.:Computer Defense:.

One of my favourite new commands has become hexdump. From time to time I go through my nepenthes hexdump folder to take a look at what I've recently seen.

These hexdumps on their own are fairly useless:

treguly@ns:/home/nepenthes/hexdumps$ cat ffa6fd1e9b143a4bd5ac705a570e3b21.bin
D CKFDENECFDEFFCFGAAAAAAAAAAAAAAAA EGFCEPEOFECACACACACACACACACACAAA
ÿSMBrSÈÿþbPC NETWORK PROGRAM 1.0LANMAN1.0Windows for Workgroups 3.1aLM1.2X002LANMAN2.1NT LM 0.12

However, when you make use of hexdump it becomes much more readable.

treguly@ns:/home/nepenthes/hexdumps$ hexdump -C ffa6fd1e9b143a4bd5ac705a570e3b21         .bin
00000000  81 00 00 44 20 43 4b 46  44 45 4e 45 43 46 44 45  |...D CKFDENECFDE|
00000010  46 46 43 46 47 41 41 41  41 41 41 41 41 41 41 41  |FFCFGAAAAAAAAAAA|
00000020  41 41 41 41 41 00 20 45  47 46 43 45 50 45 4f 46  |AAAAA. EGFCEPEOF|
00000030  45 43 41 43 41 43 41 43  41 43 41 43 41 43 41 43  |ECACACACACACACAC|
00000040  41 43 41 43 41 41 41 00  00 00 00 85 ff 53 4d 42  |ACACAAA......SMB|
00000050  72 00 00 00 00 18 53 c8  00 00 00 00 00 00 00 00  |r.....S.........|
00000060  00 00 00 00 00 00 ff fe  00 00 00 00 00 62 00 02  |.............b..|
00000070  50 43 20 4e 45 54 57 4f  52 4b 20 50 52 4f 47 52  |PC NETWORK PROGR|
00000080  41 4d 20 31 2e 30 00 02  4c 41 4e 4d 41 4e 31 2e  |AM 1.0..LANMAN1.|
00000090  30 00 02 57 69 6e 64 6f  77 73 20 66 6f 72 20 57  |0..Windows for W|
000000a0  6f 72 6b 67 72 6f 75 70  73 20 33 2e 31 61 00 02  |orkgroups 3.1a..|
000000b0  4c 4d 31 2e 32 58 30 30  32 00 02 4c 41 4e 4d 41  |LM1.2X002..LANMA|
000000c0  4e 32 2e 31 00 02 4e 54  20 4c 4d 20 30 2e 31 32  |N2.1..NT LM 0.12|
000000d0  00                                                |.|
000000d1

Of course, you could always pipe any output you have into hexdump. I have to say that I only really like it with the -C option, otherwise I haven't found a use for it yet.