12 Dec 2023

How-to Use ‘hexdump’ | Linux File Inspection Guide

Posted in Bash, Linux, Systems Administration By Gabriel Ramuglia On December 12, 2023
Graphic of Linux screen showcasing hexdump command emphasizing binary data analysis and file content examination

Are you finding it challenging to understand the hexdump command in Linux? You’re not alone. Many developers find themselves puzzled when it comes to using this powerful tool, but we’re here to help. Think of the hexdump command as a magnifying glass for your data – allowing you to inspect it at a deeper level, providing a versatile and handy tool for various tasks.

In this guide, we’ll walk you through the process of mastering the hexdump command in Linux, from the basics to more advanced techniques. We’ll cover everything from simple usage of hexdump to understanding its output and even troubleshooting common issues.

Let’s dive in and start mastering hexdump!

TL;DR: How Do I Use the Hexdump Command in Linux?

The hexdump command in Linux is used to display the specified files, or the standard input, in a variety of formats including hexadecimal. It is used with the syntax, hexdump [option] [filename_or_string].

Here’s a simple example performed on Bash Commandline:

echo 'Hello' | hexdump

# Output:
# 0000000 48 65 6c 6c 6f 0a
# 0000006

In this example, we’re using the echo command to pass the string ‘Hello’ to hexdump. The output is a hexadecimal representation of the input string. Each pair of digits represents one character in the input, and the numbers on the left are the offsets in the data.

This is just a basic usage of the hexdump command in Linux. There’s much more to learn about it, including how to interpret its output and use it for more complex tasks. Continue reading for more detailed information and advanced usage scenarios.

Basic Use of Hexdump in Linux

Hexdump is a versatile tool in Linux that allows users to display file content in hexadecimal format. It’s particularly useful when you want to inspect binary files, but it can also be used with text files for various purposes.

Let’s look at a simple example of how to use the hexdump command:

echo 'Linux' | hexdump

# Output:
# 0000000 4c69 6e75 780a
# 0000006

In this example, we are passing the string ‘Linux’ to the hexdump command using the echo command. The output is a hexadecimal representation of each character in the string. The left column shows the offset in the data.

It’s important to note that the hexdump command displays the output in a big-endian format by default. This means that the bytes are arranged in the order of significance. For example, the hexadecimal representation of ‘Li’ is ‘4c69’, where ‘4c’ represents ‘L’ and ’69’ represents ‘i’.

One advantage of using hexdump is that it provides a quick and easy way to inspect data at a granular level. However, interpreting the output can be challenging for beginners, and it may not be the best tool for large files due to the verbose output.

Unleashing the Power of Hexdump in Linux

As you become more confident with the basic usage of the hexdump command, you might find yourself yearning for more advanced features. Hexdump is a powerful tool that can be fine-tuned using different flags or options to meet your specific needs.

Before we delve into the more complex uses of hexdump, let’s familiarize ourselves with some of the command-line arguments or flags that can modify the behavior of the hexdump command. Here’s a table with some of the most commonly used hexdump arguments:

ArgumentDescriptionExample
-bOne-byte octal display.hexdump -b file
-cOne-byte character display.hexdump -c file
-dTwo-byte decimal display.hexdump -d file
-oTwo-byte octal display.hexdump -o file
-xTwo-byte hexadecimal display.hexdump -x file
-CCanonical hex+ASCII display.hexdump -C file
-vDisplay all input data.hexdump -v file
-sSkip specified bytes of input.hexdump -s 100 file
-nInterpret only specified bytes of input.hexdump -n 100 file
-eFormat string.hexdump -e '16/1 "%02x " "\n"' file

Now that we have a basic understanding of hexdump command-line arguments, let’s dive deeper into the advanced use of hexdump.

Hexdump with -C Option

The -C option is one of the most commonly used flags with hexdump. It displays the input data in a ‘canonical’ format, which includes both hexadecimal and ASCII representations. Here’s an example:

echo 'Hello World!' | hexdump -C

# Output:
# 00000000  48 65 6c 6c 6f 20 57 6f  72 6c 64 21 0a           |Hello World!.|
# 0000000d

In this example, the -C option provides a convenient way to inspect the data in both hexadecimal and ASCII formats. This can be particularly useful when dealing with binary files or complex data structures.

Hexdump with -n and -s Options

The -n and -s options allow you to control the amount of data that hexdump interprets and the starting point of the input, respectively. Here’s an example of how to use these options:

echo 'Hello World!' | hexdump -n 5 -s 6

# Output:
# 00000006  57 6f 72 6c 64                                    |World|
# 0000000b

In this example, we’re telling hexdump to interpret only 5 bytes (-n 5) starting from the 7th byte (-s 6). This can be extremely useful when you’re dealing with large files or when you’re interested in a specific portion of the data.

