The 802.15.4 mac layer has these great headers with too many single-bit options; sufficient to make your head hurt after a while. Since I was debugging some code, I had access to the entire buffer containing the entire frame. It would be nice to show this in Wireshark, wouldn’t it?

It’s actually not that difficult:
In GDB, after breaking at the right spot
(gdb) dump binary memory dump.bin && _buf+1 && _buf+len
Explained: dump binary memory [dump.bin] [_buf+1] [_buf+len]
- [dump.bin] your output file
- [_buf+1] the start address of the buffer (I had to skip the first byte)
- [_buf+len] the end address of the buffer
With this python script, you do the rest of the magic
"""--------------------------------------------------------------------------""" """ Original script: http://www.codeproject.com/Tips/612847/Generate-a-quick """ """ Modified by phalox.be""" """--------------------------------------------------------------------------""" import sys import binascii #Global header for pcap 2.4 pcap_global_header = ('D4 C3 B2 A1' '02 00' #File format major revision (i.e. pcap <2 & >.4) '04 00' #File format minor revision (i.e. pcap 2.< 4) '00 00 00 00' '00 00 00 00' 'FF FF 00 00' 'C3 00 00 00')&amp;nbsp; #01 is ethernet, C3 is for 802.15.4. Check http://www.tcpdump.org/linktypes.html for all others #pcap packet header that must preface every packet pcap_packet_header = ('AA 77 9F 47' '90 A2 04 00' 'XX XX XX XX' #Frame Size (little endian) 'YY YY YY YY') #Frame Size (little endian) def writeByteStringToFile(bytestring, filename): bytelist = bytestring.split() bytes = binascii.a2b_hex(''.join(bytelist)) bitout = open(filename, 'wb') bitout.write(bytes) def generatePCAP(message, pcapfile): pcap_len = len(message) / 3 # 1 byte is 3 characters e.g. "AB " hex_str = "%08x" % pcap_len reverse_hex_str = hex_str[6:] + hex_str[4:6] + hex_str[2:4] + hex_str[:2] pcaph = pcap_packet_header.replace('XX XX XX XX', reverse_hex_str) pcaph = pcaph.replace('YY YY YY YY', reverse_hex_str) bytestring = pcap_global_header + pcaph + message writeByteStringToFile(bytestring, pcapfile) """------------------------------------------""" """ End of functions, execution starts here: """ """------------------------------------------""" if len(sys.argv) &amp;lt; 3: print 'usage: pcapgen.py input_file output_file' exit(0) with open(sys.argv[1], 'r') as myfile: data = myfile.read() s = "" for c in data: s += format(ord(c), '02x')+" " generatePCAP(s, sys.argv[2])
Since I wanted to make an 802.15.4 log, I hard coded the ID for such frames in the code. Please modify if you need something else and for sure let me know if you refactor this code!
Be First to Comment