Ask Your Question
0

Is it possible to directly dissect a hex data instead of a packet?

asked 2020-05-28 15:42:21 +0000

aznboystride gravatar image

updated 2020-05-28 15:43:45 +0000

I'm not sure if this even makes sense, but I have a built in dissector inside of wireshark/tshark but I'm not gonna be parsing packets and dissecting it. Instead, I will receive the "data field" in hex format by another process, and I would like to dissect that.

Note: that if this data was part of a UDP payload, wireshark can dissect it

edit retag flag offensive close merge delete

1 Answer

Sort by ยป oldest newest most voted
0

answered 2020-05-28 15:52:48 +0000

grahamb gravatar image

Text2pcap can be used for this, it can take in the hex data and prepend headers such as UDP and output a pcap (or pcapng) file that can be read by Wireshark allowing normal dissection to take place.

edit flag offensive delete link more

Comments

Or you can go into File|Import from Hex Dump which can do basically the same.

Jaap gravatar imageJaap ( 2020-05-28 16:10:05 +0000 )edit

Gosh these new features that I keep forgetting about!

grahamb gravatar imagegrahamb ( 2020-05-28 16:36:34 +0000 )edit

Thank you for Text2pcap. One last thing. If the protocol is a custom protocol ( not UDP ), how should I use text2pcap to allow for creation of the packet with that protocol?

aznboystride gravatar imageaznboystride ( 2020-05-28 16:54:33 +0000 )edit

By constructing headers for the custom protocol yourself, and prepending them to the data. See my answer to the question you asked about this.

Guy Harris gravatar imageGuy Harris ( 2020-05-28 18:38:51 +0000 )edit

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Question Tools

Stats

Asked: 2020-05-28 15:42:21 +0000

Seen: 866 times

Last updated: May 28 '20