dark mode light mode Search

7 Best Ways to Use Linux hexdump Command


Here are the seven best ways to use the Linux hexdump command for inspecting the content of different file types:

  1. View any file type content in hexadecimal format using hexdump [options] file.
  2. Analyze PDF documents with hexdump -C -n 40 filename.pdf to view the file header.
  3. Use hexdump -C filename.txt to inspect text files in hexadecimal and ASCII format.
  4. View image files with the hexdump -C filename.png | head -n 10 command to identify specific details about its contents.
  5. Examine audio files by running hexdump -C audio.mp3 | head -n 20 in the Terminal to view file format information and metadata.
  6. Read archive files with hexdump -C archive.zip | head -n 10 to examine the contents and file details.
  7. Combine with other Linux commands to search for a specific pattern in the hexdump output with hexdump -C filename.txt | grep "search-pattern".

In addition to these command lines, use other common options, such as -C, -n, -s, -b, -e, and -v, to display output in particular formats. Moreover, to help you inspect the content of the file more efficiently, you should add the pipes and redirection to chain commands, use different options to handle large files, and try to have a better understanding of the different output formats.

Read on the article below to get hands-on experience in file content analysis with the Linux hexdump command using the seven practical examples and three valuable practices.

If you’re dealing with files on Linux, chances are you’ll eventually stumble upon the hexdump command. It let you view the file content in hexadecimal format. This command particularly comes in handy when you need to find specific patterns or anomalies that may exist in the file. But that’s not all it can do – you can also use it to analyze and extract relevant data from other types of files.

In this article, I’ll guide you through the ins and outs of the Linux hexdump command. We’ll start with the basics and work our way up to more advanced usage, including combining it with other commands. Plus, I’ll provide you with plenty of real-life examples and best practices to master this command.

How to Use Linux hexdump Command

To use the Linux hexdump command, you can simply use the basic command to view file contents in hexadecimal format. Or add some options to analyze the particular file type, such as PDF, text, image, audio, archive files, and more. It can also be used to search for a specific pattern with the grep command. Let’s dive into some practical examples of using the Linux hexdump command:

1. Hexadecimal File View

The hexdump command displays file contents in hexadecimal format, with each line representing a certain number of bytes, typically 16 or 32. Key output columns include the byte offset, hexadecimal representation of bytes, and ASCII representation of non-printable characters. Here’s how you can use this command to view the file content in hexadecimal format:

  1. Run the basic syntax of the Linux hexdump command with the file name that you wish to view in the hexadecimal format.
hexdump [options] file
  1. You’ll see the following output for your file content in the Terminal window:
basic syntax of the linux hexdump
  1. Apart from this basic hexdump command style, you can add -C for ASCII and hexadecimal format, -n to limit bytes, -s to skip bytes, -b for the octal format, -e for a custom format, and -v for a verbose display. Read the section below to learn more about these options.

2. Analyse the PDF Documents

PDF documents have binary characters, which can be read with the Linux hexdump command. You can use hexdump to analyze its contents and extract certain information from it. To do so, follow the steps below:

  1. In the Terminal window, enter the following command:
hexdump -C -n 40 filename.pdf
  1. This command line will display the first 40 bytes of the file in both hexadecimal and ASCII format.
analyse pdf documents
  1. You can now examine the output to see the file header. It tells you that it is a PDF object, as it starts with %PDF, while the string indicates the title hexfile.

3. Inspect Text Files

The Linux hexdump command is a useful tool for inspecting the contents of a text file. If you’re working with a text file and need to analyze its contents, this command can be an invaluable resource. Here’s a step-by-step guide on how to use the Linux hexdump command to view the contents of a text file:

  1. Launch the command prompt and execute the command below:
hexdump -C filename.txt
  1. This will display the contents of the file in both hexadecimal and ASCII format.
inspect text files
  1. You can scroll down and view the whole output to read the content of the text file without opening it via GUI.

4. View Image Files

Image files are also stored in binary format, which means that you can use the Linux hexdump command to view the hexadecimal representation. With this command, you can identify specific details about its contents. Here’s how you can do it:

  1. Launch the Terminal window and execute the following command:
hexdump -C filename.png | head -n 10
  1. This will display the first line of the hexdump output for the image file’s header. The header contains information about the image’s format and other details.
view hexadecimal representation of image files
  1. In our case, the image file is in PNG format. You may also see image software information from which it was captured. For instance, I have used Greenshot to capture this image.
  2. You can now use this information to make decisions about manipulating your image file, such as changing the format from PNG to JPEG while preserving its resolution to reduce the file size and more.

5. Examine Audio Files

hexdump can also reveal the details about audio files, including audio data, metadata, and file format information. Follow these steps to examine the header of an MP3 audio file with the hexdump command:

  1. Execute the following command in the Terminal app:
hexdump -C audio.mp3 | head -n 20
  1. This will display the first 20 lines of the audio file. It contains information about the file format, metadata, and other details.
examine mp3 audio file
  1. For example, in the above output, you may see the metadata information of the MP3 file, such as the title, artist, and album of the song.
  2. You can target specific portions of the audio data and use other tools, like FFmpeg or Audacity, to extract portions of the original file. This is helpful for audio engineers, musicians, or anyone working with audio files in a professional capacity.

