.TH TCPDUMP-UNHD LOCAL .UC 4 .SH NAME tcpdump-unhd \- unhex and bold tcpdump data .SH SYNOPSIS .B tcpdump -x | tcpdump-unhd .SH DESCRIPTION .PP .B tcpdump-unhd takes output from .B tcpdump " -x " and converts the hex dump of packet data to a highlighted hex/ascii dump where the actual data bytes in the tcp stream (if any) are highlighted. .SH EXAMPLE .B (sleep 3; echo GET /bad/url | nc server 80 > /dev/null) & .br .B tcpdump -N -x host server | tcpdump-unhd | less -r .\" ### initiate asis block ### .nr UU \n(.u \"asis block ### .nf \"asis block ### \&... \&15:24:06.301911 client.38898 > server.http: P 1:14(13) ack 1 win 5840 (DF) \& 45 00 00 35 c2 c6 40 00 40 06 d4 01 80 5f 87 6a | E..5..@.@...._.j \& 8c 8e 0f a3 97 f2 00 50 d2 4a 84 d4 aa 4b b9 91 | .......P.J...K.. \& 50 18 16 d0 c9 a7 00 00 47 45 54 20 2f 62 61 64 | P.......\fIGET /bad\fP \& 2f 75 72 6c 0a | \fI/url.\fP \& \&15:24:06.328220 server.http > client.38898: . ack 14 win 33580 (DF) \& 45 00 00 28 89 1b 40 00 3a 06 13 ba 8c 8e 0f a3 | E..(..@.:....... \& 80 5f 87 6a 00 50 97 f2 aa 4b b9 91 d2 4a 84 e1 | ._.j.P...K...J.. \& 50 10 83 2c 35 61 00 00 00 00 00 00 00 00 | P..,5a........ \& \&15:24:06.464252 server.http > client.38898: P 1:864(863) ack 14 win 33580 (DF) \& 45 00 03 87 89 3b 40 00 3a 06 10 3b 8c 8e 0f a3 | E....;@.:..;.... \& 80 5f 87 6a 00 50 97 f2 aa 4b b9 91 d2 4a 84 e1 | ._.j.P...K...J.. \& 50 18 83 2c 09 b3 00 00 3c 68 74 6d 6c 3e 0a 3c | P..,....\fI.<\fP \& 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 55 52 4c | \fIhead>.URL\fP \& 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c | \fI Not Found</titl\fP \&... .if \n(UU .fi \"asis block ### .\" ### complete asis block ### .SH SEE ALSO tcpdump(1), bold2html(l) .SH AUTHOR Corey Satten \- corey @ cac.washington.edu .SH BUGS Handling of "IP options" (if any) in the TCP packets is not yet implemented. (This is unfinished work but I still find it useful).