I am testing a product, and am trying to determine how secure the remote adminstration tool is. I have captured many packets while performing normal admin type tasks. I have this information in a text file, with only the data sections of each packet present. (From the UDP checksum to the end of the packet.) What I want to do is write a script that will check outgoing and incoming packets for repetitions of patterns, since there is supposed to be a "magic number" embedded in the packet to identify it as coming from the correct application, and to see how well encrypted the password is (username is sent cleartext!). What would be a good way to go about finding the largest sequence of bytes that show up in the largest number of packets? I've hacked quite a few scripts in my day, but they were pretty simple. I have a feeling that if I go at this without a little direction the results could be particularly ugly. Any suggestions (hashes, regexp, invocation of minor deities) are welcome.

In reply to Finding patterns in packet data? by Guildenstern

Title:
Use:  <p> text here (a paragraph) </p>
and:  <code> code here </code>
to format your post, it's "PerlMonks-approved HTML":


  • Posts are HTML formatted. Put <p> </p> tags around your paragraphs. Put <code> </code> tags around your code and data!
  • Titles consisting of a single word are discouraged, and in most cases are disallowed outright.
  • Read Where should I post X? if you're not absolutely sure you're posting in the right place.
  • Please read these before you post! —
  • Posts may use any of the Perl Monks Approved HTML tags:
    a, abbr, b, big, blockquote, br, caption, center, col, colgroup, dd, del, details, div, dl, dt, em, font, h1, h2, h3, h4, h5, h6, hr, i, ins, li, ol, p, pre, readmore, small, span, spoiler, strike, strong, sub, summary, sup, table, tbody, td, tfoot, th, thead, tr, tt, u, ul, wbr
  • You may need to use entities for some characters, as follows. (Exception: Within code tags, you can put the characters literally.)
            For:     Use:
    & &amp;
    < &lt;
    > &gt;
    [ &#91;
    ] &#93;
  • Link using PerlMonks shortcuts! What shortcuts can I use for linking?
  • See Writeup Formatting Tips and other pages linked from there for more info.