Is it possible to directly dissect a hex data instead of a packet?

asked 2020-05-28 15:42:21 +0000

updated 2020-05-28 15:43:45 +0000

I'm not sure if this even makes sense, but I have a built in dissector inside of wireshark/tshark but I'm not gonna be parsing packets and dissecting it. Instead, I will receive the "data field" in hex format by another process, and I would like to dissect that.

Note: that if this data was part of a UDP payload, wireshark can dissect it

answered 2020-05-28 15:52:48 +0000

grahamb

flag of United Kingdom of Great Britain and Northern Ireland

23790 ●4 ●950 ●227 https://www.wireshark.org

Text2pcap can be used for this, it can take in the hex data and prepend headers such as UDP and output a pcap (or pcapng) file that can be read by Wireshark allowing normal dissection to take place.

edit flag offensive delete link

Comments

Or you can go into File|Import from Hex Dump which can do basically the same.

Jaap ( 2020-05-28 16:10:05 +0000 )edit

Gosh these new features that I keep forgetting about!

grahamb ( 2020-05-28 16:36:34 +0000 )edit

Thank you for Text2pcap. One last thing. If the protocol is a custom protocol ( not UDP ), how should I use text2pcap to allow for creation of the packet with that protocol?

aznboystride ( 2020-05-28 16:54:33 +0000 )edit

By constructing headers for the custom protocol yourself, and prepending them to the data. See my answer to the question you asked about this.

Guy Harris ( 2020-05-28 18:38:51 +0000 )edit

add a comment

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Is it possible to directly dissect a hex data instead of a packet?

1 Answer

Comments

Your Answer

Question Tools

Stats

Related questions

Is it possible to directly dissect a hex data instead of a packet? edit

1 Answer

Comments

Your Answer

Question Tools

Stats

Related questions

Is it possible to directly dissect a hex data instead of a packet?