Hamish Moffatt wrote:
Alternatively, use text2pcap to convert a hex dump into tcpdump format.
I have written perl scripts to convert from a variety of custom
text dump formats into something text2pcap can read. Works really well.
Does the (undocumented) Cisco 'debug ip packet dump' format happen to be
among them? If so, I'd be very interested in a copy. I have cobbled up a
shell script to convert that, but it's slow and ugly.
The output looks like this:
Nov 13 10:04:00.805 UTC: IP: s=135.85.64.155 (BVI64), d=255.255.255.255, len 351, rcvd 2
03601480: FFFF FFFFFFFF ......
03601490: 0008C786 EC770800 4500015F 46170000 ..G.lw..E.._F...
036014A0: 7F112C87 8755409B FFFFFFFF 00430044 ..,[email protected]
036014B0: 014B46F9 02010600 8700EA50 00000000 .KFy......jP....
036014C0: 00000000 875549FC 00000000 00000000 .....UI|........
036014D0: 0060978B 00AB0000 00000000 00000000 .`...+..........
036014E0: 00000000 00000000 00000000 00000000 ................
036014F0: 00000000 00000000 00000000 00000000 ................
03601500: 00000000 00000000 00000000 00000000 ................
03601510: 00000000 00000000 00000000 00000000 ................
03601520: 00000000 00000000 00000000 00000000 ................
03601530: 00000000 00000000 00000000 00000000 ................
03601540: 00000000 00000000 00000000 00000000 ................
03601550: 00000000 00000000 00000000 00000000 ................
03601560: 00000000 00000000 00000000 00000000 ................
03601570: 00000000 00000000 00000000 00000000 ................
03601580: 00000000 00000000 00000000 00000000 ................
03601590: 00000000 00000000 00000000 00000000 ................
036015A0: 63825363 3501053A 04000151 803B0400 c.Sc5..:...Q.;..
This is a DHCP ACK from 135.85.64.155.
Regards,
Marco.