Decoding sniffed packets

Question

Decoding sniffed packets

I understand that every package has some header, which seems like a random combination of characters. On the other hand, the content itself can be in pure ascii, and therefore it can be human-friendly. Some of the packages I sniffed were readable (raw html headers for sure). But some packages looked like this:

0000  00 15 af 51 68 b2 00 e0  98 be cf d6 08 00 45 00   ...Qh... ......E.
0010  05 dc 90 39 40 00 2e 06  99 72 08 13 f0 49 c0 a8   ...9@... .r...I..
0020  64 6b 00 50 c1 32 02 7a  60 4f 4c b6 45 62 50 10   dk.P.2.z `OL.EbP.

It was just a part, these packages were usually longer. My question is, how can I decode the contents / data of a packet? Do I need the whole thread? Is decoding simple, or can each application encode it a little differently to protect these packets?

Edit: I don't care about the header, Wireshark shows this. However, this is absolutely useless information. I want to decode data / content.

+3

security decoding sniffing

Mikulas dite Aug 29 '10 at 17:35

source share

4 answers

Why not just use something like wirehark?

+5

Mikej Aug 29 '10 at 17:39

source share

, , . Wiresharks .

, , , , , Packet Detail, , . Packet Detail, , " ".

0

user434129 30 . '10 6:23

#, SharpPcap , , .

UDP, , udp . .

, udp :

Ethernet
IP
UDP

information in front of your data, and all incoming data is in binary format until you break it into something meaningful.

0

Evan plaice Nov 11 '10 at 1:16

source share

Jay · Accepted Answer · 2010-08-29T17:39:18+0000

The contents of the packet are determined by the process of sending it. Think of it like a phone call. What is said depends on who is calling and who is talking. You should study the programs that build it to determine how to "decode" it. There are some sniffers that will analyze some commonly used coding methods and try to do this already.

Decoding sniffed packets

More articles: