summaryrefslogtreecommitdiffstats
path: root/test/tcpdumpscii.txt
blob: 9c1060edab2dad07fc140b8b5ab3aced81925618 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
From marcs@znep.com Fri Apr 17 15:16:16 1998
Date: Sat, 22 Nov 1997 20:44:10 -0700 (MST)
From: Marc Slemko <marcs@znep.com>
To: TLOSAP <new-httpd@apache.org>
Subject: Re: Getting ethernet packets content under FreeBSD?  (fwd)
Reply-To: new-httpd@apache.org

Anyone too lazy to hack tcpdump (eg. my tcpdump has a -X option to display
the data in ASCII) can use something like the below to grab HTTP headers
when debugging broken clients.

Nothing complicated, but handy.

---------- Forwarded message ----------
Date: Sat, 22 Nov 1997 14:35:23 PST
From: Bill Fenner <fenner@parc.xerox.com>
To: Nate Williams <nate@mt.sri.com>
Cc: bmah@ca.sandia.gov, hackers@FreeBSD.ORG
Subject: Re: Getting ethernet packets content under FreeBSD? 

I usually just use this perl script, which I call "tcpdumpscii".
Then run "tcpdumpscii -s 1500 -x [other tcpdump args]".

  Bill

#!/import/misc/bin/perl
#
#
open(TCPDUMP,"tcpdump -l @ARGV|");
while (<TCPDUMP>) {
	if (/^\s+(\S\S)+/) {
		$sav = $_;
		$asc = "";
		while (s/\s*(\S\S)\s*//) {
			$i = hex($1);
			if ($i < 32 || $i > 126) {
				$asc .= ".";
			} else {
				$asc .= pack(C,hex($1));
			}
		}
		$foo = "." x length($asc);
		$_ = $sav;
		s/\t/        /g;
		s/^$foo/$asc/;
	}
	print;
}