Skip to content
This repository

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP

UDP hex dump to pcap converter

branch: master

Cosmetics

latest commit 38b5409527
Shunichi Shinohara authored April 23, 2012
Octocat-spinner-32 LICENSE Initial commit April 14, 2012
Octocat-spinner-32 README.rst Cosmetics April 23, 2012
Octocat-spinner-32 sample_input.txt Initial commit April 14, 2012
Octocat-spinner-32 sample_output.pcap Initial commit April 14, 2012
Octocat-spinner-32 udpdump_to_pcap.py Add python implementation. April 22, 2012
Octocat-spinner-32 udpdump_to_pcap.rb Initial commit April 14, 2012
README.rst

UDP hex dump to pcap converter

This is a small utility script which converts UDP hex dump strings to pcap format.

See below about libpcap file format. http://wiki.wireshark.org/Development/LibpcapFileFormat

Usage

Read hex dump packet data from STDIN, write pcap format to STDOUT.

Ruby version:

$ ./udpdump_to_pcap.rb < hexdump.txt > out.pcap

Python version:

$ ./udpdump_to_pcap.py < hexdump.txt > out.pcap

Input file should be of comma-separated format, with column order as follows:

  1. Date and time, ISO 8601 with 6 digits microsecond, 2011-08-26T12:48:52.904486 for example
  2. Ignored (Maybe host name comes here)
  3. Ignored (Maybe process ID comes here)
  4. Source IP address
  5. Source UDP port
  6. Destination IP address
  7. Destination UDP port
  8. Hex dump string of UDP payload

See sample_input.txt for example.

API

Ruby

If your input data is not as above file format, you can use the packet function directly, after require 'udpdump_to_pcap'.

The arguments are as follows:

  1. Output stream
  2. Date and time, ISO 8601 with 6 digits microsecond, 2011-08-26T12:48:52.904486 for example
  3. Source IP address
  4. Source UDP port
  5. Destination IP address
  6. Destination UDP port
  7. Hex dump string of UDP payload

See debug_main() in udpdump_to_pcap.rb for example.

Python

If your input data is not as above file format, you can use the packet function directly, after import udpdump_to_pcap.

The arguments are as follows:

  1. Date and time, ISO 8601 with 6 digits microsecond, 2011-08-26T12:48:52.904486 for example
  2. Source IP address
  3. Source UDP port
  4. Destination IP address
  5. Destination UDP port
  6. Hex dump string of UDP payload

Some notes

  1. I try this script only at little-endian environments. There may be bugs on big-endian environments or cross environments.
  2. UDP checksum is NOT calculated (just Zeros). If you use viewer software such as Wireshark, I recommend disabling checksum validation.
  3. Also IP headers are passable hard-coded values. Don't take them seriously.
  4. Assumes IPv4. Don't work with IPv6.
  5. In pcap files, L2(MAC) is skipped by specifying Link-Layer Header to IPv4. So now support IPv4 only.

Copyright

  • Copyright 2012 by Shunichi Shinohara.
  • Copyright 2012 by Shoji KUMAGAI (Python version).

License

Apache License v2.

See LICENSE file for detail.

Something went wrong with that request. Please try again.