This is our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.
0
1

Hi sharks,

what kind of data type are the payload data? is it possible to translate it into readable format? How can i do this?

i tried to take the hex-data and convert it into text, than i got just:

r¼ãZ•BZ¼w_edœMè5§Sƒ0rÀ4ŒR‘ò  }mÊ8¥ä!õÓÒ:Ïà™^àì®ë”D†Õª[½nÎLáÇO¸öÎ,zuWõÕ‚ìÕ|Nž   ðnJÕ?в‹5‘EþrαÁ?þÎH&fC‰¾Gùm˜²V”Ú9_†)w{¦Xhd±E(nù,Ó¸ž2ŽZHg˜°‚š˜†=~ô˜[Å£ºŽþÊc-Ú
˜ÓB¿qhþ >;?ýšé¶Eë8{õ2íE±Ë³*Ž%ÜÖó,4•~ÿjàE¾õöa¬‘tHÞ; X–\GVòòZÑ旅[email protected]}ŸžAëmýi‹e‰ißævøè`íW&ø¸#ÇX$¾’ üʵÈ܏Ÿç]©šì#aêÓd“B‡®ÿ÷Ân†ŒÄø�îð[gÝÃ×Jf¡Í$¾Ön%±¸å‘'qΔڮšîSû…&[ë2.Ãs<Ådo“±„¥2r ÕcWN#jÞ{ÒÚ–í%!.•\æÄ¥uxý4á£Ò—æí:&þjIX#»ÍºÏ:©mI\F©¶W~Ò­ºi”Ä3M
œ‡WÌ?Ä%_|Ÿ}|ª4?›‚÷‚A–LÞÓþ6FC&"Ô]Íbxe»s+åUdª
ïtÝw!¾<•š–ôèIQ¡TwIŸïþ‡Øi°ëøéÊ|¨@{t£ø¬÷hä0µ…ß™á‡FáI£õÔ=‰d&".ÜӐGSÚÝýÌUäš½ý_2§Èq`áýE:bwséµy`ÿ½…QeÅà'<ÓØ\ÑÎÚžUäÕÅR|xTàqÑœ<ÅÌšL{I§!žíÊ›¸Lò£–uÑ  ˆ—3`ZB¥R Â’UÂ?!TG
RéíüÎ ”á偌óASú]mœî·*rñ,Åywꯪ¿y‚ûoH',*Þ‡Ô™6¹«fã¬=¶1¼k�i.©‘bó³6LÒ2Ã[email protected]´ƒëgdÌHVÛ[email protected]øí§D—…ê=Fr¶!u·ÒÂF3³¥)÷¾¦ƒØ?ëV‡Ù:ËÏ ›¤‰SS NE-=¢u–¯yU¤�jš,.MØýïüŬÜ×u¤Qè(b8èКÌw׏
@›qŒŠíŒÔ_ÞMä}NPJxQ"FÕ¯Ò±:ôÌ­*±éIn(.g„y醟.¬µ$DµüüùÞaVÉS%Î1ehn]Ì„¸QG¸´`Œö9µI“n᪏¦iòº07¿@‹@4„GûÚžmQ–(Â"ïPpÇ2on!Ÿ2.0R¶5ÓÇ&£3ÝH°@óÚ`µxjãßéófçÓ‚ó£Fq¡éëUb‹0f×¦0)q—
ºI‰‚í¶É¸ÎË·{=םêZ\z¼?%k®Bd^QÌôBc/ff‹R^o]æ)$èÁd®rê‹Gp+4ö¤ù!ôJ6O°ÎR䙀=¶ ªs/{¹êHí£Ó%^?Qó46›Ã¹ðà—sB´/ѼpkØžóÇeì ßw×tLfY:•íðí×<;!O'Ê]åKÞ*þ»p;ô)á’¿CpŒúÕq±  3'KtO®Å9Q[email protected]¹›'Kåä?à÷­vÝ’|6Õ-g”h)ÝÃq¾SŒÌ[email protected]#Sñ%lp› |ºO
kC©nÇot˶£JÓ‚[˜r’Ua)o†"®Jã0’Ší<t8ŒÛ5ãÀÜSºqŒ+„    (Å~YZ;yÜʈœ–ã<Žv¬ää´ølVnË¡1z†½¼KRæC!Lļé6Ý‘Àø§+ƒ÷z²M
¬sÐç9fC]æ,e4Zª
0<zdp¶Š¦Õ,Ô¤y›Gb”äî ®µ;²Yì|˜

