ICMP Data Field Modified - What does it Mean?

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

Posted by Lucretius on Server Fault See other posts from Server Fault or by Lucretius
Published on 2011-11-30T06:40:53Z Indexed on 2011/11/30 17:59 UTC
Read the original article Hit count: 364

Filed under:
|
|

Normal ICMP Data fields are composed of a pretty standard 32 byte string of alphabet characters.

abcdefghijklmnopqrstuvwabcdefghi

I have captured a series of ICMP echo requests using WireShark with a modified Data field and I have no idea what it means. (Underscores represent spaces.)

abcdefghijklmnopprstuvwxyzabcdefghi

abcdefghijklmnoparstuvwxyzabcdefghi

__abcdefghijklmnopsrstuvwxyzabcdefghi

__abcdefghijklmnopsrstuvwxyzabcdefghi

__abcdefghijklmnopwrstuvwxyzabcdefghi

__abcdefghijklmnopdrstuvwxyzabcdefghi__

Note:

  • The position of the "q" character
  • The addition of "xyz"
  • The addition of spaces before and after the payload
  • When you look at the position of "q" horizontally it spells "passwd" which is a Linux/Unix command for changing a users password.

Any ideas?

© Server Fault or respective owner

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

Related posts about network-monitoring

Related posts about wireshark

Categories cloud

.NET ASP.NET iphone linux python Windows mysql android sql windows-7 html c ruby-on-rails css objective-c ubuntu networking sql-server wpf asp.net-mvc ruby database Xml apache AJAX osx security regex django Performance 12.04 windows-xp mac web-development iphone-sdk vb.net Silverlight apache2 flash server perl best-practices email installation eclipse visual-studio algorithm windows-server-2008 winforms wcf firefox bash dns /Oracle