LiYanandYanan

  博客园  :: 首页  :: 新随笔  :: 联系 :: 订阅 订阅  :: 管理
dump报文转换为wrieshark报文

我们开发中经常会出原始的报文,如下所示:

45 00 01 3d 8e 6a 00 00 80 11 ab 46 00 00 00 00
ff ff ff ff 00 44 00 43 01 29 64 b6 01 01 06 00
fe 55 ca 5c 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 ca c1 30 3f 27 c6 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 63 82 53 63 35 01 03 36
04 c0 a8 1e 01 3d 07 01 ca c1 30 3f 27 c6 32 04
c0 a8 1e 0d 3c 08 4d 53 46 54 20 35 2e 30 37 0c
01 0f 03 06 2c 2e 2f 1f 21 79 f9 2b ff

这样的报文对于我们分析和定位问题非常不方便(原先的报文是个IP包),

我们可以加上mac头之后01 00 5E 00 00 02 00 1B 0D E6 F0 C0 08 00将报文输入这个网址会自动帮我们转换为wireshark报文,http://sadjad.me/phd/

但是有时候我们的报文比较复杂,用上面转换容易造成错误。我们可以用以下的方法:

我们可以先将该报文稍微转换一下,转成如下所示:

0000 01 00 5E 00 00 02 00 1B 0D E6 F0 C0 08 00 45 00 01 3d 8e 6a 00 00 80 11 ab 46 00 00 00 00
001E ff ff ff ff 00 44 00 43 01 29 64 b6 01 01 06 00
002E fe 55 ca 5c 00 00 00 00 00 00 00 00 00 00 00 00
003E 00 00 00 00 00 00 00 00 ca c1 30 3f 27 c6 00 00
004E 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
005E 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
006E 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
007E 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
008E 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
009E 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00AE 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00BE 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00CE 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00DE 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00EE 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00FE 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
010E 00 00 00 00 00 00 00 00 63 82 53 63 35 01 03 36
011E 04 c0 a8 1e 01 3d 07 01 ca c1 30 3f 27 c6 32 04
012E c0 a8 1e 0d 3c 08 4d 53 46 54 20 35 2e 30 37 0c
013E 01 0f 03 06 2c 2e 2f 1f 21 79 f9 2b ff

注意:1. 因为先前的包是IP包,所以你可以随意加上14字节的mac头,01 00 5E 00 00 02 00 1B 0D E6 F0 C0 08 00,注意08 00 是类型代表是IP包,

2. 同时还要在最左边加上报文的地址。

之后将你的报文保存为txt格式的就可以了。

最后使用wireshark自带的text2pcap.exe,就存放在你的wireshark的安装目录里,通过在该文件目录下,通过CMD界面输入

text2pcap.exe  2.txt 2.pcap。

这样就可以通过wireshark看你的报文了,非常方便。

posted on 2017-01-10 13:50  LiYanandYanan  阅读(297)  评论(0编辑  收藏  举报