Hexdump with -e Option

The -e option allows you to specify a format string that controls the output format. This is arguably the most powerful feature of hexdump, as it provides a high level of customization. Here’s an example:

echo 'Hello World!' | hexdump -e '16/1 "%02x " "\n"'

# Output:
# 48 65 6c 6c 6f 20 57 6f 72 6c 64 21 0a

In this example, the -e option is used to display the input data as a series of hexadecimal numbers, each separated by a space. The format string '16/1 "%02x " "\n"' tells hexdump to interpret 16 units (16/1) each of size 1 byte, display them as two-digit hexadecimal numbers ("%02x "), and then print a newline character ("\n").

Exploring Alternatives to Hexdump

While hexdump is a powerful tool for data inspection in Linux, it’s not the only one. There are other commands and functions that can accomplish similar tasks, each with its unique advantages and potential drawbacks. In this section, we’ll explore some of these alternatives and discuss when you might want to use them.

Using xxd for Hexadecimal Display

The xxd command is another popular tool for creating a hex dump of a file’s content. It’s part of the vim package and provides a more user-friendly output compared to hexdump, especially for beginners.

Here’s an example of how to use xxd:

echo 'Hello World!' | xxd

# Output:
# 00000000: 4865 6c6c 6f20 576f 726c 6421 0a    Hello World!.

In this example, xxd displays the output in a two-column format: the left column shows the offset in the data, and the right column shows the hexadecimal and ASCII representations of the data. This format is often easier to read than the default output of hexdump.

Using od for Octal Display

The od command, short for ‘octal dump’, is a more traditional tool that predates hexdump. It’s primarily used for displaying data in octal format, but it can also display data in other formats, including hexadecimal.

Here’s an example of how to use od:

echo 'Hello World!' | od -tx1

# Output:
# 0000000 48 65 6c 6c 6f 20 57 6f 72 6c 64 21 0a
# 0000015

In this example, the -tx1 option tells od to display the data in hexadecimal format, with each byte as a separate unit. This is similar to the output of hexdump -e '16/1 "%02x " "\n"'.

While od might seem outdated compared to hexdump or xxd, it’s still a robust tool that’s available on virtually all Unix-like systems. It can be a lifesaver when you’re working on a system that doesn’t have hexdump or xxd installed.

Decision-Making Considerations

When deciding which command to use for data inspection, consider the following factors:

  • Output Format: Do you prefer a simple and easy-to-read output, or do you need a detailed and customizable output? If it’s the former, xxd might be the best choice. If it’s the latter, hexdump or od might be more suitable.

  • Availability: Is the command available on the system you’re working on? Hexdump and xxd are not part of the POSIX standard, so they might not be available on all Unix-like systems. On the other hand, od is part of the POSIX standard and is likely to be available on most systems.

  • Familiarity: Are you more familiar with one command than the others? If you’re already comfortable using a particular command, it might be more efficient to stick with it, unless there’s a compelling reason to switch to a different command.

Troubleshooting Hexdump Command in Linux

While hexdump is a powerful tool, using it can sometimes lead to unexpected results or errors. Let’s explore some common issues you may encounter when using the hexdump command, along with their solutions.

Inverted Byte Order

One common issue with hexdump is that it displays the output in big-endian format by default, which means that the most significant byte comes first. This can lead to confusion when interpreting the output, especially for beginners.

Here’s an example:

echo 'AB' | hexdump

# Output:
# 0000000 4241 000a
# 0000004

In this example, you might expect the hexadecimal representation of ‘AB’ to be ‘4142’, but instead, it’s ‘4241’. This is because hexdump is displaying the output in big-endian format.

To display the output in little-endian format, you can use the -e option with a format string that specifies the byte order. Here’s how:

echo 'AB' | hexdump -e '2/1 "%02x" "\n"'

# Output:
# 4142

In this example, the -e '2/1 "%02x" "\n"' option tells hexdump to interpret 2 units each of size 1 byte and display them in the order they appear in the input.

Non-Printable Characters

Another common issue with hexdump is that it doesn’t display non-printable characters in a human-readable format. This can make it difficult to interpret the output when inspecting binary files or data that contains non-printable characters.

Here’s an example:

echo -e '\x01\x02\x03' | hexdump

# Output:
# 0000000 0102 030a
# 0000004

In this example, the output includes the hexadecimal representation of the non-printable characters, but it doesn’t provide any indication of what these characters are.

To display non-printable characters in a human-readable format, you can use the -C option. Here’s how:

echo -e '\x01\x02\x03' | hexdump -C

# Output:
# 00000000  01 02 03 0a                                       |....|
# 00000004

In this example, the -C option displays the non-printable characters as dots in the ASCII column, making it easier to identify them in the output.

