Wireshark-users: Re: [Wireshark-users] Hex numbers and fields

From: Graham Bloice <graham.bloice@xxxxxxxxxxxxx>
Date: Mon, 10 Oct 2011 11:05:19 +0100
On 10/10/2011 09:02, Lisi wrote:
> I'm sorry, I obviously don't know enough about networks for it to be sensible 
> for me to use Wireshark.  But I am where I am, and I want at least to try.
>
> What is the connection between the fields and the hex numbers at the bottom of 
> the screen?  I can see that there is one, but I couldn't even begin to use 
> the hex numbers to enable me to describe the fields, which is what I am 
> supposed to be doing.  I need to go the other way round!
>
> And what are the letters, numbers, dots and symbols beside the hex numbers? 
>
> I have Googled, I have searched the Wireshark site, I have searched the course 
> text book.  I cannot find anything that describes this.
>
>
Lisi,

Assuming you mean the hex pane, that shows the contents of the capture at a
very low level.  Protocol information is transmitted over the chosen medium
using some form of binary signalling, the binary bits are collected (usually)
into bytes and hex is the commonly accepted human readable (to some folks)
form to display that in.  The characters beside the hex are the ASCII
representation of the hex values, those values that don't have a character
representation are shown as a dot.

A protocol dissector takes the binary capture information and parses it into
the fields you see in the protocol tree.  If you select a field in the tree,
values in the hex pane will be highlighted showing those values that make up
that particular field in the protocol.


-- 
Regards,

Graham Bloice