How can i convert it into a readable format?

thanks in advance

asked 03 Jan '15, 05:07

sharky111's gravatar image

sharky111
1122
accept rate: 0%

edited 03 Jan '15, 10:49

grahamb's gravatar image

grahamb ♦
19.8k330206

Where does that hex come from? Have you just copied the contents of a pcap file? If so that's a binary file and you'll need to use an application or library that can read a pcap file.

(03 Jan '15, 10:48) grahamb ♦

This hex is just the payload data from a packet(output from wireshark under the tab data). Which program can translate it. Is it not possible to do it in wireshark?

(04 Jan '15, 00:12) sharky111

what is the protocol?

(04 Jan '15, 03:00) Kurt Knochner ♦

The "data" dissector in Wireshark is a fallback that just displays the hex values when no other dissector can be found that will dissect the data correctly.

There are a few reasons why the "data" isn't being dissected:

  1. The data is from a protocol that Wireshark doesn't currently support. Someone will need to write a dissector for it.
  2. The data is from a protocol that is supported by Wireshark, but it's on a non-standard port or transport that isn't supported or configured by your copy of Wireshark. If you know what the data is meant to be, then you might try using "Decode As ..." to dissect the data.
  3. Thee data is from a protocol that is supported by Wireshark, but the heuristic detection of it fails for some reason. Again "Decode As ..." might help.
  4. Some other reason.

Do you know what the data is meant to represent? Can you show the packet tree for one of the frames with the hex data, rather than the hex data itself (Hint use File -> Export Packet Dissections -> As Plain Text, set the Packet Range to the Selected Packet and set the Packet Details droplist to "All Expanded") ?

permanent link

answered 04 Jan '15, 02:19

grahamb's gravatar image

grahamb ♦
19.8k330206
accept rate: 22%

i tried all "decode as" types but none of that solved my problem: its a packet from a android apk which always gives me an error. so, i tried to understand what data is beeing send to the server xxxxxxx. its a tcp packet.

this is the total output of the packet:

No.     Time           Source                Destination           Protocol Length Info
26 14.915039000   xxxxxxxxx        192.168.153.101       TCP      1514   9339 > 33875 [ACK] Seq=5311 Ack=237 Win=122 Len=1448 TSval=2044139457 TSecr=1003022

