From owner-freebsd-hackers Thu Feb 29 09:39:42 1996 Return-Path: owner-hackers Received: (from root@localhost) by freefall.freebsd.org (8.7.3/8.7.3) id JAA25039 for hackers-outgoing; Thu, 29 Feb 1996 09:39:42 -0800 (PST) Received: from alpha.xerox.com (alpha.Xerox.COM [13.1.64.93]) by freefall.freebsd.org (8.7.3/8.7.3) with SMTP id JAA25034 for ; Thu, 29 Feb 1996 09:39:40 -0800 (PST) Received: from gemini.sdsp.mc.xerox.com ([13.231.132.20]) by alpha.xerox.com with SMTP id <14806(4)>; Thu, 29 Feb 1996 09:38:53 PST Received: from gnu.mc.xerox.com (gnu.sdsp.mc.xerox.com) by gemini.sdsp.mc.xerox.com (4.1/SMI-4.1) id AA09649; Thu, 29 Feb 96 12:38:50 EST Received: by gnu.mc.xerox.com (4.1/SMI-4.1) id AA12403; Thu, 29 Feb 96 12:38:49 EST Message-Id: <9602291738.AA12403@gnu.mc.xerox.com> X-Mailer: exmh version 1.6.4 10/10/95 To: Lyndon Nerenberg VE7TCP Cc: hackers@freebsd.org Subject: Re: tcpdump changes In-Reply-To: Your message of "Wed, 28 Feb 1996 17:46:08 PST." <199602290146.RAA05053@multivac.orthanc.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Date: Thu, 29 Feb 1996 09:38:43 PST From: "Marty Leisner" Sender: owner-hackers@freebsd.org Precedence: bulk > I'm thinking of making a change to tcpdump and would like > to solicit comments ... > > The '-x' option prints a hex dump of packet contents (modulo capture > length). I would like to modify it to also include an ASCII > representation of the same data. (Makes it easier to trace things like > SMTP protocol sessions.) The ASCII representation would be printed in > a second column to the right of the existing hex dump (with the hex > output suitably shifted to the left to make space). For display > purposes anything failing isprint() would print as a '.'. (Can anyone > think of a rational for supporting locale's in this context?) > I've already done something like this (and a lot of decoding on smb/netbeui packets) :leisner@gnu; ./tcpdump -x -s 1500 port 139 tcpdump: listening on le0 12:36:19.700433 sdsp_nts1.1105 > gnu.netbios-ssn: S 497680297:497680297(0) win 8192 (DF) [000D:000H] 45 00 00 2c 53 05 40 00 20 06 e1 07 0d e7 85 97 E..,S.@. ....... [016D:010H] 0d e7 85 5a 04 51 00 8b 1d a9 ff a9 00 00 00 00 ...Z.Q.......... [032D:020H] 60 02 20 00 2f 38 00 00 02 04 05 b4 b4 b4 `. ./8........ 12:36:19.701125 sdsp_nts1.1105 > gnu.netbios-ssn: . ack 1548800001 win 8760 (DF) [000D:000H] 45 00 00 28 54 05 40 00 20 06 e0 0b 0d e7 85 97 E..(T.@. ....... [016D:010H] 0d e7 85 5a 04 51 00 8b 1d a9 ff aa 5c 50 d0 01 ...Z.Q......\P.. [032D:020H] 50 10 22 38 18 5b 00 00 00 00 00 00 00 00 P."8.[........ 12:36:19.701273 sdsp_nts1.1105 > gnu.netbios-ssn: P 0:72(72) ack 1 win 8760 session request Called name : GNU Calling name : SDSP_NTS1 (DF) [000D:000H] 45 00 00 70 55 05 40 00 20 06 de c3 0d e7 85 97 E..pU.@. ....... [016D:010H] 0d e7 85 5a 04 51 00 8b 1d a9 ff aa 5c 50 d0 01 ...Z.Q......\P.. [032D:020H] 50 18 22 38 e5 41 00 00 81 00 00 44 20 45 48 45 P."8.A.....D EHE [048D:030H] 4f 46 46 43 41 43 41 43 41 43 41 43 41 43 41 43 OFFCACACACACACAC [064D:040H] 41 43 41 43 41 43 41 43 41 43 41 43 41 00 20 46 ACACACACACACA. F [080D:050H] 44 45 45 46 44 46 41 46 50 45 4f 46 45 46 44 44 DEEFDFAFPEOFEFDD [096D:060H] 42 43 41 43 41 43 41 43 41 43 41 43 41 41 41 00 BCACACACACACAAA. 12:36:20.700395 sdsp_nts1.1105 > gnu.netbios-ssn: P 72:230(158) ack 5 win 8756 session message I found the default -x option very useless for understanding packets... You welcome to my work -- a tcpdump 3.0.4 was just released with cosmetic changes and I'll work on this base perhaps (there were all sorts of versions floating around for linux support). -- marty leisner@sdsp.mc.xerox.com Member of the League for Programming Freedom