I am very new to this so forgive me if my question has a simply answer I am missing. I am trying to decipher a TCP Stream. I see some of the information is readable. However, there is a large section that needs to be decoded. Below is the beginning of what I would like to decode. Can someone point me in the direction of what I need to do to successfully decode this section of the stream? asked 18 Nov '11, 23:06  criag0 edited 23 Nov '11, 14:57  helloworld |
3 Answers:
What you refer to is a protocol, for that Wireshark has 'dissectors' which decode and present the protocol elements. Now the problem is that the dissectors are to be written according to the specification of the protocol. So you must have that. Then you have to choose what language/API to program against. Most powerful are dissectors in native C, other options are Lua or Python. answered 19 Nov '11, 01:12  Jaap ♦ |
"What [you'd] like to decode" looks like XML. Wireshark has an XML dissector, but to dissect it as anything much more than raw text would require the DTD for the XML in question. See the Wireshark Wiki page on XML for more information. You'd also need to have Wireshark somehow invoke the XML dissector for the data in question. Is this just raw XML over a TCP connection, or is it, for example, XML transported over HTTP? answered 19 Nov '11, 13:04  Guy Harris ♦♦ |
What you see inside the CDATA section is a base64encoded representation of (potentially) binary information. You can try base64 decoding it, but if the result is not readable as text then the program which is "checking in" has its own proprietary format for sending whatever data it has collected about your machine, etc. answered 22 Mar '12, 12:56  inetdog |
Thank you for the information I will read over what you have provided.
The information i believe is raw XML. I am trying to see what was transmitted back to a company when installing a program on my computer.
Thank you in advance.