Ask Your Question

Revision history [back]

click to hide/show revision 1
initial version

answered 2019-12-10 07:37:44 +0000

Guy Harris gravatar image

Those appear to be Ethernet VLAN packets, as they begin with:

  1. 6 octets that could be an Ethernet destination address;
  2. 6 octets that could be an Ethernet source address;
  3. 2 octets of 81 00, which is the Ethernet type for an 802.1Q VLAN header;
  4. 2 octets of VLAN tag;
  5. 2 octets of 08 00, which is the Ethernet type for IPv4;
  6. an octet of 45, which would be the first octet of an IPv4 header with no options.

Unfortunately, the text2pcap program that comes with Wireshark expects each line to begin with an offset number, so, if you were to use it to try to translate that text file to a pcap, you'd have to stick something such as 6 0's, followed by a space, in front of every line, so the first packet line would become

000000 3C DA 2A 81 B9 0D D4 E3 3F EF 46 30 81 00 C0 86 08 00 45 88 00 30 6C 40 00 00 7D 11 F9 70 0A 06 81 E6 0A 87 41 11 68 48 FD 5F 00 1C 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00

You might also have to remove the lines before the first packet line, and put a space after each line.