bin/51091: [FEATURE] Add -A (print ASCII) flag to tcpdump
Rene de Vries
rene at tunix.nl
Thu Apr 17 08:30:14 PDT 2003
The following reply was made to PR bin/51091; it has been noted by GNATS.
From: Rene de Vries <rene at tunix.nl>
To: Tony Finch <dot at dotat.at>
Cc: FreeBSD-gnats-submit at FreeBSD.org
Subject: Re: bin/51091: [FEATURE] Add -A (print ASCII) flag to tcpdump
Date: Thu, 17 Apr 2003 17:27:36 +0200
This option is less verbose (or better different). The -X also displays
the hex output (as far as I know) and this can be very disturbing. The
-A only shows printable stuff.
Rene
Example dump with -A:
17:20:12.966613 a.b.c.49295 > d.e.f.smtp: S 3701272078:3701272078(0)
win 57344 <mss 1460,nop,wscale 0,nop,nop,timestamp 27812521 0> (DF)
[tos 0x10]
17:20:12.978494 d.e.f.smtp > a.b.c.49295: S 2014425195:2014425195(0)
ack 3701272079 win 57344 <mss 1460,nop,wscale 0,nop,nop,timestamp
9281858 27812521> (DF)
17:20:12.978546 a.b.c.49295 > d.e.f.smtp: . ack 1 win 57920
<nop,nop,timestamp 27812522 9281858> (DF) [tos 0x10]
17:20:13.782583 d.e.f.smtp > a.b.c.49295: P 1:36(35) ack 1 win 57920
<nop,nop,timestamp 9281938 27812522> [ 220 d.e.f ESMTP Postfix\015\012
] (DF)
17:20:13.874241 a.b.c.49295 > d.e.f.smtp: . ack 36 win 57920
<nop,nop,timestamp 27812612 9281938> (DF) [tos 0x10]
17:20:18.412530 a.b.c.49295 > d.e.f.smtp: P 1:12(11) ack 36 win 57920
<nop,nop,timestamp 27813065 9281938> [ HELO test\015\012 ] (DF) [tos
0x10]
17:20:18.442240 d.e.f.smtp > a.b.c.49295: P 36:57(21) ack 12 win 57920
<nop,nop,timestamp 9282404 27813065> [ 250 d.e.f\015\012 ] (DF)
17:20:18.534269 a.b.c.49295 > d.e.f.smtp: . ack 57 win 57920
<nop,nop,timestamp 27813078 9282404> (DF) [tos 0x10]
17:20:20.056281 a.b.c.49295 > d.e.f.smtp: P 12:18(6) ack 57 win 57920
<nop,nop,timestamp 27813230 9282404> [ QUIT\015\012 ] (DF) [tos 0x10]
17:20:20.082060 d.e.f.smtp > a.b.c.49295: P 57:66(9) ack 18 win 57920
<nop,nop,timestamp 9282568 27813230> [ 221 Bye\015\012 ] (DF)
17:20:20.082993 d.e.f.smtp > a.b.c.49295: F 66:66(0) ack 18 win 57920
<nop,nop,timestamp 9282568 27813230> (DF)
17:20:20.083026 a.b.c.49295 > d.e.f.smtp: . ack 67 win 57920
<nop,nop,timestamp 27813232 9282568> (DF) [tos 0x10]
17:20:20.083175 a.b.c.49295 > d.e.f.smtp: F 18:18(0) ack 67 win 57920
<nop,nop,timestamp 27813232 9282568> (DF) [tos 0x10]
17:20:20.111825 d.e.f.smtp > a.b.c.49295: . ack 19 win 57920
<nop,nop,timestamp 9282571 27813232> (DF)
Same dump with -X:
17:20:12.966613 a.b.c.49295 > d.e.f.smtp: S 3701272078:3701272078(0)
win 57344 <mss 1460,nop,wscale 0,nop,nop,timestamp 27812521 0> (DF)
[tos 0x10]
0x0000 4510 003c d3d9 4000 4006 0000 c14f c985 E..<.. at .@....O..
0x0010 c2b2 3e7f c08f 0019 dc9c ee0e 0000 0000 ..>.............
