i'm using pycapy , impacket write script records , analyzes network traffic. output looks this:
ether: 00:1b:21:50:aa:b2 -> 00:25:11:2c:12:56 ip df xxx.xxx.xxx.xx1 -> xxx.xxx.xxx.xx1 tcp ack push 17500 -> 49669 1703 0100 207e 7f37 25c0 59c2 b263 2071 .... ~.7%.y..c q 16be 9382 18b2 b1c5 dedc 6c1b 2b21 fbc1 ..........l.+!.. 4ae1 4c20 d117 0301 0020 a223 76b9 1ec3 j.l ..... .#v... e8b6 c229 cf65 85ed c9e4 0e3f 337f d1ae ...).e.....?3... 7ca8 5a5f 0627 dcc4 9d71 |.z_.'...q ether: 00:1b:21:50:aa:b2 -> 00:25:11:2c:12:56 ip df xxx.xxx.xxx.xx1 -> xxx.xxx.xxx.xx1 tcp ack push 17500 -> 49669 1703 0100 2096 698d db90 b9ae 9fc2 bfb3 .... .i......... 8cfd dedb 6105 0ada 5e7a b160 ee63 500f ....a...^z.`.cp. a373 51cc 0917 0301 0020 d745 e4f4 6b5f .sq...... .e..k_ 66b9 945d 8456 63fe 87ed 2584 ead2 1e98 f..].vc...%..... c3de 0003 2405 52fc dd06 ....$.r... ether: 00:25:11:2c:12:56 -> 00:1b:21:50:aa:b2 ip df xxx.xxx.xxx.xx1 -> xxx.xxx.xxx.xx1 tcp ack 49669 -> 17500 ether: 00:25:11:2c:12:56 -> 00:1b:21:50:a3:13 ip df xxx.xxx.xxx.xx1 -> xxx.xxx.xxx.xx1 tcp ack push 49670 -> 17500 1703 0100 2021 ad5a bc41 7ef3 e008 1130 .... !.z.a~....0 29c1 9439 6e06 0792 6511 ec5e 6520 eb50 )..9n...e..^e .p 7f9d 1647 0117 0301 0030 b2ee 0b08 f0c1 ...g.....0...... cc97 dccb a206 a52b 3065 92c0 2c7f 6e54 .......+0e..,.nt b75c 1905 d93f fb46 0d9c 0742 7a04 3648 .\...?.f...bz.6h 556f dbb1 09c1 e636 60ad uo.....6`. what want extract data out of this, tcp windowfull , zerowindow. how go turning these hex dumps in plain text can fed in python analysis? don't want use wireshark because i'm trying make standalone application.
to follow on a_hex_string.decode('hex'), here's example.
in [26]: s = 'stackoverflow' in [27]: t = s.encode('hex') in [28]: t out[28]: '737461636b6f766572666c6f77' in [29]: t.decode('hex') out[29]: 'stackoverflow' 
Comments
Post a Comment