十六進制字符串wireshark pcap

我有一個十六進制字符串，我想轉換成Wireshark pcap。 Wireshark的接受以下格式的十六進制轉儲：十六進制字符串wireshark pcap

0000 00 00 00 00 00 aa 00 00 00 00 00 01 88 47 00 3e 
0010 80 0a 00 00 d1 0a 10 00 89 02 20 01 05 46 00 00 
0020 00 01 00 02 04 03 6d 64 31 02 03 6d 61 57 00 00 
0030 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 
0040 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 
0050 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 
0060 00 00 00 00 00

我有以下流：

0000000000AA0000000000018847003E800A0000D10A100089022001054600000001000204036D643102036D615700000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000

我一直od -Ax -tc1 -v命令在Linux中進行實驗，但似乎無法得到正確的輸出。有誰知道這可以做到嗎？

謝謝。

來源

2014-01-29 JohnB

流是文本格式？在一個文件？ –

是的，它在我傳遞給od命令的文件中。 – JohnB

您可以使用以下腳本。這只是一個解決方法。 od和hexdump會將0解釋爲字符'0'，並使用字節48，因此您可能無法獲得正確的輸出。該腳本讀取16個字符的兩個字符，並相應地增加偏移量。很容易理解我猜:)

#!/bin/bash 
off=0 
while [ 1 ] 
do 
     printf "%04x " $off 
     for ((i=0;i<16;i++)) 
     do 
       read -n 2 a 
       [ $? -ne 0 ] && echo && exit 
       echo -n "$a " 
     done 
     echo 
     off=`expr $off + 16` 
done <test

其中test是持有流的文件。我爲您的輸入提供了以下輸出。

0000 00 00 00 00 00 AA 00 00 00 00 00 01 88 47 00 3E 
0010 80 0A 00 00 D1 0A 10 00 89 02 20 01 05 46 00 00 
0020 00 01 00 02 04 03 6D 64 31 02 03 6D 61 57 00 00 
0030 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 
0040 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 
0050 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 
0060 00 00 00 00 00

來源

2014-01-29 10:27:10

我注意到'od'正在返回字符零的十六進制值。感謝這個腳本。 – JohnB

十六進制字符串wireshark pcap

回答

相關問題