如何“解码”python scapy数据包“RAW load”

Question

I have been trying to decode these types of packets for some time, I have done vast research but have not been able to 'decode' certain scapy packets. I have been testing with my network, then watching the results in scapy and I get these encoded parts of packets in the RAW layer. Below is one of them. Does anyone know how to translate this into plain readable human text?

The RAW load part of packet:

<Raw  load="\x17\x03\x03\x01\x1d\x00\x00\x00\x00\x00\x00\x00\x15\xc1\r\xe9\x83\\\xef\x9cvj\x02\x03\xde\x10m8\x9b\xda;8\xa5\xc2\x8eB\xafi\xc0\x1f\xba\xc95\x04\xdb\xd1\xd4,\x04\xcc\x1f/\xb8'\xa5\xd02\xe0dj'\xbd\x96\xdd\xf7\x1bL\xc4\x88<\x83\x81y\xe0\x02L\xc31\xe9\xdb\x15!x8\xf3\xb3\xd3J\x01\xf9]\x93\x12\xeec\xdcY\x81H\x08=.\xf3,\x145\x9cH\r\xa3RE\x99\xef_I\xd4+\x03\\@\xc5\x92\xcc\xe3<N\xad\xad\xbfj\xbb\xca\x93\x15VV\x84\x83\xd6\xeb\xb4 \x8e\xd4\x0fm\xcf\xb7\xe9\x11\xd7\x01\xa3\x9c\x84\x02@j\x96\x80{\xae{\x13\x8b\x9em\x14\x04\xa8\xbf\xdcY\xe6+\x8e\xe18\xb4\x02\xe4E\x8eZ\x80;\xf6I;\xe8\n\x1e\x92F\xf2TBp\xd6\xd6\xfa.\xb9pp;sS\x11l\xd9#\x1dOJ\xad\xd8E\xf1_\x1e\xcc\r\x9b1\x81\xa1H\xe1\xfd\xe9@\x91\xfd\xd7|G-\x08\x94>Fw\x9f]g\x97\xe4,\xc8\x8f\x89\x10\xb7\xb5\xec\xe2\x1cL'\xdd:#\x8e\x9b?\xa0\x1aA\xfez\xe9:\xbe\xe1\x96QW\x98\\\x9c\x10vve&\xe6\x93C" |>>>>

Answer 1

This is probably an SSL/TLS packet. You can, if you are using a recent version of Scapy, load the "tls" layer and have it parse your data:

>>> data = b"\x17\x03\x03\x01\x1d\x00\x00\x00\x00\x00\x00\x00\x15\xc1\r\xe9\x83\\\xef[...]"
>>> load_layer('tls')
>>> TLS(data)
<TLS  type=application_data version=TLS 1.2 len=285 iv='' msg=[<TLSApplicationData  data="[...]" |>] padlen=None |>

As you can see, apart from three decoded fields (the TLS packet type, the TLS version and the data length), there is nothing you can "translate [...] into plain readable human text", since that's actually encrypted. For that, you would need the session key to decrypt the messages.