search

ChillerDragon / teeworlds-web-traffic-decoder

Paste your raw teeworlds traffic as hex and get annotations about the package payload.
https://twnet.zillyhuhn.com/
0 stars 0 forks source link

dpkt udp payload extraction not working (there is one passing test but something is off here) #1

Closed ChillerDragon closed 9 months ago

ChillerDragon commented 9 months ago 
termshark 2.4.0  |  07_chat.pcap                                                                                                                            Analysis    Misc
┏━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━┓
┃Filter:                                                                                                                                                    <Apply> <Recent> ┃
┗━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━┛
 No. - Time -    Source -                         Dest -                  Proto - Length - Info -                                                                            ▲
 1085  31.486861 ::1                              ::1                     TW7     76       sys.snap_empty
 1086  31.493063 ::1                              ::1                     TW7     84       sys.input
 1087  31.526386 ::1                              ::1                     TW7     83       sys.input_timing, sys.snap_empty
 1088  31.534857 ::1                              ::1                     TW7     84       sys.input
 1089  31.566956 ::1                              ::1                     TW7     83       sys.input_timing, sys.snap_empty
 1090  31.590353 ::1                              ::1                     TW7     83       sys.input
 1091  31.606180 ::1                              ::1                     TW7     83       sys.input_timing, sys.snap_empty
 1092  31.632038 ::1                              ::1                     TW7     83       sys.input
 1093  31.646947 ::1                              ::1                     TW7     83       sys.input_timing, sys.snap_empty
 1094  31.673484 ::1                              ::1                     TW7     83       sys.input                                                                         █
 1095  31.686314 ::1                              ::1                     TW7     83       sys.input_timing, sys.snap_empty
 1096  31.708427 ::1                              ::1                     TW7     70       ctrl.disconnect                                                                   ▼
━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
[+] Frame 1095: 83 bytes on wire (664 bits), 83 bytes captured (664 bits)
[+] Ethernet II, Src: 00:00:00_00:00:00 (00:00:00:00:00:00), Dst: 00:00:00_00:00:00 (00:00:00:00:00:00)
[+] Internet Protocol Version 6, Src: ::1, Dst: ::1 [=]
[+] User Datagram Protocol, Src Port: 8303, Dst Port: 55752
[+] Teeworlds 0.7 Protocol packet
[+] Teeworlds 0.7 Protocol chunk: sys.input_timing
[+] Teeworlds 0.7 Protocol chunk: sys.snap_empty
━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
 0000   00 00 00 00 00 00 00 00  00 00 00 00 86 dd 60 0a   ........ ......`.
 0010   a5 6d 00 1d 11 40 00 00  00 00 00 00 00 00 00 00   .m...@.. ........
 0020   00 00 00 00 00 01 00 00  00 00 00 00 00 00 00 00   ........ ........
 0030   00 00 00 00 00 01 20 6f  d9 c8 00 1d 00 30 00 19   ...... o .....0..
 0040   02 23 ec 92 03 00 05 15  9e a0 05 0c 00 05 0f 9e   .#...... ........
 0050   a0 05 02                                           ...
main@debian:~/Documents/pcaps$ tcpdump -r 07_chat.pcap -x | tail -n 20
reading from file 07_chat.pcap, link-type EN10MB (Ethernet), snapshot length 262144
        0x0020:  0000 0000 0000 0001 206f d9c8 001d 0030
        0x0030:  0019 0223 ec92 0300 0515 9ca0 050d 0005
        0x0040:  0f9c a005 02
03:11:31.093734 IP6 localhost.55752 > localhost.8303: UDP, length 21
        0x0000:  6004 33b1 001d 1140 0000 0000 0000 0000
        0x0010:  0000 0000 0000 0001 0000 0000 0000 0000
        0x0020:  0000 0000 0000 0001 d9c8 206f 001d 0030
        0x0030:  100f 0126 3e5a 3755 e948 e767 e7cc cf6e
        0x0040:  8dff 10c5 0d
03:11:31.106564 IP6 localhost.8303 > localhost.55752: UDP, length 21
        0x0000:  600a a56d 001d 1140 0000 0000 0000 0000
        0x0010:  0000 0000 0000 0001 0000 0000 0000 0000
        0x0020:  0000 0000 0000 0001 206f d9c8 001d 0030
        0x0030:  0019 0223 ec92 0300 0515 9ea0 050c 0005
        0x0040:  0f9e a005 02
03:11:31.128677 IP6 localhost.55752 > localhost.8303: UDP, length 8
        0x0000:  6004 33b1 0010 1140 0000 0000 0000 0000
        0x0010:  0000 0000 0000 0001 0000 0000 0000 0000
        0x0020:  0000 0000 0000 0001 d9c8 206f 0010 0023
        0x0030:  040f 0026 3e5a 3704

So the 2nd last package and the last for that matter. Throw a invalid header size error in dpkt?! but why?

===============
_________________________________________________________________ ERROR collecting tests/extract_udp_test.py _________________________________________________________________
tests/extract_udp_test.py:2: in <module>
    from src.udp import extract_udp_payload
src/udp.py:45: in <module>
    print(extract_udp_payload(data))
src/udp.py:24: in extract_udp_payload
    ip = dpkt.ip.IP(data)
venv/lib/python3.10/site-packages/dpkt/ip.py:79: in __init__
    super(IP, self).__init__(*args, **kwargs)
venv/lib/python3.10/site-packages/dpkt/dpkt.py:160: in __init__
    self.unpack(args[0])
venv/lib/python3.10/site-packages/dpkt/ip.py:117: in unpack
    raise dpkt.UnpackError('invalid header length')
E   dpkt.dpkt.UnpackError: invalid header length
========================================================================== short test summary info ===========================================================================
ERROR tests/extract_udp_test.py - dpkt.dpkt.UnpackError: invalid header length
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! Interrupted: 1 error during collection !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
============================================================================== 1 error in 0.15s ==============================================================================

shell returned 2
ChillerDragon commented 9 months ago

it was ipv6 and i was parsing ipv4 omg classic