When sniffing packets with scapy I can save them to a variable
sniffed = sniff(count=1)
Now I would like to see what's inside the packet by doing
print sniffed
or
print str(sniffed)
but all this gives me is something like the following:
������0� E4h##����������� l��
which isn't quite what I need. So how can I convert a sniffed packet into human readable Binary, or an array of Bytes or something more useful so that I can see what's inside? I have already tried using struct.unpack(format, packet) with formats like "!B", but that does not seem to be the right solution, because the packet can be longer than one Byte or a Short or an Int.
Example for what I'm trying
>>> packet = sniff(count=1)[0]
>>> hexdump(packet)
0000 00 50 56 8E 00 0D 14 CC 20 16 E7 59 08 00 45 00 .PV..... ..Y..E.
0010 00 34 6B AB 40 00 40 06 C6 48 AC 11 8A E2 68 10 .4k.#.#..H....h.
0020 69 CC B5 47 00 50 E9 85 17 B0 BA EF 29 B2 80 10 i..G.P......)...
0030 01 DD 8D 58 00 00 01 01 08 0A 00 0E A2 C0 03 5D ...X...........]
0040 9D 1C
>>> packetByteArray = bytearray(repr(str(packet)))
>>> hex(packetByteArray[0])
'0x27'
>>>
But in the hexdump I can see that the first Byte is actually 0x00 and not 0x27
You are probably searching for scapy Hexdump(pkt) or hexraw(pkt) or repr(str(pkt)) for string encoded output. Note that sniff returns a list, not a single pkt.
If you want to access serialized packet bytes one by one just serialize the layers str(pkt) to get a python (char/byte)-string.
for b in str(pkt):
print "char: %s ord/value: %d hex: %x"%(b,ord(b),ord(b))
If you have already read the packet as pkt you may see bytes by time :
pktBytes=[]
pktTimes=[]
from datetime import datetime
#Read each packet and append to the lists.
for p in pkt:
if IP in p:
try:
pktBytes.append(p[IP].len)
pktTime=datetime.fromtimestamp(p.time)
pktTimes.append(pktTime.strftime("%Y-%m-%d %H:%M:%S.%f"))
except:
pass
# Convert list to series
bytes = pd.Series(pktBytes).astype(int)
# Convert the timestamp list to a pd date_time with the option “errors=coerce” to handle errors.
times = pd.to_datetime(pd.Series(pktTimes).astype(str), errors='coerce')
# Build the dataframe, set time as index
df = pd.DataFrame({'Bytes': bytes, 'Times':times})
df = df.set_index('Times')
# See how it looks in 2 seconds sums
df.resample('2S').sum().plot()
Related
I'm trying to convert and write string data into the file as bytes.
I have already tried something to, but instead of seeing 00 inside hexdump, im seeing 0x30 inside file which is hexadecimal value for character 0.
Here is what I wrote:
local data = "000000010000000100000004000000080000000100000000"
for i=1,#data,2 do
file:write(tonumber(data:sub(i,i+1)))
end
io.close(file)
When I do hexdump of the file I'm getting this:
0000000 30 30 30 31 30 30 30 31 30 30 30 34 30 30 30 38
0000010 30 30 30 31 30 30 30 30
0000018
Expected is:
0000000 00 00 00 01 00 00 00 01 00 00 00 04 00 00 00 08
0000010 00 00 00 01 00 00 00 00
0000018
You want to use string.char in one way:
local data = "000000010000000100000004000000080000000100000000"
for i=1,#data,2 do
file:write(string.char(tonumber(data:sub(i,i+1), 16)))
end
io.close(file)
or another:
local data = string.char(0,0,0,1,0,0,0,1,0,0,0,4,0,0,0,8,0,0,0,1,0,0,0,0)
file:write(data)
io.close(file)
Note that strings in Lua may contain any bytes you want including null bytes. See Values and Types.
Hint: Use string.char to convert numbers to bytes:
file:write(string.char(tonumber(data:sub(i,i+1))))
If the strings contains hexadecimal, use tonumber(...,16).
I am currently looking at online examples and here is a WAV file contents in bytes
52 49 46 46 24 08 00 00 57 41 56 45 66 6d 74 20 10 00 00 00 01 00 02 00
22 56 00 00 88 58 01 00 04 00 10 00 64 61 74 61 00 08 00 00 00 00 00 00
24 17 1e f3 3c 13 3c 14 16 f9 18 f9 34 e7 23 a6 3c f2 24 f2 11 ce 1a 0d
and here is the visual; representation:
So according to the Subchunk2Size there is 2048 bytes in the data. The formula to calculate the number of samples in a WAV is given as:
Subchunk2Size /(NumChannels * BitsPerSample/8 ) = NumSamples
If I plugin numbers and according to the information given I get NumSamples = 512. But in the diagram the sample rate is 22050. How can the total number fo samples be less than a single second of samples?
