Wireshark mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Hex numbers and fields

From: Lisi <lisi.reisz () gmail com>
Date: Mon, 10 Oct 2011 11:37:14 +0100
On Monday 10 October 2011 11:05:19 Graham Bloice wrote:

On 10/10/2011 09:02, Lisi wrote:

I'm sorry, I obviously don't know enough about networks for it to be
sensible for me to use Wireshark.  But I am where I am, and I want at
least to try.

What is the connection between the fields and the hex numbers at the
bottom of the screen?  I can see that there is one, but I couldn't even
begin to use the hex numbers to enable me to describe the fields, which
is what I am supposed to be doing.  I need to go the other way round!

And what are the letters, numbers, dots and symbols beside the hex
numbers?

I have Googled, I have searched the Wireshark site, I have searched the
course text book.  I cannot find anything that describes this.


Lisi,

Assuming you mean the hex pane, that shows the contents of the capture at a
very low level.  Protocol information is transmitted over the chosen medium
using some form of binary signalling, the binary bits are collected
(usually) into bytes and hex is the commonly accepted human readable (to
some folks) form to display that in.  The characters beside the hex are the
ASCII representation of the hex values, those values that don't have a
character representation are shown as a dot.

A protocol dissector takes the binary capture information and parses it
into the fields you see in the protocol tree.  If you select a field in the
tree, values in the hex pane will be highlighted showing those values that
make up that particular field in the protocol.


Thanks very much Graham.  That is a very helpful explanation.

Lisi

___________________________________________________________________________
Sent via:    Wireshark-users mailing list <wireshark-users () wireshark org>
Archives:    http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
             mailto:wireshark-users-request () wireshark org?subject=unsubscribe
Previous By Date Next
Previous By Thread Next

Current thread: