Beefy Boxes and Bandwidth Generously Provided by pair Networks
Problems? Is your data what you think it is?
 
PerlMonks  

comment on

( [id://3333] : superdoc . print w/replies, xml ) Need Help??
I am testing a product, and am trying to determine how secure the remote adminstration tool is. I have captured many packets while performing normal admin type tasks. I have this information in a text file, with only the data sections of each packet present. (From the UDP checksum to the end of the packet.) What I want to do is write a script that will check outgoing and incoming packets for repetitions of patterns, since there is supposed to be a "magic number" embedded in the packet to identify it as coming from the correct application, and to see how well encrypted the password is (username is sent cleartext!). What would be a good way to go about finding the largest sequence of bytes that show up in the largest number of packets? I've hacked quite a few scripts in my day, but they were pretty simple. I have a feeling that if I go at this without a little direction the results could be particularly ugly. Any suggestions (hashes, regexp, invocation of minor deities) are welcome.

In reply to Finding patterns in packet data? by Guildenstern

Title:
Use:  <p> text here (a paragraph) </p>
and:  <code> code here </code>
to format your post; it's "PerlMonks-approved HTML":



  • Are you posting in the right place? Check out Where do I post X? to know for sure.
  • Posts may use any of the Perl Monks Approved HTML tags. Currently these include the following:
    <code> <a> <b> <big> <blockquote> <br /> <dd> <dl> <dt> <em> <font> <h1> <h2> <h3> <h4> <h5> <h6> <hr /> <i> <li> <nbsp> <ol> <p> <small> <strike> <strong> <sub> <sup> <table> <td> <th> <tr> <tt> <u> <ul>
  • Snippets of code should be wrapped in <code> tags not <pre> tags. In fact, <pre> tags should generally be avoided. If they must be used, extreme care should be taken to ensure that their contents do not have long lines (<70 chars), in order to prevent horizontal scrolling (and possible janitor intervention).
  • Want more info? How to link or How to display code and escape characters are good places to start.