture!\n\nStep 4: Interactive Session\n\u2192 Client: ls -la\n\u2190 Server: total 12\n          drwxr-xr-x 2 root root 4096 Jan 1 12:00 .\n          drwxr-xr-x 5 root root 4096 Jan 1 12:00 ..\n          -rw-r--r-- 1 root root  123 Jan 1 12:00 file.txt\n\nStep 5: Logout\n\u2192 Client: exit\n\u2190 Server: Connection closed by foreign host.\n\n\u26a0\ufe0f WARNING: Every keystroke, every password, every command is logged in clear text.\n\u26d4 Telnet is obsolete. Use SSH for secure remote access.\n                `\n            },\n            \"802.1x\": {\n                name: \"802.1X\",\n                description: \"Port-Based Network Access Control - Authentication for network access\",\n                ports: \"EAP over LAN (EAPoL)\",\n                tcpdump: [\n                    \"tcpdump -i eth0 ether proto 0x888e\",\n                    \"tcpdump -i eth0 -e 'ether[12:2] = 0x888e'\",\n                    \"tcpdump -i eth0 -xx ether proto 0x888e\"\n                ],\n                wireshark: [\n                    \"eapol\",\n                    \"eap\",\n                    \"ether.type == 0x888e\"\n                ],\n                expected: [\n                    \"EAPOL-Start: Supplicant initiates authentication\",\n                    \"EAP-Request Identity: Authenticator requests identity\",\n                    \"EAP-Response Identity: Supplicant provides username\",\n                    \"EAP method negotiation (PEAP, EAP-TLS, EAP-TTLS, etc.)\",\n                    \"RADIUS Access-Request to authentication server\",\n                    \"EAP-Success or EAP-Failure\",\n                    \"EAPOL-Key for dynamic key distribution\"\n                ],\n                analysis: [\n                    \"Verify EAP method compatibility between client and server\",\n                    \"Check certificate validation in EAP-TLS\",\n                    \"Monitor RADIUS communication between authenticator and server\",\n                    \"Look for proper key distribution after successful authentication\",\n                    \"Check for reauthentication timers and intervals\"\n                ],\n                example: \"14:32:15.123456 aa:bb:cc:dd:ee:ff > 01:80:c2:00:00:03, EAPOL start (1), length 0\\n14:32:15.124567 01:80:c2:00:00:03 > aa:bb:cc:dd:ee:ff, EAP, Request (1) id 1, length 5: Identity\",\n                fulltrace: `\nStep 1: EAPOL-Start\n\u2192 Client (Supplicant): Broadcasts EAPOL-Start frame\n   Dest: 01:80:c2:00:00:03 (Multicast group)\n   EtherType: 0x888E\n\nStep 2: EAP-Request Identity\n\u2190 Authenticator (Switch): \"Who are you?\"\n   EAP Code: Request\n   Type: Identity\n   ID: 1\n   Data: (empty)\n\nStep 3: EAP-Response Identity\n\u2192 Client: \"I'm Alice\"\n   EAP Code: Response\n   Type: Identity\n   ID: 1\n   Data: alice@company.com\n\nStep 4: RADIUS Access-Request\n\u2190 Authenticator forwards to RADIUS server\n   Username: alice@company.com\n   NAS-Identifier: switch01\n   NAS-Port: Gi1\/0\/1\n   Called-Station-ID: AA:BB:CC:DD:EE:FF\n\nStep 5: RADIUS Access-Challenge\n\u2190 RADIUS: \"Send PEAP token\"\n   MS-CHAPv2 Challenge\n\nStep 6: EAP-Response PEAP\n\u2192 Client: Sends inner EAP-TLS handshake (encrypted)\n   Certificate presented by server validated\n   Client certificate authenticated\n\nStep 7: EAP-Success\n\u2190 RADIUS: \"Authentication succeeded\"\n   EAP Code: Success\n   ID: 1\n\nStep 8: EAPOL-Key\n\u2190 Authenticator: Sends 4-way handshake (WPA2\/WPA3)\n   Key: Derived from EAP session\n   MIC: Message Integrity Check\n   Encrypted TKIP\/AES keys distributed\n\nStep 9: Port Enabled\n\u2192 Switch: Unblocks port \u2192 Client gets DHCP IP \u2192 Network access granted!\n\n\u2705 EAP-TLS is strongest 802.1X method \u2014 mutual certificate authentication.\nEAP-PEAP is common in enterprises (username\/password inside TLS tunnel).