shift or die

security. photography. foobar.

pdml2sbud - pretty network packets in your terminal

Ange Albertini and Rafał Hirsz recently released SBuD at Troopers (see talk slides). Despite the warning that it is still an experimental tool, I played around with it a bit and found it quite nice to highlight structure and content in binary data. While SBuD is aimed at files, I immediately thought of using it to highlight network packets as well. This is why I built a small tool called pdml2sbud, which converts a Wireshark PDML file into the format used by dat.py from SBuD. See it in action below and clone it. I made a few patches to dat.py so that the same part (or subsets) are highlighted in the same color, so you might want to use my clone.

Caveat: there’s a few bugs left here and there, very much still work in progress. But I believe it serves as a nice PoC of what is possible with dat.py and that making hexdumps/network packet dumps prettier is possible :-)