TCPDUMP-UNHD(LOCAL) TCPDUMP-UNHD(LOCAL)
NAME
tcpdump-unhd - unhex and bold tcpdump data
SYNOPSIS
tcpdump -x | tcpdump-unhd
DESCRIPTION
tcpdump-unhd takes output from tcpdump -x and converts
the hex dump of packet data to a highlighted hex/ascii
dump where the actual data bytes in the tcp stream (if
any) are highlighted.
EXAMPLE
(sleep 3; echo GET /bad/url | nc server 80 > /dev/null) &
tcpdump -N -x host server | tcpdump-unhd | less -r
...
15:24:06.301911 client.38898 > server.http: P 1:14(13) ack 1 win 5840 (DF)
45 00 00 35 c2 c6 40 00 40 06 d4 01 80 5f 87 6a | E..5..@.@...._.j
8c 8e 0f a3 97 f2 00 50 d2 4a 84 d4 aa 4b b9 91 | .......P.J...K..
50 18 16 d0 c9 a7 00 00 47 45 54 20 2f 62 61 64 | P.......GET /bad
2f 75 72 6c 0a | /url.
15:24:06.328220 server.http > client.38898: . ack 14 win 33580 (DF)
45 00 00 28 89 1b 40 00 3a 06 13 ba 8c 8e 0f a3 | E..(..@.:.......
80 5f 87 6a 00 50 97 f2 aa 4b b9 91 d2 4a 84 e1 | ._.j.P...K...J..
50 10 83 2c 35 61 00 00 00 00 00 00 00 00 | P..,5a........
15:24:06.464252 server.http > client.38898: P 1:864(863) ack 14 win 33580 (DF)
45 00 03 87 89 3b 40 00 3a 06 10 3b 8c 8e 0f a3 | E....;@.:..;....
80 5f 87 6a 00 50 97 f2 aa 4b b9 91 d2 4a 84 e1 | ._.j.P...K...J..
50 18 83 2c 09 b3 00 00 3c 68 74 6d 6c 3e 0a 3c | P..,....<html>.<
68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 55 52 4c | head>.<title>URL
20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c | Not Found</titl
...
SEE ALSO
tcpdump(1), bold2html(l)
AUTHOR
Corey Satten - corey @ cac.washington.edu
BUGS
Handling of "IP options" (if any) in the TCP packets is
not yet implemented. (This is unfinished work but I still
find it useful).
TCPDUMP-UNHD(LOCAL)