\n                `\n            }\n        };\n\n        function displayProtocolInfo(protocolKey) {\n            const protocol = protocols[protocolKey];\n            if (!protocol) return;\n\n            const infoDiv = document.getElementById('protocolInfo');\n            \n            infoDiv.innerHTML = `\n                <div class=\"protocol-overview\">\n                    <h2>${protocol.name}<\/h2>\n                    <p>${protocol.description}<\/p>\n                    <div class=\"port-info\">Ports: ${protocol.ports}<\/div>\n                <\/div>\n\n                <div class=\"section commands\">\n                    <h3>TCPDump Commands<\/h3>\n                    ${protocol.tcpdump.map(cmd => `\n                        <div class=\"command-block\" style=\"position: relative;\">\n                            <button class=\"copy-btn\">Copy<\/button>\n                            ${cmd}\n                        <\/div>\n                    `).join('')}\n                    \n                    <h3>Wireshark Filters<\/h3>\n                    ${protocol.wireshark.map(filter => `\n                        <div class=\"command-block\" style=\"position: relative;\">\n                            <button class=\"copy-btn\">Copy<\/button>\n                            ${filter}\n                        <\/div>\n                    `).join('')}\n                <\/div>\n\n                <div class=\"section expected\">\n                    <h3>What to Expect in Trace<\/h3>\n                    <ul>\n                        ${protocol.expected.map(item => `<li>${item}<\/li>`).join('')}\n                    <\/ul>\n                <\/div>\n\n                <div class=\"section analysis\">\n                    <h3>Analysis Points<\/h3>\n                    <ul>\n                        ${protocol.analysis.map(item => `<li>${item}<\/li>`).join('')}\n                    <\/ul>\n                <\/div>\n\n                <div class=\"section fulltrace\">\n                    <h3>Full Trace Example (Handshake + Data Flow)<\/h3>\n                    <div class=\"fulltrace-example\">${protocol.fulltrace || '<p>No detailed trace example available for this protocol.<\/p>'}<\/div>\n                <\/div>\n\n                <div class=\"section\">\n                    <h3>Example Trace Output (Raw Snippet)<\/h3>\n                    <div class=\"trace-example\">${protocol.example}<\/div>\n                <\/div>\n            `;\n            \n            infoDiv.style.display = 'block';\n        }\n\n        function copyToClipboard(text) {\n            navigator.clipboard.writeText(text).then(function() {\n                \/\/ Create a temporary notification\n                const notification = document.createElement('div');\n                notification.textContent = 'Copied to clipboard!';\n                notification.style.cssText = `\n                    position: fixed;\n                    top: 20px;\n                    right: 20px;\n                    background: #4CAF50;\n                    color: white;\n                    padding: 10px 20px;\n                    border-radius: 5px;\n                    z-index: 1000;\n                    font-size: 14px;\n                    box-shadow: 0 4px 8px rgba(0,0,0,0.2);\n                    animation: slideIn 0.3s ease-in-out;\n                `;\n                \n                \/\/ Add animation keyframes (only once)\n                if (!document.getElementById('copyNotificationStyle')) {\n                    const style = document.createElement('style');\n                    style.id = 'copyNotificationStyle';\n                    style.textContent = `\n                        @keyframes slideIn {\n                            from { transform: translateX(100%); opacity: 0; }\n                            to { transform: translateX(0); opacity: 1; }\n                        }\n                    `;\n                    document.head.appendChild(style);\n                }\n                \n                document.body.appendChild(notification);\n                \n                setTimeout(() => {\n                    document.body.removeChild(notification);\n                }, 2000);\n            }).catch(function(err) {\n                console.error('Could not copy text: ', err);\n                alert('Copy failed. Please select and copy manually.');\n            });\n        }\n\n        function handleCopyClick(e) {\n            e.stopPropagation(); \/\/ Prevent triggering parent events\n            const commandBlock = this.parentElement;\n            let text = commandBlock.textContent.trim();\n            \n            \/\/ Remove \"Copy\" button text from the beginning if present\n            if (text.startsWith('Copy')) {\n                text = text.substring(4).trim();\n            }\n            \n            \/\/ Remove leading \"$ \" if present\n            if (text.startsWith('$ ')) {\n                text = text.substring(2);\n            }\n            \n            copyToClipboard(text);\n        }\n\n        function setupCopyButtons() {\n            \/\/ Remove any existing event listeners to avoid duplicates\n            document.querySelectorAll('.copy-btn').forEach(btn => {\n                btn.removeEventListener('click', handleCopyClick);\n                btn.addEventListener('click', handleCopyClick);\n            });\n        }\n\n        \/\/ Event listener for protocol selection\n        document.getElementById('protocolSelect').addEventListener('change', function() {\n            const selectedProtocol = this.value;\n            if (selectedProtocol) {\n                displayProtocolInfo(selectedProtocol);\n            } else {\n                document.getElementById('protocolInfo').style.display = 'none';\n            }\n        });\n\n        \/\/ Add tooltip functionality for protocol names\n        function addProtocolTooltips() {\n            const select = document.getElementById('protocolSelect');\n            const options = select.querySelectorAll('option');\n            \n            options.forEach(option => {\n                if (option.value === '') return;\n                \n                option.title = protocols[option.value].description;\n            });\n        }\n\n        \/\/ Enhance command blocks with syntax highlighting\n        function enhanceCommandBlocks() {\n            const commandBlocks = document.querySelectorAll('.command-block');\n            commandBlocks.forEach(block => {\n                \/\/ Highlight IP addresses\n                const ipRegex = \/\\b(?:[0-9]{1,3}\\.){3}[0-9]{1,3}\\b\/g;\n                const portRegex = \/port\\s+(\\d+)\/g;\n                const hexRegex = \/0x[0-9a-fA-F]+\/g;\n                \n                let content = block.textContent;\n                \n                \/\/ Skip if it's already processed or contains HTML\n                if (content.includes('<') || content.includes('>')) return;\n                \n                \/\/ Replace IPs with highlight\n                content = content.replace(ipRegex, '<span class=\"highlight\">$&<\/span>');\n                \/\/ Replace ports with highlight\n                content = content.replace(portRegex, 'port <span class=\"highlight\">$1<\/span>');\n                \/\/ Replace hex values with highlight\n                content = content.replace(hexRegex, '<span class=\"highlight\">$&<\/span>');\n                \n                \/\/ Only update if changes were made\n                if (content !== block.textContent) {\n                    block.innerHTML = content;\n                }\n            });\n        }\n\n        \/\/ Initialize protocol info display and enhancements\n        document.addEventListener('DOMContentLoaded', function() {\n            addProtocolTooltips();\n            setupCopyButtons(); \/\/ Initial setup\n            \n            \/\/ Add keyboard shortcuts\n            document.addEventListener('keydown', function(e) {\n                \/\/ Ctrl\/Cmd + K to focus on protocol selector\n                if ((e.ctrlKey || e.metaKey) && e.key === 'k') {\n                    e.preventDefault();\n                    document.getElementById('protocolSelect').focus();\n                }\n            });\n            \n            \/\/ Add a loading indicator for initial state\n            const infoDiv = document.getElementById('protocolInfo');\n            infoDiv.innerHTML = `\n                <div style=\"text-align: center; padding: 40px; color: #666;\">\n                    <p>\ud83d\udd0d Select a protocol from the dropdown to see detailed trace analysis<\/p>\n                <\/div>\n            `;\n        });\n\n        \/\/ Watch for DOM mutations and reapply enhancements\n        const observer = new MutationObserver(function(mutations) {\n            mutations.forEach(function(mutation) {\n                if (mutation.type === 'childList' && mutation.target.id === 'protocolInfo') {\n                    \/\/ Wait a small delay to ensure content is fully rendered\n                    setTimeout(() => {\n                        enhanceCommandBlocks();\n                        setupCopyButtons();\n                    }, 100);\n                }\n            });\n        });\n\n        observer.observe(document.getElementById('protocolInfo'), { \n            childList: true, \n            subtree: true,\n            attributes: false,\n            characterData: false\n        });\n\n        \/\/ Add a \"Reset\" button to clear selection\n        function addResetButton() {\n            const resetBtn = document.createElement('button');\n            resetBtn.textContent = 'Reset Selection';\n            resetBtn.style.cssText = `\n                background: #ff6b6b;\n                color: white;\n                border: none;\n                padding: 12px 20px;\n                border-radius: 10px;\n                font-size: 1em;\n                cursor: pointer;\n                margin-left: 15px;\n                transition: all 0.3s ease;\n            `;\n            \n            resetBtn.addEventListener('click', function() {\n                document.getElementById('protocolSelect').value = '';\n                document.getElementById('protocolInfo').style.display = 'none';\n            });\n            \n            resetBtn.addEventListener('mouseenter', function() {\n                this.style.background = '#ff5252';\n            });\n            \n            resetBtn.addEventListener('mouseleave', function() {\n                this.style.background = '#ff6b6b';\n            });\n            \n            document.querySelector('.protocol-selector').appendChild(resetBtn);\n        }\n\n        \/\/ Add reset button after DOM loads\n        document.addEventListener('DOMContentLoaded', function() {\n            addResetButton();\n        });\n\n        \/\/ Add protocol category tags for better organization\n        function addProtocolCategories() {\n            const categories = {\n                'Authentication': ['radius', 'kerberos', '802.1x', 'ldap'],\n                'Network Services': ['dhcp', 'dns', 'snmp'],\n                'File Transfer': ['ftp', 'smb'],\n                'Remote Access': ['ssh', 'telnet'],\n                'Web Security': ['https']\n            };\n            \n            const categoryDiv = document.createElement('div');\n            categoryDiv.innerHTML = '<h3 style=\"color: #333; margin: 20px 0 10px 0; text-align: center;\">Protocol Categories<\/h3>';\n            categoryDiv.style.textAlign = 'center';\n            \n            Object.keys(categories).forEach(category => {\n                const categorySpan = document.createElement('span');\n                categorySpan.style.cssText = `\n                    display: inline-block;\n                    margin: 5px;\n                    padding: 6px 12px;\n                    background: #e9ecef;\n                    border-radius: 15px;\n                    font-size: 0.9em;\n                    color: #495057;\n                    cursor: pointer;\n                    transition: all 0.2s ease;\n                `;\n                \n                categorySpan.textContent = category;\n                \n                categorySpan.addEventListener('click', function() {\n                    const protocolSelect = document.getElementById('protocolSelect');\n                    const options = protocolSelect.querySelectorAll('option');\n                    \n                    \/\/ Hide all options first\n                    options.forEach(opt => {\n                        if (opt.value !== '') opt.style.display = 'none';\n                    });\n                    \n                    \/\/ Show only options in selected category\n                    categories[category].forEach(protocolKey => {\n                        const option = Array.from(options).find(opt => opt.value === protocolKey);\n                        if (option) option.style.display = 'block';\n                    });\n                });\n                \n                categoryDiv.appendChild(categorySpan);\n            });\n            \n            document.querySelector('.container').insertBefore(categoryDiv, document.querySelector('.protocol-selector'));\n        }\n\n        \/\/ Add categories after DOM loads\n        document.addEventListener('DOMContentLoaded', function() {\n            addProtocolCategories();\n        });\n\n        \/\/ Add dark mode toggle\n        function addDarkModeToggle() {\n            