hexdump Command: Tutorial & Examples

Display File Contents In Hexadecimal And ASCII Representation

The hexdump command is a versatile Linux utility designed to display the raw contents of files or standard input in a hexadecimal and ASCII format. It provides a human-readable view of binary data, which is essential for debugging, analyzing file structures, verifying data integrity, and troubleshooting various system and network issues. By converting raw bytes into hexadecimal values alongside their ASCII equivalents, hexdump helps system administrators, developers, and security professionals inspect and understand file contents without needing to interpret binary data directly.

How It Works

hexdump reads input data from a file or standard input (stdin) and converts each byte into a two-digit hexadecimal number. It typically outputs the offset (address) of the displayed data in the file, the hexadecimal byte values, and the corresponding ASCII characters for printable bytes. Non-printable ASCII characters are usually represented by a dot (.) to maintain readability. This structured output enables users to analyze binary files, check for anomalies, or reverse-engineer data formats.

What It Is Used For

The primary uses of hexdump include:

  • Debugging Binary Files: Inspect compiled programs, object files, and binary configurations.
  • Data Recovery: Analyze corrupted or damaged files by viewing their raw contents.
  • Network Packet Inspection: Examine raw data captured from network traffic for network failure diagnosis.
  • File Format Analysis: Understand proprietary or undocumented file formats by observing byte patterns.
  • Verifying File Integrity: Compare binary data before and after transmission or processing.
  • Educational Purposes: Learn how data is stored at the byte level.

Why It Is Important

Many system and application files are stored in binary formats that are not human-readable. Without tools like hexdump, interpreting these files would require complex software or source code knowledge. hexdump provides a straightforward way to visualize this data at the byte level, aiding troubleshooting, security audits, and development tasks. It bridges the gap between raw binary data and human understanding.

Basic Usage And Common Command Line Parameters

The simplest usage of hexdump is to provide a filename as an argument:

hexdump filename

This outputs the raw content of the file in a default hexadecimal format. However, hexdump offers several options to customize its output:

  • -C: Display output in canonical hex+ASCII format with offsets.
  • -b: Display output as octal bytes.
  • -c: Display output as ASCII characters (prints non-printable as escape sequences).
  • -n count: Limit output to the first count bytes.
  • -s offset: Skip offset bytes from the start before dumping.
  • -v: Disable suppression of repeated lines (show all lines).
  • -e format_string: Customize output format using format strings.

Explanation Of Output Format

A typical hexdump -C output looks like this:

00000000  48 65 6c 6c 6f 20 57 6f  72 6c 64 0a              |Hello World.|
  • The leftmost column (00000000) is the offset in hexadecimal, indicating the position of the first byte on that line relative to the start of the input.
  • The middle section shows the hexadecimal representation of each byte.
  • The rightmost column displays the ASCII characters corresponding to those bytes; non-printable characters are replaced with dots (.).

Practical Examples Using hexdump

1. Basic Hexdump

hexdump example.txt

Sample output:

0000000 48 65 6c 6c 6f 20 57 6f 72 6c 64 0a
000000c

This shows the hexadecimal bytes of example.txt with offsets.

2. Canonical Hex+ASCII Format

hexdump -C example.txt

Sample output:

00000000  48 65 6c 6c 6f 20 57 6f  72 6c 64 0a              |Hello World.|

3. Display Octal Bytes

hexdump -b example.txt

Sample output:

0000000 110 145 154 154 157 040 127 157 162 154 144 012
000000c

4. Display ASCII Characters

hexdump -c example.txt

Sample output:

0000000   H   e   l   l   o       W   o   r   l   d  \n
000000c

5. Display First 8 Bytes

hexdump -n 8 -C example.txt

Sample output:

00000000  48 65 6c 6c 6f 20 57 6f                           |Hello Wo|

6. Skip First 4 Bytes

hexdump -s 4 -C example.txt

Sample output:

00000004  6f 20 57 6f 72 6c 64 0a                           |o World.|

7. Using hexdump With Standard Input

You can pipe output from other commands to hexdump:

echo "Hello" | hexdump -C

Sample output:

00000000  48 65 6c 6c 6f 0a                                    |Hello.|

8. Custom Format Strings

Format strings control output layout. For example, to display only hex bytes in groups of two:

hexdump -e '2/1 "%02x "' example.txt

Sample output:

4865 6c6c 6f20 576f 726c 640a

Advanced Usage

The -e option allows detailed output customization using format strings. The format syntax includes:

  • /count: Number of units per output line.
  • format: How to print each unit (e.g., %02x for two-digit hex).
  • "string": Literal text in output.

Example: Display offset and 4-byte integer values:

hexdump -e '"%08_ax " 4/4 "%08x " "\n"' example.bin

This prints offsets and four 4-byte integers per line in hex.

Common Errors And Troubleshooting

  • Permission Denied: If you get "Permission denied," ensure you have read access or use sudo if necessary.
  • File Not Found: Check the filename spelling and path.
  • Large Output Overload: Dumping large files produces huge output; use -n to limit bytes or pipe to less.
  • Unreadable Output: Incorrect format strings can produce confusing output; verify your format string syntax.

Potential Problems And Pitfalls

  • Output for very large files can be overwhelming; always limit output or filter.
  • Interpreting binary data requires knowledge of character encoding and file structure.
  • Hexdump does not edit files; it only displays data.
  • Misinterpreting non-printable characters or ignoring byte order (endianness) may cause confusion.

Tips And Best Practices

  • Use -C for easy-to-read output combining hex and ASCII.
  • Combine hexdump with head or tail to inspect file beginnings or ends.
  • Use format strings to tailor output for scripts or specific analysis.
  • Pipe hexdump output into grep or awk for searching specific byte patterns.
  • Save output to a file for offline analysis.

Scripting And Integration With Other Tools

hexdump can be integrated into shell scripts for automated analysis. Example: Extract the first 16 bytes and check if they match a known header:

if [ "$(hexdump -n 16 -e '16/1 "%02x"' file.bin)" = "89504e470d0a1a0a0000000d49484452" ]; then
    echo "This is a PNG file."
else
    echo "Unknown file type."
fi

Performance Considerations

hexdump is efficient for small to medium files but can be slow or produce unmanageable output for very large files. Using -n to limit bytes or combining with commands like head can improve usability. It consumes minimal CPU and memory as it streams data.

Security Considerations

Inspecting sensitive files with hexdump requires appropriate permissions. Avoid dumping sensitive data on shared terminals or logs without encryption. hexdump itself does not modify data, but caution is advised when handling confidential files.

Possible Alternatives Or Related Commands

  • xxd: Similar to hexdump but often provides more readable output by default.
  • od: Octal dump utility with various output format options.
  • strings: Extract printable strings from binary files.
  • cat: For viewing plain text files.
  • file: Determine file type without dumping contents.

See Also

Further Reading

As an Amazon Associate, I earn from qualifying purchases.

The text above is licensed under CC BY-SA 4.0 CC BY SA