Monday, July 7, 2014

Remote KG pcap file Analysis Temp

We have a pcap file first step is to identifies conversations  :











we can see there is two interesting stream  ( port 7777 and port 7272 ) , lets extract this data, click on follow stream


Click save as and now we have our stream in a raw format .

Next step is how to decode information in our extracted data .

Google searching :

Pemote GDB Packet format :



source

Every command sent from client to server start with $ flowed by packet data and checksum after #






after this we must to format our extracted data replace "$" by "\n$"  and we will have our remote  gdb conversation  formated in standard remote gdb command .


Remote GDB useful  command :

$g#67+

g--------------->Read general registers
67------------->checksum
+ -------------->Packet Acknowledgment

$mb7761800,fd#32+

m--------------->m addr,length  Read length bytes of memory starting at address addr
b7761800------>addr
fd---------------> length
32------------->checksum
+ -------------->Packet Acknowledgment
 



















Remote GDB packet detail





No comments:

Post a Comment