Wireshark-users: Re: [Wireshark-users] text2pcap
From: Behdad Forghani <behdad.forghani@xxxxxxxxxxxxxx>
Date: Sat, 09 May 2009 09:42:33 -0400
The fastest way is to open the file with vi or vim and type:
:g/^/s//0000 /
I.e., globally(everyline) substitute the beginning of line with "0000 "
This will do the trick.
In Perl you can write x.pl with the code:
open $input, "<$ARGV[0]" or die "Cannot open $ARGV[0]";
while(<$input>)
{
$_ =~ s/^/0000 /
print $_
}
close $input;
then run it as perl x.pl > out.txt
Cheers
On Sat, 2009-05-09 at 16:13 +0530, SuNeEl wrote:
> thanx bro,
>
> but it seems very daunting task since I could not add 4*0 to a long
> file pls. suggest some script or any way to achive the same. or any
> RS232 logger that take care of that 0000
>
> pls suggest
>
> --
>
>
> Happiness is like a Butterfly...
>
>
>
> --- On Thu, 7/5/09, Faten SOLTANI <faten.soltani@xxxxxxxxxxxxxxxxxx>
> wrote:
>
> From: Faten SOLTANI <faten.soltani@xxxxxxxxxxxxxxxxxx>
> Subject: Re: [Wireshark-users] text2pcap
> To: wireshark-users@xxxxxxxxxxxxx
> Date: Thursday, 7 May, 2009, 12:45 PM
>
> > Hi
> the input file to Text2pcap must respect this structure
> bellow:
>
> 0000 85 06 40 01 00 00 02 01 00 00 01 0A 00 02 09 07 83 90
> 32 54 06 00 01
> 0000 85 06 40 01 00 00 02 01 00 00 01 0A 00 02 09 07 83 90
> 32 54 06 00 01
> 0000 85 05 80 01 00 00 02 0C 02 00 02 80 81
> 0000 85 06 40 01 00 00 02 10 00
> 0000 85 06 40 01 00 00 02 10 00
> the 4* "0" in the begening is an offset, it must be equal a 0
> in the
> begening of each paket.
> regards
> Faten
>
>
>
>
> >
> > Message: 4
> > Date: Wed, 6 May 2009 16:55:10 +0530 (IST)
> > From: SuNeEl <seacore14@xxxxxxxxx>
> > Subject: [Wireshark-users] text2pcap
> > To: wireshark-users@xxxxxxxxxxxxx
> > Message-ID: <944238.47837.qm@xxxxxxxxxxxxxxxxxxxxxxxxxxx>
> > Content-Type: text/plain; charset="utf-8"
> >
> > Hi all,
> >
> > why i am not able to convert my hexa dump file of rs232 data
> to pcap file
> > using text2pcap utility ?
> >
> >
> > --
> >
> > Happiness is like a Butterfly...
> >
> >
> >
> > Now surf faster and smarter ! Check out the new
> Firefox 3 - Yahoo!
> > Edition
> http://downloads.yahoo.com/in/firefox/?fr=om_email_firefox
> > -------------- next part --------------
> > An HTML attachment was scrubbed...
> > URL:
> >
> http://www.wireshark.org/lists/wireshark-users/attachments/20090506/e2dc3373/attachment.htm
> >
> > ------------------------------
> >
> > Message: 5
> > Date: Wed, 6 May 2009 13:47:17 +0200
> > From: "Anders Broman" <anders.broman@xxxxxxxxxxxx>
> > Subject: Re: [Wireshark-users] [Suspected Spam] text2pcap
> > To: "Community support list for Wireshark"
> > <wireshark-users@xxxxxxxxxxxxx>
> > Message-ID:
> >
> <E48F3A0F80C4B642BF6A5FF3257DFBB906A18D7E@xxxxxxxxxxxxxxxxxxxxxxxxxxxx>
> >
> > Content-Type: text/plain; charset="us-ascii"
> >
> > Hi,
> > Because you ar not doing it right :-)) possibly?
> > Jokes aside text2pcap expects the data to be in the same
> format as the
> > hex pane of Wireshark i think, something like:
> > 0000 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
> 00 .....
> > 0010 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
> 00 .....
> > :
> > Regards
> > Anders
> >
> > ________________________________
> >
> > From: wireshark-users-bounces@xxxxxxxxxxxxx
> > [mailto:wireshark-users-bounces@xxxxxxxxxxxxx] On Behalf Of
> SuNeEl
> > Sent: den 6 maj 2009 13:25
> > To: wireshark-users@xxxxxxxxxxxxx
> > Subject: [Suspected Spam] [Wireshark-users] text2pcap
> >
> >
> > Hi all,
> >
> > why i am not able to convert my hexa dump file of rs232 data
> to pcap
> > file using text2pcap utility ?
> >
> >
> > --
> > <http://www.mylivesignature.com>
> >
> >
> > Happiness is like a Butterfly...
> >
> > <http://topmasala.com/images/geek2.gif>
> >
> >
> > ________________________________
> >
> > Own a website.Get an unlimited package.Pay next to nothing.*
> Click
> > here!.
> >
> <http://in.rd.yahoo.com/tagline_ysb_website/*http://in.business.yahoo..c
> > om/>
> > -------------- next part --------------
> > An HTML attachment was scrubbed...
> > URL:
> >
> http://www.wireshark.org/lists/wireshark-users/attachments/20090506/84260057/attachment.htm
> >
> > ------------------------------
> >
> > _______________________________________________
> > Wireshark-users mailing list
> > Wireshark-users@xxxxxxxxxxxxx
> > https://wireshark.org/mailman/listinfo/wireshark-users
> >
> >
> > End of Wireshark-users Digest, Vol 36, Issue 10
> > ***********************************************
> >
>
>
> ___________________________________________________________________________
> Sent via: Wireshark-users mailing list
> <wireshark-users@xxxxxxxxxxxxx>
> Archives: http://www.wireshark.org/lists/wireshark-users
> Unsubscribe:
> https://wireshark.org/mailman/options/wireshark-users
>
> mailto:wireshark-users-request@xxxxxxxxxxxxxx?subject=unsubscribe
>
>
>
> ______________________________________________________________________
> Own a website.Get an unlimited package.Pay next to nothing.* Click
> here!.
> ___________________________________________________________________________
> Sent via: Wireshark-users mailing list <wireshark-users@xxxxxxxxxxxxx>
> Archives: http://www.wireshark.org/lists/wireshark-users
> Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
> mailto:wireshark-users-request@xxxxxxxxxxxxx?subject=unsubscribe
- Follow-Ups:
- Re: [Wireshark-users] text2pcap
- From: Behdad Forghani
- Re: [Wireshark-users] text2pcap
- References:
- Re: [Wireshark-users] text2pcap
- From: SuNeEl
- Re: [Wireshark-users] text2pcap
- Prev by Date: Re: [Wireshark-users] Partly functional ?
- Next by Date: Re: [Wireshark-users] text2pcap
- Previous by thread: Re: [Wireshark-users] text2pcap
- Next by thread: Re: [Wireshark-users] text2pcap
- Index(es):