For those wondering, here is a link to the source.
I suspect they are just using a bad example where the duration of the wav file would be less than a second. Their formula makes sense and we can use it to verify the data size of a one second wav file.
If our sample rate is 22050 samples/sec and our wav file is one second, then numSamples = 22050. We know that Subchunk2Size is the number of bytes in the data and can be calculated using this formula: Subchunk2Size = numSamples * numChannels * bitsPerSample / 8 , so, assuming numChannels = 2 and bitsPerSample = 16, we know that a one second wav file should be (22050 * 2 * 16 / 8) bytes which is 88200 bytes, so it would make sense that if Subchunk2Size is 2048 bytes, as per the website's example, then the duration of the wav file would be less than a second and thus, numSamples would be less than 22050.
I'm trying to interpret a HEX message that is transmitted in network byte order (big endian), how should I proceed to achieve conversion to ASCII?
server.on('message', function (message, remote) {
//I receive message via UDP in HEX.
});
The message comes in this format:
2B 41 43 4B 19 EF 24 10 01 02 03 02 56 50 22 00 0A 02 3B 01 00 00 4E 07 DD 02 17 11 21 20 46 AD 4E 1E 0D 0A
With that being said, each byte has a parameter attached, let's say I have 4 bytes to parameter1, 2 bytes to parameter2 and 8 bytes to parameter 3, how would I interpret it?
I have been receiving an odd/unknown message while attempting to communicate with some bittorrent peers. In this particular case I am in the middle of downloading pieces and all of a sudden this new/odd message pops up in front of a piece response.The message is odd because it doesn't appear to follow the protocol, all messages are supposed to look like this
'<length prefix><message ID><payload>'
length prefix is 4 bytes, message id is 1 byte and the payload. I am including a capture to show what I mean, on line 509 of the capture you will
see a request for a piece, on line 510 you will see the beginning of the response.
The first 4 bytes of the response are 00 00 00 00, ie 0 length message (Which is causing me issues), the next 4 bytes are the actual length of the message which is 30. The actual response to the piece request starts on line 513, so I get the piece I was requesting but this new/odd message is messing me up. I'm certain I can find a workaround but I would really like to understand what this means.
Also, I have no idea what the actual message means, and cannot find any information about it anywhere.
Here is the Wireshark capture.
https://1drv.ms/u/s!Agj06pa-wu0tnFqsYn_KnHmVz3x2
Data from packet 510:
0000 00 00 00 00 00 00 00 1e 14 01 64 35 3a 61 64 64 ..........d5:add
0010 65 64 36 3a 63 f2 7a 48 17 f4 37 3a 64 72 6f 70 ed6:c.zH..7:drop
0020 70 65 64 30 3a 65 ped0:e
00 00 00 00 4 bytes keep-alive message
00 00 00 1e message length 30 bytes
14 message type extended message (BEP10)
01 extended message ID = 1 as specified by the previous extension handshake: ut_pex
64 35 3a 61 64 64 65 64 36 3a 63 f2 7a 48 17 f4 37 3a 64 72 6f 70 70 65 64 30 3a 65
d5:added6:c.zH..7:dropped0:e
ut_pex message data (bencoded)
d
5:added
6:c.zH..
7:dropped
0:
e
ut_pex message data (bencoded with added white space)
The first 4 bytes of the response are 00 00 00 00, ie 0 length message (Which is causing me issues)
The bittorrent spec says
Messages of length zero are keepalives, and ignored.
With refrence to Michael Roland's answer, I am facing problems in changing the key of a Mifare Classic 4K card. I want to do the personalization of NFC cards using NFC reader ACR122U.
I have followed the steps defined in this answer, and successfully read and write the sector trailer block 11 (by reading I got the 2 access bytes and 1 general purpose byte), as
00 00 00 00 00 7F 07 88 40 00 00 00 00 00
Using these access bytes and the new keys KeyA (D6 DF 20 AE AE BC) and KeyB (D6 DF 20 AE AE BC), I generate 16 byte (D6 DF 20 AE AE BC ...), along with access bytes to change the sector keys. I.e. write to block 11 with following 16 bytes:
D6 DF 20 AE AE BC 7F 07 88 40 D6 DF 20 AE AE BC
The write command thus becomes
FF D6 00 11 10 D6 DF 20 AE AE BC 7F 07 88 40 D6 DF 20 AE AE BC
The command executed successfully but when I authenticated block 8 (1st block of same sector), using Key B (0x61) and key (1 or 0), the authentication failed and returns 0x63. Which means sector 2 becomes inaccessible.
Also after then read and write to that sector failed.
Also Android App NFCTagInfo shows following
Data (US-ASCII), Shows Sector 2: Read Failed!
Access Conditions : Sector 2 (Could not read access conditions!)