09fe0b69d3d1e8c8041c9ce99ee77b8b44b5e3b1fielding

09fe0b69d3d1e8c8041c9ce99ee77b8b44b5e3b1fieldingFrom marcs@znep.com Fri Apr 17 15:16:16 1998

09fe0b69d3d1e8c8041c9ce99ee77b8b44b5e3b1fieldingDate: Sat, 22 Nov 1997 20:44:10 -0700 (MST)

09fe0b69d3d1e8c8041c9ce99ee77b8b44b5e3b1fieldingFrom: Marc Slemko <marcs@znep.com>

09fe0b69d3d1e8c8041c9ce99ee77b8b44b5e3b1fieldingTo: TLOSAP <new-httpd@apache.org>

09fe0b69d3d1e8c8041c9ce99ee77b8b44b5e3b1fieldingSubject: Re: Getting ethernet packets content under FreeBSD? (fwd)

09fe0b69d3d1e8c8041c9ce99ee77b8b44b5e3b1fieldingReply-To: new-httpd@apache.org

09fe0b69d3d1e8c8041c9ce99ee77b8b44b5e3b1fielding

09fe0b69d3d1e8c8041c9ce99ee77b8b44b5e3b1fieldingAnyone too lazy to hack tcpdump (eg. my tcpdump has a -X option to display

09fe0b69d3d1e8c8041c9ce99ee77b8b44b5e3b1fieldingthe data in ASCII) can use something like the below to grab HTTP headers

09fe0b69d3d1e8c8041c9ce99ee77b8b44b5e3b1fieldingwhen debugging broken clients.

09fe0b69d3d1e8c8041c9ce99ee77b8b44b5e3b1fielding

09fe0b69d3d1e8c8041c9ce99ee77b8b44b5e3b1fieldingNothing complicated, but handy.

09fe0b69d3d1e8c8041c9ce99ee77b8b44b5e3b1fielding

09fe0b69d3d1e8c8041c9ce99ee77b8b44b5e3b1fielding---------- Forwarded message ----------

09fe0b69d3d1e8c8041c9ce99ee77b8b44b5e3b1fieldingDate: Sat, 22 Nov 1997 14:35:23 PST

09fe0b69d3d1e8c8041c9ce99ee77b8b44b5e3b1fieldingFrom: Bill Fenner <fenner@parc.xerox.com>

09fe0b69d3d1e8c8041c9ce99ee77b8b44b5e3b1fieldingTo: Nate Williams <nate@mt.sri.com>

09fe0b69d3d1e8c8041c9ce99ee77b8b44b5e3b1fieldingCc: bmah@ca.sandia.gov, hackers@FreeBSD.ORG

09fe0b69d3d1e8c8041c9ce99ee77b8b44b5e3b1fieldingSubject: Re: Getting ethernet packets content under FreeBSD?

09fe0b69d3d1e8c8041c9ce99ee77b8b44b5e3b1fielding

09fe0b69d3d1e8c8041c9ce99ee77b8b44b5e3b1fieldingI usually just use this perl script, which I call "tcpdumpscii".

09fe0b69d3d1e8c8041c9ce99ee77b8b44b5e3b1fieldingThen run "tcpdumpscii -s 1500 -x [other tcpdump args]".

09fe0b69d3d1e8c8041c9ce99ee77b8b44b5e3b1fielding

09fe0b69d3d1e8c8041c9ce99ee77b8b44b5e3b1fielding Bill

09fe0b69d3d1e8c8041c9ce99ee77b8b44b5e3b1fielding

09fe0b69d3d1e8c8041c9ce99ee77b8b44b5e3b1fielding#!/import/misc/bin/perl

09fe0b69d3d1e8c8041c9ce99ee77b8b44b5e3b1fielding#

09fe0b69d3d1e8c8041c9ce99ee77b8b44b5e3b1fielding#

09fe0b69d3d1e8c8041c9ce99ee77b8b44b5e3b1fieldingopen(TCPDUMP,"tcpdump -l @ARGV|");

09fe0b69d3d1e8c8041c9ce99ee77b8b44b5e3b1fieldingwhile (<TCPDUMP>) {

09fe0b69d3d1e8c8041c9ce99ee77b8b44b5e3b1fielding if (/^\s+(\S\S)+/) {

09fe0b69d3d1e8c8041c9ce99ee77b8b44b5e3b1fielding $sav = $_;

09fe0b69d3d1e8c8041c9ce99ee77b8b44b5e3b1fielding $asc = "";

09fe0b69d3d1e8c8041c9ce99ee77b8b44b5e3b1fielding while (s/\s*(\S\S)\s*//) {

09fe0b69d3d1e8c8041c9ce99ee77b8b44b5e3b1fielding $i = hex($1);

09fe0b69d3d1e8c8041c9ce99ee77b8b44b5e3b1fielding if ($i < 32 || $i > 126) {

09fe0b69d3d1e8c8041c9ce99ee77b8b44b5e3b1fielding $asc .= ".";

09fe0b69d3d1e8c8041c9ce99ee77b8b44b5e3b1fielding } else {

09fe0b69d3d1e8c8041c9ce99ee77b8b44b5e3b1fielding $asc .= pack(C,hex($1));

09fe0b69d3d1e8c8041c9ce99ee77b8b44b5e3b1fielding }

09fe0b69d3d1e8c8041c9ce99ee77b8b44b5e3b1fielding }

09fe0b69d3d1e8c8041c9ce99ee77b8b44b5e3b1fielding $foo = "." x length($asc);

09fe0b69d3d1e8c8041c9ce99ee77b8b44b5e3b1fielding $_ = $sav;

09fe0b69d3d1e8c8041c9ce99ee77b8b44b5e3b1fielding s/\t/ /g;

09fe0b69d3d1e8c8041c9ce99ee77b8b44b5e3b1fielding s/^$foo/$asc/;

09fe0b69d3d1e8c8041c9ce99ee77b8b44b5e3b1fielding }

09fe0b69d3d1e8c8041c9ce99ee77b8b44b5e3b1fielding print;

09fe0b69d3d1e8c8041c9ce99ee77b8b44b5e3b1fielding}

09fe0b69d3d1e8c8041c9ce99ee77b8b44b5e3b1fielding