This is a static archive of our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

feed a packet in hex string format into a dissecctor

0
1

Hi all, I have a packet in hex string format, how do i create the three data format required (tvb, pinfo and tree) in order to pass it to a dissector? I have come across this mail and thought of using the function tvb_new_real_data but i have no idea how to use it.

Any help and guidance is appreciated.

Thank you

Regards, Eddie Choo

asked 03 Aug '11, 03:12

eddie%20choo's gravatar image

eddie choo
6691715
accept rate: 66%

edited 04 Aug '11, 16:15

helloworld's gravatar image

helloworld
3.1k42041

1

Can you clarify? What do you mean by "you have a packet in hex string format? Can you supply an example packet/file/whatever?

(03 Aug '11, 17:02) cmaynard ♦♦

03b1682daa0980030e160b129500120426180610030208120600120456497341623f4 804ba1411b66b1e281c060700118605010101a011600f80020780a1090607040000010 002036c17a115020100020103a30d040825054373236300f50a0100 Here you go

(03 Aug '11, 19:07) eddie choo
1

Where does this data come from - a .pcap file, a text file, or somewhere else?

(03 Aug '11, 19:26) cmaynard ♦♦

I got this raw hex string from other sources, and i need to feed it directly into the dissector.

(03 Aug '11, 19:49) eddie choo

One Answer:

1

How is your dissector called? I.e., is it called from TCP, UDP, its own data link type, or some other method? If you can convert the hex string to a format text2pcap understands you could use it to create a libpcap capture file which could then be used by your dissector. For example, if you then use text2pcap -l user0 to convert the hex data to a pcap file, you can use Edit→Preferences→Protocols→DLT_USER to associate DLT 147 (user0) with your dissector.

answered 04 Aug '11, 09:42

Gerald%20Combs's gravatar image

Gerald Combs ♦♦
3.3k92258
accept rate: 24%

Hi Gerald, basically my task is to design a program which filters massive real time packets with high speed. So i thought of minimizing the dissectors, by modifying them to suit my needs. My input will be hex string and i dont need the whole dissector to dissect my packet as the criteria of my filters are only limited to 1 information field. My temporary solution is to modify the tvb_get_uintX() function to suit my needs. Thanks for your reply

Eddie Choo

(04 Aug '11, 19:25) eddie choo