Wireshark-users: Re: [Wireshark-users] Where is hex2pcap
Date: Wed, 18 Mar 2009 02:35:00 +0700
Thanks Joerg for the script.
Thanks Joan for your time
I don't know why but when I using text2pcap I have to add an extra space character at end of each line. If not pcap packet generated will be corrupt. Maybe text2pcap prefer text format "offset-hex-ASCII" than "offset-hex"

Regards
-giobuon

On Tue, Mar 17, 2009 at 4:13 AM, <j.snelders@xxxxxxxxxx> wrote:
On Mon, Mar 16, 2009 at 11:58:33PM +0700, giobuon@xxxxxxxxx wrote:
> I have a file exported from a TCP stream, it include few packet. And it
> isn't text so I can't using text2pcap tools. How can I read it using
> wireshark.

Here is your packet;-)

The text file with hex values must look like this:
0000 00 13 49 D3 9A 28 00 E0 B0 F5 EB 4B 08 00 45 00
0010 02 7B 8D E8 40 00 80 06 E8 A2 0A 00 00 11 4A 7D
0020 2D 64 0B D7 00 50 A7 FB BC FC 54 24 1E 52 50 18
0030 FF FF 84 5F 00 00 47 45 54 20 2F 20 48 54 54 50
0040 2F 31 2E 31 0D 0A 48 6F 73 74 3A 20 67 6F 6F 67
0050 6C 65 2E 63 6F 6D 0D .... and so on

Next you can use text2pcap:

$ text2pcap 001349.txt 001349.cap
Input from: 001349.txt
Output to: 001349.cap
Wrote packet of 649 bytes at 0
Read 1 potential packet, wrote 1 packet

Regards
Joan





___________________________________________________________________________
Sent via:    Wireshark-users mailing list <wireshark-users@xxxxxxxxxxxxx>
Archives:    http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
            mailto:wireshark-users-request@xxxxxxxxxxxxx?subject=unsubscribe