const toggleBtn = document.createElement('button');\n            toggleBtn.id = 'darkModeToggle';\n            toggleBtn.innerHTML = '\ud83c\udf19 Dark Mode';\n            toggleBtn.style.cssText = `\n                position: fixed;\n                top: 20px;\n                right: 20px;\n                background: rgba(255, 255, 255, 0.9);\n                color: #333;\n                border: none;\n                border-radius: 50%;\n                width: 50px;\n                height: 50px;\n                font-size: 1.5em;\n                cursor: pointer;\n                box-shadow: 0 4px 10px rgba(0,0,0,0.1);\n                z-index: 1000;\n                display: flex;\n                align-items: center;\n                justify-content: center;\n                transition: all 0.3s ease;\n            `;\n            \n            toggleBtn.addEventListener('click', function() {\n                document.body.classList.toggle('dark-mode');\n                \n                if (document.body.classList.contains('dark-mode')) {\n                    this.innerHTML = '\u2600\ufe0f Light Mode';\n                    this.style.backgroundColor = 'rgba(30, 30, 30, 0.9)';\n                    this.style.color = '#fff';\n                } else {\n                    this.innerHTML = '\ud83c\udf19 Dark Mode';\n                    this.style.backgroundColor = 'rgba(255, 255, 255, 0.9)';\n                    this.style.color = '#333';\n                }\n            });\n            \n            document.body.appendChild(toggleBtn);\n            \n            \/\/ Save preference when toggled\n            const savedMode = localStorage.getItem('darkMode');\n            if (savedMode === 'enabled') {\n                document.body.classList.add('dark-mode');\n                toggleBtn.innerHTML = '\u2600\ufe0f Light Mode';\n                toggleBtn.style.backgroundColor = 'rgba(30, 30, 30, 0.9)';\n                toggleBtn.style.color = '#fff';\n            }\n        }\n\n        \/\/ Add dark mode toggle\n        document.addEventListener('DOMContentLoaded', function() {\n            addDarkModeToggle();\n            \n            \/\/ Save preference when toggled\n            const toggleBtn = document.getElementById('darkModeToggle');\n            if (toggleBtn) {\n                toggleBtn.addEventListener('click', function() {\n                    if (document.body.classList.contains('dark-mode')) {\n                        localStorage.setItem('darkMode', 'enabled');\n                    } else {\n                        localStorage.setItem('darkMode', 'disabled');\n                    }\n                });\n            }\n        });\n\n        \/\/ Enhanced CSS for dark mode\n        const darkModeStyle = document.createElement('style');\n        darkModeStyle.textContent = `\n            body.dark-mode {\n                background: linear-gradient(135deg, #1a1a2e 0%, #16213e 100%);\n                color: #e0e0e0;\n            }\n            \n            body.dark-mode .container {\n                background: rgba(30, 30, 30, 0.95);\n                box-shadow: 0 20px 40px rgba(0, 0, 0, 0.3);\n            }\n            \n            body.dark-mode h1,\n            body.dark-mode .section h3,\n            body.dark-mode .protocol-overview h2 {\n                color: #e0e0e0;\n            }\n            \n            body.dark-mode .protocol-overview {\n                background: linear-gradient(135deg, #764ba2 0%, #667eea 100%);\n                color: white;\n            }\n            \n            body.dark-mode .section {\n                background: rgba(45, 45, 45, 0.8);\n                box-shadow: 0 5px 15px rgba(0, 0, 0, 0.3);\n            }\n            \n            body.dark-mode .command-block {\n                background: #1e1e1e;\n                color: #00ff00;\n                border: 1px solid #333;\n            }\n            \n            body.dark-mode .trace-example {\n                background: #2d2d2d;\n                border-color: #555;\n                color: #e0e0e0;\n            }\n            \n            body.dark-mode .fulltrace-example {\n                background: #1e1e2e;\n                border-color: #4a6aae;\n                color: #d0d0e0;\n            }\n            \n            body.dark-mode .fulltrace-example .step {\n                color: #b0c4de;\n                border-left-color: #667eea;\n            }\n            \n            body.dark-mode .fulltrace-example .step:nth-child(odd) {\n                background: rgba(102, 126, 234, 0.08);\n            }\n            \n            body.dark-mode .fulltrace-example .arrow {\n                color: #76c7ff;\n            }\n            \n            body.dark-mode select {\n                background: #333;\n                color: #e0e0e0;\n                border-color: #667eea;\n            }\n            \n            body.dark-mode select:hover,\n            body.dark-mode select:focus {\n                border-color: #764ba2;\n                box-shadow: 0 0 15px rgba(102, 126, 234, 0.5);\n            }\n            \n            body.dark-mode .port-info {\n                background: #764ba2;\n                color: white;\n            }\n            \n            body.dark-mode .highlight {\n                background: linear-gradient(120deg, #4a4a7a 0%, #667eea 100%);\n                color: white;\n            }\n            \n            body.dark-mode .protocol-selector label {\n                color: #e0e0e0;\n            }\n        `;\n        \n        document.head.appendChild(darkModeStyle);\n    <\/script>\n<\/body>\n<\/html>\n","protected":false},"excerpt":{"rendered":"<p>Network Protocol Trace Analyzer \ud83c\udf10 Network Protocol Trace Analyzer Select Protocol: &#8212; Choose a Protocol &#8212;DHCP &#8211; Dynamic Host Configuration ProtocolDNS &#8211; Domain Name SystemRADIUS &#8211; Remote Authentication Dial-In User ServiceHTTPS &#8211; HTTP Secure802.1X &#8211; Port-Based Network Access ControlKerberos &#8211; Authentication ProtocolSMB &#8211; Server Message BlockSSH &#8211; Secure ShellFTP &#8211;<a href=\"https:\/\/www.arparun.re\/index.php\/trace\/\" class=\"read-more\">Read More &#8230;<\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"parent":0,"menu_order":0,"comment_status":"closed","ping_status":"closed","template":"","meta":{"footnotes":""},"class_list":["post-604","page","type-page","status-publish","hentry"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v26.5 - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>Trace - arparun - Informatique Reunion<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.arparun.re\/index.php\/trace\/\" \/>\n<meta property=\"og:locale\" content=\"fr_FR\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Trace - arparun - Informatique Reunion\" \/>\n<meta property=\"og:description\" content=\"Network Protocol Trace Analyzer \ud83c\udf10 Network Protocol Trace Analyzer Select Protocol: &#8212; Choose a Protocol &#8212;DHCP &#8211; Dynamic Host Configuration ProtocolDNS &#8211; Domain Name SystemRADIUS &#8211; Remote Authentication Dial-In User ServiceHTTPS &#8211; HTTP Secure802.1X &#8211; Port-Based Network Access ControlKerberos &#8211; Authentication ProtocolSMB &#8211; Server Message BlockSSH &#8211; Secure ShellFTP &#8211;Read More ...\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.arparun.re\/index.php\/trace\/\" \/>\n<meta property=\"og:site_name\" content=\"arparun - Informatique Reunion\" \/>\n<meta property=\"article:modified_time\" content=\"2025-09-13T09:10:33+00:00\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Dur\u00e9e de lecture estim\u00e9e\" \/>\n\t<meta name=\"twitter:data1\" content=\"1 minute\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.arparun.re\/index.php\/trace\/\",\"url\":\"https:\/\/www.arparun.re\/index.php\/trace\/\",\"name\":\"Trace - arparun - Informatique Reunion\",\"isPartOf\":{\"@id\":\"https:\/\/www.arparun.re\/#website\"},\"datePublished\":\"2025-09-13T09:10:31+00:00\",\"dateModified\":\"2025-09-13T09:10:33+00:00\",\"breadcrumb\":{\"@id\":\"https:\/\/www.arparun.re\/index.php\/trace\/#breadcrumb\"},\"inLanguage\":\"fr-FR\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.arparun.re\/index.php\/trace\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.arparun.re\/index.php\/trace\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Accueil\",\"item\":\"https:\/\/www.arparun.re\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Trace\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.arparun.re\/#website\",\"url\":\"https:\/\/www.arparun.re\/\",\"name\":\"arparun - Informatique