我有一个十六进制字符串,我想将其转换为Wireshark PCAP。Wireshark以以下格式接受十六进制:
0000 00 00 00 00 00 aa 00 00 00 00 00 01 88 47 00 3e
0010 80 0a 00 00 d1 0a 10 00 89 02 20 01 05 46 00 00
0020 00 01 00 02 04 03 6d 64 31 02 03 6d 61 57 00 00
0030 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0040 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0050 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0060 00 00 00 00 00
我有以下流:
0000000000AA0000000000018847003E800A0000D10A100089022001054600000001000204036D643102036D615700000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
我一直在Linux中使用od -Ax -tc1 -v命令进行实验,但似乎无法获得正确的输出。有人知道如何完成吗?
首先将十六进制流放入文本文件" a.txt",
0000000000AA0000000000018847003E800A0000D10A100089022001054600000001000204036D643102036D615700000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
然后将文本文件转换为二进制文件:
xxd -r -p a.txt a.bin
使用OD和Text2PCAP将二进制文件转换为PCAP文件。
od -Ax -tx1 -v a.bin | text2pcap - a.pcap
您可以使用以下脚本。这只是一个解决方法。od和hexdump将将0解释为字符'0',并使用字节48,因此您可能无法获得正确的输出。该脚本读了两个字符,共16次,并且相应地增加了偏移。我猜很容易理解:)
#!/bin/bash
off=0
while [ 1 ]
do
printf "%04x " $off
for ((i=0;i<16;i++))
do
read -n 2 a
[ $? -ne 0 ] && echo && exit
echo -n "$a "
done
echo
off=`expr $off + 16`
done <test
其中 test是保存流的文件。我得到了您输入的以下输出。
0000 00 00 00 00 00 AA 00 00 00 00 00 01 88 47 00 3E
0010 80 0A 00 00 D1 0A 10 00 89 02 20 01 05 46 00 00
0020 00 01 00 02 04 03 6D 64 31 02 03 6D 61 57 00 00
0030 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0040 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0050 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0060 00 00 00 00 00