0x0000: 4500 00bc 0000 4000 4011 281d c0a8 c801 E.....@.@.(.....
0x0010: c0a8 c8c1 0035 2f16 00a8 bf52 1a74 8183 .....5/....R.t..
0x0020: 0001 0000 0001 0000 0136 0139 0161 0163 .........6.9.a.c
0x0030: 0161 0136 0163 0135 0166 0130 0137 0137 .a.6.c.5.f.0.7.7
0x0040: 0162 0138 0138 0135 0130 0130 0130 0130 .b.8.8.5.0.0.0.0
0x0050: 0130 0130 0130 0130 0130 0130 0130 0130 .0.0.0.0.0.0.0.0
0x0060: 0130 0138 0165 0166 0369 7036 0461 7270 .0.8.e.f.ip6.arp
0x0070: 6100 000c 0001 c04c 0006 0001 0000 0e10 a......L........
0x0080: 003a 0162 0b69 7036 2d73 6572 7665 7273 .:.b.ip6-servers
0x0090: c050 0a68 6f73 746d 6173 7465 7205 6963 .P.hostmaster.ic
0x00a0: 616e 6e03 6f72 6700 781c 5634 0000 0708 ann.org.x.V4....
0x00b0: 0000 0384 0009 3a80 0000 0e10 ......:.....
The above format is normal text encrypted with some algorithm and converted as payload. How to decrypt and read it as normal form.And please exaplain me what are all these.I assumed all these as a payload.
This is not encrypted. This is a normal dump of an IP packet. Let's try to read it.
First 4 bits say ip version 4, next 4 bits: header length 5 (5 * 4 = 20 bytes), TOS = 0, total length = 0xBC (which matches the length of the dumped packet so we're on the right track), ID = 0, offset has the "don't fragment" flag set, TTL = 0x40 (64), protocol = 0x11 (UDP), checksum 0x281d, source address = 192.168.200.1, destination address = 192.168.200.193.
Then the UDP packet follows, source port = 53 (which is DNS), destination port = 12054, length = 168, checksum 0xbf52, the rest is the payload which I can't be bothered to decode but it looks like a reverse lookup of an ipv6 address.