Ange Albertini and Rafał Hirsz recently released SBuD at Troopers (see talk slides). Despite the warning that it is still an experimental tool, I played around with it a bit and found it quite nice to highlight structure and content in binary data. While SBuD is aimed at files, I immediately thought of using it to highlight network packets as well. This is why I built a small tool called
pdml2sbud, which converts a Wireshark PDML file into the format used by
dat.py from SBuD. See it in action below and clone it. I made a few patches to
dat.py so that the same part (or subsets) are highlighted in the same color, so you might want to use my clone.
Caveat: there’s a few bugs left here and there, very much still work in
progress. But I believe it serves as a nice PoC of what is possible with
dat.py and that making hexdumps/network packet dumps prettier is possible :-)