tags:

views:

48

answers:

3
+2  Q: 

Decoding sniffed packets

I understand that each packet has some header that seems like a random mix of chars. On the other hand, the content itself can be in pure ascii and therefore it might be human friendly. Some of the packets I sniffed were readable (raw html headers for sure). But some packets looked like this:

0000  00 15 af 51 68 b2 00 e0  98 be cf d6 08 00 45 00   ...Qh... ......E.
0010  05 dc 90 39 40 00 2e 06  99 72 08 13 f0 49 c0 a8   ...9@... .r...I..
0020  64 6b 00 50 c1 32 02 7a  60 4f 4c b6 45 62 50 10   dk.P.2.z `OL.EbP.

That was just a part, these packets were usually longer. My question is, how can I decode the packet content/data? Do I need the whole stream? Is the decoding simple, or every application can encode it slightly else, to ensure these packets are secured?

Edit: I don't care about the header, Wireshark shows that. However, that's totally worthless info. I want to decode the data/content.

+5  A: 

The content of a packet is defined by the process sending it. Think of it like a telephone call. What's said is dependent on who is calling and who they are talking to. You have to study the programs that construct it to determine how to "decode" it. There are some sniffers that will parse some commonly used methods of encoding and try to do this already.

Jay  2010-08-29 17:39:18
+1 for 'you have to study the programs that construct it': in all likeliness it will be some custom protocol and then the best option would be to do some reverse engineering... you're out of luck if you have no experience in that field though :) this question screams for more info
Daniel  2010-08-30 07:51:25
Thanks, but it looks like dead end to me now... Never mind, I'll figure another way to solve this.
Mikulas Dite  2010-08-30 08:20:18
+3  A: 

Why not just use something like wireshark?

MikeJ  2010-08-29 17:39:49
+1 this is how its done.
Rook  2010-08-29 17:48:33
Because I don't want to do it manually and I need to decode it inside my application. Besides, before I implement the packet sniffer, I use wireshark. Just by the way, that's where I get that example from.
Mikulas Dite  2010-08-30 07:45:25
A: 

Packet headers will depend on the application sending the packet in question, as mentioned in an earlier post. You can also use Wiresharks protocol reference for understanding some of the common protocols.

What you have listed here is the Packet Byte, what you need to see is the Packet Detail view to understand what does the seemingly random data correspond to. In Packet Detail view, when you select various parts of the packet, it will highlight corresponding byte in the Packet Byte view.

 2010-08-30 06:23:47
Again, I don't care about the header, that's worthless info. I need to decode the UPD content.
Mikulas Dite  2010-08-30 08:18:52

related questions

Encryption in C# Web-Services
How Do You Secure database.yml?
ASP.NET LocationProvider
What do you (or your company) use for wiping a machine?
Can a proxy server cache SSL GETs? If not, would response body encryption suffice?
Java: What is the best way to SFTP a file from a server
How do I call a Flex SWF from a remote domain using Flash (AS3) ?
Best way to store a database password in a startup script / config file?
Using VM to get around VPN restrictions
Best references for secure coding practices in ASP.NET and classic ASP.
Secure Memory Allocator in C++
Resolving Session Fixation in JBoss
Best Practices for securing a REST API / web service
Defensive programming
Personal Linux web server
Block user access to internals of a site using HTTP_REFERER
Is there an Unobtrusive Captcha for web forms?
My website got hacked... What should I do?
What all do I need to escape when sending a (My)SQL query?
How do you disable browser Autocomplete on web form field / input tag?
Best .NET obfuscation tools/strategy
Are there best practices for testing security in an Agile development shop?
What is the best way to avoid SQL injection attacks?
Found a critical bug, but the company doesn't care
PHP Session Security