Groups | Search | Server Info | Keyboard shortcuts | Login | Register [http] [https] [nntp] [nntps]

Groups > comp.programming > #1835

How would I go about decoding the following http packet dump..

From Chad <cdalten@gmail.com>
Newsgroups comp.programming
Subject How would I go about decoding the following http packet dump..
Date 2012-06-20 15:32 -0700
Organization http://groups.google.com
Message-ID <ae60f73b-16ae-41cb-9ed4-d246994ade01@googlegroups.com> (permalink)

Show all headers | View raw

This might possibly be off topic, let's say I have the following from a packet sniffer..

6/20/2012 2:10:21 PM:734]
00000000  9D BB A1 4F 72 6B B4 10  15 1A C1 93 CD CB D1 BF   ...Ork.. ........ 
00000010  C2 7B EE 9F C9 20 96 46  3D BE 6E 3D 84 EA 63 EA   .{... .F =.n=..c. 
00000020  16 37 45 B3 09 97 CA E3  9B FF 4D 77 29 4B 2D B8   .7E..... ..Mw)K-. 
00000030  B9 EE 0D 73 58 CF 10 CD  B7 22 DE E1 59 3A A2 68   ...sX... ."..Y:.h 
00000040  90 D5 C6 57 E6 06 8B 07  19 1B BD 68 A9 CE A2 EA   ...W.... ...h.... 
00000050  39 7B E1 97 C9 2B 8D D8  59 D7 6D 53 E1 F9 7E E0   9{...+.. Y.mS..~. 
00000060  0C 0A 11 82 3B C2 55 E3  99 E7 BA 13 2B 2F 78 27   ....;.U. ....+/x' 
00000070  B9 FB 1D 88 49 A7 05 A3  DE 3F E0 B7 1C 64 E3 73   ....I... .?...d.s 
00000080  FC 6C C5 33 89 17 4A 63  15 6F C1 94 C1 B8 BF F2   .l.3..Jc .o...... 
00000090  0A 4E D2 F6 81 4F F1 23  25 20 01 5C 83 8B 1A E4   .N...O.# % .\.... 
000000A0  1C 5F 44 DC 67 86 50 91  F0 F4 49 77 29 4B 2D B8   ._D.g.P. ..Iw)K-. 
000000B0  B9 EB 12 7B 48 AB 7A C4  BC 3F E4 BC 07 66 F0 71   ...{H.z. .?...f.q 
000000C0  90 D4 C5 33 89 17 4A 63  0C 71 C1 82 CD AA BF AD   ...3..Jc .q...... 
000000D0  40 24 D3 C3 F8 18 9A 4A  37 BC 65 3C 84 8F 75 83   @$.....J 7.e<..u. 
000000E0  79 47 DA B3 0C 98 3F E3  99 9B 25 13 29 37 AA 43   yG....?. ..%.)7.C 
000000F0  B4 97 61 7A 25 CA 03 D0  B6 35 F5 B2 11 05 F5 03   ..az%... .5...... 
00000100  F9 C7 5A 33 8B 0F BF 07  19 1B BD 68 A9 CE A2 CB   ..Z3.... ...h.... 
00000110  38 7B E1 97 C9 2B 8D D8  59 D4 6D 53 E2 EC 74 E7   8{...+.. Y.mS..t. 
00000120  1C 54 4F DE 68 99 58 8C  91 FF 41 13 55 B0 51 4F   .TO.h.X. ..A.U.QO 
00000130  C1 FB 68 1F 28 D9 02 CC  B7 2F E0 AB 0D 0B 91 7F   ..h.(... ./..... 
00000140  02 BB B4 5F 89 7A D5 02  77 75 B8 CC 9B FB E0 F0   ..._.z.. wu...... 
00000150  52 12 8F 94 AD 44 9C 27  3D DB 01 2F 12 8B 53 E0   R....D.' =../..S. 
00000160  79 29 4C DA 7A 88 59 8A  FC ED 2E 66 5A 65 3C 22   y)L.z.Y. ...fZe<" 
00000170  D0 9F 04 1D 49 80 36 C2  AB 29 E8 A0 06 65 BD 23   ....I.6. .)...e.# 
00000180  9D D2 C5 13 F0 04 C4 43  6B 7E A0 F7 89 8F B0 B1   .......C k~...... 
00000190  55 1E 8F 96 EE 58 D1 57  38 B9 6D 36 D6 AB 7D EC   U....X.W 8.m6..}. 
000001A0  15 5F 21 B3 75 10 31 F6  F3 9B 50 77 48 25 3F 3A   ._!.u.1. ..PwH%?: 
000001B0  E6 C9 51 42 7A C0 18 CD  BE 3F EE BE 53 6F 91 03   ..QBz... .?..So.. 
000001C0  85 40 A1 26 EC 6B B9 13  75 7A B8 E1 C0 A8 B9 C3   .@.&.k.. uz...... 
000001D0  31 0B 8D 92 B0 59 98 40  31 BF 01 53 95 70 11 8E   1....Y.@ 1..S.p.. 
000001E0  0D 3B 29 C3 65 8A 48 91  F0 F8 29 16 45 2F 51 43   .;).e.H. ..).E/QC 
000001F0  C5 00 61 65 3A 91 71 A3  C8 3F E0 BD 07 72 CE 31   ..ae:.q. .?...r.1 
00000200  C9 8A 92 58 E0 05 D6 07  76 76 A5 93 A9 B7 2A C3   ...X.... vv....*. 
00000210  3C 15 ED F3 C9 2B 95 23  59 A7 FA 53 E3 BB 1D 83   <....+.# Y..S.... 
00000220  78 3B 23 C1 6D EB 31 87  99 9B 3D E8 29 47 3B 43   x;#.m.1. ..=.)G;C 
00000230  B1 8B 0D 12 30 D9 18 C0  B1 57 E5 D3 69 77 6A 03   ....0... .W..iwj. 
