Date: Sat, 9 Mar 1996 09:29:11 PST From: Bill Fenner <fenner@parc.xerox.com> To: Michael Smith <msmith@atrad.adelaide.edu.au> Cc: lyndon@orthanc.com (Lyndon Nerenberg VE7TCP), hackers@freebsd.org Subject: Re: tcpdump changes Message-ID: <96Mar9.092925pst.177478@crevenia.parc.xerox.com> In-Reply-To: Your message of "Thu, 29 Feb 96 04:38:14 PST." <199602291238.XAA24619@genesis.atrad.adelaide.edu.au>
next in thread | previous in thread | raw e-mail | index | archive | help
In message <199602291238.XAA24619@genesis.atrad.adelaide.edu.au> you write:
>Lyndon Nerenberg VE7TCP stands accused of saying:
>> Is there anything out there (expect scripts or the like) that will
>> break if the output format of -x changes?
Yes. However,
>perhaps you could activate it by specifying the 'x' option twice.
this is not an insanely bad idea.
The idea behind not including an ASCII dump in the first place, as
far as I can tell, was vaguely security-related: make it a little
harder to use tcpdump to nab passwords...
I just use the following perl script, which I call "tcpdumpscii".
Bill
#!/import/misc/bin/perl
#
#
open(TCPDUMP,"tcpdump -l @ARGV|");
while (<TCPDUMP>) {
if (/^\s+(\S\S)+/) {
$sav = $_;
$asc = "";
while (s/\s*(\S\S)\s*//) {
$i = hex($1);
if ($i < 32 || $i > 126) {
$asc .= ".";
} else {
$asc .= pack(C,hex($1));
}
}
$foo = "." x length($asc);
$_ = $sav;
s/\t/ /g;
s/^$foo/$asc/;
}
print;
}
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?96Mar9.092925pst.177478>