I am working with pcap in C and comparing the lengths of EAPOL handshakes with those get in wireshark, and the EAPOL packets captured with pcap are longer. The strange thing is that the added length is variable, some days it adds a header of 26 bytes and a footer of 4, making a 185 bytes packet (instead of the 155 byte in wireshark for the first message of the handshake). Some days it adds a 18 byte header with no footer, making a 173 byte packet. When it captures a packet of a certain length, it keeps that format for the whole day and the next day it switches to the other one.
I have read this Libpcap File Format but the lengths of those headers don't fill the gap, and wireshark doesn't show Radiotap Headers so I guess I don't have any. The captured packet comes always between the same devices and wireshark returns always the same length.
Anyone knows what is going on here? Thanks in advance guys!
As requested, I add some examples of the packets captured. For the sake of clarity I will paste only the first message of the handshake, and only for the 185 byte case, as it is the length I get today:
As captured by pcap (185 bytes). Extra bytes in bold:
00 00 1a 00 2f 48 00 00 f3 7c 7b 00 00 00 00 00 10 02 85 09 a0 00 db 01 00 0088 02 3a 01 85 74 13 51 b4 a8 d8 b7 b8 17 92 81 d8 b7 b8 17 92 81 00 00 00 00 aa aa 03 00 00 00 88 8e 02 03 00 75 02 00 8a 00 10 00 00 00 00 00 00 00 03 ed 35 bb b6 7d d9 0a 43 ba aa 09 23 f1 f6 6e c9 25 f3 13 c3 91 1c cd ae f5 47 98 0e 6b 15 7a fe 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 16 dd 14 00 0f ac 04 c2 8c 80 68 37 d8 87 fa 37 ab bd 07 1f c3 96 eecb f9 0b 91
The EAPOL packet as shown in Wireshark (155 bytes):
88 02 3a 01 85 74 13 51 b4 a8 d8 b7 b8 17 92 81 d8 b7 b8 17 92 81 00 00 00 00 aa aa 03 00 00 00 88 8e 02 03 00 75 02 00 8a 00 10 00 00 00 00 00 00 00 03 ed 35 bb b6 7d d9 0a 43 ba aa 09 23 f1 f6 6e c9 25 f3 13 c3 91 1c cd ae f5 47 98 0e 6b 15 7a fe 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 16 dd 14 00 0f ac 04 c2 8c 80 68 37 d8 87 fa 37 ab bd 07 1f c3 96 ee
Related
This is my first question here, so hope it's correctly done.
Im trying to get some information from a Epson L365. The thing is when i try to get the Total page printed, I get the response in HEX-String
.1.3.6.1.4.1.1248.1.2.2.1.1.1.4.1 0x40 42 44 43 20 53 54 32 0D 0A 62 00 01 01 04 06 02 01 00 0F 0D 03 01 00 69 03 01 69 04 02 69 05 03 69 10 03 01 09 4E 13 01 01 19 0C 00 00 00 00 00 75 6E 6B 6E 6F 77 6E 24 02 00 00 28 04 FF 01 00 00 2F 01 01 36 14 FF FF FF FF FF FF FF FF DB 2C 00 00 09 09 00 00 A0 00 00 00 37 05 02 00 00 00 00 40 0A 58 32 4E 5A 34 36 31 33 39 31 OctetString
And this is the response that I get
.1.3.6.1.4.1.1248.1.2.2.1.1.1.4.1 #BDC ST2 b......... ...i..i..i..i... N..........unknown$...(...../..6..........,.. ......7......# X2NZ461391 OctetString
I have already researched and do not know where to go.
I want to build a system for counting people based on wifi packets. I am using esp8266 for sniffing packets. But i read that android and iphones are now randomizing mac ids when they are not connected to any network. I thought of using probe requests but i saw that whenever i press refresh in mobile, the mac address is changed. So my program would detect it as a new device.
This is what i am getting in different packets from the same device.
