Wireshark-users: Re: [Wireshark-users] Where is hex2pcap
Date: Mon, 16 Mar 2009 22:13:38 +0100
On Mon, Mar 16, 2009 at 11:58:33PM +0700, giobuon@xxxxxxxxx wrote:
> I have a file exported from a TCP stream, it include few packet. And it
> isn't text so I can't using text2pcap tools. How can I read it using
> wireshark.

Here is your packet;-)

The text file with hex values must look like this:
0000 00 13 49 D3 9A 28 00 E0 B0 F5 EB 4B 08 00 45 00 
0010 02 7B 8D E8 40 00 80 06 E8 A2 0A 00 00 11 4A 7D 
0020 2D 64 0B D7 00 50 A7 FB BC FC 54 24 1E 52 50 18
0030 FF FF 84 5F 00 00 47 45 54 20 2F 20 48 54 54 50
0040 2F 31 2E 31 0D 0A 48 6F 73 74 3A 20 67 6F 6F 67
0050 6C 65 2E 63 6F 6D 0D .... and so on

Next you can use text2pcap:

$ text2pcap 001349.txt 001349.cap
Input from: 001349.txt
Output to: 001349.cap
Wrote packet of 649 bytes at 0
Read 1 potential packet, wrote 1 packet

Regards
Joan

       


Attachment: 001349.cap
Description: Binary data




0000 00 13 49 D3 9A 28 00 E0 B0 F5 EB 4B 08 00 45 00 
0010 02 7B 8D E8 40 00 80 06 E8 A2 0A 00 00 11 4A 7D 
0020 2D 64 0B D7 00 50 A7 FB BC FC 54 24 1E 52 50 18
0030 FF FF 84 5F 00 00 47 45 54 20 2F 20 48 54 54 50
0040 2F 31 2E 31 0D 0A 48 6F 73 74 3A 20 67 6F 6F 67
0050 6C 65 2E 63 6F 6D 0D 0A 55 73 65 72 2D 41 67 65
0060 6E 74 3A 20 4D 6F 7A 69 6C 6C 61 2F 35 2E 30 20
0070 28 57 69 6E 64 6F 77 73 3B 20 55 3B 20 57 69 6E
0080 64 6F 77 73 20 4E 54 20 35 2E 31 3B 20 65 6E 2D
0090 55 53 3B 20 72 76 3A 31 2E 39 2E 30 2E 37 29 20
00a0 47 65 63 6B 6F 2F 32 30 30 39 30 32 31 39 31 30
00b0 20 46 69 72 65 66 6F 78 2F 33 2E 30 2E 37 0D 0A
00c0 41 63 63 65 70 74 3A 20 74 65 78 74 2F 68 74 6D
00d0 6C 2C 61 70 70 6C 69 63 61 74 69 6F 6E 2F 78 68
00e0 74 6D 6C 2B 78 6D 6C 2C 61 70 70 6C 69 63 61 74
00f0 69 6F 6E 2F 78 6D 6C 3B 71 3D 30 2E 39 2C 2A 2F
0100 2A 3B 71 3D 30 2E 38 0D 0A 41 63 63 65 70 74 2D
0110 4C 61 6E 67 75 61 67 65 3A 20 65 6E 2D 75 73 2C
0120 65 6E 3B 71 3D 30 2E 35 0D 0A 41 63 63 65 70 74
0130 2D 45 6E 63 6F 64 69 6E 67 3A 20 67 7A 69 70 2C
0140 64 65 66 6C 61 74 65 0D 0A 41 63 63 65 70 74 2D
0150 43 68 61 72 73 65 74 3A 20 49 53 4F 2D 38 38 35
0160 39 2D 31 2C 75 74 66 2D 38 3B 71 3D 30 2E 37 2C
0170 2A 3B 71 3D 30 2E 37 0D 0A 4B 65 65 70 2D 41 6C
0180 69 76 65 3A 20 33 30 30 0D 0A 43 6F 6E 6E 65 63
0190 74 69 6F 6E 3A 20 6B 65 65 70 2D 61 6C 69 76 65
01a0 0D 0A 43 6F 6F 6B 69 65 3A 20 50 52 45 46 3D 49
01b0 44 3D 33 36 35 39 64 34 33 64 63 37 31 62 65 35
01c0 66 65 3A 54 4D 3D 31 32 33 35 30 39 35 30 36 35
01d0 3A 4C 4D 3D 31 32 33 35 31 36 32 34 39 35 3A 44
01e0 56 3D 41 41 3A 47 4D 3D 31 3A 53 3D 73 51 74 65
01f0 45 30 55 7A 4E 55 4B 6A 35 58 6E 37 3B 20 4E 49
0200 44 3D 32 30 3D 56 6D 38 33 49 57 55 4B 79 32 43
0210 64 6E 46 38 69 39 4B 4F 32 30 32 37 4B 7A 59 71
0220 32 49 4A 66 77 4B 61 4E 51 63 38 4C 43 45 35 4A
0230 52 52 74 72 56 49 6C 47 61 52 68 6E 42 6E 64 6C
0240 69 6C 64 48 6C 57 67 58 54 62 43 54 56 37 52 31
0250 64 61 69 34 30 6F 5A 32 73 4F 41 78 70 72 58 54
0260 31 5A 55 77 50 65 71 4A 6B 36 58 74 59 6B 56 33
0270 58 71 49 77 42 4F 30 5F 62 76 4C 6C 57 51 44 34
0280 32 67 79 70 39 0D 0A 0D 0A