bin/51091: [FEATURE] Add -A (print ASCII) flag to tcpdump

Rene de Vries rene at tunix.nl
Thu Apr 17 08:30:14 PDT 2003


The following reply was made to PR bin/51091; it has been noted by GNATS.

From: Rene de Vries <rene at tunix.nl>
To: Tony Finch <dot at dotat.at>
Cc: FreeBSD-gnats-submit at FreeBSD.org
Subject: Re: bin/51091: [FEATURE] Add -A (print ASCII) flag to tcpdump
Date: Thu, 17 Apr 2003 17:27:36 +0200

 This option is less verbose (or better different). The -X also displays 
 the hex output (as far as I know) and this can be very disturbing. The 
 -A only shows printable stuff.
 
 Rene
 
 Example dump with -A:
 
 17:20:12.966613 a.b.c.49295 > d.e.f.smtp: S 3701272078:3701272078(0) 
 win 57344 <mss 1460,nop,wscale 0,nop,nop,timestamp 27812521 0> (DF) 
 [tos 0x10]
 17:20:12.978494 d.e.f.smtp > a.b.c.49295: S 2014425195:2014425195(0) 
 ack 3701272079 win 57344 <mss 1460,nop,wscale 0,nop,nop,timestamp 
 9281858 27812521> (DF)
 17:20:12.978546 a.b.c.49295 > d.e.f.smtp: . ack 1 win 57920 
 <nop,nop,timestamp 27812522 9281858> (DF) [tos 0x10]
 17:20:13.782583 d.e.f.smtp > a.b.c.49295: P 1:36(35) ack 1 win 57920 
 <nop,nop,timestamp 9281938 27812522> [ 220 d.e.f ESMTP Postfix\015\012 
 ] (DF)
 17:20:13.874241 a.b.c.49295 > d.e.f.smtp: . ack 36 win 57920 
 <nop,nop,timestamp 27812612 9281938> (DF) [tos 0x10]
 17:20:18.412530 a.b.c.49295 > d.e.f.smtp: P 1:12(11) ack 36 win 57920 
 <nop,nop,timestamp 27813065 9281938> [ HELO test\015\012 ] (DF) [tos 
 0x10]
 17:20:18.442240 d.e.f.smtp > a.b.c.49295: P 36:57(21) ack 12 win 57920 
 <nop,nop,timestamp 9282404 27813065> [ 250 d.e.f\015\012 ] (DF)
 17:20:18.534269 a.b.c.49295 > d.e.f.smtp: . ack 57 win 57920 
 <nop,nop,timestamp 27813078 9282404> (DF) [tos 0x10]
 17:20:20.056281 a.b.c.49295 > d.e.f.smtp: P 12:18(6) ack 57 win 57920 
 <nop,nop,timestamp 27813230 9282404> [ QUIT\015\012 ] (DF) [tos 0x10]
 17:20:20.082060 d.e.f.smtp > a.b.c.49295: P 57:66(9) ack 18 win 57920 
 <nop,nop,timestamp 9282568 27813230> [ 221 Bye\015\012 ] (DF)
 17:20:20.082993 d.e.f.smtp > a.b.c.49295: F 66:66(0) ack 18 win 57920 
 <nop,nop,timestamp 9282568 27813230> (DF)
 17:20:20.083026 a.b.c.49295 > d.e.f.smtp: . ack 67 win 57920 
 <nop,nop,timestamp 27813232 9282568> (DF) [tos 0x10]
 17:20:20.083175 a.b.c.49295 > d.e.f.smtp: F 18:18(0) ack 67 win 57920 
 <nop,nop,timestamp 27813232 9282568> (DF) [tos 0x10]
 17:20:20.111825 d.e.f.smtp > a.b.c.49295: . ack 19 win 57920 
 <nop,nop,timestamp 9282571 27813232> (DF)
 
 Same dump with -X:
 
