How to copy hex data of captured packet form wires

here is the example this is the captured packet data

00000000  00 6e 0b 00                                                                          .n..
00000004  4d 5a e8 00 00 00 00 5b  52 45 55 89 e5 81 c3 81                    MZ.....[ REU.....
00000014  12 00 00 ff d3 89 c3 57  68 04 00 00 00 50 ff d0                       .......W h....P..
00000024  68 f0 b5 a2 56 68 05 00  00 00 50 ff d3 00 00 00                      h...Vh.. ..P.....
00000034  00 00 00 00 00 00 00 00  00 00 00 00 e0 00 00 00                    ........ ........
00000044  0e 1f ba 0e 00 b4 09 cd  21 b8 01 4c cd 21 54 68                      ........ !..L.!Th
00000054  69 73 20 70 72 6f 67 72  61 6d 20 63 61 6e 6e 6f                      is progr am canno
00000064  74 20 62 65 20 72 75 6e  20 69 6e 20 44 4f 53 20                     t be run  in DOS 
00000074  6d 6f 64 65 2e 0d 0d 0a  24 00 00 00 00 00 00 00                     mode.... $.......

and i want only the hex part like this

  00 6e 0b 00 
  4d 5a e8 00 00 00 00 5b  52 45 55 89 e5 81 c3 81
  12 00 00 ff d3 89 c3 57  68 04 00 00 00 50 ff d0

I try right click on the packet and select copy -> bytes ->hex stream but the hex data I got doesn't look like the above data at all so How Can I copy hex data of captured packet form wireshark ?

thanks for reading

标签： network-programming wireshark packet-capture

3条回答

Rolldiameter

2楼-- · 2019-04-05 05:25

You can use TShark.
TShark is shipped with Wireshark.
Use command:
tshark -x -r dns.pcapng frame.number == 10

Output:
D:\Wireshark>tshark -r dns.pcapng frame.number == 10 -x
0000  00 25 9c ca 94 fe 90 e6 ba 71 70 03 08 00 45 00   .%.......qp...E.
0010  00 3f 6d 61 00 00 80 11 7d dc 0a 01 01 0a 11 22   .?ma....}......"
0020  33 44 f0 1d 00 35 00 2b be 3e 71 dd 01 00 00 01   3D...5.+.>q.....
0030  00 00 00 00 00 00 0d 73 74 61 63 6b 6f 76 65 72   .......stackover
0040  66 6c 6f 77 03 63 6f 6d 00 00 ff 00 01            flow.com.....

Copy and paste the hex part.

Hope this helps

0人赞添加讨论(0) 举报

姐就是有狂的资本

3楼-- · 2019-04-05 05:26

If there are several packets you're interested in, you can export them to a file.

mark those packets (right click on each packet then Mark Packet (toggle) or Ctrl + M)
choose File > Export > File.... Make sure you select Marked packets.
if you're only interested in the hex data, make sure only Packet Bytes is checked in Packet Format

Note that when exporting you also have the choice with First to last marked as well as Range, if the interesting packets are next to each other.

0人赞添加讨论(0) 举报

孤傲高冷的网名

4楼-- · 2019-04-05 05:27

On the Wireshark "packet list" panel, right click the packet you want and:

1) if you select Copy->Bytes->Hex stream, you'll get the hex digits as one long string without white spaces

 39cb08004528053f000000006f1105faac11745dac11740c039......

2) if you select Copy->Bytes->Offset Hex, you'll get the hex digits as displayed on the GUI , including the offset of each line starting byte (frame offset)

0010   05 3f 00 00 00 00 6f 11 05 fa ac 11 74 5d ac 11    
0020   74 0c 03 9e 03 9d 05 2b 00 00 07 e0 8f ee 8f 1c    
0030   ff 00 00 00 00 00 09 0f 00 58 39 cb 60 00 00 00    
0040   11 80 08 00 73 00 02 44 00 00 00 00 03 dd de de

0人赞添加讨论(0) 举报

How to copy hex data of captured packet form wires

采纳回答

编辑标签

举报内容

检举类型

检举原因

检举说明(必填)

打开微信“扫一扫”，打开网页后点击屏幕右上角分享按钮

付费偷看金额在0.1-10元之间