Skip to content

shkumagai/udphex2pcap

BranchesTags
 
 

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

8 Commits

LICENSE

LICENSE

 
 

README.rst

README.rst

 
 

sample_input.txt

sample_input.txt

 
 

sample_output.pcap

sample_output.pcap

 
 

udpdump_to_pcap.escript

udpdump_to_pcap.escript

 
 

udpdump_to_pcap.pl

udpdump_to_pcap.pl

 
 

udpdump_to_pcap.py

udpdump_to_pcap.py

 
 

udpdump_to_pcap.rb

udpdump_to_pcap.rb

 
 

Repository files navigation

UDP hex dump to pcap converter

This is a small utility script which converts UDP hex dump strings to pcap format.

See below about libpcap file format. http://wiki.wireshark.org/Development/LibpcapFileFormat

Usage

Read hex dump packet data from STDIN, write pcap format to STDOUT.

Ruby version:

$ ./udpdump_to_pcap.rb < hexdump.txt > out.pcap

Python version:

$ ./udpdump_to_pcap.py < hexdump.txt > out.pcap

Input file should be of comma-separated format, with column order as follows:

  1. Date and time, ISO 8601 with 6 digits microsecond, 2011-08-26T12:48:52.904486 for example
  2. Ignored (Maybe host name comes here)
  3. Ignored (Maybe process ID comes here)
  4. Source IP address
  5. Source UDP port
  6. Destination IP address
  7. Destination UDP port
  8. Hex dump string of UDP payload

See sample_input.txt for example.

API

Ruby

If your input data is not as above file format, you can use the packet function directly, after require 'udpdump_to_pcap'.

The arguments are as follows:

  1. Output stream
  2. Date and time, ISO 8601 with 6 digits microsecond, 2011-08-26T12:48:52.904486 for example
  3. Source IP address
  4. Source UDP port
  5. Destination IP address
  6. Destination UDP port
  7. Hex dump string of UDP payload

See debug_main() in udpdump_to_pcap.rb for example.

Python

If your input data is not as above file format, you can use the packet function directly, after import udpdump_to_pcap.

The arguments are as follows:

  1. Date and time, ISO 8601 with 6 digits microsecond, 2011-08-26T12:48:52.904486 for example
  2. Source IP address
  3. Source UDP port
  4. Destination IP address
  5. Destination UDP port
  6. Hex dump string of UDP payload

Some notes

  1. I try this script only at little-endian environments. There may be bugs on big-endian environments or cross environments.
  2. UDP checksum is NOT calculated (just Zeros). If you use viewer software such as Wireshark, I recommend disabling checksum validation.
  3. Also IP headers are passable hard-coded values. Don't take them seriously.
  4. Assumes IPv4. Don't work with IPv6.
  5. In pcap files, L2(MAC) is skipped by specifying Link-Layer Header to IPv4. So now support IPv4 only.

Copyright

  • Copyright 2012 by Shunichi Shinohara.
  • Copyright 2012 by Shoji KUMAGAI (Python version).

License

Apache License v2.

See LICENSE file for detail.

About

UDP hex dump to pcap converter

Resources

Readme

License

Apache-2.0 license
Activity

Stars

1 star

Watchers

3 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages

  • Erlang 26.6%
  • Perl 25.8%
  • Ruby 24.9%
  • Python 22.7%