Frame 26: 1514 bytes on wire (12112 bits), 1514 bytes captured (12112 bits) on interface 0
    Interface id: 0
    Encapsulation type: Ethernet (1)
    Arrival Time: Jan  3, 2015 00:09:06.224505000 Mitteleuropäische Zeit
    [Time shift for this packet: 0.000000000 seconds]
    Epoch Time: 1420240146.224505000 seconds
    [Time delta from previous captured frame: 0.000066000 seconds]
    [Time delta from previous displayed frame: 0.000066000 seconds]
    [Time since reference or first frame: 14.915039000 seconds]
    Frame Number: 26
    Frame Length: 1514 bytes (12112 bits)
    Capture Length: 1514 bytes (12112 bits)
    [Frame is marked: False]
    [Frame is ignored: False]
    [Protocols in frame: eth:ip:tcp:data]
    [Coloring Rule Name: TCP]
    [Coloring Rule String: tcp]
Ethernet II, Src: 52:16:d8:a9:80:47 (52:16:d8:a9:80:47), Dst: 34:be:00:24:64:14 (34:be:00:24:64:14)
    Destination: 34:be:00:24:64:14 (34:be:00:24:64:14)
        Address: 34:be:00:24:64:14 (34:be:00:24:64:14)
        .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
        .... ...0 .... .... .... .... = IG bit: Individual address (unicast)
    Source: 52:16:d8:a9:80:47 (52:16:d8:a9:80:47)
        Address: 52:16:d8:a9:80:47 (52:16:d8:a9:80:47)
        .... ..1. .... .... .... .... = LG bit: Locally administered address (this is NOT the factory default)
        .... ...0 .... .... .... .... = IG bit: Individual address (unicast)
    Type: IP (0x0800)
Internet Protocol Version 4, Src: xxxxxxxx (xxxxxxxx), Dst: 192.168.153.101 (192.168.153.101)
    Version: 4
    Header length: 20 bytes
    Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00: Not-ECT (Not ECN-Capable Transport))
    Total Length: 1500
    Identification: 0xfd00 (64768)
    Flags: 0x02 (Don't Fragment)
    Fragment offset: 0
    Time to live: 34
    Protocol: TCP (6)
    Header checksum: 0x4920 [correct]
    Source: xxxxxx (xxxxxxxxx)
    Destination: 192.168.153.101 (192.168.153.101)
    [Source GeoIP: Unknown]
    [Destination GeoIP: Unknown]
Transmission Control Protocol, Src Port: 9339 (9339), Dst Port: 33875 (33875), Seq: 5311, Ack: 237, Len: 1448
    Source port: 9339 (9339)
    Destination port: 33875 (33875)
    [Stream index: 0]
    Sequence number: 5311    (relative sequence number)
    [Next sequence number: 6759    (relative sequence number)]
    Acknowledgment number: 237    (relative ack number)
    Header length: 32 bytes
    Flags: 0x010 (ACK)
    Window size value: 122
    [Calculated window size: 122]
    [Window size scaling factor: -1 (unknown)]
    Checksum: 0xf24f [validation disabled]
    Options: (12 bytes), No-Operation (NOP), No-Operation (NOP), Timestamps
    [SEQ/ACK analysis]
Data (1448 bytes)

0000  72 bc e3 08 5a 95 42 5a bc 77 5f 65 64 9c 4d e8   r...Z.BZ.w_ed.M.
0010  35 a7 53 83 0b 30 72 c0 34 8c 52 91 f2 7f 09 7d   5.S..0r.4.R....}
0020  6d ca 38 08 a5 e4 21 f5 d3 d2 3a cf e0 99 13 03   m.8...!...:.....
0030  5e e0 ec ae eb 94 44 04 86 d5 aa 5b bd 07 6e ce   ^.....D....[..n.
0040  4c e1 c7 07 4f b8 06 f6 ce 2c 7a 75 57 f5 d5 82   L...O....,zuW...
0050  ec d5 7c 4e 9e 09 f0 6e 4a d5 3f d0 b2 8b 35 91   ..|N...nJ.?...5.
0060  19 45 fe 72 ce b1 c1 3f fe ce 48 26 66 43 89 be   .E.r...?..H&fC..
0070  47 16 f9 6d 98 b2 56 94 40 c8 06 da 39 5f 01 1b   [email protected]_..
0080  86 18 29 77 04 7b a6 58 19 03 68 64 b1 45 8f 28   ..)w.{.X..hd.E.(
0090  6e 90 7f f9 2c 17 d3 b8 9e 32 15 8e 5a 48 67 98   n...,....2..ZHg.
00a0  b0 82 9a 98 86 3d 7e f4 98 9d 5b c5 a3 8f 10 ba   .....=~...[.....
00b0  8e fe ca 63 2d da 0d 11 98 05 d3 42 bf 71 68 fe   ...c-......B.qh.
00c0  a0 3e 02 19 9d 3b 1b 3f fd 9a e9 11 b6 45 eb 38   .>...;.?.....E.8
00d0  7b f5 32 ed 45 b1 17 cb 0b b3 2a 8e 25 dc d6 f3   {.2.E.....*.%...
00e0  2c 34 95 7e ff 6a e0 45 be f5 f6 61 ac 91 74 07   ,4.~.j.E...a..t.
00f0  48 de 3b 20 58 96 02 5c 47 01 56 f2 f2 04 5a d1   H.; X..\G.V...Z.
0100  ef a6 10 83 7a 40 7d 9f 9e 41 eb 6d fd 81 69 8b   [email protected]}..A.m..i.
0110  65 89 69 df e6 76 f8 e8 60 01 ed 57 26 f8 03 b8   e.i..v..`..W&...
0120  23 c7 58 24 be 92 a0 0c fc 1d ca 1c b5 c8 dc 8f   #.X$............
0130  0c 9f 1a e7 5d a9 08 9a ec 23 61 ea d3 64 93 42   ....]....#a..d.B
0140  87 ae ff f7 c2 6e 86 8c c4 f8 00 ee f0 5b 18 67   .....n.......[.g
0150  dd c3 d7 4a 66 a1 cd 24 be d6 6e 25 b1 b8 e5 18   ...Jf..$..n%....
0160  91 27 71 ce 94 da ae 9a ee 53 fb 7f 85 26 11 5b   .'q......S...&.[
0170  eb 32 2e 17 c3 73 3c c5 64 6f 93 b1 84 a5 13 32   .2...s<.do.....2
0180  72 a0 d5 63 57 4e 16 23 6a de 7b d2 da 96 ed 25   r..cWN.#j.{....%
0190  21 2e 14 95 08 5c e6 c4 a5 12 75 78 fd 34 e1 a3   !....\....ux.4..
01a0  d2 97 e6 0b ed 3a 26 fe 6a 49 58 23 bb cd ba cf   .....:&.jIX#....
01b0  0e 3a a9 6d 49 5c 46 a9 b6 57 7e d2 ad 1a ba 69   .:.mI\F..W~....i
01c0  94 c4 33 4d 0d 9c 87 57 cc 3f c4 25 5f 7c 9f 7d   ..3M...W.?.%_|.}
01d0  7c aa 34 3f 9b 1a 82 1b f7 82 41 96 4c de d3 14   |.4?......A.L...
01e0  fe 36 46 43 26 22 d4 5d cd 62 78 65 bb 73 2b e5   .6FC&".].bxe.s+.
01f0  12 55 64 1d aa 0a ef 74 dd 77 21 be 3c 95 06 9a   .Ud....t.w!.<...
0200  12 96 1b f4 e8 49 51 0f a1 54 77 49 9f ef fe 87   .....IQ..TwI....
0210  d8 0b 69 b0 8d eb f8 e9 ca 7c a8 40 14 7b 74 a3   ..i......|[email protected]{t.
0220  f8 ac f7 68 e4 81 7f 30 1d b5 85 9d 0b df 99 e1   ...h...0........
