This is a static archive of our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

text2pcap issue

1

How to convert below hexdump into readable pcap format

c364f21d7e098003101b0d120600710419895812049733070b1207001204198915
9309024462424804e95404eb6b1e281c060700118605010101a011600f80020780
a109060704000001000e036c1aa1180201000201383010800804142341703973f8
020104830100'H

asked 29 Jun '12, 01:58

rks2k122's gravatar image

rks2k122
16112
accept rate: 0%

edited 29 Jun '12, 02:09

Kurt%20Knochner's gravatar image

Kurt Knochner ♦
24.8k1039237


One Answer:

1

that format is not supported by text2pcap.

http://www.wireshark.org/docs/wsug_html_chunked/AppToolstext2pcap.html

Text2pcap understands a hexdump of the form generated by od -Ax -tx1 -v. In other words, each byte is individually displayed and surrounded with a space. Each line begins with an offset describing the position in the file. The offset is a hex number (can also be octal or decimal - see -o), of more than two hex digits. Here is a sample dump that text2pcap can recognize:`

Please convert it to a format like this:

000000 c3 64 f2 1d 7e 09 80 03 ........ 000008 10 1b 0d 12 06 00 71 04 ........ ...

How can you do it?

#include "what_we_need.h"

#define GOOD 1 #define BAD 0

int able_to_program; int want_to_use_editor; int found_victim; int mood;

able_to_program = check_programming_skills(); want_to_use_editor = check_editor_and_mood();

if (want_to_use_editor) { mood = GOOD; use_editor_to_format_string(mood); } else { if (able_to_program) { write_a_script_to_format_string(); } else { found_victim = find_someone_who_can_do_it_for_you(); if (found_victim) { let_him_do_it(); } else { mood = BAD; swear_a_few_seconds(); use_editor_to_format_string(mood); } } }

;-)

Regards
Kurt

answered 29 Jun ‘12, 03:02

Kurt%20Knochner's gravatar image

Kurt Knochner ♦
24.8k1039237
accept rate: 15%

edited 29 Jun ‘12, 07:21

Is that code GPL’d? :)

(29 Jun ‘12, 06:04) cmaynard ♦♦

Sorry, I forgot to mention it. Yep, it’s GPL. Feel free to extend it ;-))

(29 Jun ‘12, 06:29) Kurt Knochner ♦