How do I deal with packet data

P

Pacopag

Hi.

I have the hex stream of a packet that a program sent over the network. Now I want to view the data in the packet. I'm pretty sure the data was just a string (or at least contains a string), but when I decode it I just get gibberish.

For example, the packet is sent something like this

import socket

s = socket.socket()
s.connect(hostname,port)
data = "HeresAStringToSend"
s.send(data)
# I'm not worried about receiving yet.
# I just want to know the anatomy of a sent packet.


Then I use a packet sniffer to look at the packet that was sent; this is just a string of hex. Then I isolate the data part of the packet. Let's say the data part of the hex string is in a variable called hexdata.

If I do,

print hexdata.decode("hex")

all I get is gibberish. Looking at the individual bytes in the hex data, they map to strange or invalid ascii codes (e.g. less than 32 or greater than 127).

I'm new to all this socket/packet stuff, so I don't really know what the s.send(data) method does to the data before sending it.

Any help or insight would be great. Thanks.
 
D

Dave Angel

Pacopag said:
Hi.

I have the hex stream of a packet that a program sent over the network. Now I want to view the data in the packet. I'm pretty sure the data was just a string (or at least contains a string), but when I decode it I just get gibberish.

For example, the packet is sent something like this

import socket

s = socket.socket()
s.connect(hostname,port)
data = "HeresAStringToSend"
s.send(data)
# I'm not worried about receiving yet.
# I just want to know the anatomy of a sent packet.


Then I use a packet sniffer to look at the packet that was sent; this is just a string of hex.
Click to expand...

What packet sniffer was that? Why not use wireshark, and eliminate the
middleman? If you're using some other tool, how have you decided you
even have the right packet(s)?
Then I isolate the data part of the packet. Let's say the data part
of the hex string is in a variable called hexdata.
Click to expand...

So you've analyzed the header of the packet, and identified where the
data part is? Have you seen where the host IP address is, and the port
number? Do they fit the pattern?
If I do,

print hexdata.decode("hex")

all I get is gibberish. Looking at the individual bytes in the hex data, they map to strange or invalid ascii codes (e.g. less than 32 or greater than 127).

I'm new to all this socket/packet stuff, so I don't really know what the s.send(data) method does to the data before sending it.

Any help or insight would be great. Thanks.
Click to expand...

What OS are you using? There are differences in Windows, for example,
but someone else would have to help you there.

If it were my problem, I'd be using Wireshark, which can not only
display the data for each packet, but show how multiple packets relate
to each other.
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

Receive packet using socket 2
How to send an IP packet in Python? 1
Issue with passing fetched data to POST form. How can I? 0
How do I solidify my Python skills 1
socket data sending problem 2
Small script to check serial port sucking down system resources. 2
error in except 2
how to use socket to get packet which destination ip is not local? 4

Members online

Total: 37 (members: 1, guests: 36)
Robots: 218

Forum statistics

Threads
473,756
Messages
2,569,540
Members
45,025
Latest member
KetoRushACVFitness

Latest Threads

Top