Presentation is loading. Please wait.

Presentation is loading. Please wait.

Sec 503.5 Case 2 Solution. Find a string in a packet.

Published byMaximillian Harris Modified over 9 years ago

Similar presentations

Presentation on theme: "Sec 503.5 Case 2 Solution. Find a string in a packet."— Presentation transcript:

1 Sec 503.5 Case 2 Solution

2 Find a string in a packet

3 Find the string smsses.exe

4 Frame 208 is the 1 st Fragment

5 Frame 209 gives us the last fragment frame

6 Frame 231 is the Last Fragment and Contains the File Size

7 Analyze>Follow TCP Stream shows the PE Header (MZ)

8 Further into the stream is the end of the executable

9 Save the raw file

10 The extract_file.raw is considerably larger than SMSSES.EXE (file size 24576)

11 Open extract_file.raw in Hex Editor

12 Locate the Header MZ or Hex 4D5A90

13 Remove Packet Data before MZ Header

14 File after removing bytes preceeding MZ Header

15 24576 is 6000 in Hex

16 Remove everything after the offset

17 Find ics.exe

18 Packet 8092 start of tranfer

19 Packet 8093 shows last fragment is 8134 (which will have the file size)

20 File size is 45056

21 Total size of raw file

Download ppt "Sec 503.5 Case 2 Solution. Find a string in a packet."

Similar presentations

Intro to WinHex CSC 414.

Intro to WinHex CSC 414.
Ch 20. Internet Protocol (IP). 20.1 Internetworking PHY and data link layers operate locally.

Ch 20. Internet Protocol (IP) Internetworking PHY and data link layers operate locally.
BMP Hide ‘n’ Seek What is BMP Hide ‘n’ Seek ? –It’s a tool that lets you hide text messages in BMP files without much visible change in the picture. –Change.

BMP Hide ‘n’ Seek What is BMP Hide ‘n’ Seek ? –It’s a tool that lets you hide text messages in BMP files without much visible change in the picture. –Change.
Computer Networks20-1 Chapter 20. Network Layer: Internet Protocol 20.1 Internetworking 20.2 IPv4 20.3 IPv6.

Computer Networks20-1 Chapter 20. Network Layer: Internet Protocol 20.1 Internetworking 20.2 IPv IPv6.
CE363 Data Communications & Networking Chapter 7 Network Layer: Internet Protocol.

CE363 Data Communications & Networking Chapter 7 Network Layer: Internet Protocol.
IP Fragmentation. MTU Maximum Transmission Unit (MTU) –Largest IP packet a network will accept –Arriving IP packet may be larger IP Packet MTU.

IP Fragmentation. MTU Maximum Transmission Unit (MTU) –Largest IP packet a network will accept –Arriving IP packet may be larger IP Packet MTU.
$100 $200 $300 $400 $500 $100 $200 $300 $400 $500 $100 $200 $300 $400 $500 $100 $200 $300 $400 $500 $100 $200 $300 $400 $500.

$100 $200 $300 $400 $500 $100 $200 $300 $400 $500 $100 $200 $300 $400 $500 $100 $200 $300 $400 $500 $100 $200 $300 $400 $500.
Chapter 20 Network Layer: Internet Protocol Stephen Kim 20.1.

Chapter 20 Network Layer: Internet Protocol Stephen Kim 20.1.
Section 2.1 Network Forensics TRACKING HACKERS THROUGH CYBERSPACE

Section 2.1 Network Forensics TRACKING HACKERS THROUGH CYBERSPACE
Shivkumar Kalyanaraman Rensselaer Polytechnic Institute 5-1 Internet Protocol (IP): Packet Format, Fragmentation, Options Shivkumar Kalyanaraman Rensselaer.

Shivkumar Kalyanaraman Rensselaer Polytechnic Institute 5-1 Internet Protocol (IP): Packet Format, Fragmentation, Options Shivkumar Kalyanaraman Rensselaer.
13.5 Representing Data Elements Fields, Records, Blocks Variable-length Data Modifying Records.

13.5 Representing Data Elements Fields, Records, Blocks Variable-length Data Modifying Records.
Source Port # (16)Destination Port # (16) Sequence Number (32 bits) Acknowledgement Number (32 bits) Hdr Len (4) Flags (6)Window Size (16) Options (if.

Source Port # (16)Destination Port # (16) Sequence Number (32 bits) Acknowledgement Number (32 bits) Hdr Len (4) Flags (6)Window Size (16) Options (if.
Physical, Logical, Conceptual DSA Lecture 2 2006-7.

Physical, Logical, Conceptual DSA Lecture
ECE 526 – Network Processing Systems Design Packet Processing II: algorithms and data structures Chapter 5: D. E. Comer.

ECE 526 – Network Processing Systems Design Packet Processing II: algorithms and data structures Chapter 5: D. E. Comer.
1 Ethereal.  Freeware sniffing tool.  Captures live network traffic.  The user interface separates it from other sniffers.

1 Ethereal.  Freeware sniffing tool.  Captures live network traffic.  The user interface separates it from other sniffers.
Trying to like a boss… REVERSE ENGINEERING. WHAT EVEN IS… REVERSE ENGINEERING?? Reverse engineering is the process of disassembling and analyzing a particular.

Trying to like a boss… REVERSE ENGINEERING. WHAT EVEN IS… REVERSE ENGINEERING?? Reverse engineering is the process of disassembling and analyzing a particular.
Section 2.2 Network Forensics TRACKING HACKERS THROUGH CYBERSPACE

Section 2.2 Network Forensics TRACKING HACKERS THROUGH CYBERSPACE
Fragmentation Fragmentation and reassembly are done by the IP layer Fragmentation and reassembly are done by the IP layer Identification (16 bits) Identification.

Fragmentation Fragmentation and reassembly are done by the IP layer Fragmentation and reassembly are done by the IP layer Identification (16 bits) Identification.
Internet Protocol Internetworking Lab 1. Why Internet?

Internet Protocol Internetworking Lab 1. Why Internet?
Transmission Control Protocol

Transmission Control Protocol

Similar presentations

Ads by Google