Ask Your Question
0

How can I export my hexdump to a file that contains the data in a binary format?

asked 2018-12-17 17:25:23 +0000

gab13c gravatar image

updated 2018-12-17 21:31:32 +0000

Guy Harris gravatar image

I can view my packet data as a hex dump, but I need to decipher the individual bits and rather than manually doing the conversions I was wondering if there was a way to translate the data into a binary format.

edit retag flag offensive close merge delete

Comments

So what you want is a text file that looks like, for example:

0000 ff ff fe fe fc fc 00 00  68 37 2f 36 17 bc 0f f0
0010 de ad be ef fe ed ca fe

I.e., it's a text file, displaying, as text, a hex dump?

Guy Harris gravatar imageGuy Harris ( 2018-12-17 18:01:32 +0000 )edit

No I can do that easily. Was wondering if there was a way through wireshark to export the hex dump to a file and then converts the hex data into individual bits so I can validate my data that way instead of manually converting it myself (which would take forever).

gab13c gravatar imagegab13c ( 2018-12-17 20:13:08 +0000 )edit

What do you mean by "individual bits"?

A text file containing a sequence of characters that are "0" and "1"?

Or a non-text file that's the raw binary bytes (which means the "individual bits" are in chunks of 8)?

Guy Harris gravatar imageGuy Harris ( 2018-12-17 21:13:03 +0000 )edit

What I mean by invididual bits is the data formatted into binary versus a hex form. I already wrote a program to convert the hex dump from a bin to a text file printed with the data converted from hex to binary

gab13c gravatar imagegab13c ( 2018-12-17 21:15:30 +0000 )edit

If you mean "a binary dump as text", that's "a text file containing a sequence of characters that are "0" and "1"" - that would be "formatted into binary versus hex".

Is that what you want?

Guy Harris gravatar imageGuy Harris ( 2018-12-17 21:33:19 +0000 )edit

2 Answers

Sort by ยป oldest newest most voted
0

answered 2018-12-17 21:31:06 +0000

Guy Harris gravatar image

If you want the raw frame data in binary form, you could read the capture file yourself.

If it's a pcap file, you could write a program using libpcap to do that. (See tcpdump's source as an example.)

If it's a pcapng file, newer versions of libpcap can read those, as long as they fit within the constraints of the current pcap API, i.e. all interfaces in the file must have the same link-layer header type and snapshot length.

If it's neither pcap nor pcapng, or it's in another format, you could try getting the Wireshark source, building it, and then adding your own program using Wireshark's libwiretap library to read it. (See the editcap source as an example.)

edit flag offensive delete link more
0

answered 2018-12-17 17:44:24 +0000

Jaap gravatar image

You're talking about binary format, but also a text file. From this combination I assume that you mean a file with the text representation of the individual bits rather than bytes.

Currently you can only display the packet bytes as bits, but not save it as such. So what you can do is take the current possibility of hexdump export and script a postprocessing step to convert from hex to bits.

edit flag offensive delete link more

Comments

Ya That is what I was thinking, didnt know if there was a prebuilt function to do this within Wireshark. Ill just use an IOStream and import it into some code and print the individual bits that way. Thanks.

gab13c gravatar imagegab13c ( 2018-12-17 20:11:49 +0000 )edit

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Question Tools

1 follower

Stats

Asked: 2018-12-17 17:25:23 +0000

Seen: 4,232 times

Last updated: Dec 17 '18