Mac Address - da a1 19 9f bb 5c
d4 10 68 50 00 00 00 00 00 00 05 00 40 00 00 00 ff ff ff ff ff ff **da a1 19 9f bb 5c** ff ff ff ff ff ff e0 a4 00 0b 77 69 66 69 63 68 61 68 69 79 65 01 04 02 04 0b 16 32 08 0c 12 18 24 30 48 60 6c 03 01 04 2d 1a 6e 01 03 ff 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 dd 07 00 50 f2 08 00 00 00 7f 05 00 00 0a 02 01 3d 16 04 05 01 00 00 00 00 00 00 00 01 00 68 00
Mac Address - da a1 19 00 44 2f
d3 10 2e 50 00 00 00 00 00 00 0c 00 40 00 00 00 ff ff ff ff ff ff **da a1 19 00 44 2f** ff ff ff ff ff ff 90 c1 00 00 01 08 02 04 0b 16 0c 12 18 24 32 04 30 48 60 6c 00 00 34 34 50 43 01 08 82 84 8b 96 12 24 48 6c 03 01 0b 32 04 0c 18 30 60 07 06 49 4e 20 01 0d 14 23 02 13 00 46 05 f3 c0 01 00 04 05 04 00 01 00 14 dd 1a 00 50 f2 01 01 00 00 50 f2 02 02 00 00 50 f2 02 00 50 01 00 2e 00
Mac Address - da a1 19 ea d3 58
d7 10 67 50 00 00 00 00 00 00 03 00 40 00 00 00 ff ff ff ff ff ff **da a1 19 ea d3 58** ff ff ff ff ff ff a0 c2 00 0a 5a 54 45 2d 4b 62 72 79 59 47 01 04 02 04 0b 16 32 08 0c 12 18 24 30 48 60 6c 03 01 01 2d 1a 6e 01 03 ff 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 dd 07 00 50 f2 08 00 00 00 7f 05 00 00 0a 02 01 00 d7 75 eb 1d 7c e1 2f 06 a2 2c a3 df 01 00 67 00
I don't want to track individual user, my goal is to count the number of people in an area. Can I use any other packet type than probe request ? or will there be some similarity in probe request packets originating from same device, that way I can discard the new packet from the same device even if the source address (mac address) is changed.
I have a saved wireshark capture and I've applied a filter to the results to only show communications for one particular device.
I have decryption enabled, and the decryption key is stored as wpa-pwd in the format key:SSID.
I don't fully understand how to interpret the results that I have available to me. I've searched extensively here on S/O, and on Google.
I imagine that the packets that would be "of interest" to me from the results would be the packets coming from the source device, outgoing to the router, all marked with the 802.11 protocol.
I currently have the filtered results ordered by destination, there's
3 "request-to-send" results
followed by a "802.11 Block Ack",
8 "request-to-send" results,
followed by another "802.11 Block Ack"
3 "request-to-send" results.
I'll place the results here in this order, but I'm only including the summary for the first of the request-to-send, and the two 802.11 block ack packets, since the summary for the request-to-send packets are all essentially identical.
As a question, is there any way I can directly interpret these results to understand what these packets contained/were for?
Packet 1 (Request-to-send) Summary
5131 27.713095 Apple_88:85:55 (TA) Actionte_30:f4:b6 (18:1b:eb:30:f4:b6) (RA) 802.11 45 Request-to-send, Flags=...P....C
Packet 1 Hex + ASCII
0000 00 00 19 00 6f 08 00 00 57 11 bb 47 00 00 00 00 ....o...W..G....
0010 12 30 85 09 80 04 c3 a0 00 b4 10 9e 00 18 1b eb .0..............
0020 30 f4 b6 2c f0 a2 88 85 55 a4 ff c8 cc 0..,....U....
Packet 2 Hex + ASCII
0000 00 00 19 00 6f 08 00 00 c1 b7 77 48 00 00 00 00 ....o.....wH....
0010 12 30 85 09 80 04 c6 9e 00 b4 00 a6 00 18 1b eb .0..............
0020 30 f4 b6 2c f0 a2 88 85 55 69 3a 25 10 0..,....Ui:%.
Packet 3 Hex + ASCII
0000 00 00 19 00 6f 08 00 00 de 05 78 48 00 00 00 00 ....o.....xH....
0010 12 30 85 09 80 04 c5 9e 00 b4 00 a2 00 18 1b eb .0..............
