×
INTELLIGENT WORK FORUMS
FOR COMPUTER PROFESSIONALS

Contact US

Log In

Come Join Us!

Are you a
Computer / IT professional?
Join Tek-Tips Forums!
  • Talk With Other Members
  • Be Notified Of Responses
    To Your Posts
  • Keyword Search
  • One-Click Access To Your
    Favorite Forums
  • Automated Signatures
    On Your Posts
  • Best Of All, It's Free!

*Tek-Tips's functionality depends on members receiving e-mail. By joining you are opting in to receive e-mail.

Posting Guidelines

Promoting, selling, recruiting, coursework and thesis posting is forbidden.

Students Click Here

interpret or decode this

interpret or decode this

interpret or decode this

(OP)
hello, is anyone able to interpret or tell me how to decode this packets

its uninterpreted and therefore i cannot say what was requested from the client.

0000 00 00 0c 07 ac 01 00 1a 4b 7c 06 1a 08 00 45 00 ........K|....E.
0010 00 b8 1c 54 40 00 80 06 2a ac 0a 81 3b 39 0a 81 ...T@...*...;9..
0020 63 05 05 46 04 02 8e 01 df 28 61 44 ef d0 50 18 c..F.....(aD..P.
0030 fd 4f 0a f3 00 00 05 00 00 03 10 00 00 00 90 00 .O..............
0040 20 00 08 00 00 00 44 00 00 00 01 00 4d 00 8f 67 .....D.....M..g
0050 89 aa 3d 24 8a b9 ef cd 3f 51 43 b3 41 a2 e4 5c ..=$....?QC.A..\
0060 b6 9b 27 13 da a4 05 53 77 92 12 b2 2e 9b be 05 ..'....Sw.......
0070 74 ab a1 5a e8 e8 70 1f ce 44 b9 6f 12 7b 83 8f t..Z..p..D.o.{..
0080 4a d4 5d b1 6e 20 b0 cc cd 29 d4 f3 f9 c7 8b 7e J.].n ...).....~
0090 e0 cb 18 66 6e d4 b6 68 fa 8d 26 61 64 ad 44 06 ...fn..h..&ad.D.
00a0 0c 00 78 59 0e 00 77 00 7a 00 ff ff 00 00 b9 5a ..xY..w.z......Z
00b0 b1 f6 fe cf a3 de 4d 40 ad 37 07 bb a0 cc 14 4d ......M@.7.....M
00c0 57 8a 94 cb 86 2c W....,

RE: interpret or decode this

wow, never had to try and decode something this way.  Within the sniffer application itself it should have been able to break this down for you better.

But here is a start:
(line 0000)
00 00 0c 07 ac 01 = destination Mac
00 1a 4b 7c 06 1a = source mac
08 00 = type IP

(line 0010)
06 = TCP
0a 81 3b 39 = source IP (10.129.59.57?)
0a 81 63 05 = destination IP (10.129.99.5?)


(line 0020)
05 46 = tcp source port 570?
04 02 = tcp dest port 42?
18 = flags: push ack

Hope this helps.  I'm not familiar with ports 42 or 570, if those are decoded correctly.
 

RE: interpret or decode this

(OP)
hi lerdalt

my fault smile sorry yes sure the header and stuff is decoded by the sniffer right. But it shows that you are fit ^^

i would need the data from 0040 ---> 8f 67 until 0090 --> 64 ad

the problem is that this seems to be encrypted, so the question is how can i get into it

its a lsa request from a client where it is waiting for around 45 sec from the DC so if i would know what is requested i could solve the problem

another possible way might be to have a debug option at DC level but i think this will become a nightmare, so i keep hoping to decrypt the data somehow

cheers joe  

RE: interpret or decode this

I'd suggest open the trace in wireshark, go to that packet, right click, and select "Follow TCP Stream".  That might give you a little something more.

 

Red Flag This Post

Please let us know here why this post is inappropriate. Reasons such as off-topic, duplicates, flames, illegal, vulgar, or students posting their homework.

Red Flag Submitted

Thank you for helping keep Tek-Tips Forums free from inappropriate posts.
The Tek-Tips staff will check this out and take appropriate action.

Reply To This Thread

Posting in the Tek-Tips forums is a member-only feature.

Click Here to join Tek-Tips and talk with other members! Already a Member? Login

Close Box

Join Tek-Tips® Today!

Join your peers on the Internet's largest technical computer professional community.
It's easy to join and it's free.

Here's Why Members Love Tek-Tips Forums:

Register now while it's still free!

Already a member? Close this window and log in.

Join Us             Close