A hexdump is the hexidecimal representation of binary data.
How do I get one?
There are many programs you can use to get a hexidecimal dump of network traffic.
Wireshark is one program but the preferred method is to use tcpdump.
Tcpdump is primarily a Unix based program but there is a free Windows version called Windump.
In a Unix machine that has the doc package of tcpdump installed
you can type man tcpdump in a terminal and review the manual for tcpdump.
A manual for tcpdump can also be found on the Internet through Google or other search engine.
Tcpdump captures and reads files in the libpcap format.
The table below shows some of the options which can be used with tcpdump.
tcpdump command options | |
| -n | this switch says not to resolve IP addresses |
| -X | says to show output in hexidecimal |
| -s (size) | specifies the amount of data to capture |
| -i (dev name) | specifies the network device to capture from. |
| -w (filename) | specifies a capture file |
| '(abc)' | filters output to only matching criteria |
The command used to capture the example was:
tcpdump -nX -i eth0 -w capz
The command used to display the results was:
tcpdump -nX -r capz 'tcp' | less
Traffic may need to be generated by viewing web pages or pinging machines during the capture process.
If there is little to no traffic you will get little to no results.