0020 30 f4 b6 2c f0 a2 88 85 55 72 b5 89 09 0..,....Ur...
Packet 4, 802.11 Block Ack Summary
6829 40.120666 Apple_88:85:55 (TA) Actionte_30:f4:b6 (18:1b:eb:30:f4:b6) (RA) 802.11 57 802.11 Block Ack, Flags=........C
Packet 4 Hex + ASCII
0000 00 00 19 00 6f 08 00 00 53 65 78 48 00 00 00 00 ....o...SexH....
0010 12 30 85 09 80 04 c6 9e 00 94 00 00 00 18 1b eb .0..............
0020 30 f4 b6 2c f0 a2 88 85 55 05 00 b0 3c 01 00 00 0..,....U...<...
0030 00 00 00 00 00 5d c0 d4 c7 .....]...
Packet 5 Hex + ASCII
0000 00 00 19 00 6f 08 00 00 02 6f 78 48 00 00 00 00 ....o....oxH....
0010 12 30 85 09 80 04 c5 9e 00 b4 00 a2 00 18 1b eb .0..............
0020 30 f4 b6 2c f0 a2 88 85 55 72 b5 89 09 0..,....Ur...
Packet 6 Hex + ASCII
0000 00 00 19 00 6f 08 00 00 ea 77 78 48 00 00 00 00 ....o....wxH....
0010 12 30 85 09 80 04 c5 9e 00 b4 00 be 00 18 1b eb .0..............
0020 30 f4 b6 2c f0 a2 88 85 55 33 18 ce 45 0..,....U3..E
Packet 7 Hex + ASCII
0000 00 00 19 00 6f 08 00 00 c3 ca 78 48 00 00 00 00 ....o.....xH....
0010 12 30 85 09 80 04 c5 9e 00 b4 00 a2 00 18 1b eb .0..............
0020 30 f4 b6 2c f0 a2 88 85 55 72 b5 89 09 0..,....Ur...
Packet 8 Hex + ASCII
0000 00 00 19 00 6f 08 00 00 f8 d4 78 48 00 00 00 00 ....o.....xH....
0010 12 30 85 09 80 04 c5 9e 00 b4 00 ce 01 18 1b eb .0..............
0020 30 f4 b6 2c f0 a2 88 85 55 f3 72 37 72 0..,....U.r7r
Packet 9 Hex + ASCII
0000 00 00 19 00 6f 08 00 00 24 68 7a 48 00 00 00 00 ....o...$hzH....
0010 12 30 85 09 80 04 c6 9e 00 b4 00 a2 00 18 1b eb .0..............
0020 30 f4 b6 2c f0 a2 88 85 55 72 b5 89 09 0..,....Ur...
Packet 10 Hex + ASCII
0000 00 00 19 00 6f 08 00 00 7e ed 7b 48 00 00 00 00 ....o...~.{H....
0010 12 30 85 09 80 04 c6 9e 00 b4 00 a6 00 18 1b eb .0..............
0020 30 f4 b6 2c f0 a2 88 85 55 69 3a 25 10 0..,....Ui:%.
Packet 11 Hex + ASCII
0000 00 00 19 00 6f 08 00 00 e3 3c 7c 48 00 00 00 00 ....o....<|H....
0010 12 30 85 09 80 04 c6 9e 00 b4 00 a2 00 18 1b eb .0..............
0020 30 f4 b6 2c f0 a2 88 85 55 72 b5 89 09 0..,....Ur...
Packet 12 Hex + ASCII
0000 00 00 19 00 6f 08 00 00 3c 52 7c 48 00 00 00 00 ....o...<R|H....
0010 12 30 85 09 80 04 c6 9e 00 b4 00 0e 01 18 1b eb .0..............
0020 30 f4 b6 2c f0 a2 88 85 55 e0 6a fd b0 0..,....U.j..
Packet 13 (Block Ack) Summary
6978 40.406195 Apple_88:85:55 (TA) Actionte_30:f4:b6 (18:1b:eb:30:f4:b6) (RA) 802.11 57 802.11 Block Ack, Flags=........C
Packet 13 Hex + ASCII
0000 00 00 19 00 6f 08 00 00 94 bf 7c 48 00 00 00 00 ....o.....|H....