6. Read Archive Files

Archive files are commonly used to store multiple compressed files or directories, and the Linux hexdump command can help examine their contents. Here’s how you can do it in just a few easy steps:

  1. Run the following command in the Linux command prompt:
hexdump -C archive.zip | head -n 10
  1. This will display the first 10 lines of the Hexdump output for the archive file. The header may contain information about the file name, format, and other details.
hexdump output for zip archive file
  1. In the above output, this command displays the file names and their extensions that are compressed within this archive file. Like, file.txt in the second line and Maybe.mp3 in the second last line of the output.
  2. So, if you need to extract specific files from the archive, you can first view those files and then use tools. like 7-Zip, to extract them.

7. Search for a Specific Pattern

You can use the grep command to search for a specific byte pattern in the hexdump output. Here’s how you can combine the Linux hexdump command with grep:

  1. Open a Terminal window and enter the following command:
hexdump -C filename.txt | grep "pattern"
  1. Make sure to replace the pattern with the byte pattern you’re looking for. And you’ll have the output for that particular term.
search for a specific byte pattern
  1. Examine the output to see where the pattern is located in the file. This makes it easier to locate particular terms in large files.

3 Best Practices to Use Linux hexdump Command

To get the most out of the Linux hexdump command, it’s important to follow some best practices. Here are three valuable tips that can help you use the command more efficiently:

1. Use Pipes and Redirection to Chain Commands

With the ability to display the hexadecimal and ASCII values of a file, the hexdump command can be used in combination with other Linux commands to perform more complex operations. For example, to display the contents of a file in reverse order, use the following command:

hexdump -C hexfile.txt | tac

In this command, the -C option with the name of the file as an argument. It outputs the contents of the file in a hexdump format, with ASCII characters displayed to the right of the hexadecimal values. While the | symbol, known as a pipe, is used to redirect the output of one command to the input of another command. And the tac command can be used in combination with hexdump to reverse the order of lines in the output. So, by piping the output of hexdump to tac, the contents of the file are displayed in reverse order in the terminal.

display contents of a file in reverse order

2. Use Options to Handle Large Files

When dealing with large files, it’s crucial to use the -s and -n options with the hexdump command to limit the amount of data being processed at once. The -s option sets the starting offset in the file for reading data, and the -n option specifies the number of bytes to be processed. These options help prevent memory issues and ensure that the command runs efficiently. Here’s an example of how to use the Linux hexdump command with these options:

hexdump -C -s 1000 -n 100 hexfile.txt

This command will start reading the file hexfile.txt at offset 1000 and process only the next 100 bytes of data. This helps ensure that the command is not overwhelmed with data and that it can complete its processing without issues.

handle large files efficiently

3. Know Your Output Formats

By default, the Linux hexdump command displays output in hexadecimal format. However, to display output in a combined hexadecimal and ASCII format, use the -C option. This format provides both the hexadecimal and ASCII representation of the input data in two columns. Also, you can add the -b option to display output in octal format. The octal output displays each byte of data as three octal digits, with the ASCII representation displayed to the right. With these options, here’s what your Linux hexdump command should look like:

hexdump -C -b hexfile.txt

If this command is executed, it will display the contents of the file in octal format. The -C option tells the command to display the output in a more user-friendly format, with ASCII characters on the right side of each line. And the -b option specifies that the output should be in octal format, which means that each byte is represented by a three-digit octal number.

different output formats

To Sum Up

In this article, I’ve covered everything you need to know about using the Linux hexdump command. From understanding the basic output to using this command with other Linux commands, I’ve provided step-by-step seven practical examples with the best three practices.

In addition to mastering the Linux hexdump command, you should also explore the topics like using the grep with OR condition to search for a particular string pattern within files, or the help command to learn more options about utilities and apps. You might also want to look into the Vim editor navigation basics for streamlining file editing tasks.

Frequently Asked Questions

How can I view the Linux hexdump output in a more human-readable format?

By default, the hexdump command displays the output in a format that’s optimized for machines rather than humans. If you’d like to view the output in a more human-readable format, you can use the -C option, which displays the ASCII representation of each byte alongside the hexadecimal representation.

Is there a limit to the size of the file that can be analyzed with the hexdump command?

There’s no hard limit to the size of the file that can be analyzed with the Linux hexdump command. However, if you’re working with a very large file, you may need to use the -s and -n options to limit the amount of data that the command processes at once.

Can the Linux hexdump command be used to modify binary files?

No, the Linux hexdump command is a read-only tool that is used to examine the contents of binary files. It is not designed to modify or manipulate binary data in any way. If you need to modify a binary file, you should use a dedicated tool that is designed for that purpose, such as a hex editor or a binary editor. Modifying a binary file directly can be complex and potentially dangerous, so it’s important to use a tool that is designed for this specific task.