Wireshark-users: Re: [Wireshark-users] text2pcap

From: Behdad Forghani <behdad.forghani@xxxxxxxxxxxxxx>
Date: Sat, 09 May 2009 09:42:33 -0400
The fastest way is to open the file with vi or vim and type:
:g/^/s//0000 /
I.e., globally(everyline) substitute the beginning of line with "0000 "
This will do the trick.

In Perl you can write x.pl with the code:
open $input, "<$ARGV[0]" or die "Cannot open $ARGV[0]";
while(<$input>) 
{
	$_ =~ s/^/0000 /
	print $_
}
close $input;

then run it as perl x.pl > out.txt

Cheers

On Sat, 2009-05-09 at 16:13 +0530, SuNeEl wrote:
> thanx bro,
> 
> but it seems very daunting task since I could not add 4*0 to a long
> file pls. suggest some script or any way to achive the same. or any
> RS232 logger that take care of that 0000
> 
> pls suggest
> 
> --
> 
> 
> Happiness is like a Butterfly...
> 
> 
> 
> --- On Thu, 7/5/09, Faten SOLTANI <faten.soltani@xxxxxxxxxxxxxxxxxx>
> wrote:
>         
>         From: Faten SOLTANI <faten.soltani@xxxxxxxxxxxxxxxxxx>
>         Subject: Re: [Wireshark-users] text2pcap
>         To: wireshark-users@xxxxxxxxxxxxx
>         Date: Thursday, 7 May, 2009, 12:45 PM
>         
>         > Hi
>         the input file to Text2pcap must respect this structure
>         bellow:
>         
>         0000    85 06 40 01 00 00 02 01 00 00 01 0A 00 02 09 07 83 90
>         32 54 06 00 01
>         0000    85 06 40 01 00 00 02 01 00 00 01 0A 00 02 09 07 83 90
>         32 54 06 00 01
>         0000    85 05 80 01 00 00 02 0C 02 00 02 80 81
>         0000    85 06 40 01 00 00 02 10 00
>         0000    85 06 40 01 00 00 02 10 00
>         the 4* "0" in the begening is an offset, it must be equal a 0
>         in the
>         begening of  each paket.
>         regards
>         Faten
>         
>         
>         
>         
>         >
>         > Message: 4
>         > Date: Wed, 6 May 2009 16:55:10 +0530 (IST)
>         > From: SuNeEl <seacore14@xxxxxxxxx>
>         > Subject: [Wireshark-users] text2pcap
>         > To: wireshark-users@xxxxxxxxxxxxx
>         > Message-ID: <944238.47837.qm@xxxxxxxxxxxxxxxxxxxxxxxxxxx>
>         > Content-Type: text/plain; charset="utf-8"
>         >
>         > Hi all,
>         >
>         > why i am not able to convert my hexa dump file of rs232 data
>         to pcap file
>         > using text2pcap utility ?
>         >
>         >
>         > --
>         >
>         > Happiness is like a Butterfly...
>         >
>         >
>         >
>         >       Now surf faster and smarter ! Check out the new
>         Firefox 3 - Yahoo!
>         > Edition
>         http://downloads.yahoo.com/in/firefox/?fr=om_email_firefox
>         > -------------- next part --------------
>         > An HTML attachment was scrubbed...
>         > URL:
>         >
>         http://www.wireshark.org/lists/wireshark-users/attachments/20090506/e2dc3373/attachment.htm
>         >
>         > ------------------------------
>         >
>         > Message: 5
>         > Date: Wed, 6 May 2009 13:47:17 +0200
>         > From: "Anders Broman" <anders.broman@xxxxxxxxxxxx>
>         > Subject: Re: [Wireshark-users] [Suspected Spam]   text2pcap
>         > To: "Community support list for Wireshark"
>         >     <wireshark-users@xxxxxxxxxxxxx>
>         > Message-ID:
>         >
>         <E48F3A0F80C4B642BF6A5FF3257DFBB906A18D7E@xxxxxxxxxxxxxxxxxxxxxxxxxxxx>
>         >
>         > Content-Type: text/plain; charset="us-ascii"
>         >
>         > Hi,
>         > Because you ar not doing it right :-)) possibly?
>         > Jokes aside text2pcap expects the data to be in the same
>         format as the
>         > hex pane of Wireshark i think, something like:
>         > 0000 00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00
>         00 .....
>         > 0010 00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00
>         00 .....
>         > :
>         > Regards
>         > Anders
>         >
>         > ________________________________
>         >
>         > From: wireshark-users-bounces@xxxxxxxxxxxxx
>         > [mailto:wireshark-users-bounces@xxxxxxxxxxxxx] On Behalf Of
>         SuNeEl
>         > Sent: den 6 maj 2009 13:25
>         > To: wireshark-users@xxxxxxxxxxxxx
>         > Subject: [Suspected Spam] [Wireshark-users] text2pcap
>         >
>         >
>         > Hi all,
>         >
>         > why i am not able to convert my hexa dump file of rs232 data
>         to pcap
>         > file using text2pcap utility ?
>         >
>         >
>         > --
>         >  <http://www.mylivesignature.com>
>         >
>         >
>         > Happiness is like a Butterfly...
>         >
>         >  <http://topmasala.com/images/geek2.gif>
>         >
>         >
>         > ________________________________
>         >
>         > Own a website.Get an unlimited package.Pay next to nothing.*
>         Click
>         > here!.
>         >
>         <http://in.rd.yahoo.com/tagline_ysb_website/*http://in.business.yahoo..c
>         > om/>
>         > -------------- next part --------------
>         > An HTML attachment was scrubbed...
>         > URL:
>         >
>         http://www.wireshark.org/lists/wireshark-users/attachments/20090506/84260057/attachment.htm
>         >
>         > ------------------------------
>         >
>         > _______________________________________________
>         > Wireshark-users mailing list
>         > Wireshark-users@xxxxxxxxxxxxx
>         > https://wireshark.org/mailman/listinfo/wireshark-users
>         >
>         >
>         > End of Wireshark-users Digest, Vol 36, Issue 10
>         > ***********************************************
>         >
>         
>         
>         ___________________________________________________________________________
>         Sent via:    Wireshark-users mailing list
>         <wireshark-users@xxxxxxxxxxxxx>
>         Archives:    http://www.wireshark.org/lists/wireshark-users
>         Unsubscribe:
>         https://wireshark.org/mailman/options/wireshark-users
>         
>            mailto:wireshark-users-request@xxxxxxxxxxxxxx?subject=unsubscribe
>         
> 
> 
> ______________________________________________________________________
> Own a website.Get an unlimited package.Pay next to nothing.* Click
> here!.
> ___________________________________________________________________________
> Sent via:    Wireshark-users mailing list <wireshark-users@xxxxxxxxxxxxx>
> Archives:    http://www.wireshark.org/lists/wireshark-users
> Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
>              mailto:wireshark-users-request@xxxxxxxxxxxxx?subject=unsubscribe