Ask Your Question
0

Can the hexdump format be changed?

asked 2020-09-09 20:30:59 +0000

I am interested in an additional space, or a different character, between row bytes 7 & 8. The Packet Bytes pane shows data with an extra space, and would like the Copy->Hex/ASCII+Hex Dump format to be similar. This helps when counting bytes and comparing multiple captures.

edit retag flag offensive close merge delete

1 Answer

Sort by ยป oldest newest most voted
0

answered 2020-09-09 21:23:08 +0000

Chuckc gravatar image

updated 2020-09-09 21:41:56 +0000

The extra separator came over from Ethereal - maybe modeled after a sniffer display from that era.

It's not common in other hex dumps like xxd or tcpdump.

It's defined in data_printer.h:

// Insert a space after this many bytes
static int separatorInterval() { return 8; }

Used in byte_view_text.cpp (Packets Bytes):

const int ByteViewText::separator_interval_ = DataPrinter::separatorInterval();

But not in data_printer.cpp (Copy Bytes...).

Seems like since it's a Wireshark format, maybe the formatting should be consistent.
Enhancement requests are opened as issues on gitlab/wireshark

EDIT: seems hexdump canonical adds the extra divider/separator.

-C, --canonical
      Canonical hex+ASCII display.  Display the input offset in
      hexadecimal, followed by sixteen space-separated, two-column,
      hexadecimal bytes, followed by the same sixteen bytes in %_p
      format enclosed in '|' characters.  Invoking the program as hd
      implies this option.


$ cat grep.err | hexdump -C | head -5
00000000  67 72 65 70 3a 20 61 63  70 69 3a 20 49 73 20 61  |grep: acpi: Is a|
00000010  20 64 69 72 65 63 74 6f  72 79 0a 67 72 65 70 3a  | directory.grep:|
00000020  20 61 6c 74 65 72 6e 61  74 69 76 65 73 3a 20 49  | alternatives: I|
00000030  73 20 61 20 64 69 72 65  63 74 6f 72 79 0a 67 72  |s a directory.gr|
00000040  65 70 3a 20 61 70 61 63  68 65 32 3a 20 49 73 20  |ep: apache2: Is |

$ cat grep.err | hd | head -5
00000000  67 72 65 70 3a 20 61 63  70 69 3a 20 49 73 20 61  |grep: acpi: Is a|
00000010  20 64 69 72 65 63 74 6f  72 79 0a 67 72 65 70 3a  | directory.grep:|
00000020  20 61 6c 74 65 72 6e 61  74 69 76 65 73 3a 20 49  | alternatives: I|
00000030  73 20 61 20 64 69 72 65  63 74 6f 72 79 0a 67 72  |s a directory.gr|
00000040  65 70 3a 20 61 70 61 63  68 65 32 3a 20 49 73 20  |ep: apache2: Is |
edit flag offensive delete link more

Comments

Thanks Chuck. I added an issue on GitLab, #16841.

gmorris007 gravatar imagegmorris007 ( 2020-09-10 20:53:40 +0000 )edit

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Question Tools

Stats

Asked: 2020-09-09 20:30:59 +0000

Seen: 62 times

Last updated: Sep 09