How do I deal with packet data

[Dave Angel]

Pacopag wrote:

> Hi.
>
> I have the hex stream of a packet that a program sent over the network.  Now I want to view the data in the packet.  I'm pretty sure the data was just a string (or at least contains a string), but when I decode it I just get gibberish.
>
> For example, the packet is sent something like this
>
> import socket
>
> s = socket.socket()
> s.connect(hostname,port)
> data = "HeresAStringToSend"
> s.send(data)
> # I'm not worried about receiving yet.  
> # I just want to know the anatomy of a sent packet.
>
>
> Then I use a packet sniffer to look at the packet that was sent; this is just a string of hex.

What packet sniffer was that?  Why not use wireshark, and eliminate the
middleman?  If you're using some other tool, how have you decided you
even have the right packet(s)?

>  Then I isolate the data part of the packet.  Let's say the data part
> of the hex string is in a variable called hexdata.

So you've analyzed the header of the packet, and identified where the
data part is?  Have you seen where the host IP address is, and the port
number?  Do they fit the pattern?

>
> If I do,
>
> print hexdata.decode("hex")
>
> all I get is gibberish.  Looking at the individual bytes in the hex data, they map to strange or invalid ascii codes (e.g. less than 32 or greater than 127).
>
> I'm new to all this socket/packet stuff, so I don't really know what the s.send(data) method does to the data before sending it.
>
> Any help or insight would be great.  Thanks.

What OS are you using?  There are differences in Windows, for example,
but someone else would have to help you there.

If it were my problem, I'd be using Wireshark, which can not only
display the data for each packet, but show how multiple packets relate
to each other.

-- 
DaveA