Hi all,
Thanx for all your suggestions.
I have tried Martin's solution of the 'frame ' option, and found 9it to
be very simple to use. However, it can be quite time consuming and may
drop packets during a live capture > 15Mbps.
So, I wrote a simple pcap program to just do a string compare with the
supplied target pattern and the data at a user-input location in the
packet.
-----Original Message-----
From: ethereal-users-admin@xxxxxxxxxxxx
[mailto:ethereal-users-admin@xxxxxxxxxxxx] On Behalf Of
Alistair.McGlinchy@xxxxxxxxxxxxxxxxxxxxx
Sent: Thursday, May 08, 2003 2:40 AM
To: martin.visser@xxxxxx; teodarren@xxxxxxxxxxxxx;
ethereal-users@xxxxxxxxxxxx
Subject: RE: [Ethereal-users] searching for pattern in packets
Darren,
Martin's solution is good for this particular question, but in general I
often need to mung tethereal -x with the following hunk of perl
HTH
Alistair
# teth2txt.pl
# usage: tethereal -x [-r file.cap] | perl teth2txt.pl > out.txt
use strict;
# Use paragaphs as records
$/="\n\n";
my $summary;
while(<>) {
if (/^ *\d+\.\d+/) {
$summary=$_;
} elsif (
my @all_hex = map{split/ /} /
[\da-f]{3}0 # Three hex chars and an 0
\ {2} # Two spaces
(# Capture the hex code only
[\da-f]{2} # Two hex chars
(?:\ [\da-f]{2}) # followed by a
non-captured group of space and two hex chars
{0,15} # up to 15 more
times
)# End of hex code capture
\ {3,48} # Followed by (0*3 to
15*3)+3
spaces
[^\n]{0,16} # and up to 16 (non-\n)
chars
of decode
\n
/xsg) {
print $summary;
print @all_hex,"\n\n";
} else {
print STDERR "This text doesn't look right to me\n$_";
}
}
> -----Original Message-----
> From: Visser, Martin (Sydney) [mailto:martin.visser@xxxxxx]
> Sent: 07 May 2003 05:20
> To: darren; ethereal-users@xxxxxxxxxxxx
> Subject: RE: [Ethereal-users] searching for pattern in packets
>
>
> The command "tethereal -R 'frame[-2:]==08:10' " will display all
> frames that match your condition
>
> Martin Visser
> Network Consultant
> Technology & Infrastructure - Consulting & Integration
> HP Services
>
> 3 Richardson Place
> North Ryde, Sydney NSW 2113, Australia
> Phone *: +61-2-9022-1670 Mobile *: +61-411-254-513
> Fax 7: +61-2-9022-1800 E-mail * : martin.visserAThp.com
>
>
>
> -----Original Message-----
> From: darren [mailto:teodarren@xxxxxxxxxxxxx]
> Sent: Wednesday, 7 May 2003 1:28 PM
> To: ethereal-users@xxxxxxxxxxxx
> Subject: [Ethereal-users] searching for pattern in packets
>
>
> Hi all,
>
> I would like to check the last two bytes of every packet in
> one of my capture files for a particular pattern.
>
> i.e. i would like to know if the last two bytes in my packets
> contains 0x0810.
>
> Any good and efficient way to do this via tethereal or
> tcpdump in combination with grep?
>
> thanx in advance
-----------------------------------------------------------------------
Registered Office:
Marks & Spencer p.l.c
Michael House, Baker Street,
London, W1U 8EP
Registered No. 214436 in England and Wales.
Telephone (020) 7935 4422
Facsimile (020) 7487 2670
www.marksandspencer.com
Please note that electronic mail may be monitored.
This e-mail is confidential. If you received it by mistake, please let
us know and then delete it from your system; you should not copy,
disclose, or distribute its contents to anyone nor act in reliance on
this e-mail, as this is prohibited and may be unlawful.
The registered office of Marks and Spencer Financial Services PLC, Marks
and Spencer Unit Trust Management Limited, Marks and Spencer Life
Assurance Limited and Marks and Spencer Savings and Investments Limited
is Kings Meadow, Chester, CH99 9FB. Marks and Spencer Financial Services
is authorised and regulated by the Financial Services Authority.
_______________________________________________
Ethereal-users mailing list
Ethereal-users@xxxxxxxxxxxx
http://www.ethereal.com/mailman/listinfo/ethereal-users