0010 12 30 85 09 80 04 c6 9e 00 94 00 00 00 18 1b eb .0..............
0020 30 f4 b6 2c f0 a2 88 85 55 05 00 40 3d 03 00 00 0..,....U..#=...
0030 00 00 00 00 00 fa 5f c6 82 ......_..
Packet 14 Hex + ASCII
0000 00 00 19 00 6f 08 00 00 54 cd 7c 48 00 00 00 00 ....o...T.|H....
0010 12 30 85 09 80 04 c6 9e 00 b4 00 a2 00 18 1b eb .0..............
0020 30 f4 b6 2c f0 a2 88 85 55 72 b5 89 09 0..,....Ur...
Packet 15 Hex + ASCII
0000 00 00 19 00 6f 08 00 00 1a f7 7c 48 00 00 00 00 ....o.....|H....
0010 12 30 85 09 80 04 c2 9e 00 b4 00 be 00 18 1b eb .0..............
0020 30 f4 b6 2c f0 a2 88 85 55 33 18 ce 45 0..,....U3..E
Packet 16 Hex + ASCII
0000 00 00 19 00 6f 08 00 00 6f 4a 7d 48 00 00 00 00 ....o...oJ}H....
0010 12 30 85 09 80 04 c6 9e 00 b4 00 a2 00 18 1b eb .0..............
0020 30 f4 b6 2c f0 a2 88 85 55 72 b5 89 09 0..,....Ur...
So, I'm looking for an explanation how to interpret these and future results, kind of like "catch the first fish and then show me how to do it."
I know I've read something about right-clicking on the packet and going to "follow" and "stream", but this option isn't available in a saved capture, if anyone wants to mention what that specific feature does, it'd also be appreciated.
According to Wikipedia (https://en.wikipedia.org/wiki/IEEE_802.11_RTS/CTS), these messages are intended to avoid transmission collisions. They mean something like "I would like to send something over WiFi, can I or is there somebody else planning to send data?".
Some more explanation: instead of just "yelling out" the bulk of data the WiFi card can first asks "can I?" and if nobody complains the bulk of data follows (and nobody else tries to send data as you asked to speak first). Without asking first, there is the potential of everybody yelling out loud and nobody can understand anybody.
As the "can I?" message is way shorter than the bulk of data, there will be less concurrent transmissions (which result in collision --> data needs to be resend).
I am using Ubuntu 14.04 on a VM to try and connect to a Pervasive SQL (V12) database hosted on a Windows 10 machine.
I have tested the networking and I can telnet into the pervasive server with:
telnet 192.168.0.2 1583
But when it comes to using isql/tsql/osql I just cannot get a connection to the Pervasive server so that I can query the database.
I have spent four weeks on this and gotten to the point now where it almost works.
So when running this command in terminal:
root#test.dev:~# TDSDUMPCONFIG=stderr TDSDUMP=stderr tsql -S PSQL -U admin -P MASTER
I get the following output:
log.c:167:Starting log file for FreeTDS 0.95.95
on 2016-05-20 10:11:02 with debug flags 0x4fff.
config.c:168:Getting connection information for [PSQL].
config.c:172:Attempting to read conf files.
config.c:353:... $FREETDSCONF not set. Trying $FREETDS/etc.
config.c:366:... $FREETDS not set. Trying $HOME.
config.c:296:Found conf file '/root/.freetds.conf' (.freetds.conf).
config.c:495:Looking for section global.
config.c:554: Found section global.
config.c:557:Got a match.
config.c:580: tds version = '4.2'
config.c:886:Setting tds version to 4.2 (0x402).
config.c:580: dump file = '/tmp/freetds.log'
config.c:580: timeout = '10'
config.c:580: connect timeout = '10'
config.c:580: text size = '64512'
config.c:554: Found section psql.
config.c:568: Reached EOF
config.c:495:Looking for section PSQL.
config.c:554: Found section global.
config.c:554: Found section psql.
config.c:557:Got a match.
config.c:580: host = '192.168.0.2'
config.c:617:Found host entry 192.168.0.2
config.c:620:IP addr is 192.168.0.2.
