0

I tried various ways of decoding or analyzing data using wirehark and tshark with cli, also suggested that the pcap data was intentionally damaged by someone and I used pcapfix to fix the sectors of the file, but pcapfix did not give the desired results...

This is a pcap file with messages hidden in it:

1) Original file:

https://www.dropbox.com/s/wba5cj56vd6l564/covert.pcap?dl=0

2) The file was edited using pcapfix:

https://www.dropbox.com/s/n4xs7yiz02ws1pu/pcapfix_edited.pcap?dl=0

I want to reproduce a way how a conversation between two people was coded or hidden by someone to decode it. And is there a program that can encode a text message into pcap files like steganpeg into images? Any ideas?

f0xtr0d
  • 1
  • 1
  • 1
  • Is this a homework assignment? To read the message, I would suggest that you start by loading the original file and flip between packets and 1 and 2, paying close attention to the bytes that are changing between the TCP packets, and in particular the ASCII representation of those changing bytes. Once you are focused on the bytes that are changing, slowly move from one packet to the next paying attention the ASCII representation of the bytes and you should be able to read the message. You can ignore the ARP packets. – Christopher Maynard May 12 '18 at 16:39
  • No, this is not a homework, I found this file on one forum and was interested in finding a hidden message in this file, you helped me, thank you :) – f0xtr0d May 16 '18 at 13:07
  • OK, I didn't want to completely give away the answer because I think it's more educational (and fun) to find the answer yourself. Also, I hope that was the intent of the hidden message - for educational and fun purposes - and not a **real** message! Otherwise, I'd suggest staying away from 2 story buildings for a while. :) – Christopher Maynard May 16 '18 at 13:11
  • Yes, I hope that this file was not created by al-Qaeda members, they are always trying to explode something with the help of hidden methods of communication :) – f0xtr0d May 16 '18 at 15:33

0 Answers0