On Apr 15, 2009, at 3:47 AM, Revathi Rangachari wrote:
How to analyze the packets captured by wireshark. Capture outputs
certain set of data in bytes, but how to decipher the captured data?
I believe there's a program called "Wireshark" that can read a capture
file from Wireshark and dissect the captured data. :-)
A sample data is given below:
0000 17 03 01 00 31 63 2e 9f 05 9f de 92 60 2d 85 8f ....
1c......`-..
0010 db e6 29 46 dd 23 b3 c5 43 f5 9a 77 ce 03 66
6e ..)F.#..C..w..fn
0020 c7 d0 ad 4a d7 da e1 20 cc 5e 6f 02 eb 28 16 42 ...J... .^o..
(.B
0030 c3 ae d0 bb cf 09
The guide says that this data is in bytes. How to make this data
meaningful?
Look at the middle pane in the Wireshark window, rather than the
bottommost pane. If Wireshark doesn't display a detailed dissection
in the middle pane, either it doesn't understand one or more of the
protocols in the packet (in which case, to make it meaningful,
somebody would have to contribute dissectors for those protocols), or
it doesn't recognize that those are the protocols (in which case, to
make it meaningful, Wireshark might have to be explicitly told, e.g.
through the "Decode As" menu option, that those are the protocols, or
the dissectors might have to be changed to try to "heuristically"
recognize packets), or the data is encrypted and Wireshark isn't
decrypting it (in which case, either Wireshark will have to have code
added to it to decrypt the packets, or you'll have to supply the
information needed to decrypt it).