config.c:580: port = '1583'
config.c:580: client charset = 'UTF-8'
config.c:635:tds_parse_conf_section: client charset is UTF-8.
config.c:580: tds version = '5.0'
config.c:886:Setting tds version to 5.0 (0x500).
config.c:568: Reached EOF
config.c:300:Success: [PSQL] defined in /root/.freetds.conf.
config.c:765:Setting 'dump_file' to 'stderr' from $TDSDUMP.
config.c:213:Final connection parameters:
config.c:214: server_name = PSQL
config.c:215: server_host_name = 192.168.0.2
config.c:218: ip_addr = 192.168.0.2
config.c:223: instance_name =
config.c:224: port = 1583
config.c:225: major_version = 5
config.c:226: minor_version = 0
config.c:227: block_size = 0
config.c:228: language = us_english
config.c:229: server_charset =
config.c:230: connect_timeout = 10
config.c:231: client_host_name = sails.dev
config.c:232: client_charset = UTF-8
config.c:233: use_utf16 = 0
config.c:234: app_name = TSQL
config.c:235: user_name = admin
config.c:238: library = TDS-Library
config.c:239: bulk_copy = 0
config.c:240: suppress_language = 0
config.c:241: encrypt level = 0
config.c:242: query_timeout = 10
config.c:245: database =
config.c:246: dump_file = stderr
config.c:247: debug_flags = 0
config.c:248: text_size = 64512
config.c:249: emul_little_endian = 0
config.c:250: server_realm_name =
config.c:251: server_spn =
config.c:252: cafile =
config.c:253: crlfile =
config.c:254: check_ssl_hostname = 1
log.c:167:Starting log file for FreeTDS 0.95.95
on 2016-05-20 10:11:02 with debug flags 0x4fff.
locale is "en_ZA.UTF-8"
locale charset is "UTF-8"
using default charset "UTF-8"
iconv.c:328:tds_iconv_open(0x641370, UTF-8)
iconv.c:187:local name for ISO-8859-1 is ISO-8859-1
iconv.c:187:local name for UTF-8 is UTF-8
iconv.c:187:local name for UCS-2LE is UCS-2LE
iconv.c:187:local name for UCS-2BE is UCS-2BE
iconv.c:346:setting up conversions for client charset "UTF-8"
iconv.c:348:preparing iconv for "UTF-8" <-> "UCS-2LE" conversion
iconv.c:395:preparing iconv for "ISO-8859-1" <-> "ISO-8859-1" conversion
iconv.c:400:tds_iconv_open: done
net.c:202:Connecting to 192.168.0.2 port 1583 (TDS version 5.0)
net.c:275:tds_open_socket: connect(2) returned "Operation now in progress"
net.c:314:tds_open_socket() succeeded
packet.c:740:Sending packet
0000 02 00 02 00 00 00 00 00-73 61 69 6c 73 2e 64 65 |........ sails.de|
0010 76 00 00 00 00 00 00 00-00 00 00 00 00 00 00 00 |v....... ........|
0020 00 00 00 00 00 00 09 61-64 6d 69 6e 00 00 00 00 |.......a dmin....|
0030 00 00 00 00 00 00 00 00-00 00 00 00 00 00 00 00 |........ ........|
0040 00 00 00 00 00 05 4d 41-53 54 45 52 00 00 00 00 |......MA STER....|
0050 00 00 00 00 00 00 00 00-00 00 00 00 00 00 00 00 |........ ........|
0060 00 00 00 00 06 36 32 33-33 00 00 00 00 00 00 00 |.....623 3.......|
0070 00 00 00 00 00 00 00 00-00 00 00 00 00 00 00 00 |........ ........|
0080 00 00 00 04 03 01 06 0a-09 01 00 00 00 00 00 00 |........ ........|
0090 00 00 00 00 54 53 51 4c-00 00 00 00 00 00 00 00 |....TSQL ........|
00a0 00 00 00 00 00 00 00 00-00 00 00 00 00 00 00 00 |........ ........|
00b0 00 00 04 50 53 51 4c 00-00 00 00 00 00 00 00 00 |...PSQL. ........|
00c0 00 00 00 00 00 00 00 00-00 00 00 00 00 00 00 00 |........ ........|
00d0 00 04 00 06 4d 41 53 54-45 52 00 00 00 00 00 00 |....MAST ER......|
00e0 00 00 00 00 00 00 00 00-00 00 00 00 00 00 00 00 |........ ........|
