Date: Thu, 29 Feb 1996 09:38:43 PST From: "Marty Leisner" <leisner@sdsp.mc.xerox.com> To: Lyndon Nerenberg VE7TCP <lyndon@orthanc.com> Cc: hackers@freebsd.org Subject: Re: tcpdump changes Message-ID: <9602291738.AA12403@gnu.mc.xerox.com> In-Reply-To: Your message of "Wed, 28 Feb 1996 17:46:08 PST." <199602290146.RAA05053@multivac.orthanc.com>
next in thread | previous in thread | raw e-mail | index | archive | help
> I'm thinking of making a change to tcpdump and would like > to solicit comments ... > > The '-x' option prints a hex dump of packet contents (modulo capture > length). I would like to modify it to also include an ASCII > representation of the same data. (Makes it easier to trace things like > SMTP protocol sessions.) The ASCII representation would be printed in > a second column to the right of the existing hex dump (with the hex > output suitably shifted to the left to make space). For display > purposes anything failing isprint() would print as a '.'. (Can anyone > think of a rational for supporting locale's in this context?) > I've already done something like this (and a lot of decoding on smb/netbeui packets) :leisner@gnu; ./tcpdump -x -s 1500 port 139 tcpdump: listening on le0 12:36:19.700433 sdsp_nts1.1105 > gnu.netbios-ssn: S 497680297:497680297(0) win 8192 <mss 1460> (DF) [000D:000H] 45 00 00 2c 53 05 40 00 20 06 e1 07 0d e7 85 97 E..,S.@. ....... [016D:010H] 0d e7 85 5a 04 51 00 8b 1d a9 ff a9 00 00 00 00 ...Z.Q.......... [032D:020H] 60 02 20 00 2f 38 00 00 02 04 05 b4 b4 b4 `. ./8........ 12:36:19.701125 sdsp_nts1.1105 > gnu.netbios-ssn: . ack 1548800001 win 8760 (DF) [000D:000H] 45 00 00 28 54 05 40 00 20 06 e0 0b 0d e7 85 97 E..(T.@. ....... [016D:010H] 0d e7 85 5a 04 51 00 8b 1d a9 ff aa 5c 50 d0 01 ...Z.Q......\P.. [032D:020H] 50 10 22 38 18 5b 00 00 00 00 00 00 00 00 P."8.[........ 12:36:19.701273 sdsp_nts1.1105 > gnu.netbios-ssn: P 0:72(72) ack 1 win 8760 session request Called name : GNU Calling name : SDSP_NTS1 (DF) [000D:000H] 45 00 00 70 55 05 40 00 20 06 de c3 0d e7 85 97 E..pU.@. ....... [016D:010H] 0d e7 85 5a 04 51 00 8b 1d a9 ff aa 5c 50 d0 01 ...Z.Q......\P.. [032D:020H] 50 18 22 38 e5 41 00 00 81 00 00 44 20 45 48 45 P."8.A.....D EHE [048D:030H] 4f 46 46 43 41 43 41 43 41 43 41 43 41 43 41 43 OFFCACACACACACAC [064D:040H] 41 43 41 43 41 43 41 43 41 43 41 43 41 00 20 46 ACACACACACACA. F [080D:050H] 44 45 45 46 44 46 41 46 50 45 4f 46 45 46 44 44 DEEFDFAFPEOFEFDD [096D:060H] 42 43 41 43 41 43 41 43 41 43 41 43 41 41 41 00 BCACACACACACAAA. 12:36:20.700395 sdsp_nts1.1105 > gnu.netbios-ssn: P 72:230(158) ack 5 win 8756 session message I found the default -x option very useless for understanding packets... You welcome to my work -- a tcpdump 3.0.4 was just released with cosmetic changes and I'll work on this base perhaps (there were all sorts of versions floating around for linux support). -- marty leisner@sdsp.mc.xerox.com Member of the League for Programming Freedom
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?9602291738.AA12403>