Dear All,
         We are capturing each network packet which is in this format. The problem is that we would like to get the url if it exist in the packet in the form of http://...... ? What is the best whaay to interpret it to capture the url?


000000    cf  fa  ed  fe  07  00  00  01  03  00  00  80  02  00  00  00
0000010    0c  00  00  00  28  07  00  00  85  80  01  00  00  00  00  00
0000020    19  00  00  00  48  00  00  00  5f  5f  50  41  47  45  5a  45
0000030    52  4f  00  00  00  00  00  00  00  00  00  00  00  00  00  00
0000040    00  00  00  00  01  00  00  00  00  00  00  00  00  00  00  00
0000050    00  00  00  00  00  00  00  00  00  00  00  00  00  00  00  00
0000060    00  00  00  00  00  00  00  00  19  00  00  00  78  02  00  00

We are capturing each network packet which is in this format.

What format? A list of bytes is not a format...

The problem is that we would like to get the url if it exist in the packet in the form of http://...... ? What is the best whaay to interpret it to capture the url?

Look through the bytes for the values of 'h' 't' 't' 'p' in consecutive order. What follows is your url.

@waltp yes from the each byte so I have to look for consecutive h t t p value right so where to end is another issue right?

Right.

You'll have to think through all the possibilities, and/or get a format dectription of the packet to see if the URL is always followed by a certain type of byte (non-character for example)

@waltp I guess the starting is fine but now the ending is a big challenge as we cant determine where is the exact ending ?

This article has been dead for over six months. Start a new discussion instead.