Best Practices and Optimization

When using hexdump, here are a few tips for best practices and optimization:

  • Use the -C option for a more human-readable output, especially when inspecting binary files or data that contains non-printable characters.

  • Use the -e option with a format string to customize the output format. This can be particularly useful when you need to control the byte order or the display of individual bytes.

  • Use the -n and -s options to control the amount of data that hexdump interprets and the starting point of the input. This can be especially useful when dealing with large files or when you’re interested in a specific portion of the data.

Understanding Hexadecimal Representation

Before we delve deeper into the workings of the hexdump command, it’s crucial to understand the concept of hexadecimal representation and its significance in the computing world.

What is Hexadecimal Representation?

Hexadecimal is a base-16 number system. It extends the conventional base-10 system we use in everyday life by six additional digits. Therefore, it consists of 16 symbols: 0-9 and A-F, where A represents 10, B is 11, up to F, which stands for 15.

Here’s how you would represent the numbers from 0 to 20 in hexadecimal:

# Decimal:    0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20
# Hexadecimal: 0 1 2 3 4 5 6 7 8 9 A  B  C  D  E  F  10 11 12 13 14

Why is Hexadecimal Important in Computing?

Hexadecimal is widely used in computing for a simple reason: it’s a human-friendly way to represent binary data. Each hexadecimal digit represents exactly four binary digits, known as a nibble. Two nibbles make a byte, which means a byte can be conveniently represented as two hexadecimal digits.

This relationship between binary and hexadecimal makes it easy to convert between the two. For example, the binary number 1010 1111 can be represented as AF in hexadecimal.

# Binary:     1010 1111
# Hexadecimal:   A    F

In the context of the hexdump command, hexadecimal representation allows us to inspect binary data in a format that’s easier to understand and work with. Whether it’s a binary file, a network packet, or a memory dump, hexdump can help us dissect the data and make sense of its structure and content.

Applying Hexdump in Larger Projects

The hexdump command, while powerful on its own, can also be a valuable tool when integrated into larger scripts or projects. Its ability to display file contents in a variety of formats, particularly hexadecimal, can provide vital insights during debugging or data analysis.

Hexdump in Shell Scripts

In shell scripts, hexdump can be used to debug binary data, inspect file contents, or even generate test data. Here’s an example where we use hexdump to generate a hex dump from a random binary file and then print the first ten lines:

head -n 10 /dev/urandom | hexdump -C

In this script, head -n 10 /dev/urandom generates ten lines of random binary data, which is then passed to hexdump -C to create a canonical hex dump.

Hexdump with Other Commands

Hexdump often accompanies other commands to provide a more comprehensive view of data. For instance, dd, a command used for file conversion and copying, can be combined with hexdump to inspect the contents of a disk sector or to debug data streams.

Here’s an example:

dd if=/dev/urandom bs=1 count=128 | hexdump -C

In this command, dd if=/dev/urandom bs=1 count=128 generates 128 bytes of random data, which is then passed to hexdump -C to create a canonical hex dump.

Further Resources for Mastering Hexdump

To deepen your understanding of hexdump and its applications, consider exploring these resources:

Wrapping Up: Data Inspection with Hexdump

In this comprehensive guide, we’ve covered the ins and outs of the hexdump command in Linux, a powerful tool for data inspection at a granular level. We’ve explored its usage, from basic to advanced techniques, and discussed how it can be integrated into larger scripts or projects.

We started with the basics, learning how to use hexdump to display file contents in hexadecimal format. We then delved into more complex uses of hexdump, exploring different flags and options that can modify the command’s behavior. Along the way, we tackled common issues that you might face when using hexdump, providing solutions and workarounds for each problem.

We also explored alternative commands for data inspection in Linux, such as xxd and od, giving you a broader perspective of the tools available for this task. Here’s a quick comparison of these commands:

CommandProsCons
hexdumpDetailed output, customizable formatCan be verbose for large files
xxdUser-friendly output, part of the vim packageLess customizable than hexdump
odAvailable on virtually all Unix-like systems, supports multiple formatsOutput can be less intuitive than hexdump or xxd

Whether you’re just starting out with hexdump or looking to deepen your understanding, we hope this guide has helped you master the hexdump command in Linux. With its ability to display data in a variety of formats, particularly hexadecimal, hexdump is an invaluable tool for any Linux user. Happy exploring!

About Author

Gabriel Ramuglia
Gabriel Ramuglia

Gabriel is the owner and founder of IOFLOOD.com, an unmanaged dedicated server hosting company operating since 2010.Gabriel loves all things servers, bandwidth, and computer programming and enjoys sharing his experience on these topics with readers of the IOFLOOD blog.

Related Posts