0x0020 a002 e000 ef5a 0000 0204 05b4 0103 0300 .....Z..........
0x0030 0101 080a 01a8 62a9 0000 0000 ......b.....
17:20:12.978494 d.e.f.smtp > a.b.c.49295: S 2014425195:2014425195(0)
ack 3701272079 win 57344 <mss 1460,nop,wscale 0,nop,nop,timestamp
9281858 27812521> (DF)
0x0000 4500 003c 2887 4000 3d06 892e c2b2 3e7f E..<(. at .=.....>.
0x0010 c14f c985 0019 c08f 7811 b06b dc9c ee0f .O......x..k....
0x0020 a012 e000 24fd 0000 0204 05b4 0103 0300 ....$...........
0x0030 0101 080a 008d a142 01a8 62a9 .......B..b.
17:20:12.978546 a.b.c.49295 > d.e.f.smtp: . ack 1 win 57920
<nop,nop,timestamp 27812522 9281858> (DF) [tos 0x10]
0x0000 4510 0034 d3da 4000 4006 0000 c14f c985 E..4.. at .@....O..
0x0010 c2b2 3e7f c08f 0019 dc9c ee0f 7811 b06c ..>.........x..l
0x0020 8010 e240 4e80 0000 0101 080a 01a8 62aa ... at N.........b.
0x0030 008d a142 ...B
17:20:13.782583 d.e.f.smtp > a.b.c.49295: P 1:36(35) ack 1 win 57920
<nop,nop,timestamp 9281938 27812522> (DF)
0x0000 4500 0057 288b 4000 3d06 890f c2b2 3e7f E..W(. at .=.....>.
0x0010 c14f c985 0019 c08f 7811 b06c dc9c ee0f .O......x..l....
0x0020 8018 e240 41cb 0000 0101 080a 008d a192 ... at A...........
0x0030 01a8 62aa 3232 3020 6d61 696c 6875 622e ..b.220.mailhub.
0x0040 7463 6a61 2e6e 6c20 4553 4d54 5020 506f tcja.nl.ESMTP.Po
0x0050 7374 6669 780d 0a stfix..
17:20:13.874241 a.b.c.49295 > d.e.f.smtp: . ack 36 win 57920
<nop,nop,timestamp 27812612 9281938> (DF) [tos 0x10]
0x0000 4510 0034 d3dd 4000 4006 0000 c14f c985 E..4.. at .@....O..
0x0010 c2b2 3e7f c08f 0019 dc9c ee0f 7811 b08f ..>.........x...
0x0020 8010 e240 4db3 0000 0101 080a 01a8 6304 ... at M.........c.
0x0030 008d a192 ....
17:20:18.412530 a.b.c.49295 > d.e.f.smtp: P 1:12(11) ack 36 win 57920
<nop,nop,timestamp 27813065 9281938> (DF) [tos 0x10]
0x0000 4510 003f d3e7 4000 4006 0000 c14f c985 E..?.. at .@....O..
0x0010 c2b2 3e7f c08f 0019 dc9c ee0f 7811 b08f ..>.........x...
0x0020 8018 e240 b351 0000 0101 080a 01a8 64c9 ... at .Q........d.
0x0030 008d a192 4845 4c4f 2074 6573 740d 0a ....HELO.test..
17:20:18.442240 d.e.f.smtp > a.b.c.49295: P 36:57(21) ack 12 win 57920
<nop,nop,timestamp 9282404 27813065> (DF)
0x0000 4500 0049 2890 4000 3d06 8918 c2b2 3e7f E..I(. at .=.....>.
0x0010 c14f c985 0019 c08f 7811 b08f dc9c ee1a .O......x.......
0x0020 8018 e240 c2ec 0000 0101 080a 008d a364 ... at ...........d
0x0030 01a8 64c9 3235 3020 6d61 696c 6875 622e ..d.250.mailhub.
0x0040 7463 6a61 2e6e 6c0d 0a tcja.nl..
17:20:18.534269 a.b.c.49295 > d.e.f.smtp: . ack 57 win 57920
<nop,nop,timestamp 27813078 9282404> (DF) [tos 0x10]
0x0000 4510 0034 d3ea 4000 4006 0000 c14f c985 E..4.. at .@....O..
