Ask Your Question

Revision history [back]

Identifying unknown packet type

I have a data dump containing packets which I cannot identify the type of. I'm hoping someone here maybe has some idea of what it is. The data comes from a client's satellite link and cannot be shared unfortunately.

Encapsulation

Each packet is encapsulated by 0x7E flags and a standard CCITT-CRC16 code. This is the same as HDLC packets. Idle flags are 0xFF, which is not standard HDLC (which uses 0x7E). As an example:

FF FF FF 7E [PACKET DATA] CRC1 CRC2 7E FF FF FF FF .. FF 7E [PACKET DATA] CRC1 CRC2 7E FF ..

Packet description

I've managed to decipher some of the packet structure so far. This is what I've got:

  • packet lead is 0x1841
  • next byte indicates the number of segments in the packet
  • next byte appears to be a type indicator (only 0x01, 0x02, 0x03 appear - each 'type' seems to transmit different data (the segment lengths for each type have a different distribution)
  • followed by N segments, where each segment starts with a variable length uint indicating number of bytes in the segment

Example (including 'HDLC' flags and CRC):

7E 18 41 N T [SEGMENT 1..N] CRC1 CRC2 7E

where N is the number of segments and T the type. A segment example:

N X1 X2 .. XN

where N is the segment length and X are the segment data bytes.

Has anyone seen something similar? Or is there perhaps a better forum/place to ask for help for this?