top button
Flag Notify
    Connect to us
      Site Registration

Site Registration

How do I deal with packet data

0 votes
327 views

I have the hex stream of a packet that a program sent over the network. Now I want to view the data in the packet. I'm pretty sure the data was just a string (or at least contains a string), but when I decode it I just get gibberish.

For example, the packet is sent something like this

import socket

s = socket.socket()
s.connect(hostname,port)
data = "HeresAStringToSend"
s.send(data)
# I'm not worried about receiving yet. 
# I just want to know the anatomy of a sent packet.

Then I use a packet sniffer to look at the packet that was sent; this is just a string of hex. Then I isolate the data part of the packet. Let's say the data part of the hex string is in a variable called hexdata.

If I do,

print hexdata.decode("hex")

all I get is gibberish. Looking at the individual bytes in the hex data, they map to strange or invalid ascii codes (e.g. less than 32 or greater than 127).

I don't really know what the s.send(data) method does to the data before sending it. Any help or insight would be great.

posted Aug 1, 2013 by Jai Prakash

Share this question
Facebook Share Button Twitter Share Button LinkedIn Share Button

1 Answer

0 votes
  1. What packet sniffer was that? Why not use wireshark, and eliminate the middleman? If you're using some other tool, how have you decided you even have the right packet(s)?

  2. Hope you've analyzed the header of the packet, and identified where the data part is? Have you seen where the host IP address is, and the port number? Do they fit the pattern?

  3. What OS are you using? There are differences in Windows, for example, but someone else would have to help you there.

If it were my problem, I'd be using Wireshark, which can not only display the data for each packet, but show how multiple packets relate to each other.

answer Aug 1, 2013 by Luv Kumar
Similar Questions
0 votes

Please give me some idea about how we can query the DNS
How you have divided the passive dns functioning into two parts as recursor and resolver.
Can you please give some idea about how they function, and when they are employed after the query is submitted to the pdns
How the data packet will be analyzed for ddos attack.

...