Ethereal-users: RE: [Ethereal-users] How to use tethereal to display TCP data?
Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.
From: "Visser, Martin (Sydney)" <martin.visser@xxxxxx>
Date: Thu, 24 Jul 2003 11:30:41 +1000
Title: Message
Mike,
I was
hoping to be able to do tethereal -z proto,colinfo,tcp.data,tcp.data but
unfortunately the tcp dissector doesn't allow you to filter on that field (a
prerequisite for the -z proto function to work). So tcp.data doesn't exist as a
field per se.
On
closer inspection it seems that -V won't work for you with the current
Tethereal. If there is a higher layer protocol on top of TCP detected it
will be decoded, eg HTTP, -V then will show the HTTP decode, but not the TCP
data. (Ethereal can turn off protocol decodes but tethereal can't
AFAIK)
In
that case, I can only suggest :-
1.
Configure Ethereal to only decode TCP (disabling other
protocols)
2. Use
"print to text" to dump the decode.
3. Use
a Perl Script (or such) to find the TCP data field and munge it
into the format you want (hex, ascii or otherwise)
BTW
There was a script running around the used the -x function to munge together the
full packet contents. This is useful for searching for a string and
such.
Martin
Martin
Visser
,CISSP
Network and
Security Consultant
Technology &
Infrastructure - Consulting & Integration
HP
Services
3 Richardson Place
North Ryde, Sydney NSW 2113,
Australia
Phone (: +61-2-9022-1670 Mobile È: +61-411-254-513
Fax 7: +61-2-9022-1800 E-mail + : martin.visserAThp.com
-----Original Message-----
From: Mike Blake-Knox [mailto:MBlake-Knox@xxxxxxxxxxxx]
Sent: Thursday, 24 July 2003 1:08 AM
To: Visser, Martin (Sydney); ethereal-users@xxxxxxxxxxxx
Subject: RE: [Ethereal-users] How to use tethereal to display TCP data?That prints the entire protocol tree which is much more than I want.Does the data/payload of a TCP message have a field name? It's not shown among the list of field names for TCP.Thanks.Mike Blake-Knoxemail: MBlake-Knox@xxxxxxxxxxxxTSYS Office: (706) 644-3643cellphone: (919) 280-4436-----Original Message-----
From: Visser, Martin (Sydney) [mailto:martin.visser@xxxxxx]
Sent: Tuesday, July 22, 2003 7:09 PM
To: Mike Blake-Knox; ethereal-users@xxxxxxxxxxxx
Subject: RE: [Ethereal-users] How to use tethereal to display TCP data?Try using "tethereal -V"Martin Visser ,CISSP
Network and Security Consultant
Technology & Infrastructure - Consulting & Integration
HP Services
3 Richardson Place
North Ryde, Sydney NSW 2113, Australia
Phone (: +61-2-9022-1670 Mobile È: +61-411-254-513
Fax 7: +61-2-9022-1800 E-mail + : martin.visserAThp.com-----Original Message-----
From: Mike Blake-Knox [mailto:MBlake-Knox@xxxxxxxxxxxx]
Sent: Wednesday, 23 July 2003 1:37 AM
To: ethereal-users@xxxxxxxxxxxx
Subject: [Ethereal-users] How to use tethereal to display TCP data?How can I use tethereal to display TCP Data (what would show up under Data field in the tree view display?ThanksMike Blake-Knoxemail: MBlake-Knox@xxxxxxxxxxxxTSYS Office: (706) 644-3643cellphone: (919) 280-4436
- Prev by Date: Re: [Ethereal-users] Error on compiling glib
- Next by Date: Re: [Ethereal-users] IGMP v1 or v2?
- Previous by thread: RE: [Ethereal-users] How to use tethereal to display TCP data?
- Next by thread: RE: [Ethereal-users] How to use tethereal to display TCP data?
- Index(es):