# How to read mentioned packet logs?

Log:

MPGD68_Layer 2 Service Board:4 Port:1 Packet Capture Direction:0

Statistics reported the total number of packet header: 1000
Chip captureed the total number of packet header: 527890
3C DA 2A 81 B9 0D D4 E3 3F EF 46 30 81 00 C0 86 08 00 45 88 00 30 6C 40 00 00 7D 11 F9 70 0A 06 81 E6 0A 87 41 11 68 48 FD 5F 00 1C 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
3C DA 2A 9B 62 A5 D4 E3 3F EF 46 30 81 00 80 D8 08 00 45 68 00 58 00 00 00 00 FB 11 3C 78 0A CE 50 2F 0A 87 1D 31 08 68 08 68 00 44 9D 5F 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
3C DA 2A 9B 62 A5 D4 E3 3F EF 46 2F 81 00 01 3C 08 00 45 68 05 60 29 C5 00 00 F8 11 E8 DF 0A 4B D4 84 0A 18 C1 98 08 68 08 68 05 4C 9F 89 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
3C DA 2A 9B 62 A5 D4 E3 3F EF 46 30 81 00 C0 D8 08 00 45 88 00 70 10 7F 00 00 3B 11 2B 13 0A 28 11 84 0A 87 1D 31 08 68 08 68 00 5C 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
3C DA 2A 9B 62 A5 D4 E3 3F EF 46 2F 81 00 01 3C 08 00 45 68 05 60 29 C6 00 00 F8 11 E8 DE 0A 4B D4 84 0A 18 C1 98 08 68 08 68 05 4C 9F 89 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
3C DA 2A 9B 62 A5 D4 E3 3F EF 46 2F 81 00 01 3C 08 00 45 68 05 60 29 C7 00 00 F8 11 E8 DD 0A 4B D4 84 0A 18 C1 98 08 68 08 68 05 4C 9F 89 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
3C DA 2A 9B 62 A5 D4 E3 3F EF 46 2F 81 00 01 3C 08 00 45 68 05 60 29 C8 00 00 F8 11 E8 DC 0A 4B D4 84 0A 18 C1 98 08 68 08 68 05 4C 9F 89 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
3C DA 2A 9B 62 A5 D4 E3 3F EF 46 ...
edit retag close merge delete

Sort by » oldest newest most voted

Those appear to be Ethernet VLAN packets, as they begin with:

1. 6 octets that could be an Ethernet destination address;
2. 6 octets that could be an Ethernet source address;
3. 2 octets of 81 00, which is the Ethernet type for an 802.1Q VLAN header;
4. 2 octets of VLAN tag;
5. 2 octets of 08 00, which is the Ethernet type for IPv4;
6. an octet of 45, which would be the first octet of an IPv4 header with no options.

Unfortunately, the text2pcap program that comes with Wireshark expects each line to begin with an offset number, so, if you were to use it to try to translate that text file to a pcap, you'd have to stick something such as 6 0's, followed by a space, in front of every line, so the first packet line would become

000000 3C DA 2A 81 B9 0D D4 E3 3F EF 46 30 81 00 C0 86 08 00 45 88 00 30 6C 40 00 00 7D 11 F9 70 0A 06 81 E6 0A 87 41 11 68 48 FD 5F 00 1C 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00


You might also have to remove the lines before the first packet line, and put a space after each line.

more