Ask Your Question
0

Merge Hex Dump files

asked 2019-03-29 12:00:15 +0000

Sjoholm gravatar image

Import by Hex Dump.

It is possible in the hex dump file to set a UTC timestamp on all packets. Is it possible to merge the hex dump files with respect to this UTC timestamp. Or is it only possible to merge .pcap files?

Regards, Tobias Sjoholm

edit retag flag offensive close merge delete

Comments

Is this using text2pcap to convert the hex to a pcap?

grahamb gravatar imagegrahamb ( 2019-03-29 12:49:53 +0000 )edit

Thanks for mentioning the text2pcap tool.

I was wondering if it's possible to directly merge the hex dump files without going through the conversion to pcap.

Sjoholm gravatar imageSjoholm ( 2019-03-29 13:41:46 +0000 )edit

I keep forgetting that essentially the functionality of text2pcap was added to Wireshark.

grahamb gravatar imagegrahamb ( 2019-03-29 13:46:15 +0000 )edit

2 Answers

Sort by ยป oldest newest most voted
0

answered 2019-03-29 14:11:17 +0000

grahamb gravatar image

updated 2019-03-29 15:57:19 +0000

The hex dump import, like text2pcap can support a timestamp in front of each packet, using the format specified.

There seems to be a bug in Wireshark, in that if no individual packet timestamps are given, then there is no increment of the timestamp between packets, whereas text2pcap does do this.This now seems to be OK.

I'm not sure, but I think neither Wireshark or text2pcap make any adjustments from the time supplied to UTC, the time is copied verbatim, i.e. as the time in a pcapng file is UTC, then the input time is regarded as UTC.

edit flag offensive delete link more
0

answered 2019-03-29 14:04:42 +0000

Sjoholm gravatar image

I just noticed that Wireshark will convert my hex dump file into pcap as I import it. (it auto run the text2pcap.exe in the background) Then I can just save the file as a .pcap file. And as a pcap file i can merge it!

Problem solved!

edit flag offensive delete link more

Comments

it auto run the text2pcap.exe in the background

Actually, it has its own copy of the text2pcap code, which has diverged from the text2pcap code a bit; that needs to be cleaned up.

Guy Harris gravatar imageGuy Harris ( 2019-03-29 22:11:18 +0000 )edit

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Question Tools

Stats

Asked: 2019-03-29 12:00:15 +0000

Seen: 78 times

Last updated: Mar 29