Skip to main content

tcp packet read

More
16 years 8 months ago #25762 by m2r007
tcp packet read was created by m2r007
i am newbie guys so plz bear....:) i have a tcp packet captured in ethereal... i know the flow of the packets and also the application which created the packets and also the what data is send..... my question is HOW do u read this captured tcp packet (the data field).
More
16 years 8 months ago #25765 by S0lo
Replied by S0lo on topic Re: tcp packet read
Thats up to the higher layers (Application). If it's say a web browser (HTTP), then ethereal (or wireshark) will decode it. right click on the first packet and click "Fllow TCP stream". It will show you the decoded HTTP conversation.

If it's an other unknown application, it might not be decoded.

Studying CCNP...

Ammar Muqaddas
Forum Moderator
www.firewall.cx
More
16 years 8 months ago #25785 by Chojin
Replied by Chojin on topic Re: tcp packet read
As far as i've seen in this app. it will decode the binairy towards ascii for readability (not sure if that's a correct english word.. but who gives a crap :p).

You can press the [+] in the data field to expand the package and see whats inside. Just try to send a MIME package (mail) and capture it with your Ethereal, you will see you can read exactly what's in the mail, to who it is send and from whom it is.

There's also a hex viewer as far as I know but you can neglect that one for this purpose.

CCNA / CCNP / CCNA - Security / CCIP / Prince2 / Checkpoint CCSA
More
16 years 8 months ago #25786 by m2r007
Replied by m2r007 on topic Re: tcp packet read
thanxxx guyzzzzzzzzzzzz 4 u replies!!!!!!!!!
the application is a lan messenger . so if a use a decompiler on the ethereal captured data can i read the original data
More
16 years 8 months ago #25789 by Chojin
Replied by Chojin on topic Re: tcp packet read
I think you don't need a compiler or whatever if i'm not wrong..

the Lan messenger is probably not encoded and if it is, I think you cannot decrypt the message (probably a MD5 hash or an SSL connection).

Have you already checked in the data of the package?!

CCNA / CCNP / CCNA - Security / CCIP / Prince2 / Checkpoint CCSA
More
16 years 8 months ago #25805 by Elohim
Replied by Elohim on topic Re: tcp packet read
If you do as S0l0 suggested, you will see the original data unless the data is encrypted.

thanxxx guyzzzzzzzzzzzz 4 u replies!!!!!!!!!
the application is a lan messenger . so if a use a decompiler on the ethereal captured data can i read the original data

Time to create page: 0.130 seconds