|
I'm looking to convert pcap file to a raw dump of the bytes of the packets. This is when export file to txt file using wireshark
then the requirement data is only hex data in red box. Because packet data is too much, so need some script to implement this.
and this the result and create multiple file depend on number of packet data |
|
I'm not entirely sure I understand what you're asking. If you want just the ASCII hex dump of all data and nothing else, then you can simply pipe the output of tshark through sed like so: tshark -x -r mydata.pcap | sed -n 's/^[0-9a-f]*\s\(\(\s[0-9a-f][0-9a-f]\)\{1,16\}\).*$/\1/p' If that's not what you're asking, perhaps you could clarify. I don't understand "create multiple file depend on number of packet data." Do you mean that you want to create one file per packet? Is the file to be a hex dump (printable form) or is it a pure binary file? when i'm try using tshark thought sed..give some error: 'sed' is not recognized as an internal or external command, operable program or batch file. yes,I just want hex data only and want to create one file per packet. In this picture (printable form) is not same file with above. That's is just some example only. But actually hex data will be same.
(27 Jan '11, 11:32)
faz
You're probably running Windows; I'm not sure what commands that come with Windows would help here, but you might look at sed for Windows.
(27 Feb '11, 23:28)
Guy Harris ♦♦
|
|
The faz, since your system doesn't have You can find more information on |