00f0 00 00 00 00 00 00 00 00-00 00 00 00 00 00 00 00 |........ ........|
0100 00 00 00 00 00 00 00 00-00 00 00 00 00 00 00 00 |........ ........|
0110 00 00 00 00 00 00 00 00-00 00 00 00 00 00 00 00 |........ ........|
0120 00 00 00 00 00 00 00 00-00 00 00 00 00 00 00 00 |........ ........|
0130 00 00 00 00 00 00 00 00-00 00 00 00 00 00 00 00 |........ ........|
0140 00 00 00 00 00 00 00 00-00 00 00 00 00 00 00 00 |........ ........|
0150 00 00 00 00 00 00 00 00-00 00 00 00 00 00 00 00 |........ ........|
0160 00 00 00 00 00 00 00 00-00 00 00 00 00 00 00 00 |........ ........|
0170 00 00 00 00 00 00 00 00-00 00 00 00 00 00 00 00 |........ ........|
0180 00 00 00 00 00 00 00 00-00 00 00 00 00 00 00 00 |........ ........|
0190 00 00 00 00 00 00 00 00-00 00 00 00 00 00 00 00 |........ ........|
01a0 00 00 00 00 00 00 00 00-00 00 00 00 00 00 00 00 |........ ........|
01b0 00 00 00 00 00 00 00 00-00 00 00 00 00 00 00 00 |........ ........|
01c0 00 00 00 00 00 00 00 00-00 00 00 00 00 00 00 00 |........ ........|
01d0 00 08 05 00 00 00 54 44-53 2d 4c 69 62 72 61 72 |......TD S-Librar|
01e0 0a 05 00 00 00 00 0d 11-75 73 5f 65 6e 67 6c 69 |........ us_engli|
01f0 73 68 00 00 00 00 00 00-00 00 00 00 00 00 00 00 |sh...... ........|
packet.c:740:Sending packet
0000 02 01 00 65 00 00 00 00-00 00 00 00 00 00 0a 00 |...e.... ........|
0010 00 00 00 00 00 00 00 00-00 00 00 00 00 00 00 00 |........ ........|
0020 00 00 00 00 00 00 00 00-00 00 00 00 00 00 00 00 |........ ........|
0030 00 00 00 00 00 00 00 00-00 00 00 00 01 35 31 32 |........ .....512|
0040 00 00 00 03 00 00 00 00-e2 1a 00 01 0b 08 00 01 |........ ........|
0050 e8 0f 6d 7f ff ff ff fe-02 0b 00 00 00 00 00 00 |..m..... ........|
0060 02 68 00 00 00 - |.h...|
token.c:327:tds_process_login_tokens()
query.c:3772:tds_disconnect()
mem.c:648:tds_free_all_results()
util.c:165:Changed query state from IDLE to WRITING
util.c:165:Changed query state from WRITING to PENDING
packet.c:740:Sending packet
0000 0f 01 00 0a 00 00 00 00-71 00 |........ q.|
token.c:550:tds_process_tokens(0x641370, 0x7ffee7182238, 0x7ffee718223c, 0x100)
util.c:165:Changed query state from PENDING to READING
query.c:3772:tds_disconnect()
util.c:165:Changed query state from READING to DEAD
token.c:565:processing result tokens. marker is 0()
token.c:116:tds_process_default_tokens() marker is 0()
token.c:119:leaving tds_process_default_tokens() connection dead
util.c:83:logic error: cannot change query state from DEAD to PENDING
util.c:165:Changed query state from DEAD to DEAD
util.c:322:tdserror(0x63f400, 0x641370, 20056, 9)
util.c:358:tdserror: client library not called because either tds_ctx (0x63f400) or tds_ctx->err_handler is NULL
util.c:375:tdserror: returning TDS_INT_CANCEL(2)
token.c:336:looking for login token, got 0()
token.c:116:tds_process_default_tokens() marker is 0()
token.c:119:leaving tds_process_default_tokens() connection dead
login.c:472:login packet accepted
util.c:322:tdserror(0x63f400, 0x641370, 20002, 0)
util.c:358:tdserror: client library not called because either tds_ctx (0x63f400) or tds_ctx->err_handler is NULL
util.c:375:tdserror: returning TDS_INT_CANCEL(2)
mem.c:648:tds_free_all_results()
There was a problem connecting to the server
And I have no idea what to try next so that I can query the data in the database.
