How to Use Linux Hexdump Command with Practical Examples

Hexdump is a very useful Linux command for developers and application debuggers. It has ability to dump file contents into many formats like hexadecimal, octal, ASCII and decimal. This command takes a file, or any standard input, as input parameter and converts it to the format of your choice. Let's assume you work with binary data and you are unable to understand the format of a file, you can make use of Hexdump command to get file contents in much better readable format. This command comes pre-installed with all modern day Linux operating systems like CentOS, Fedora, Ubuntu, Debian, Arch Linux etc. In this article, we will be demonstrating the use of hexdump command using various examples. Written in C language, this command might be easy to understand by professional C programmers, but for other IT professionals, it might be a tricky command. We will try to do our best to demonstrate its usage and purpose here in this article.

1) Hexdump -b

Using "-b" switch with Hexdump will display the input offset in hexadecimal format. This option is also called "One-byte octal display".  The output will be followed by sixteen space-separated, three column, zero-filled, bytes of input data, in octal, per line. Here is the example output we received when we run this command with "-b" switch on a file named "Linuxthegreat".
# hexdump -b Linuxthegreat
0000000 124 150 151 163 040 151 163 040 040 141 040 164 145 163 164 040
0000010 114 151 156 157 170 151 144 145 040 106 151 154 145 012 125 163
0000020 145 144 040 146 157 162 040 144 145 155 157 156 163 164 162 141
0000030 164 151 157 156 040 160 165 162 160 157 163 145 163 012 012
000003f

2) Hexdump -c

This option is referred to as "One-byte character display". You can use this command parameter to display the input offset in hexadecimal. The output string will be followed by sixteen space-separated,   three column, space-filled, characters of input data per line. Here is the example output of this command.
hexdump -c Linuxthegreat
0000000   T   h   i   s       i   s           a       t   e   s   t
0000010   L   i   n   o   x   i   d   e       F   i   l   e  \n   U   s
0000020   e   d       f   o   r       d   e   m   o   n   s   t   r   a
0000030   t   i   o   n       p   u   r   p   o   s   e   s  \n  \n
000003f

3) Hexdump -C

Also known as "Canonical hex+ASCII display", this shows the input offset in hexadecimal, the output is followed by sixteen space-separated, two column, hexadecimal bytes, along with the same sixteen bytes in %_p format enclosed in ``|'' characters. Here is working example of this command option.
# hexdump -C Linuxthegreat
00000000  54 68 69 73 20 69 73 20  20 61 20 74 65 73 74 20  |This is  a test |
00000010  4c 69 6e 6f 78 69 64 65  20 46 69 6c 65 0a 55 73  |Linuxthegreat File.Us|
00000020  65 64 20 66 6f 72 20 64  65 6d 6f 6e 73 74 72 61  |ed for demonstra|
00000030  74 69 6f 6e 20 70 75 72  70 6f 73 65 73 0a 0a     |tion purposes..|
0000003f

4) Hexdump -d

This switch/option shows the input offset in hexadecimal, along with eight space-separated, five column, zero-filled, two-byte units of input data. The output is in unsigned decimal per line. It is also referred to as "Two-byte decimal display"  mode. Here is example output of this command.
 hexdump -d Linuxthegreat
0000000   26708   29545   26912   08307   24864   29728   29541   08308
0000010   26956   28526   27000   25956   17952   27753   02661   29525
0000020   25701   26144   29295   25632   28005   28271   29811   24946
0000030   26996   28271   28704   29301   28528   25971   02675   00010
000003f

5) Hexdump -o

Also known as "Two-byte octal display", it shows the specified input offset in hexadecimal. The output of the command is followed by eight space-separated, six column, zero-filled, two byte quantities of input data, in octal, per line.
# hexdump -o Linuxthegreat
0000000  064124  071551  064440  020163  060440  072040  071545  020164
0000010  064514  067556  064570  062544  043040  066151  005145  071525
0000020  062145  063040  071157  062040  066545  067157  072163  060562
0000030  064564  067157  070040  071165  067560  062563  005163  000012
000003f

6) Hexdump  -x

It shows the offset in hexadecimal, followed by eight, space separated, four column, zero filled, two-byte quantities of input data, in hexadecimal. It is referred to as "Two-byte hexadecimal display".
# hexdump -x Linuxthegreat
0000000    6854    7369    6920    2073    6120    7420    7365    2074
0000010    694c    6f6e    6978    6564    4620    6c69    0a65    7355
0000020    6465    6620    726f    6420    6d65    6e6f    7473    6172
0000030    6974    6e6f    7020    7275    6f70    6573    0a73    000a
000003f

7) Hexdump  -v

By default, hexdump uses the asterisk sign (*) to replace the identical line in the output string, but -v option causes hexdump to display all input data. This option is useful when performing the analysis of complete output of any string or text. This command can be used in shell /bash scripts as well for better automation of your desired tasks.

