This is a static archive of our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

How to fetch hex values using thsark

0

Would like to fetch the hex values using tshark. Please suggest the options to do so.

asked 19 Oct '14, 22:34

udaya's gravatar image

udaya
21447
accept rate: 100%

Hex values of what? The hex dump of the packet?

(20 Oct '14, 01:23) JeffMorriss ♦

Thanks. Yes

(20 Oct '14, 03:23) udaya

2 Answers:

0

Hey Jeff,

Sorry for the confusion and thanks for the immediate response. I got it. I was exactly searching for this :)

tshark -r sim_venom_sanity_DEVICE1_PORT1_1_capture.pcap -Vx -R frame.number==2 | sed -n 's/^[0-9a-f]\s((\s[0-9a-f][0-9a-f]){1,16}).$/\1/p'

answered 20 Oct '14, 04:52

udaya's gravatar image

udaya
21447
accept rate: 100%

1

tshark -x will display a complete hex dump of the packet. Is that what you're looking for?

Note: I converted your Answer to a comment.

answered 20 Oct '14, 03:26

JeffMorriss's gravatar image

JeffMorriss ♦
6.2k572
accept rate: 27%

edited 20 Oct '14, 05:23

No I need only the following values, sorry I could not paste a snap for you e.g. ff ff ff ff ff ff 00 02 3b 10 0f d8 81 00 c0 64
08 00 45 c0 01 34 00 00 00 00 10 11 a0 f8 07 01

(20 Oct '14, 03:31) udaya

Sorry, I'm not sure what you mean. Do you want to only print the hex dump when it matches that particular pattern?

Or do you want to only print the hex dump of a certain field? Or of a certain protocol?

(20 Oct '14, 03:43) JeffMorriss ♦