Hi. I'm writing a tool to read in a ASCII hexdump and convert it to a packet,
called text2pcap. As part of this, I noticed that tethereal, when given the -V
-x options, generates a hexdump of this form:
0 0010 7b2c 78c0 0010 7b2c 785d 0800 4500 ..{,x...{,x]..E.
10 0074 248f 0000 ff2e 7ebb 0a01 020f 0a01 .t$.....~.......
20 0201 1002 e3e8 ff00 0060 000c 0101 e600 .........`......
30 0001 1100 000a 000c 0301 0a01 020f 0000 ................
I would like to change it to generate a hexdump of this form:
0000 00 10 7b 2c 78 c3 00 10 7b 2c 78 d5 08 00 45 00 ..{,x...{,x...E.
0010 00 74 46 53 00 00 ff 2e 5a e9 0a 01 03 10 0a 01 .tFS....Z.......
0020 03 0e 10 02 e4 67 ff 00 00 60 00 0c 01 01 e6 00 .....g...`......
0030 00 01 11 00 00 0a 00 0c 03 01 0a 01 03 10 00 00 ................
My reasons are:
1) It is a more standard hexdump format; we use it internally in Ethereal
(GUI) as well.
2) This format is easier to deal with during parsing as well.
It's a very small change to the code; I've tried it out. If this proposed
change is made, then text2pcap will be able to read in a trace dumped by
tethereal using -V -x, and be able to build a capture file out of the packets
(minus the timestamps), a feature which I think is pretty cool.
Thoughts?
-Ashok
--- Asok the Intern ----------------------------------------
Ashok Narayanan
IOS Network Protocols, Cisco Systems
250 Apollo Drive, Chelmsford, MA 01824
Ph: 978-244-8387. Fax: 978-244-8126 (Attn: Ashok Narayanan)
