I Smell Packets


Wirehex.pl – A Perl Script
June 2, 2009, 9:13 pm
Filed under: perl, wirehex.pl

In response to the request for more ways to convert hex dumps to pcap files, John Wohlbery (@jonw18 on twitter) wrote the following dirty little perl script. Basically, it follows the same steps that were discussed in the previous post.

wirehex.pl

#!/usr/bin/perl

($file = $ARGV[0]);

open (WH,"<$file") || die ("Could not open $!\nUSAGE: $0 <FILE_TO_OPEN>\n\n");
while (<WH>)
{
push(@everything,$_);
}

$size=$#everything;
print "000000 ";
for ($x=0; $size>=$x; $x++)
{
$everything[$x] =~ s/\r|\n/ /g;
print $everything[$x];
}


close (WH);

The command line syntax for the script is as follows:

wirehex.pl <NAME_OF_TEXT_FILE>

Everything can also be done on a single command-line like so:

wirehex.pl <NAME_OF_TEXT_FILE> | text2pcap - <OUTPUT.pcap>; tcpdump -v -r <OUTPUT.pcap>

The script can also be downloaded from the I Smell Packets Group on Google.

http://groups.google.com/group/ismellpackets

Advertisements


Jim Clausing’s Solution
May 13, 2009, 7:17 pm
Filed under: Packet Challenge, perl, text2pcap

In case you missed it, here is a link to Jim Clausing’s (@jclausing on twitter) solution to last week’s challenge:

http://isc.sans.org/diary.html?storyid=6352

Awesome use of perl and text2pcap!