Couldn’t extract encrypted Application data from pcap using Perl Netpacket module

Question

I tried to extract the encrypted application data using the perl Netpacket module.I am able to see the ports but couldn't see the encrypted data.Any Modules are there to see the encrypted app data or any unpack function is required to read that?

Answer 1

1

I am able to see the ports but couldn't see the encrypted data.

well, that depends on your code. If you post the code somewhere I'm willing to check it.

Regards
Kurt

answered 23 May '13, 01:50

Kurt Knochner ♦
24.8k●10●39●237
accept rate: 15%

0

The code snippet is,

sub func( my($pcapfile, $header, $pcapPacket) = @_; # unpack ethernet header
  my $ethObj = NetPacket::Ethernet->decode($pcapPacket); # unpack ip header
  my $ipObj = NetPacket::IP->decode($ethObj->{data}); # unpack udp header
  my $pktObj;
if ($ipObj->{proto} == IP_PROTO_TCP) {
$pktObj = NetPacket::TCP->decode($ipObj->{data});
print $pktObj->{src_port}
print $pktObj->{dest_port}
print $pktObj->{data};
}
)

Its printing ports properly..but some junk values for data.any unpack function need to use to decode the ssl encrypted app data?

(23 May ‘13, 01:55) Kalai

code looks O.K. (generally).

but some junk values for data.

that’s the binary data of the payload.

What did you expect to get?

BTW: Just a reminder. You cannot decrypt the data with NetPacket.

(23 May ‘13, 02:12) Kurt Knochner ♦

Yes it wont decrypt.I just want to see the encrypted application data in hex like wireshark shows.can it be possible?

(23 May ‘13, 02:18) Kalai

Yes I am able to see when I convert binary data into hex value..Thanks for the input…

(23 May ‘13, 02:40) Kalai

when I convert binary data into hex value

yes, that’s the way to do it.

(23 May ‘13, 06:20) Kurt Knochner ♦