Is there any way to extract tcp segment out of each captured packet from command line and displaying only packet bytes(hex) of and not ASCII? tshark -x is giving both hex and ASCII dump of all the layers. asked 12 Jun '13, 23:21  krishnayeddula edited 12 Jun '13, 23:22 |
One Answer:
Please see my answers to similar questions:
Regards answered 13 Jun '13, 03:41  Kurt Knochner ♦ |
Kurt, sorry for bugging you again.Below is a sample packet where TCP is from 0020 position:0x8a to 0030 position 0x00(before 0x47) so if i want to display exactly that tcp segment on command line what should be done?
0000 00 01 5c 31 bb c1 d4 85 64 a7 bf a3 08 00 45 00
0010 01 48 69 87 40 00 80 06 00 00 18 06 ad dc c7 b5
0020 84 f9 8a be 00 50 73 e7 7d 59 c7 0e 66 a7 50 18
0030 40 29 13 cc 00 00 47 45 54 20 2f 20 48 54 54 50
0040 2f 31 2e 31 0d 0a 48 6f 73 74 3a 20 77 77 77 2e
0050 64 69 73 6e 65 79 2e 63 6f 6d 0d 0a 55 73 65 72
0060 2d 41 67 65 6e 74 3a 20 4d 6f 7a 69 6c 6c 61 2f
0070 35 2e 30 20 28 57 69 6e 64 6f 77 73 20 4e 54 20
0080 36 2e 31 3b 20 57 4f 57 36 34 3b 20 72 76 3a 31
0090 36 2e 30 29 20 47 65 63 6b 6f 2f 32 30 31 30 30
00a0 31 30 31 20 46 69 72 65 66 6f 78 2f 31 36 2e 30
00b0 0d 0a 41 63 63 65 70 74 3a 20 74 65 78 74 2f 68
00c0 74 6d 6c 2c 61 70 70 6c 69 63 61 74 69 6f 6e 2f
00d0 78 68 74 6d 6c 2b 78 6d 6c 2c 61 70 70 6c 69 63
00e0 61 74 69 6f 6e 2f 78 6d 6c 3b 71 3d 30 2e 39 2c
00f0 2a 2f 2a 3b 71 3d 30 2e 38 0d 0a 41 63 63 65 70
0100 74 2d 4c 61 6e 67 75 61 67 65 3a 20 65 6e 2d 55
0110 53 2c 65 6e 3b 71 3d 30 2e 35 0d 0a 41 63 63 65
0120 70 74 2d 45 6e 63 6f 64 69 6e 67 3a 20 67 7a 69
0130 70 2c 20 64 65 66 6c 61 74 65 0d 0a 43 6f 6e 6e
0140 65 63 74 69 6f 6e 3a 20 6b 65 65 70 2d 61 6c 69
0150 76 65 0d 0a 0d 0a