On Fri, May 21, 2004 at 02:05:44PM -0400, GUOMING WEI wrote:
> Is it possible to use ethereal to analyze a hex dump file? It seems that
> ethereal doesn't like the format.
Correct - it has no idea what to do with a hex dump; for one thing, it
doesn't even know what link-layer types the packets have.
> For instance, format as following.
> 02E3B8C6 01 00 5E 00 00 05 FF FF FF FF FF FF 08 00 45 00 ..^...........E.
> 02E3B8D6 00 40 FF 00 00 00 01 59 C3 5E 17 00 00 01 E0 00 [email protected].^......
> 02E3B8E6 00 05 02 01 00 2C 17 00 00 01 00 00 00 00 8D 9D .....,..........
> 02E3B8F6 00 00 00 00 00 00 00 00 00 00 FF FF FF FF 00 0A ................
> 02E3B906 42 01 00 00 00 28 17 00 00 01 00 00 00 00 18 00 B....(..........
> 02E3B916 00 01 00 00 00 00 00 00 00 00 00 01 00 00 00 76 ...............v
> 02E3B926 00 00 00 00 00 00 00 00 4F 4D 45 2D 30 30 36 30 ........OME-0060
> 02E3B936 33 38 31 35 43 37 30 46 00 00 00 00 00 00 00 00 3815C70F........
> 02E3B946 00 00 00 00 00 0A 00 00 00 01 00 00 00 01 5A 5A ..............ZZ
> 02E3B956 5A 5A 5A 5A 00 00 06 01 00 00 00 00 01 1E BB C0 ZZZZ............
> 02E3B966 33 00 21 30 1F 00 00 00 00 00 41 75 00 70 00 67 3.!0......Au.p.g
> 02E3B976 00 62 00 6B 00 0F 00 3A 75 00 70 00 00 00 FF FF .b.k...:u.p.....
> 02E3B986 FF FF FF FF 00 00 FF FF FF FF 55 50 47 42 4B 55 ..........UPGBKU
> 02E3B996 50 20 20 20 20 10 00 24 33 00 21 30 21 30 00 00 P ..$3.!0!0..
> 02E3B9A6 33 00 21 30 20 00 00 00 00 00 41 67 00 6D 00 64 3.!0 .....Ag.m.d
> 02E3B9B6 00 70 00 72 00 0F 00 28 6F 00 76 00 2E 00 30 00 .p.r...(o.v...0.
Is that just a stream of packet data, rather than a sequence of hex
dumps of packets? If not, then the text2pcap utility that comes with
Ethereal might be able to convert it to a capture file that Ethereal can
read; if so, you'll have to break it up into packets and then try
converting it.
