tcpdumpscii.txt revision 09fe0b69d3d1e8c8041c9ce99ee77b8b44b5e3b1
From marcs@znep.com Fri Apr 17 15:16:16 1998
Date: Sat, 22 Nov 1997 20:44:10 -0700 (MST)
From: Marc Slemko <marcs@znep.com>
To: TLOSAP <new-httpd@apache.org>
Subject: Re: Getting ethernet packets content under FreeBSD? (fwd)
Reply-To: new-httpd@apache.org
Anyone too lazy to hack tcpdump (eg. my tcpdump has a -X option to display
the data in ASCII) can use something like the below to grab HTTP headers
when debugging broken clients.
Nothing complicated, but handy.
---------- Forwarded message ----------
Date: Sat, 22 Nov 1997 14:35:23 PST
From: Bill Fenner <fenner@parc.xerox.com>
To: Nate Williams <nate@mt.sri.com>
Cc: bmah@ca.sandia.gov, hackers@FreeBSD.ORG
Subject: Re: Getting ethernet packets content under FreeBSD?
I usually just use this perl script, which I call "tcpdumpscii".
Then run "tcpdumpscii -s 1500 -x [other tcpdump args]".
Bill
#
#
open(TCPDUMP,"tcpdump -l @ARGV|");
while (<TCPDUMP>) {
if (/^\s+(\S\S)+/) {
$sav = $_;
$asc = "";
while (s/\s*(\S\S)\s*//) {
$i = hex($1);
if ($i < 32 || $i > 126) {
$asc .= ".";
} else {
$asc .= pack(C,hex($1));
}
}
$foo = "." x length($asc);
$_ = $sav;
s/\t/ /g;
s/^$foo/$asc/;
}
print;
}