Wireshark · Ethereal-dev: Re: [Ethereal-dev] Problem in linking the files

Ethereal-dev: Re: [Ethereal-dev] Problem in linking the files

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

From: Guy Harris <gharris@xxxxxxxxx>

Date: Tue, 07 Dec 2004 10:59:48 -0800

harsha ss wrote:

    Thanks for your guidence,
  I want to display the hexdump i am reading on the third window.

What gets displayed in the third pane is the packet data. I presumewhat you mean by "the hexdump I am reading" is the packet data from yourfile. (If not, then what you're asking for is something other than whatEthereal does. It's not a hex editor, for example....)

But I am getting the hexdump in the rightmost side and thecorresponding hex code in leftside ie immedeately after the line number.

Line number? There are no line numbers in the Ethereal hex dump pane,because Ethereal doesn't deal with text files, it deals with packets; aparticular capture file might happen to be in the form of a text file,rather than a binary file, but that's intentionally and deliberatelyhidden from the rest of Ethereal by Wiretap.


The hex dump pane has:

	on the left, a hex value that's an offset in the packet data;

	in the middle, the hex data in the packet;

	to the left of that, the hex data in the packet, displayed as ASCII.

I want to know where the ascii values of my hexdump are converted toequivalant hexadecimal values.

If a capture file *happens* to be a text file rather than a binary file(most capture file formats are binary, not text!), then:

the Wiretap module for that file format will convert the text thatcorresponds to a hex dump of the packet into bytes - for example textsuch as


		FF 03 02 40 7B

would be converted to a sequence of bytes with values 0xff, 0x03, 0x02,0x40, and 0x7B;

Ethereal would read that sequence of bytes - it would *NOT* get asequence of characters 'F', 'F', ' ', '0', '3', ' ', '0', '2', ' ', '4','0', ' ', '7', and 'B', it would get a sequence of bytes 0xff, 0x03,0x02, 0x40, and 0x7B;


	it would process those bytes as packet data.

See, for example, the code to read Ascend files, "dbs-etherwatch.c","toshiba.c", and "vms.c" for examples of code that reads text files.

I am reading the raw bytes as (guint8 *) from the read function in
  wiretap.

Note that "raw bytes", if the capture file is a text file, does *NOT*mean "the raw text from the file".

The first window displays the contents.
I saw in proto_draw.c I am not getting where exactly the bytes areconverted to hex equivalant and printed.


It's done in "packet_hex_print_common()".

Prev by Date: Re: [Ethereal-dev] About how to contribute new module.
Next by Date: Re: [Ethereal-dev] Delete some fields from packets
Previous by thread: Re: [Ethereal-dev] Problem in linking the files
Next by thread: [Ethereal-dev] DNS IPSECKEY RR
Index(es):
- Date
- Thread

Riverbed Cascade Pilot: Take Wireshark to the Next Level - Advanced Triggers and Alerts; Web and VoIP Analytics; Long-Term Trending and Forensics; Deep Packet Analysis with Wireshark

Riverbed Cascade Pilot Personal Edition: Take Wireshark to the Next Level - Advanced Triggers and Alerts; Web and VoIP Analytics; Long-Term Trending and Forensics; Deep Packet Analysis with Wireshark

Riverbed AirPcap: Complete Visibility of Your Wireless Networks; Multi-Channel, Aggregated Analysis; Portable and Versatile; Easy to Setup and Easy to Use; Ready to Power Your Application

$Riverbed TurboCap: Full-Speed GbE Capture; Port Aggregation; Pass-thru Mode; Aggregating Tap; Full-Speed GbE Injection; Exported Interfaces; TurboCap API Developer\'s Pack$