실전에 적용해 보기 위해 아주 좋은 예제가 있다.
코드게이트 2012년 prequal 네트워크 100 문제~
파일 이름은 10_Floor.pcap으로 명명했다.
See on the link below to refer to pcap file format.
http://n20kim.blogspot.kr/2013/02/pcap-file-format.html
Wireshark can't open the pcap file.
If you understand pcap file format, you could notice what is weird.
Yeah, right!
pcap has global header at the beginning of the pcap. :)
# recover the pcap's global header.
1.make global header to add global header to the pcap.
To make this, I made this code. It's simple but entering line by line is a little bit annoying
import binascii
binary=binascii.unhexlify("d4c3b2a1020004000000000000000000ffff000001000000")
f=open('header.pcap','w')
f.write(binary)
f.close()
2. add global header to the pcap
But an error still occurs because of size. phew...
Fix it again!
3. Did you notice something? The problem is size... and 22nd packet is normal.
So you can infer that 23rd packet is probably abnormal.
22nd packet byte streams is following:
4. The last line from 0x0038 is "16 d0 e3 42 ... "
Find that byte streams in the 10_Floor.pcap
23rd packet starts with "3e ec 60 ..".
Packet header has 16bytes as you know.
You can see "GET .." instead of packet header bytes. weird...
No comments:
Post a Comment