ANNOUNCEMENT: Live Wireshark University & Allegro Packets online APAC Wireshark Training Session
July 17th, 2024 | 10:00am-11:55am SGT (UTC+8) | Online
Wireshark logo

Ethereal-dev: RE: [Ethereal-dev] Proposed change to tethereal hex dump format

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

Date Prev · Date Next · Thread Prev · Thread Next
Date Index · Thread Index · Other Months · All Mailing Lists
From: Peter Kjellerstedt <peter.kjellerstedt@xxxxxxxx>
Date: Wed, 2 May 2001 23:08:04 +0200 
> -----Original Message-----
> From: Ashok Narayanan [mailto:ashokn@xxxxxxxxx]
> Sent: Wednesday, May 02, 2001 21:14
> To: ethereal-dev@xxxxxxxxxxxx
> Subject: [Ethereal-dev] Proposed change to tethereal hex dump format
> 
> Hi. I'm writing a tool to read in a ASCII hexdump and convert 
> it to a packet, called text2pcap. As part of this, I noticed
> that tethereal, when given the -V -x options, generates a
> hexdump of this form:
> 
>    0  0010 7b2c 78c0 0010 7b2c 785d 0800 4500   ..{,x...{,x]..E. 
>   10  0074 248f 0000 ff2e 7ebb 0a01 020f 0a01   .t$.....~....... 
>   20  0201 1002 e3e8 ff00 0060 000c 0101 e600   .........`...... 
>   30  0001 1100 000a 000c 0301 0a01 020f 0000   ................ 
> 
> I would like to change it to generate a hexdump of this form:
> 
> 0000  00 10 7b 2c 78 c3 00 10 7b 2c 78 d5 08 00 45 00   ..{,x...{,x...E.
> 0010  00 74 46 53 00 00 ff 2e 5a e9 0a 01 03 10 0a 01   .tFS....Z.......
> 0020  03 0e 10 02 e4 67 ff 00 00 60 00 0c 01 01 e6 00   .....g...`......
> 0030  00 01 11 00 00 0a 00 0c 03 01 0a 01 03 10 00 00   ................

This is more than 79 characters per line (82 if I calculate
correctly). Please don't make the lines longer than that they
still fit in a "standard" 80 characters wide window.

> My reasons are:
> 
> 1) It is a more standard hexdump format; we use it internally 
> in Ethereal (GUI) as well.
> 
> 2) This format is easier to deal with during parsing as well.

I fail to see how the second format should be any easier to
parse than the first one. Unless you consider endianness...

> It's a very small change to the code; I've tried it out. If 
> this proposed change is made, then text2pcap will be able to
> read in a trace dumped by tethereal using -V -x, and be able
> to build a capture file out of the packets (minus the 
> timestamps), a feature which I think is pretty cool.
> 
> Thoughts?

Preferably you should be able to parse both formats. There is
no reason to limit yourself to just one format when reading
in the file. Actually, you should be able to parse a number
followed by any number of two-digit hexnumbers (with or
without separating whitespace).

> -Ashok

//Peter
Wireshark logo footer

© Wireshark Foundation · Privacy Policy

Facebook·Mastodon·Twitter·YouTube