From owner-freebsd-hackers Sat Mar 9 09:31:26 1996 Return-Path: owner-hackers Received: (from root@localhost) by freefall.freebsd.org (8.7.3/8.7.3) id JAA11362 for hackers-outgoing; Sat, 9 Mar 1996 09:31:26 -0800 (PST) Received: from alpha.xerox.com (alpha.Xerox.COM [13.1.64.93]) by freefall.freebsd.org (8.7.3/8.7.3) with SMTP id JAA11357 for ; Sat, 9 Mar 1996 09:31:25 -0800 (PST) Received: from crevenia.parc.xerox.com ([13.2.116.11]) by alpha.xerox.com with SMTP id <14714(2)>; Sat, 9 Mar 1996 09:29:32 PST Received: from localhost by crevenia.parc.xerox.com with SMTP id <177478>; Sat, 9 Mar 1996 09:29:25 -0800 To: Michael Smith cc: lyndon@orthanc.com (Lyndon Nerenberg VE7TCP), hackers@freebsd.org Subject: Re: tcpdump changes In-reply-to: Your message of "Thu, 29 Feb 96 04:38:14 PST." <199602291238.XAA24619@genesis.atrad.adelaide.edu.au> Date: Sat, 9 Mar 1996 09:29:11 PST From: Bill Fenner Message-Id: <96Mar9.092925pst.177478@crevenia.parc.xerox.com> Sender: owner-hackers@freebsd.org X-Loop: owner-hackers@FreeBSD.ORG Precedence: bulk In message <199602291238.XAA24619@genesis.atrad.adelaide.edu.au> you write: >Lyndon Nerenberg VE7TCP stands accused of saying: >> Is there anything out there (expect scripts or the like) that will >> break if the output format of -x changes? Yes. However, >perhaps you could activate it by specifying the 'x' option twice. this is not an insanely bad idea. The idea behind not including an ASCII dump in the first place, as far as I can tell, was vaguely security-related: make it a little harder to use tcpdump to nab passwords... I just use the following perl script, which I call "tcpdumpscii". Bill #!/import/misc/bin/perl # # open(TCPDUMP,"tcpdump -l @ARGV|"); while () { if (/^\s+(\S\S)+/) { $sav = $_; $asc = ""; while (s/\s*(\S\S)\s*//) { $i = hex($1); if ($i < 32 || $i > 126) { $asc .= "."; } else { $asc .= pack(C,hex($1)); } } $foo = "." x length($asc); $_ = $sav; s/\t/ /g; s/^$foo/$asc/; } print; }