0230  87 07 46 e1 49 a3 f5 d4 3d 89 64 26 22 2e dc d3   ..F.I...=.d&"...
0240  90 47 53 da 01 dd fd cc 55 e4 9a bd fd 5f 32 a7   .GS.....U...._2.
0250  c8 71 60 1f c3 a1 fd 45 3a 62 0f 77 73 e9 b5 0c   .q`....E:b.ws...
0260  79 1d 60 ff bd 85 51 65 c5 e0 27 3c d3 d8 5c d1   y.`...Qe..'<..\.
0270  17 ce da 9e 55 e4 d5 c5 52 7c 78 54 e0 71 d1 9c   ....U...R|xT.q..
0280  3c c5 cc 9a 4c 08 08 7b 0e 49 a7 21 9e ed ca 9b   <...L..{.I.!....
0290  7f b8 4c f2 a3 96 75 d1 09 88 97 33 8d 60 5a 42   ..L...u....3.`ZB
02a0  a5 52 a0 c2 1e 92 55 c2 3f 19 21 9d 54 11 47 0d   .R....U.?.!.T.G.
02b0  52 e9 ed 1d fc 0f ce a0 94 e1 e5 81 8c f3 41 53   R.............AS
02c0  fa 5d 6d 9c ee b7 2a 72 f1 2c c5 79 77 ea af aa   .]m...*r.,.yw...
02d0  bf 79 82 fb 6f 48 27 2c 2a de 87 d4 99 36 b9 ab   .y..oH',*....6..
02e0  8d 66 e3 ac 3d b6 31 bc 6b 00 69 2e a9 91 62 f3   .f..=.1.k.i...b.
02f0  b3 36 4c d2 32 c3 59 40 b4 83 eb 67 64 1f 81 0b   [email protected]
0300  cc 48 56 db 78 40 39 f8 ed a7 44 97 85 ea 1c 3d   [email protected]=
0310  46 72 b6 21 75 b7 d2 c2 46 33 b3 a5 29 f7 be 19   Fr.!u...F3..)...
0320  c2 a6 83 d8 3f eb 0b 56 87 d9 3a cb 81 cf 20 1f   ....?..V..:... .
0330  9b a4 89 53 53 a0 4e 0b 45 2d 3d a2 75 96 af 79   ...SS.N.E-=.u..y
0340  90 55 a4 00 6a 9a 2c 2e 4d 12 d8 fd ef fc c5 ac   .U..j.,.M.......
0350  dc d7 75 a4 51 e8 8d 28 62 38 e8 d0 9a cc 77 d7   ..u.Q..(b8....w.
0360  8f 0d 40 9b 71 8c 8a 16 ed 8c d4 5f de 4d e4 7d   [email protected]_.M.}
0370  4e 50 4a 78 03 51 22 46 d5 af d2 b1 3a f4 1d 19   NPJx.Q"F....:...
0380  cc ad 2a 06 b1 e9 49 6e 28 2e 67 84 79 e9 86 9f   ..*...In(.g.y...
0390  2e ac b5 24 44 b5 fc fc f9 de 61 56 c9 53 14 25   ...$D.....aV.S.%
03a0  19 01 ce 31 65 68 6e 5d cc 84 b8 51 14 8d 47 19   ...1ehn]...Q..G.
03b0  c2 b8 b4 60 1b 8c f6 7f 1f 39 b5 49 93 6e e1 aa   ...`.....9.I.n..
03c0  8f a6 69 f2 ba 30 02 37 bf 40 8b 16 40 13 34 02   [email protected]@.4.
03d0  84 47 05 10 fb da 9e 6d 51 96 18 28 c2 22 ef 50   .G.....mQ..(.".P
03e0  70 c7 32 6f 6e 21 9f 1b 32 2e 08 30 52 b6 35 d3   p.2on!..2..0R.5.
03f0  c7 26 a3 33 dd 48 1a b0 40 1c f3 da 60 b5 90 0f   .&[email protected]`...
0400  78 6a e3 df e9 f3 66 e7 d3 1f 82 f3 a3 46 71 a1   xj....f......Fq.
0410  e9 eb 55 62 8b 30 66 d7 0c a6 05 30 29 08 71 90   ..Ub.0f....0).q.
0420  97 0d ba 49 89 82 ed b6 c9 b8 ce cb b7 7b 3d d7   ...I.........{=.
0430  9d ea 5a 03 5c 7a bc 3f 25 6b 03 ae 42 16 64 0f   ..Z.\z.?%k..B.d.
0440  5e 51 cc f4 42 63 2f 66 66 8b 19 52 5e 6f 5d e6   ^Q..Bc/ff..R^o].
0450  29 24 e8 c1 64 ae 72 ea 8b 47 70 2b 34 f6 a4 f9   )$..d.r..Gp+4...
