0

till now I understood that every packet will be in hexadecimal format. so, I tried of creating a packet 80 20 10 12 F5 10 .... like this and saved in a file with extension of .pcap . I tried to open the packet using wireshark, but it was telling that it is a unsupported packet. I did not understand why its happening. I want to is there any other procedure to create a packets? can we create a packet in .pcap format?

I am new to this sniffer. so could you clarify my doubt and suggest me a solution to it.

thank you,

regards, sathish

sathish reddy s
  • 31
  • 4
  • "I did not understand why its happening." It's happening because a pcap file doesn't just have packet data, it also has a file header and, for each packet, a packet header, so what you created might have an extension of .pcap but it's not a pcap file. (Wireshark decides what type a file is based on its *contents*, not solely on its extension.) As @harper's answer says, try using `text2pcap` to create an actual pcap file. –  Jun 08 '16 at 17:21

1 Answers1

0

The Wireshark utility text2pcap does this job. It accepts a file of hex dump and creates the pcap file.

You specify at the command line what part of the packet shall be defined by the hex file. So it can generate dummy IP and Ethernet addresses for you.

harper
  • 13,345
  • 8
  • 56
  • 105