00000240  F4 C8 AD 33 89 63 C1 0F  78 62 B3 FA CA A3 B5 C3   ...3.c.. xb...... 
00000250  39 07 1A F3 E8 48 F1 3B  3D BA 73 3F 8C E5 74 DC   9....H.; =.s?..t. 
00000260  1D 5A 57 DA 7A B4 59 82  EA C4 20 4C 4D 22 32 28   .ZW.z.Y. .. LM"2( 
00000270  B9 FF 18 16 28 C3 15 A3  D9 27 7A D3 74 7F 91 1B   ....(... .'z.t.. 
00000280  93 DA CC 56 FA 34 C5 11  76 62 81 F1 CC A7 BD B0   ...V.4.. vb...... 
00000290  56 0E 95 9B E7 45 94 57  5D 3A 65 53 E9 F7 EA 83   V....E.W ]:eS.... 
000002A0  6D 4F 21 BC 68 85 50 8E  F8 E9 28 72 76 26 3E 31   mO!.h.P. ..(rv&>1 
000002B0  D8 95 0E 76 40 CF 71 A3  A5 A0 81 F0 0C 0B 9E 62   ...v@.q. .......b 
000002C0  97 CF CE 5D E0 04 DC 06  75 74 AF F0 C0 AA D1 CC   ...].... ut...... 
000002D0  58 15 95 9C A7 42 9E 4E  3C B7 6E 3D 8A E2 70 E7   X....B.N <.n=..p. 
000002E0  79 3B 5D 48 09 FF 45 E3  96 FA 2F 67 46 25 38 2C   y;]H..E. ../gF%8, 
000002F0  D4 9E 0D 1C 27 C8 18 C2  DC DA E5 D3 69 77 6A 03   ....'... ....iwj. 
00000300  FC D5 AC 33 89 6B D5 63  19 67 3A 93 A3 FB DC C3   ...3.k.c .g:..... 
00000310  38 7B E3 81 AD 2B F1 47  59 DB 7D A8 E9 98 7B 83   8{...+.G Y.}...{. 
00000320  76 5A 4F C7 66 85 58 8C  F4 FE 2D 7C 47 28 38 22   vZO.f.X. ..-|G(8" 
00000330  B4 9F 61 73 35 50 71 A6  AA 61 81 D3 69 6F 91 03   ..as5Pq. .a..io.. 
00000340  85 40 A1 26 E5 6B A0 07  78 75 AF EA F6 F9 E1 F2   .@.&.k.. xu...... 
00000350  0A 10 88 9D AE 4F 9E 4E  63 BF 01 53 95 70 11 97   .....O.N c..S.p.. 
00000360  0A 36 21 B3 06 8A 5F 97  F6 F5 28 7C 44 2E 3D 2C   .6!..._. ..(|D.=, 
00000370  D7 98 08 12 2D AB 71 DF  22 5B CE B0 69 13 F5 62   ....-.q. "[..i..b 
00000380  8B D7 C4 5D EC 34 D5 02  6F 72 B2 CC C1 AA A2 9C   ...].4.. or...... 
00000390  58 24 85 9A AA 40 F1 11  2A B3 64 74 9A AB 7B F6   X$...@.. *.dt..{. 
000003A0  0A 4F 01 DE 68 8F 11 81  FC F8 20 66 5A 2E 71 2A   .O..h... .. fZ.q* 
000003B0  99 98 00 1D 69 DB 10 D4  B7 7B E9 B6 1B 2B E6 66   ....i... .{...+.f 
000003C0  98 D0 81 43 FB 04 D6 11  78 76 A5 93 A9 B7 2A C3   ...C.... xv....*. 
000003D0  1F 18 E1 F4 AA 5B 9D 42  23 E9 31 53 F3 F2 7E F6   .....[.B #.1S..~. 
000003E0  59 5A 53 D6 29 81 44 90  ED BB 2B 76 45 22 24 2C   YZS.).D. ..+vE"$, 
000003F0  CA DB 03 16 2A C8 10 C7  D9 5B FD 28 69 1B E5 03   ....*... .[.(i... 
00000400  F2 D1 C5 56 E4 06 D4 11  21 2C F0 A5 AD 53 B5 C3   ...V.... !,...S.. 
00000410  39 07 1A F3 C7 5F F1 2A  38 BC 68 3D 8E ED 70 F1   9...._.* 8.h=..p. 
00000420  0D 3F B0 D7 09 EB 4D 18  99 A3 71 28 29 4F 51 41   .?....M. ..q()OQA 


I'm pretty sure that at least some of the traffic in unencrypted. How would I would I got about decoding it? Just curious because I know for a fact there is some regular plain stream text in the stream.

Chad

Back to comp.programming | Previous | NextNext in thread | Find similar

Thread

How would I go about decoding the following http packet dump.. Chad <cdalten@gmail.com> - 2012-06-20 15:32 -0700
  Re: How would I go about decoding the following http packet dump.. Daniel Pitts <newsgroup.nospam@virtualinfinity.net> - 2012-06-20 17:16 -0700
    Re: How would I go about decoding the following http packet dump.. Chad <cdalten@gmail.com> - 2012-06-20 22:56 -0700
    Re: How would I go about decoding the following http packet dump.. Chad <cdalten@gmail.com> - 2012-06-20 22:53 -0700
  Re: How would I go about decoding the following http packet dump.. Ben Bacarisse <ben.usenet@bsb.me.uk> - 2012-06-21 16:03 +0100
    Re: How would I go about decoding the following http packet dump.. Chad <cdalten@gmail.com> - 2012-06-21 17:15 -0700

csiph-web