Any way to get some information from the blob of hex included in the Raw pkt data?
If you’re referring to the payload in an alert, e.g.,
"payload": "R0VUIC9hL3RyYWNrL2pzaW5mby5hc3A/c3c9MTY4MCZzaD05NzcgSFRUUC8xLjENCkFjY2VwdDogKi8qDQpSZWZlcmVyOiBodHRwOi8vdmlldy5hdGRtdC5jb20vRFJOL2l2aWV3LzE1NTU3ODY2NS9kaXJlY3QvMDE/Y2xpY2s9DQpBY2NlcHQtTGFuZ3VhZ2U6IGVuLXVzDQpBY2NlcHQtRW5jb2Rpbmc6IGd6aXAsIGRlZmxhdGUNClVzZXItQWdlbnQ6IE1vemlsbGEvNC4wIChjb21wYXRpYmxlOyBNU0lFIDYuMDsgV2luZG93cyBOVCA1LjE7IFNWMTsgLk5FVCBDTFIgMS4xLjQzMjI7IC5ORVQgQ0xSIDIuMC41MDcyNzsgLk5FVCBDTFIgMy4wLjQ1MDYuMjE1MjsgLk5FVCBDTFIgMy41LjMwNzI5OyBXaW5kb3dzIExpdmUgTWVzc2VuZ2VyIDE0LjAuODA4OS4wNzI2KQ0KSG9zdDogd3d3My5zbWFydGFkc2VydmVyLmNvbQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KQ29va2llOiBUZXN0SWZDb29raWVQPW9rOyBUZXN0SWZDb29raWU9b2s7IEFTUFNFU1NJT05JRFFRQkFDQlJBPU9JSE5EQkNDSENNSkhBSkFQRkRGUEtMQw0KDQo=",
You can decode this with base64 -d
$ echo "R0VUIC9hL3RyYWNrL2pzaW5mby5hc3A/c3c9MTY4MCZzaD05NzcgSFRUUC8xLjENCkFjY2VwdDogKi8qDQpSZWZlcmVyOiBodHRwOi8vdmlldy5hdGRtdC5jb20vRFJOL2l2aWV3LzE1NTU3ODY2NS9kaXJlY3QvMDE/Y2xpY2s9DQpBY2NlcHQtTGFuZ3VhZ2U6IGVuLXVzDQpBY2NlcHQtRW5jb2Rpbmc6IGd6aXAsIGRlZmxhdGUNClVzZXItQWdlbnQ6IE1vemlsbGEvNC4wIChjb21wYXRpYmxlOyBNU0lFIDYuMDsgV2luZG93cyBOVCA1LjE7IFNWMTsgLk5FVCBDTFIgMS4xLjQzMjI7IC5ORVQgQ0xSIDIuMC41MDcyNzsgLk5FVCBDTFIgMy4wLjQ1MDYuMjE1MjsgLk5FVCBDTFIgMy41LjMwNzI5OyBXaW5kb3dzIExpdmUgTWVzc2VuZ2VyIDE0LjAuODA4OS4wNzI2KQ0KSG9zdDogd3d3My5zbWFydGFkc2VydmVyLmNvbQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KQ29va2llOiBUZXN0SWZDb29raWVQPW9rOyBUZXN0SWZDb29raWU9b2s7IEFTUFNFU1NJT05JRFFRQkFDQlJBPU9JSE5EQkNDSENNSkhBSkFQRkRGUEtMQw0KDQo=" | base64 -d
GET /a/track/jsinfo.asp?sw=1680&sh=977 HTTP/1.1
Accept: */*
Referer: http://view.atdmt.com/DRN/iview/155578665/direct/01?click=
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729; Windows Live Messenger 14.0.8089.0726)
Host: www3.smartadserver.com
Connection: Keep-Alive
Cookie: TestIfCookieP=ok; TestIfCookie=ok; ASPSESSIONIDQQBACBRA=OIHNDBCCHCMJHAJAPFDFPKLC