This is our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

Hello,

I am developing a program using libpcap to capture Beacon Frames, Probe Requests and Probe Responses from my wireless interface that I specify. When I try and hex dump the packet and look at the packet it is slightly off compared to what I am seeing in Wireshark, so I was wondering why this is and if you guys do something special to the hex dump before you dump it?

If you need to see anymore information let me know.

This what I am doing for the hexdump (just incase you want to see)

void hexdump(const void *ptr, int buflen) {
   unsigned char *buf = (unsigned char*)ptr;
   int i, j;
     for (i= 0; i< buflen; i+=16) {
       printf("%06x: ", i);
       for (j=0; j<16; j++)
         if (i+j < buflen)
           printf("%02x ", buf[i+j]);
         else
           printf("   ");
       printf(" ");
       for (j=0; j<16; j++)
         if (i+j < buflen)
           printf("%c", isprint(buf[i+j]) ? buf[i+j] : '.');
       printf("\n");
     }
   }

Thank you! DO

asked 02 Jun '13, 09:45

_Derko's gravatar image

_Derko
1111
accept rate: 0%


When you say "slightly off", what exactly is the difference you are seeing between a wireshark hex dump of the packet and your own output?

A Wireshark "Packet bytes" hex dump output is in the format of [offset] [bytes] [ascii], where those three sections are delimited by two spaces and each byte is delimited by one space.

As an example, this is how I generate a hex dump file from an array of packets in perl (each entry is a hex string representing an entire packet), where I want to read the output of this into Wireshark's text2pcap utility (not bothering with the ASCII piece):

foreach (@packets) { $packet = $_; $packet_length = $_ =~ tr/[0-9a-zA-Z]//; # The +0.999... is a cheap way to round up for the last line. $line_count = int(($packet_length/32) + 0.9999999999); for ($n=0; $n < $line_count; $n++){ $offset = sprintf("%x",($n*16)); # Assumes no offset greater than 4 hex characters. $lead_zeros = 4 - ($offset =~ tr/[0-9a-zA-Z]//); $lead_zeros = '0' x $lead_zeros; $bytes = substr($packet,$n*32,32); # Adds a space character after every byte. $bytes =~ s/([0-9a-zA-Z]{2})/$1 /g; print "$lead_zeros$offset $bytes\n"; }; };

permanent link

answered 02 Jun '13, 12:44

Quadratic's gravatar image

Quadratic
1.9k6928
accept rate: 13%

edited 02 Jun '13, 12:47

Your answer
toggle preview

Follow this question

By Email:

Once you sign in you will be able to subscribe for any updates here

By RSS:

Answers

Answers and Comments

Markdown Basics

  • *italic* or _italic_
  • **bold** or __bold__
  • link:[text](http://url.com/ "title")
  • image?![alt text](/path/img.jpg "title")
  • numbered list: 1. Foo 2. Bar
  • to add a line break simply add two spaces to where you would like the new line to be.
  • basic HTML tags are also supported

Question tags:

×37
×23
×12
×2

question asked: 02 Jun '13, 09:45

question was seen: 2,092 times

last updated: 02 Jun '13, 12:47

p​o​w​e​r​e​d by O​S​Q​A