I have tried all tds versions, tds drivers and pervasive ODBC drivers to no avail.
Any insight into what can be acertained from the above log and/or what I might be doing wrong would be greatly appreciated, thank you!
Create a ClientDSN usind dsnadd (docs).
Once the DSN is set up, test using the psql user and isql and then follow the instructions for "Using Utilities from Users Other than psql" for using another user. As noted in comments, copy the contents of /home/psql/.bashrc to the /root/.bashrc.
here is the example
this is the captured packet data
00000000 00 6e 0b 00 .n..
00000004 4d 5a e8 00 00 00 00 5b 52 45 55 89 e5 81 c3 81 MZ.....[ REU.....
00000014 12 00 00 ff d3 89 c3 57 68 04 00 00 00 50 ff d0 .......W h....P..
00000024 68 f0 b5 a2 56 68 05 00 00 00 50 ff d3 00 00 00 h...Vh.. ..P.....
00000034 00 00 00 00 00 00 00 00 00 00 00 00 e0 00 00 00 ........ ........
00000044 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 ........ !..L.!Th
00000054 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f is progr am canno
00000064 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 t be run in DOS
00000074 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 mode.... $.......
and i want only the hex part like this
00 6e 0b 00
4d 5a e8 00 00 00 00 5b 52 45 55 89 e5 81 c3 81
12 00 00 ff d3 89 c3 57 68 04 00 00 00 50 ff d0
I try right click on the packet and select copy -> bytes ->hex stream
but the hex data I got doesn't look like the above data at all
so How Can I copy hex data of captured packet form wireshark ?
thanks for reading
On the Wireshark "packet list" panel, right click the packet you want and:
1) if you select Copy->Bytes->Hex stream, you'll get the hex digits as one long string without white spaces
39cb08004528053f000000006f1105faac11745dac11740c039......
2) if you select Copy->Bytes->Offset Hex, you'll get the hex digits as displayed on the GUI , including the offset of each line starting byte (frame offset)
0010 05 3f 00 00 00 00 6f 11 05 fa ac 11 74 5d ac 11
0020 74 0c 03 9e 03 9d 05 2b 00 00 07 e0 8f ee 8f 1c
0030 ff 00 00 00 00 00 09 0f 00 58 39 cb 60 00 00 00
0040 11 80 08 00 73 00 02 44 00 00 00 00 03 dd de de
You can use TShark.
TShark is shipped with Wireshark.
Use command:
tshark -x -r dns.pcapng frame.number == 10
Output:
D:\Wireshark>tshark -r dns.pcapng frame.number == 10 -x
0000 00 25 9c ca 94 fe 90 e6 ba 71 70 03 08 00 45 00 .%.......qp...E.
0010 00 3f 6d 61 00 00 80 11 7d dc 0a 01 01 0a 11 22 .?ma....}......"
0020 33 44 f0 1d 00 35 00 2b be 3e 71 dd 01 00 00 01 3D...5.+.>q.....
0030 00 00 00 00 00 00 0d 73 74 61 63 6b 6f 76 65 72 .......stackover
0040 66 6c 6f 77 03 63 6f 6d 00 00 ff 00 01 flow.com.....
Copy and paste the hex part.
Hope this helps
If there are several packets you're interested in, you can export them to a file.
mark those packets (right click on each packet then Mark Packet (toggle) or Ctrl + M)
choose File > Export > File.... Make sure you select Marked packets.
if you're only interested in the hex data, make sure only Packet Bytes is checked in Packet Format
Note that when exporting you also have the choice with First to last marked as well as Range, if the interesting packets are next to each other.