I have a 64 byte hex stream of a frame-
000A959D6816000A959A651508004500002E000000004006AF160A010101C0A8000A11D71EC6000000000000000050000000AD840000000102030405CC904CE3
How can I import it into Wireshark and see the whole packet? The option of importing hex dump doesn't seems to work in my case, if I save this stream into a text file and load it.
Since this hex stream is in hex, and for hex to hexdump conversion, od
doesn't seems to work. So the solution would be to convert this hex back to binary, and then use od -Ax -tx1 -v [file]
on that binary file.
xxd -r -p [hexfile] [binaryfile]
od -Ax -tx1 -v [binaryfile]
Note: Use the combination -r
-p
to read plain hexadecimal dumps without line number information and without a particular column layout.
A hex stream can be transformed into an od
-like format filtering through a couple coreutils
. The output can be fed into text2pcap
, for example, to also set a link-layer type.
{ echo -n "0000 "; echo $hex_stream | fold -w 2 | paste -sd ' '; } | text2pcap -l 147 - $file
hex_stream
is the data to be dissected and file
is the pcap
file to be written by text2pcap
. I use this as part of a script that generates a temporary pcap
from a hex stream and invokes tshark
to dissect it - this gives me the dissection result immediately with no manual intervention.
How to Dissect Anything page in the Wireshark wiki has further information on dissection of arbitrary data.
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With