0460  0b 21 f4 4a 36 4f b0 ce 52 e4 99 80 3d b6 20 aa   .!.J6O..R...=. .
0470  73 2f 7b b9 ea 48 ed c2 a3 d3 25 5e 3f 51 f3 34   s/{..H....%^?Q.4
0480  36 1a 9b c3 b9 f0 e0 05 97 73 42 b4 2f d1 bc 70   6........sB./..p
0490  6b 1b d8 9e f3 c7 65 ec 20 df 77 d7 74 4c 66 02   k.....e. .w.tLf.
04a0  59 3a 95 ed f0 ed d7 3c 0f 3b 1a 21 4f 27 ca 5d   Y:.....<.;.!O'.]
04b0  16 e5 4b de 03 2a fe bb 70 3b f4 29 0b e1 92 bf   ..K..*..p;.)....
04c0  43 70 8c 1c fa d5 71 b1 09 33 27 4b 74 4f ae c5   Cp....q..3'KtO..
04d0  39 51 7f 36 03 40 1a b9 9b 27 4b e5 e4 3f e0 f7   [email protected]'K..?..
04e0  ad 76 dd 92 10 7c 36 d5 2d 0e 67 94 68 29 dd c3   .v...|6.-.g.h)..
04f0  71 be 53 06 8c 02 cc 1f 66 40 23 53 f1 25 6c 0c   [email protected]#S.%l.
0500  70 9b 09 7c ba 4f 0a 6b 43 8d a9 90 6e 07 01 c7   p..|.O.kC...n...
0510  6f 74 cb b6 a3 4a d3 82 5b 98 72 92 55 61 11 29   ot...J..[.r.Ua.)
0520  6f 04 86 22 ae 17 4a 1a e3 30 92 8a ed 0e 3c 74   o.."..J..0....<t
0530  38 8c db 35 e3 c0 dc 53 ba 71 04 0c 8c 2b 84 09   8..5...S.q...+..
0540  28 c5 7e 59 5a 3b 79 dc ca 88 9c 96 e3 3c 9d 8e   (.~YZ;y......<..
0550  76 ac e4 e4 b4 f8 1a 6c 56 6e cb a1 31 7a 86 bd   v......lVn..1z..
0560  bc 4b 52 e6 43 21 4c c4 bc e9 36 dd 91 c0 f8 a7   .KR.C!L...6.....
0570  2b 08 83 f7 7a b2 4d 0d ac 73 d0 e7 39 66 43 5d   +...z.M..s..9fC]
0580  e6 2c 65 34 5a aa 0a 30 3c 7a 64 70 b6 8a 8f a6   .,e4Z..0<zdp....
0590  d5 2c 0b d4 a4 79 9b 47 04 62 94 0f e4 ee 09 ae   .,...y.G.b......
05a0  b5 3b 15 b2 59 ec 7c 98                           .;..Y.|.
    Data: 72bce3085a95425abc775f65649c4de835a753830b3072c0...
    [Length: 1448]
(04 Jan '15, 09:21) sharky111

According to google, TCP port 9339 is used by the game Clash of Clans. If that's the Android app you're trying to decode, Wireshark has no dissector for that game's protocol (assuming it's a proprietary protocol).

(04 Jan '15, 09:51) Hadriel
Your answer
toggle preview

Follow this question

By Email:

Once you sign in you will be able to subscribe for any updates here

By RSS:

Answers

Answers and Comments

Markdown Basics

  • *italic* or _italic_
  • **bold** or __bold__
  • link:[text](http://url.com/ "title")
  • image?![alt text](/path/img.jpg "title")
  • numbered list: 1. Foo 2. Bar
  • to add a line break simply add two spaces to where you would like the new line to be.
  • basic HTML tags are also supported

Question tags:

×58

question asked: 03 Jan '15, 05:07

question was seen: 9,080 times

last updated: 04 Jan '15, 11:01

p​o​w​e​r​e​d by O​S​Q​A