 17:20:12.966613 a.b.c.49295 > d.e.f.smtp: S 3701272078:3701272078(0) 
 win 57344 <mss 1460,nop,wscale 0,nop,nop,timestamp 27812521 0> (DF) 
 [tos 0x10]
 0x0000   4510 003c d3d9 4000 4006 0000 c14f c985        E..<.. at .@....O..
 0x0010   c2b2 3e7f c08f 0019 dc9c ee0e 0000 0000        ..>.............
 0x0020   a002 e000 ef5a 0000 0204 05b4 0103 0300        .....Z..........
 0x0030   0101 080a 01a8 62a9 0000 0000                  ......b.....
 17:20:12.978494 d.e.f.smtp > a.b.c.49295: S 2014425195:2014425195(0) 
 ack 3701272079 win 57344 <mss 1460,nop,wscale 0,nop,nop,timestamp 
 9281858 27812521> (DF)
 0x0000   4500 003c 2887 4000 3d06 892e c2b2 3e7f        E..<(. at .=.....>.
 0x0010   c14f c985 0019 c08f 7811 b06b dc9c ee0f        .O......x..k....
 0x0020   a012 e000 24fd 0000 0204 05b4 0103 0300        ....$...........
 0x0030   0101 080a 008d a142 01a8 62a9                  .......B..b.
 17:20:12.978546 a.b.c.49295 > d.e.f.smtp: . ack 1 win 57920 
 <nop,nop,timestamp 27812522 9281858> (DF) [tos 0x10]
 0x0000   4510 0034 d3da 4000 4006 0000 c14f c985        E..4.. at .@....O..
 0x0010   c2b2 3e7f c08f 0019 dc9c ee0f 7811 b06c        ..>.........x..l
 0x0020   8010 e240 4e80 0000 0101 080a 01a8 62aa        ... at N.........b.
 0x0030   008d a142                                      ...B
 17:20:13.782583 d.e.f.smtp > a.b.c.49295: P 1:36(35) ack 1 win 57920 
 <nop,nop,timestamp 9281938 27812522> (DF)
 0x0000   4500 0057 288b 4000 3d06 890f c2b2 3e7f        E..W(. at .=.....>.
 0x0010   c14f c985 0019 c08f 7811 b06c dc9c ee0f        .O......x..l....
 0x0020   8018 e240 41cb 0000 0101 080a 008d a192        ... at A...........
 0x0030   01a8 62aa 3232 3020 6d61 696c 6875 622e        ..b.220.mailhub.
 0x0040   7463 6a61 2e6e 6c20 4553 4d54 5020 506f        tcja.nl.ESMTP.Po
 0x0050   7374 6669 780d 0a                              stfix..
 17:20:13.874241 a.b.c.49295 > d.e.f.smtp: . ack 36 win 57920 
 <nop,nop,timestamp 27812612 9281938> (DF) [tos 0x10]
 0x0000   4510 0034 d3dd 4000 4006 0000 c14f c985        E..4.. at .@....O..
 0x0010   c2b2 3e7f c08f 0019 dc9c ee0f 7811 b08f        ..>.........x...
 0x0020   8010 e240 4db3 0000 0101 080a 01a8 6304        ... at M.........c.
 0x0030   008d a192                                      ....
 17:20:18.412530 a.b.c.49295 > d.e.f.smtp: P 1:12(11) ack 36 win 57920 
 <nop,nop,timestamp 27813065 9281938> (DF) [tos 0x10]
 0x0000   4510 003f d3e7 4000 4006 0000 c14f c985        E..?.. at .@....O..
 0x0010   c2b2 3e7f c08f 0019 dc9c ee0f 7811 b08f        ..>.........x...
 0x0020   8018 e240 b351 0000 0101 080a 01a8 64c9        ... at .Q........d.
 0x0030   008d a192 4845 4c4f 2074 6573 740d 0a          ....HELO.test..
 17:20:18.442240 d.e.f.smtp > a.b.c.49295: P 36:57(21) ack 12 win 57920 
 <nop,nop,timestamp 9282404 27813065> (DF)
 0x0000   4500 0049 2890 4000 3d06 8918 c2b2 3e7f        E..I(. at .=.....>.
 0x0010   c14f c985 0019 c08f 7811 b08f dc9c ee1a        .O......x.......
 0x0020   8018 e240 c2ec 0000 0101 080a 008d a364        ... at ...........d
 0x0030   01a8 64c9 3235 3020 6d61 696c 6875 622e        ..d.250.mailhub.
 0x0040   7463 6a61 2e6e 6c0d 0a                         tcja.nl..
 17:20:18.534269 a.b.c.49295 > d.e.f.smtp: . ack 57 win 57920 
