This is a static archive of our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

what am i looking at & compat

0

i was wondering if someone can clear up what these digits are. i can understand the traffic info in portion and i can read the information about send/recieve and addresses in portion but i have no idea what these values indicate:

0000 b8 e6 25 30 57 89 74 e5 43 9f 6d 16 08 06 00 01 ..%0W.t. C.m.....

this line is followed by sequentially numbered lies 0010, 0020 and similar values across the board. I wouldmuch appreciate a crash course on that info.

Secondly I wondered if I could expect wireshark to continue to function once Windows 8 is released and to what degree. Thanks!!

asked 21 Oct '12, 22:35

adnmance's gravatar image

adnmance
1111
accept rate: 0%


One Answer:

0

Wireshark is all about interpreting the hex data for you. If you look in the packet detail pane you will see the different protocol layers of the packet. Assuming this was an ethernet-frame, you will see the ethernet and arp layer, as the hex data can be interpreted as:

0000 -> offset
b8 e6 25 30 57 89 -> destination mac-address
74 e5 43 9f 6d 16 -> source mac-address
08 06 -> ethertype for ARP
00 01 -> First bytes of the ARP protocol header

..%0W.t. C.m….. -> ascii representation of the above bytes

But again, that is what Wireshark does for you already :-)

Regarding windows 8 compatability, see https://ask.wireshark.org/questions/12956/install-on-windows-8-winpcap-issue

answered 21 Oct ‘12, 23:00

SYN-bit's gravatar image

SYN-bit ♦♦
17.1k957245
accept rate: 20%