This is a static archive of our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

creating pcap with multiple packets

0

I have a binary file that I want to convert to a pcap file. I did a hexdump and then converted to a pcap using text2pcap. But there are multiple packets(custom protocol, custom dissector) in that binary file. How do I use hexdump to delineate different packets so that my pcap file has multiple packets??

Thanks!

asked 13 Jun '11, 12:37

tut087's gravatar image

tut087
1443
accept rate: 0%

One Answer:

1

The different packets are tracked through their offset:

An offset of zero is indicative of starting a new packet, so a single text file with a series of hexdumps can be converted into a packet capture with multiple packets.

See the section in the User's Guide.

answered 13 Jun '11, 13:50

Jaap's gravatar image

Jaap ♦
11.7k16101
accept rate: 14%

Thanks. When I create ahexdump. offset of zero comes in the beginning only. So do I have to manually change it? Or is there a method to produce a zero offset after regular byte interval?

(13 Jun '11, 14:14) tut087