8) Hexdump -s

"Hexdump -s" displays only specified number of bytes from a file, the general syntax to use this option is as follows.
hexdump -s n -c  File
Where, replace "n" with number of lines you want displayed, and "File" with your actual file name. Following example output should further clarify this concept.
# hexdump -s 1 -c  Linuxthegreat
0000001   h   i   s       i   s           a       t   e   s   t       L
0000011
The above command will display only one line of output.
You can get more details about hexdump using its help manual. Simply type following command on your Linux system's terminal and it will display all possibilities and option which can be used with hexdump.
man hexdump

Conclusion

Hexdump is pretty useful utility for system administrators and programmers. It makes analyzing and decoding the various file formats a piece of cake. It can be easily used in bash programming or C programming language scripts to perform complex tasks of file format conversions or analysis and reverse engineering. In this article, we have introduced to hexdump, its useful options and some useful demonstration of the commands related to this utility. Hope you enjoyed this article. If you have any comments or questions, feel free to let us know in comments.

Comments

Post a Comment

Popular posts from this blog

Changing the keyboard layout RHEL 7

The keyboard layout settings enable the user to control the layout used on the text console and graphical user interfaces. 1.2.1. Displaying the Current Settings As mentioned before, you can check your current keyboard layout configuration with the following command: localectl status In the following output, you can see the keyboard layout configured for the virtual console and for the X11 window system. ~]$  localectl status System Locale: LANG=en_US.utf8 VC Keymap: us X11 Layout: us 1.2.2. Listing Available Keymaps To list all available keyboard layouts that can be configured on your system, type: localectl list-keymaps ⁠ Example 1.5. Searching for a Particular Keymap You can use  grep  to search the output of the previous command for a specific keymap name. There are often multiple keymaps compatible with your currently set locale. For example, to find available Czech keyboard layouts, type: ~]$  ...
Keep reading

HOW TO RECOVER DELETED FILES IN LINUX

Image
Have you ever gotten that horrible feeling? The one you get when you realize that you  accidentally deleted files  and it’s not even in the trash? Often it is immediately preceded by denial: I know I have another copy of it somewhere. But rather than going through all the stages of grief, don’t worry. And remember you’re not alone; sooner or later everyone does this. “Don’t worry?” you counter, “I just erased the only copy of my resume!” No really, don’t worry. All that’s happened is that it’s been bumped off a list. So long as you don’t write onto the drive, it absolutely still exists. In fact, depending on the size of the file and the free space on your drive deleted files can persist indefinitely—even if you do write on the drive. “Yes, fine” you say, “I’ll rest easy knowing my resume ‘exists’ in some abstract sense. But so far as I’m concerned if I can’t open, edit or print from it, it doesn’t exist in any practical sense. What would really help would be a w...
Keep reading

HOW TO INSTALL AND REMOVE SOFTWARE IN UBUNTU

Image
When you  switch to Linux , the experience could be overwhelming at the start. Even the basic things like installing applications in Ubuntu could seem confusing. Don’t worry. Linux provides so many ways to do the same task that it is only natural that you may seem lost, at least in the beginning. You are not alone. We have all been to that stage. In this beginner’s guide, I’ll show most popular ways to install software in Ubuntu. I’ll also show you how to uninstall the software you had installed earlier. I’ll also provide my recommendation about which method you should be using for installing software in Ubuntu. Sit tight and pay attention. This is a long article, a detailed one which is surely going to add to your knowledge. INSTALLING AND UNINSTALLING SOFTWARE IN UBUNTU I am using Ubuntu 16.04 running with Unity desktop environment in this guide. Apart from a couple of screenshots, this guide is applicable to all other flavors of Ubuntu. 1.1 INSTALL SOFTWARE US...
Keep reading