Wireshark-users: Re: [Wireshark-users] Hex numbers and fields

From: Lisi <lisi.reisz@xxxxxxxxx>
Date: Mon, 10 Oct 2011 11:37:14 +0100
On Monday 10 October 2011 11:05:19 Graham Bloice wrote:
> On 10/10/2011 09:02, Lisi wrote:
> > I'm sorry, I obviously don't know enough about networks for it to be
> > sensible for me to use Wireshark.  But I am where I am, and I want at
> > least to try.
> >
> > What is the connection between the fields and the hex numbers at the
> > bottom of the screen?  I can see that there is one, but I couldn't even
> > begin to use the hex numbers to enable me to describe the fields, which
> > is what I am supposed to be doing.  I need to go the other way round!
> >
> > And what are the letters, numbers, dots and symbols beside the hex
> > numbers?
> >
> > I have Googled, I have searched the Wireshark site, I have searched the
> > course text book.  I cannot find anything that describes this.
>
> Lisi,
>
> Assuming you mean the hex pane, that shows the contents of the capture at a
> very low level.  Protocol information is transmitted over the chosen medium
> using some form of binary signalling, the binary bits are collected
> (usually) into bytes and hex is the commonly accepted human readable (to
> some folks) form to display that in.  The characters beside the hex are the
> ASCII representation of the hex values, those values that don't have a
> character representation are shown as a dot.
>
> A protocol dissector takes the binary capture information and parses it
> into the fields you see in the protocol tree.  If you select a field in the
> tree, values in the hex pane will be highlighted showing those values that
> make up that particular field in the protocol.

Thanks very much Graham.  That is a very helpful explanation.

Lisi