I'm working on reverse engineering the protocol that's going between an iPhone app and a WiFi controlled helicopter. It's being complicated because the app sends 18 bytes of data every .04 seconds even if the control values do not change. I already have a filter that selects only the packets with these messages. I have two problems
asked 20 Jun '14, 16:57  MiloMindbender |
One Answer:
Regarding #1:
hard to tell, without an example. Is it possible to post a sample capture file somewhere (google drive, dropbox, cloudshark.org). Please add some information about the frame numbers where you have identified 'missing data'. Regarding #2:
Again, hard to tell, without knowing the protocol (HTTP ?). In general, you can use tshark on the CLI to print the payload of frames.
These are only two generic ways to export the bytes. If you are able to post a sample capture file, we might be able to narrow it down to a better/different method. Regards answered 21 Jun '14, 16:49  Kurt Knochner ♦ |
Cool project! If it's TCP, click Edit -> Preferences, expand the Protocols list, find TCP, and unselect "Analyze TCP Sequence Numbers". To save just the data, right-click on any packet and select "Follow TCP Stream". In the dialog box, change the "Entire Conversation" drop-down box and select the strea (helicopter)->(wireshark). Select the ASCII radio button if you'd like, then click the Save button.