- Posts: 24
- Thank you received: 0
tcp packet read
16 years 8 months ago #25762
by m2r007
tcp packet read was created by m2r007
i am newbie guys so plz bear.... i have a tcp packet captured in ethereal... i know the flow of the packets and also the application which created the packets and also the what data is send..... my question is HOW do u read this captured tcp packet (the data field).
16 years 8 months ago #25765
by S0lo
Studying CCNP...
Ammar Muqaddas
Forum Moderator
www.firewall.cx
Replied by S0lo on topic Re: tcp packet read
Thats up to the higher layers (Application). If it's say a web browser (HTTP), then ethereal (or wireshark) will decode it. right click on the first packet and click "Fllow TCP stream". It will show you the decoded HTTP conversation.
If it's an other unknown application, it might not be decoded.
If it's an other unknown application, it might not be decoded.
Studying CCNP...
Ammar Muqaddas
Forum Moderator
www.firewall.cx
16 years 8 months ago #25785
by Chojin
CCNA / CCNP / CCNA - Security / CCIP / Prince2 / Checkpoint CCSA
Replied by Chojin on topic Re: tcp packet read
As far as i've seen in this app. it will decode the binairy towards ascii for readability (not sure if that's a correct english word.. but who gives a crap ).
You can press the [+] in the data field to expand the package and see whats inside. Just try to send a MIME package (mail) and capture it with your Ethereal, you will see you can read exactly what's in the mail, to who it is send and from whom it is.
There's also a hex viewer as far as I know but you can neglect that one for this purpose.
You can press the [+] in the data field to expand the package and see whats inside. Just try to send a MIME package (mail) and capture it with your Ethereal, you will see you can read exactly what's in the mail, to who it is send and from whom it is.
There's also a hex viewer as far as I know but you can neglect that one for this purpose.
CCNA / CCNP / CCNA - Security / CCIP / Prince2 / Checkpoint CCSA
16 years 8 months ago #25786
by m2r007
Replied by m2r007 on topic Re: tcp packet read
thanxxx guyzzzzzzzzzzzz 4 u replies!!!!!!!!!
the application is a lan messenger . so if a use a decompiler on the ethereal captured data can i read the original data
the application is a lan messenger . so if a use a decompiler on the ethereal captured data can i read the original data
16 years 8 months ago #25789
by Chojin
CCNA / CCNP / CCNA - Security / CCIP / Prince2 / Checkpoint CCSA
Replied by Chojin on topic Re: tcp packet read
I think you don't need a compiler or whatever if i'm not wrong..
the Lan messenger is probably not encoded and if it is, I think you cannot decrypt the message (probably a MD5 hash or an SSL connection).
Have you already checked in the data of the package?!
the Lan messenger is probably not encoded and if it is, I think you cannot decrypt the message (probably a MD5 hash or an SSL connection).
Have you already checked in the data of the package?!
CCNA / CCNP / CCNA - Security / CCIP / Prince2 / Checkpoint CCSA
16 years 8 months ago #25805
by Elohim
Replied by Elohim on topic Re: tcp packet read
If you do as S0l0 suggested, you will see the original data unless the data is encrypted.
thanxxx guyzzzzzzzzzzzz 4 u replies!!!!!!!!!
the application is a lan messenger . so if a use a decompiler on the ethereal captured data can i read the original data
Time to create page: 0.130 seconds