Snort mailing list archives
Re: Packet contents: EXPERIMENTAL SHELLCODE x86 NOOP
From: Dragos Ruiu <dr () kyx net>
Date: Fri, 31 Jan 2003 14:15:32 +0000
Looks like random binary data... I would suspect audio or video streaming first. But the 0D 0A ( CR LF) makes it look like some sort of text graphics. cheers, --dr On January 31, 2003 05:36 pm, Marc Quibell wrote:
OK, maybe a dumb thought, but is this just a binary file download? Can anyone decipher the packet capture? Tia/ 000 : 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 0000000000000000 010 : 30 30 30 30 30 30 30 30 30 30 30 64 39 66 66 66 00000000000d9fff 020 : 66 66 66 66 66 66 66 66 66 66 66 66 66 66 66 66 ffffffffffffffff 030 : 66 66 66 66 34 62 36 61 61 61 61 61 61 61 61 61 ffff4b6aaaaaaaaa 040 : 61 61 61 61 61 61 61 61 61 61 61 61 61 61 61 61 aaaaaaaaaaaaaaaa 050 : 61 61 61 61 61 61 61 61 61 61 61 61 61 61 61 61 aaaaaaaaaaaaaaaa 060 : 61 61 61 61 61 61 61 61 61 61 61 61 61 61 61 61 aaaaaaaaaaaaaaaa 070 : 61 61 61 61 61 61 61 0D 0A 61 61 61 61 61 61 61 aaaaaaa..aaaaaaa 080 : 61 61 61 61 61 61 61 61 61 61 61 61 61 61 61 61 aaaaaaaaaaaaaaaa 090 : 61 61 61 61 61 61 61 61 61 61 61 61 61 61 61 61 aaaaaaaaaaaaaaaa 0a0 : 61 61 61 61 61 61 61 61 61 61 61 61 61 61 61 61 aaaaaaaaaaaaaaaa 0b0 : 61 61 61 61 61 61 61 61 61 61 61 61 65 64 39 66 aaaaaaaaaaaaed9f 0c0 : 66 66 66 66 66 66 66 66 66 66 66 66 66 66 66 66 ffffffffffffffff 0d0 : 66 66 66 64 31 33 36 30 30 30 30 30 30 30 30 30 fffd136000000000 0e0 : 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 0000000000000000 0f0 : 30 30 30 30 30 30 30 30 30 0D 0A 30 30 30 30 30 000000000..00000 100 : 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 0000000000000000 110 : 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 0000000000000000 120 : 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 0000000000000000 130 : 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 0000000000000000 140 : 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 0000000000000000 150 : 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 0000000000000000 160 : 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 0000000000000000 170 : 30 30 30 30 30 30 30 30 30 30 30 0D 0A 30 30 30 00000000000..000 180 : 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 0000000000000000 190 : 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 0000000000000000 1a0 : 30 30 32 35 36 66 66 66 66 66 66 66 66 66 66 66 00256fffffffffff 1b0 : 66 66 66 66 66 66 66 66 66 66 66 66 66 66 66 66 ffffffffffffffff 1c0 : 66 66 66 66 66 66 66 66 66 66 66 66 66 66 66 66 ffffffffffffffff 1d0 : 66 66 66 66 66 66 66 66 66 66 66 66 66 66 66 66 ffffffffffffffff 1e0 : 66 66 66 66 66 66 66 66 66 66 66 66 66 66 66 66 ffffffffffffffff 1f0 : 66 66 66 66 66 66 66 66 66 66 66 66 66 0D 0A 66 fffffffffffff..f <snip> ------------------------------------------------------- This SF.NET email is sponsored by: SourceForge Enterprise Edition + IBM + LinuxWorld = Something 2 See! http://www.vasoftware.com _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
-- dr () kyx net pgp: http://dragos.com/ kyxpgp http://cansecwest.com ------------------------------------------------------- This SF.NET email is sponsored by: SourceForge Enterprise Edition + IBM + LinuxWorld = Something 2 See! http://www.vasoftware.com _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Packet contents: EXPERIMENTAL SHELLCODE x86 NOOP Marc Quibell (Jan 31)
- Re: Packet contents: EXPERIMENTAL SHELLCODE x86 NOOP Matt Kettler (Jan 31)
- Re: Packet contents: EXPERIMENTAL SHELLCODE x86 NOOP Dragos Ruiu (Jan 31)