 <nop,nop,timestamp 27813078 9282404> (DF) [tos 0x10]
 0x0000   4510 0034 d3ea 4000 4006 0000 c14f c985        E..4.. at .@....O..
 0x0010   c2b2 3e7f c08f 0019 dc9c ee1a 7811 b0a4        ..>.........x...
 0x0020   8010 e240 49ef 0000 0101 080a 01a8 64d6        ... at I.........d.
 0x0030   008d a364                                      ...d
 17:20:20.056281 a.b.c.49295 > d.e.f.smtp: P 12:18(6) ack 57 win 57920 
 <nop,nop,timestamp 27813230 9282404> (DF) [tos 0x10]
 0x0000   4510 003a d3ef 4000 4006 0000 c14f c985        E..:.. at .@....O..
 0x0010   c2b2 3e7f c08f 0019 dc9c ee1a 7811 b0a4        ..>.........x...
 0x0020   8018 e240 a195 0000 0101 080a 01a8 656e        ... at ..........en
 0x0030   008d a364 5155 4954 0d0a                       ...dQUIT..
 17:20:20.082060 d.e.f.smtp > a.b.c.49295: P 57:66(9) ack 18 win 57920 
 <nop,nop,timestamp 9282568 27813230> (DF)
 0x0000   4500 003d 2891 4000 3d06 8923 c2b2 3e7f        E..=(. at .=..#..>.
 0x0010   c14f c985 0019 c08f 7811 b0a4 dc9c ee20        .O......x.......
 0x0020   8018 e240 33c3 0000 0101 080a 008d a408        ... at 3...........
 0x0030   01a8 656e 3232 3120 4279 650d 0a               ..en221.Bye..
 17:20:20.082993 d.e.f.smtp > a.b.c.49295: F 66:66(0) ack 18 win 57920 
 <nop,nop,timestamp 9282568 27813230> (DF)
 0x0000   4500 0034 2892 4000 3d06 892b c2b2 3e7f        E..4(. at .=..+..>.
 0x0010   c14f c985 0019 c08f 7811 b0ad dc9c ee20        .O......x.......
 0x0020   8011 e240 48a3 0000 0101 080a 008d a408        ... at H...........
 0x0030   01a8 656e                                      ..en
 17:20:20.083026 a.b.c.49295 > d.e.f.smtp: . ack 67 win 57920 
 <nop,nop,timestamp 27813232 9282568> (DF) [tos 0x10]
 0x0000   4510 0034 d3f1 4000 4006 0000 c14f c985        E..4.. at .@....O..
 0x0010   c2b2 3e7f c08f 0019 dc9c ee20 7811 b0ae        ..>.........x...
 0x0020   8010 e240 48a1 0000 0101 080a 01a8 6570        ... at H.........ep
 0x0030   008d a408                                      ....
 17:20:20.083175 a.b.c.49295 > d.e.f.smtp: F 18:18(0) ack 67 win 57920 
 <nop,nop,timestamp 27813232 9282568> (DF) [tos 0x10]
 0x0000   4510 0034 d3f2 4000 4006 0000 c14f c985        E..4.. at .@....O..
 0x0010   c2b2 3e7f c08f 0019 dc9c ee20 7811 b0ae        ..>.........x...
 0x0020   8011 e240 48a0 0000 0101 080a 01a8 6570        ... at H.........ep
 0x0030   008d a408                                      ....
 17:20:20.111825 d.e.f.smtp > a.b.c.49295: . ack 19 win 57920 
 <nop,nop,timestamp 9282571 27813232> (DF)
 0x0000   4500 0034 2893 4000 3d06 892a c2b2 3e7f        E..4(. at .=..*..>.
 0x0010   c14f c985 0019 c08f 7811 b0ae dc9c ee21        .O......x......!
 0x0020   8010 e240 489d 0000 0101 080a 008d a40b        ... at H...........
 0x0030   01a8 6570
 
 On Thursday, Apr 17, 2003, at 17:10 Europe/Amsterdam, Tony Finch wrote:
 > Rene de Vries <rene at tunix.nl> wrote:
 >>
 >> 	Print the payload of TCP packets in human-readable (ASCII)
 >> 	format. This can be usefull when debugging readable protocols
 >> 	(like SMTP, HTTP, etc).
 >
 > What's wrong with the -X option?
 >
 > Tony.
 --
 Rene de Vries <rene at tunix.nl>
 TUNIX Internet Security & Training
 


More information about the freebsd-bugs mailing list