Workflow for packets?

[quetzalsly]

I really like the editor, its really good for working with files.

Now I am working on a new project where I am required to sniff packets and understand them.
The packets are unencrypted and for each one I have just a blob of hex data.
I was wondering if there would be some kindof workflow for using imhex with this?

I thought of writing a plugin or something, just not sure how to proceed.

The ideal workflow would be like, capture packet -> preprocess it using something -> have it display data like a C struct, so weird hex data becomes like struct{int id; string name, float speed}; and it would allow me to analyse each packet in a human readable form.

Any advice for such a project or is imhex not a good idea to use for this?

Thanks.

[WerWolv]

Hey, I usually do it like this:

• Let ImHex create a new file
• Resize the file to some size that's >= the size of the package
• Copy the bytes you captured
• Click in the editor view, CTRL + A, CTRL + V
• Hit run on the pattern editor

If there's something I can add to make this easier, let me know. I've used ImHex for this before a few times and tried to come up with a better way but never found a way that was really easier

[KillyMXI]

I've been using Wireshark in the past, albeit only for known protocols.
I think being able to parse a sequence of packets at once is important.

Any way to shorten the gap between ImHex and Wireshark could be great.

Adding support for pcap files and a way to substitute patterns for protocol layers could be a significant undertaking.

Adding the ability to generate Wireshark dissectors from ImHex patterns might possibly be more approachable option. Existing generators: https://stackoverflow.com/a/40348858