This is a static archive of our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

decoding wireshark

i hv written code to reverse the hex dump in the C language, but i observed the output like this ∟ o e ∞ m @ ☻ Ñ N ╢ 2 E ( δ à ≥ ♠ Σ M ╤ ‼ e j └ ¿ ☺ ╓ ☺ ╗ └ J d ¿ σ * k · ½ ♥ P ► D p O æ ∟ o e ∞ m @ ☻ Ñ N ╢ 2 E ☻ s δ ë ≥ ♠ ß ■ ╤ ‼ e j └ ¿ ☺ ╓ ☺ ╗ └ J d ¿ σ * k · ½ ♥ P ↑ D p n ♀ ↨ ♥ ☺ ☻ F ⌠ N

╜ º i ╨ ⌡ ú ├ â ╥ à σ ╤ Y î ≡ â 9 - v ₧ ┤ ╧ , π W à # s ► æ ƒ ▐ n ù " V £ A ⌡ ∟ ┤ 4 ú α ¶ ¡ ; l P ┘ ├ ú α ñ ╖ ♀ ╜ ╗ Γ ¥ ↓ $ m √ ╢ τ O ░ 3 ♀ ò & Q ─ ï 6 ╩ ☼ ' Y ½ ╘ ¼ ⌐ ☼ ╔ ╫ τ k ⁿ ▼ s g | ( ≤ ╞ û ▬ d ♂ # ╔ ü º ₧ < £ π ü ¥ l ¡ à ┘ ▐ ▓ & o Y s █ { ì û Ö a ╜ Ñ Φ ⌐ ╗ ° ╝ ü § ┴ ╚   ½ Z º [ § É ╞ ╫ ƒ { Σ E N ↕ Ö 6 ┬ ⌡ ú ú i ├ ß ╛

how do i get the exact data.

decoder

asked 13 Jun '11, 21:33

sagu072
35●23●24●28
accept rate: 0%

Great ! Your getting somewhere, but what do you mean by "reverse the Hex Dump" ! ?

Put all the date back to front, or undo the Compilation ?

Geoff Gus Stacey

[email protected]

(13 Jun '11, 21:58) Gusgeoff

the data stored from wireshark is in hex format so i jus reversed to ascii.

(13 Jun '11, 22:00) sagu072

That will do you no good as it's a binary format(Hex). You can print to file if you want to have the decoded output,

(21 Jun '11, 23:26) Anders ♦

If by "the data stored from Wireshark" you mean the capture file from Wireshark, it is, as noted, a binary file, and a bunch of us have already written several programs that display the packet data in ASCII. Those programs have names such as "Wireshark" and "TShark". :-)

Doing the work Wireshark and TShark do - or even that tcpdump does - is a significant amount of work. You need to handle the details of pcap or pcap-ng format (or use libpcap/WinPcap to read the file), and then decode the packet data.

(23 Jun '11, 10:41) Guy Harris ♦♦