How can I display packet value as ascii?

asked 2020-06-12 03:13:53 +0000

updated 2020-06-13 23:01:02 +0000

Hello Wireshark pros, I am using Wireshark with a Nordic DK board and their tools for sniffing ble packets. I have filtered on load packets from master and slave and I am only interested in the value sent in these packets. I have columnized the value, which in the packet details, is displayed in both hex and ascii. I need the column to display in ascii. This seems a natural and normal thing to need, but short of learning LUA, I can find no canned process for changing the display format of column data fields. Is anyone aware of how to do so or where to find a pre written script for doing such? Thank you kindly Robin @TL

edit retag flag offensive close merge delete

Comments

Which exact field are you referring to? Can you post a small capture file somewhere (Dropbox, Drive, etc.)?

cmaynard gravatar imagecmaynard ( 2020-06-15 15:29:35 +0000 )edit

Thank you for the help. I will post it later tonight. Robin @TL

Robin@TL gravatar image[email protected] ( 2020-06-15 19:24:42 +0000 )edit

Hello Christopher, I have a packet saved on Drive to discuss with you, but I need your email to share it.

Robin@TL gravatar image[email protected] ( 2020-06-16 04:33:13 +0000 )edit

Hello again Christopher, A bit more info about the field... It is the "value" field on the load packet. I can columnized and display it, but is displayed as a concatenated sting of hex values in the column. How can I display the value as ascii? Thanks again Robin @ TL

Robin@TL gravatar image[email protected] ( 2020-06-16 15:11:43 +0000 )edit

I think it would be better if you just provide a link to a very simple packet capture file that anyone could access. It may not be me who ends up looking it and providing help.

cmaynard gravatar imagecmaynard ( 2020-06-18 20:37:51 +0000 )edit

I am not thrilled about opening link related to me to the world. Can you suggest a site that would insulate me a bit more than drive? thanks.

Robin@TL gravatar image[email protected] ( 2020-06-20 15:44:57 +0000 )edit

Well, here goes... Important enough to me to share to the world, I guess. Here is the link to the file: https://drive.google.com/drive/folder... The column I need displayed as ascii chars is titled "Value". Any help is greatly appreciated. Thanks all, Robin @ TL

Robin@TL gravatar image[email protected] ( 2020-06-20 16:02:12 +0000 )edit

I'm not able to download the file. Literally all you need to do is share a single packet with the field you're interested in. You can even anonymize that packet if you need to using tools like Tracewrangler, WireEdit, etc if you have concerns. You can use editcap to cut off any irrelevant bytes past the field you're concerned about.

cmaynard gravatar imagecmaynard ( 2020-06-21 01:34:52 +0000 )edit

Hello again, Not sure why you can't download the file it is open to anyone. I have no concerns over content on the packet capture, only about opening any part of my drive to the world.
Please try again, as I may not have had the link publicly shared at the time you attempted download. Thanks again, Robin @ TL

Robin@TL gravatar image[email protected] ( 2020-06-21 16:14:31 +0000 )edit