Aaron Turner wrote:
> You'll either have to write your own function (not that hard) or you can
> fork tcpdump and pass the packets to it via a pipe.
>
> For a full list of what features/functions libpcap comes with do a 'man
> pcap'. Anything that isn't listed there you'll have to do yourself.
>
> On Wed, Apr 27, 2005 at 11:04:17AM -0000, soumya r wrote:
>>> I am doing a sniffer program using "libpcap" as part of my project.
>>> How can I display the 'packet payload' in 'HEX' and 'ASCII' forms?
>>> Please advice.
This is so obvious a feature that is truly incredible no one has added
it to tcpdump in all these years. It's no wonder someone would be
curious that the man page doesn't mention it.
I recommend using ethereal or tethereal, since they do this. Or filter
the output of tcpdump through the following:
#!/usr/bin/perl -w
my $maxLen = -1;
my $format = "\t%-s";
while (<>)
{
unless (/^\s/)
{
print;
next;
}
chomp;
s/^\s*//;
if (length ($_) > $maxLen)
{
$maxLen = length ($_);
$format = sprintf ("\t%%-%ds", $maxLen);
}
printf ($format, $_);
s/\s//g;
s/([0-9a-f]{2})/chr (hex ($1))/eg;
s/[^\040-\176]/./g;
print "\t$_\n";
}
--
Jefferson Ogata <[EMAIL PROTECTED]>
NOAA Computer Incident Response Team (N-CIRT) <[EMAIL PROTECTED]>
-
This is the tcpdump-workers list.
Visit https://lists.sandelman.ca/ to unsubscribe.
