Sniffed Off the Wire
Sifting through the noise
After weeks of perching, our avian operatives captured a suspicious network flow. Maybe there’s valuable data inside?
We have pcap analysing it in wireshark, if we follow the tcp stream we can see alot of strange characters:
This strange characters are known as terminal characters, they can do alot of things like changing the color printed in the terminal and do alot of other stuff. If we print some characters like this in the terminal with c/python/perl/ruby etc:
It’s going to print the text as yellow in the terminal, those characters on wireshark will do same but with another functions not just changing the color, first we need to decode all this hex decimal in the data field of each
Lets use bash to get all the hexadecimal and convert it to text: