Home / ubuntu / Questions / 1118249
Accepted
Adam Ledger
Asked: 2019-02-15 07:44:56 +0800 CST

txt to pcap file conversion using sed and xxd

  • 772

I have used this command to successfully convert a .txt file to a .pcap file. However these were all for .txt files I obtained from the www,but when i attempted to use it for .txt files I had personally created on another program, it did create filename.pcap, but it is empty.

Does anyone have a better alternative?

Also in as much as I appreciate all the assistance here in code that achieves the result, if anyone can refer me to the wikipedia articles regarding the subject that is relevant as to why this occurs, thats really going to help me contextually understand how things work, where as just the code as helpful as I feel as it this is, will leave me none the wiser as far as how linux works. So I'm sure this will be considered a duplicate question, but I actually would really like to understand specifically this scenario, rather than be referred to another apt package.

Many thanks

sed 's/^[0-9:]*//' filename.txt | sed 's/^  //g' | sed 's/    .*$//g' | xxd -r -p > filename.pcap

Updated Edit:

The only consistent difference between the collection of txt files for which the above worked, and those I created, was that mine exclusively consist of numbers, one per line, 10 digits in length, where as the others contain everything else on the keyboard.

Don't know if that's any help, and yeah also I took a look at a pcap file in the text editor simply by changing it's extension to txt, and it appears they are encrypted with a cipher that utilizes many more characters beyond what is on the standard keyboard, so... yes it's pretty standard, not sure what I was expecting there.

scripts command-line sed

2 Answers

  1. I don't know sed, or xxd but I would try to follow the 4 commands individually:

    1. sed 's/^[0-9:]*//' filename.txt > step1.txt
    2. sed 's/^ //g' step1.txt > step2.txt
    3. sed 's/ .*$//g' step2.txt > step3.txt
    4. xxd -r -p step3.txt > filename.pcap

    Following each step, I'd find a handy sed tutorial, and check to see if the output of the command matches what I think it should be, thus learning a little about sed and xxd in the process.

    You may have noticed that I removed the "|" character from the command line you originally used. "|" is a pipe, indicating that the output from the command is to be used as the input for the next command. Instead of piping the data about, the command outputs are stuffed into intermediate files, which are then used as the input to the next command.

    • 1
  2. Best Answer

    You mention that

    The only consistent difference between the collection of txt files for which the above worked, and those I created, was that mine exclusively consist of numbers, one per line, 10 digits in length

    Assuming by "numbers" you mean sequences of decimal digits, then the first sed expression

    s/^[0-9:]*//

    meaning match zero or more decimal digits or colon characters anchored to the start of the line, and replace them with nothing (which is presumably intended to remove the default byte offset from a regular xxd output) will remove everything, leaving only a sequence of empty lines.

    • 1