Hot Downloads

Welcome, Guest
Username: Password: Remember me
  • Page:
  • 1
  • 2

TOPIC: tcp packet read

tcp packet read 8 years 5 months ago #25762

  • m2r007
  • m2r007's Avatar
  • Offline
  • Frequent Member
  • Posts: 24
  • Karma: 0
i am newbie guys so plz bear....:) i have a tcp packet captured in ethereal... i know the flow of the packets and also the application which created the packets and also the what data is send..... my question is HOW do u read this captured tcp packet (the data field).
The administrator has disabled public write access.

Re: tcp packet read 8 years 5 months ago #25765

  • S0lo
  • S0lo's Avatar
  • Offline
  • Moderator
  • Posts: 1577
  • Thank you received: 7
  • Karma: 3
Thats up to the higher layers (Application). If it's say a web browser (HTTP), then ethereal (or wireshark) will decode it. right click on the first packet and click "Fllow TCP stream". It will show you the decoded HTTP conversation.

If it's an other unknown application, it might not be decoded.
Studying CCNP...

Ammar Muqaddas
Forum Moderator
www.firewall.cx
The administrator has disabled public write access.

Re: tcp packet read 8 years 5 months ago #25785

  • Chojin
  • Chojin's Avatar
  • Offline
  • Senior Member
  • Posts: 251
  • Karma: 0
As far as i've seen in this app. it will decode the binairy towards ascii for readability (not sure if that's a correct english word.. but who gives a crap :p).

You can press the [+] in the data field to expand the package and see whats inside. Just try to send a MIME package (mail) and capture it with your Ethereal, you will see you can read exactly what's in the mail, to who it is send and from whom it is.

There's also a hex viewer as far as I know but you can neglect that one for this purpose.
CCNA / CCNP / CCNA - Security / CCIP / Prince2 / Checkpoint CCSA
The administrator has disabled public write access.

Re: tcp packet read 8 years 5 months ago #25786

  • m2r007
  • m2r007's Avatar
  • Offline
  • Frequent Member
  • Posts: 24
  • Karma: 0
thanxxx guyzzzzzzzzzzzz 4 u replies!!!!!!!!!
the application is a lan messenger . so if a use a decompiler on the ethereal captured data can i read the original data
The administrator has disabled public write access.

Re: tcp packet read 8 years 5 months ago #25789

  • Chojin
  • Chojin's Avatar
  • Offline
  • Senior Member
  • Posts: 251
  • Karma: 0
I think you don't need a compiler or whatever if i'm not wrong..

the Lan messenger is probably not encoded and if it is, I think you cannot decrypt the message (probably a MD5 hash or an SSL connection).

Have you already checked in the data of the package?!
CCNA / CCNP / CCNA - Security / CCIP / Prince2 / Checkpoint CCSA
The administrator has disabled public write access.

Re: tcp packet read 8 years 5 months ago #25805

  • Elohim
  • Elohim's Avatar
  • Offline
  • Senior Member
  • Posts: 220
  • Karma: 0
If you do as S0l0 suggested, you will see the original data unless the data is encrypted.

thanxxx guyzzzzzzzzzzzz 4 u replies!!!!!!!!!
the application is a lan messenger . so if a use a decompiler on the ethereal captured data can i read the original data
The administrator has disabled public write access.
  • Page:
  • 1
  • 2
Time to create page: 0.084 seconds

CCENT/CCNA

Cisco Routers

  • SSL WebVPN
  • Securing Routers
  • Policy Based Routing
  • Router on-a-Stick

VPN Security

  • Understand DMVPN
  • GRE/IPSec Configuration
  • Site-to-Site IPSec VPN
  • IPSec Modes

Cisco Help

  • VPN Client Windows 8
  • VPN Client Windows 7
  • CCP Display Problem
  • Cisco Support App.

Windows 2012

  • New Features
  • Licensing
  • Hyper-V / VDI
  • Install Hyper-V

Linux

  • File Permissions
  • Webmin
  • Groups - Users
  • Samba Setup