#!/usr/local/bin/perl5

# Postprocess output of tcpdump -x to unhex and embolden the actual TCP data
# This script is unfinished but is still useful.
#
# Corey Satten, corey @ cac.washington.edu, 3/31/00
# http://staff.washington.edu/corey

$SIG{"INT"} = "IGNORE";

$bold = "\033[7m";
$norm = "\033[m";
while(<>) {
    if (/^\s+([0-9a-f]{4})/) {
	chop;
	s/\s+//g;
	$t = $_;

	$ip_hlen = substr($_,1,1) if ($cnt == 0);
	$dat_off = 20 + 4*substr($_,0,1) if ($cnt == 32 && $ip_hlen eq '5');

	# s/../$& /g;
	$_ = join(' ', /../g);

	# $t =~ s/../($& ge '20' && $& le '7e') ? pack('c',hex($&)) : '.'/eg;
	$t = join('',map($_ ge '20'&& $_ le '7e'? chr hex($_): '.', $t=~/../g));

	$t_len = length($t);
	if ($len > 0 && $cnt + $t_len > $dat_off && $cnt < $dat_off + $len) {
	    $ins = $dat_off - $cnt;
	    $ins = 0 if ($ins < 0);
	    $t = substr($t,0,$ins) . $bold . substr($t,$ins);

	    $ins = $dat_off - $cnt + $len + length($bold);
	    $t = substr($t,0,$ins) . $norm . substr($t,$ins);
	    }
	$cnt += $t_len;
	printf("\t%-48s| %s\n", $_, $t);
	}
    else {
	$dat_off = 9999;
	$len = $cnt = 0;
	if (/\d+:\d+\((\d+)\)/) {
	    $len = $1;
	    }
	print;
	}
    }