0x0010 c2b2 3e7f c08f 0019 dc9c ee1a 7811 b0a4 ..>.........x...
0x0020 8010 e240 49ef 0000 0101 080a 01a8 64d6 ... at I.........d.
0x0030 008d a364 ...d
17:20:20.056281 a.b.c.49295 > d.e.f.smtp: P 12:18(6) ack 57 win 57920
<nop,nop,timestamp 27813230 9282404> (DF) [tos 0x10]
0x0000 4510 003a d3ef 4000 4006 0000 c14f c985 E..:.. at .@....O..
0x0010 c2b2 3e7f c08f 0019 dc9c ee1a 7811 b0a4 ..>.........x...
0x0020 8018 e240 a195 0000 0101 080a 01a8 656e ... at ..........en
0x0030 008d a364 5155 4954 0d0a ...dQUIT..
17:20:20.082060 d.e.f.smtp > a.b.c.49295: P 57:66(9) ack 18 win 57920
<nop,nop,timestamp 9282568 27813230> (DF)
0x0000 4500 003d 2891 4000 3d06 8923 c2b2 3e7f E..=(. at .=..#..>.
0x0010 c14f c985 0019 c08f 7811 b0a4 dc9c ee20 .O......x.......
0x0020 8018 e240 33c3 0000 0101 080a 008d a408 ... at 3...........
0x0030 01a8 656e 3232 3120 4279 650d 0a ..en221.Bye..
17:20:20.082993 d.e.f.smtp > a.b.c.49295: F 66:66(0) ack 18 win 57920
<nop,nop,timestamp 9282568 27813230> (DF)
0x0000 4500 0034 2892 4000 3d06 892b c2b2 3e7f E..4(. at .=..+..>.
0x0010 c14f c985 0019 c08f 7811 b0ad dc9c ee20 .O......x.......
0x0020 8011 e240 48a3 0000 0101 080a 008d a408 ... at H...........
0x0030 01a8 656e ..en
17:20:20.083026 a.b.c.49295 > d.e.f.smtp: . ack 67 win 57920
<nop,nop,timestamp 27813232 9282568> (DF) [tos 0x10]
0x0000 4510 0034 d3f1 4000 4006 0000 c14f c985 E..4.. at .@....O..
0x0010 c2b2 3e7f c08f 0019 dc9c ee20 7811 b0ae ..>.........x...
0x0020 8010 e240 48a1 0000 0101 080a 01a8 6570 ... at H.........ep
0x0030 008d a408 ....
17:20:20.083175 a.b.c.49295 > d.e.f.smtp: F 18:18(0) ack 67 win 57920
<nop,nop,timestamp 27813232 9282568> (DF) [tos 0x10]
0x0000 4510 0034 d3f2 4000 4006 0000 c14f c985 E..4.. at .@....O..
0x0010 c2b2 3e7f c08f 0019 dc9c ee20 7811 b0ae ..>.........x...
0x0020 8011 e240 48a0 0000 0101 080a 01a8 6570 ... at H.........ep
0x0030 008d a408 ....
17:20:20.111825 d.e.f.smtp > a.b.c.49295: . ack 19 win 57920
<nop,nop,timestamp 9282571 27813232> (DF)
0x0000 4500 0034 2893 4000 3d06 892a c2b2 3e7f E..4(. at .=..*..>.
0x0010 c14f c985 0019 c08f 7811 b0ae dc9c ee21 .O......x......!
0x0020 8010 e240 489d 0000 0101 080a 008d a40b ... at H...........
0x0030 01a8 6570
On Thursday, Apr 17, 2003, at 17:10 Europe/Amsterdam, Tony Finch wrote:
> Rene de Vries <rene at tunix.nl> wrote:
>>
>> Print the payload of TCP packets in human-readable (ASCII)
>> format. This can be usefull when debugging readable protocols
>> (like SMTP, HTTP, etc).
>
> What's wrong with the -X option?
>
> Tony.
--
Rene de Vries <rene at tunix.nl>
TUNIX Internet Security & Training
More information about the freebsd-bugs
mailing list