Raw Packets payload

NTDEV
1

I am outputting the raw data of dissected packets (down to TCP) to a console application (i got the packets from an NDIS Protocol Driver)

code:

"
Data = (char*) ptrTCP_HDR+PAYLOAD_OFFSET;
cout << Data;
"

This works fine for some packets (example HTTP Packets)

but for other packets garbage comes out (example: a smiley face etc…) I am 100% sure that the packet contains non garbage data since i am viewing the same packet with wire shark,

am i outputting the data wrong?

(The objective is to output the data without any modifications to, like a dump)

(sorry for the noob question)

Thanks!!!

2

Ever heard of zero-terminated string concept, non-printable characters, and hex print?

3

You can’t just dump arbitrary data to cout. You’ve got to know what you’re
dumping. The “data” you are dumping could be ASCII strings, could be UNICODE
strings or something else.

To get a better idea of what you’re actually seeing at Data write a Hex dump
method. This sort of method prints the HEX value of 16 bytes at the
beginning of the line output. After that it prints the ASCII representation
of these characters - but only if they are printable. If not printable it
prints a ‘.’. Here’s an example of a HEX dump of a network packet if you
haven’t seen one:

Packet No.: 0000000042 Time: 0179759403 msec Length: 94/94
Ethernet Dest: 00.24.81.00.48.78 Src: 00.24.E8.1C.8D.06 Type: 0x0800
000000: 00 24 81 00 48 78 00 24 : E8 1C 8D 06 08 00 45 00
.$…Hx.$…E.
000010: 00 50 55 9E 00 00 80 11 : 00 00 C0 A8 0F 66 C0 A8
.PU…f…
000020: 0F 73 F1 F2 00 A1 00 3C : A0 77 30 32 02 01 00 04
.s…<.w02…
000030: 08 69 6E 74 65 72 6E 61 : 6C A0 23 02 02 3B E5 02
.internal.#…;…
000040: 01 00 02 01 00 30 17 30 : 15 06 11 2B 06 01 04 01
…0.0…+…
000050: 0B 02 03 09 04 02 01 01 : 02 81 00 00 05 00

Looking at this sort of output for a while you should learn what you need to
do next.

Good luck,

Thomas F. Divine
http://www.rawether.net

From:
Sent: Thursday, March 03, 2011 10:50 AM
To: “Windows System Software Devs Interest List”
Subject: [ntdev] Raw Packets payload

> I am outputting the raw data of dissected packets (down to TCP) to a
> console application (i got the packets from an NDIS Protocol Driver)
>
> code:
>
> "
> Data = (char*) ptrTCP_HDR+PAYLOAD_OFFSET;
> cout << Data;
> "
>
> This works fine for some packets (example HTTP Packets)
>
> but for other packets garbage comes out (example: a smiley face etc…) I
> am 100% sure that the packet contains non garbage data since i am viewing
> the same packet with wire shark,
>
> am i outputting the data wrong?
>
> (The objective is to output the data without any modifications to, like a
> dump)
>
> (sorry for the noob question)
>
> Thanks!!!
>
>
>
> —
> NTDEV is sponsored by OSR
>
> For our schedule of WDF, WDM, debugging and other seminars visit:
> http://www.osr.com/seminars
>
> To unsubscribe, visit the List Server section of OSR Online at
> http://www.osronline.com/page.cfm?name=ListServer

4

Could we please have an example of what data is no being correctly shown in your program but is in Wireshark? Is it only the data section of the packet? are some headers not coming out properly? is your program only designed to work for tcp/ip?