Reunion\",\"description\":\"Syst\u00e8mes, R\u00e9seaux et S\u00e9curit\u00e9\",\"publisher\":{\"@id\":\"https:\/\/www.arparun.re\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www.arparun.re\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"fr-FR\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/www.arparun.re\/#organization\",\"name\":\"Arparun\",\"url\":\"https:\/\/www.arparun.re\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"fr-FR\",\"@id\":\"https:\/\/www.arparun.re\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/www.arparun.re\/wp-content\/uploads\/2021\/02\/cropped-site.png\",\"contentUrl\":\"https:\/\/www.arparun.re\/wp-content\/uploads\/2021\/02\/cropped-site.png\",\"width\":512,\"height\":512,\"caption\":\"Arparun\"},\"image\":{\"@id\":\"https:\/\/www.arparun.re\/#\/schema\/logo\/image\/\"}}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Trace - arparun - Informatique Reunion","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.arparun.re\/index.php\/trace\/","og_locale":"fr_FR","og_type":"article","og_title":"Trace - arparun - Informatique Reunion","og_description":"Network Protocol Trace Analyzer \ud83c\udf10 Network Protocol Trace Analyzer Select Protocol: &#8212; Choose a Protocol &#8212;DHCP &#8211; Dynamic Host Configuration ProtocolDNS &#8211; Domain Name SystemRADIUS &#8211; Remote Authentication Dial-In User ServiceHTTPS &#8211; HTTP Secure802.1X &#8211; Port-Based Network Access ControlKerberos &#8211; Authentication ProtocolSMB &#8211; Server Message BlockSSH &#8211; Secure ShellFTP &#8211;Read More ...","og_url":"https:\/\/www.arparun.re\/index.php\/trace\/","og_site_name":"arparun - Informatique Reunion","article_modified_time":"2025-09-13T09:10:33+00:00","twitter_card":"summary_large_image","twitter_misc":{"Dur\u00e9e de lecture estim\u00e9e":"1 minute"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"https:\/\/www.arparun.re\/index.php\/trace\/","url":"https:\/\/www.arparun.re\/index.php\/trace\/","name":"Trace - arparun - Informatique Reunion","isPartOf":{"@id":"https:\/\/www.arparun.re\/#website"},"datePublished":"2025-09-13T09:10:31+00:00","dateModified":"2025-09-13T09:10:33+00:00","breadcrumb":{"@id":"https:\/\/www.arparun.re\/index.php\/trace\/#breadcrumb"},"inLanguage":"fr-FR","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.arparun.re\/index.php\/trace\/"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/www.arparun.re\/index.php\/trace\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Accueil","item":"https:\/\/www.arparun.re\/"},{"@type":"ListItem","position":2,"name":"Trace"}]},{"@type":"WebSite","@id":"https:\/\/www.arparun.re\/#website","url":"https:\/\/www.arparun.re\/","name":"arparun - Informatique Reunion","description":"Syst\u00e8mes, R\u00e9seaux et S\u00e9curit\u00e9","publisher":{"@id":"https:\/\/www.arparun.re\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.arparun.re\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"fr-FR"},{"@type":"Organization","@id":"https:\/\/www.arparun.re\/#organization","name":"Arparun","url":"https:\/\/www.arparun.re\/","logo":{"@type":"ImageObject","inLanguage":"fr-FR","@id":"https:\/\/www.arparun.re\/#\/schema\/logo\/image\/","url":"https:\/\/www.arparun.re\/wp-content\/uploads\/2021\/02\/cropped-site.png","contentUrl":"https:\/\/www.arparun.re\/wp-content\/uploads\/2021\/02\/cropped-site.png","width":512,"height":512,"caption":"Arparun"},"image":{"@id":"https:\/\/www.arparun.re\/#\/schema\/logo\/image\/"}}]}},"_links":{"self":[{"href":"https:\/\/www.arparun.re\/index.php\/wp-json\/wp\/v2\/pages\/604","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.arparun.re\/index.php\/wp-json\/wp\/v2\/pages"}],"about":[{"href":"https:\/\/www.arparun.re\/index.php\/wp-json\/wp\/v2\/types\/page"}],"author":[{"embeddable":true,"href":"https:\/\/www.arparun.re\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.arparun.re\/index.php\/wp-json\/wp\/v2\/comments?post=604"}],"version-history":[{"count":1,"href":"https:\/\/www.arparun.re\/index.php\/wp-json\/wp\/v2\/pages\/604\/revisions"}],"predecessor-version":[{"id":605,"href":"https:\/\/www.arparun.re\/index.php\/wp-json\/wp\/v2\/pages\/604\/revisions\/605"}],"wp:attachment":[{"href":"https:\/\/www.arparun.re\/index.php\/wp-json\/wp\/v2\/media?parent=604"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}