Ethereal-users: Re: [Ethereal-users] Help getting text out of packets

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

Date Prev · Date Next · Thread Prev · Thread Next
Date Index · Thread Index · Other Months · All Mailing Lists
From: Guy Harris <guy@xxxxxxxxxxxx>
Date: Tue, 29 Jul 2003 22:45:10 -0700
On Sun, Jul 27, 2003 at 11:01:29AM -0400, Aman Singer wrote:
> 	My apologies for asking such a simple question, but I'm having
> difficulties getting Ethereal to give me packets as text. That is,
> though I get the source and destination addresses and ports, I get hex
> data, or what looks like hex data, when I try to decode the packet. Is
> there any way to get the text, that is, the commands sent by the client
> to the server or the responses, into a text file?
> 	Let me say that I'm totally blind, so would really appreciate
> keyboard commands, as my screen reader doesn't like the GUI that
> Ethereal uses, for some reason.

Do you mean keyboard commands in Ethereal (operating the GUI from the
keyboard), or do you mean a command such as Tethereal?

And by "text" do you mean dumping, for example, the payload of packets
as raw text (which works for text-oriented protocols such as SMTP, FTP,
HTTP, and so forth, although if what's being transported over HTTP isn't
text, but images, that doesn't work as well), or do you mean seeing a
text-oriented dissection of packets, whether they're text protocols or
not, such as

	Frame 1 (60 bytes on wire, 60 bytes captured)
	    Arrival Time: May 19, 1999 17:48:39.708517000
	    Time delta from previous packet: 0.000000000 seconds
	    Time relative to first packet: 0.000000000 seconds
	    Frame Number: 1
	    Packet Length: 60 bytes
	    Capture Length: 60 bytes
	Ethernet II, Src: 00:00:0c:ab:cd:ef, Dst: ff:ff:ff:ff:ff:ff
	    Destination: ff:ff:ff:ff:ff:ff (ff:ff:ff:ff:ff:ff)
	    Source: 00:00:0c:ab:cd:ef (00:00:0c:ab:cd:ef)
	    Type: ARP (0x0806)
	    Trailer: 00000000000000000000000000000000...
	Address Resolution Protocol (request)
	    Hardware type: Ethernet (0x0001)
	    Protocol type: IP (0x0800)
	    Hardware size: 6
	    Protocol size: 4
	    Opcode: request (0x0001)
	    Sender MAC address: 00:00:0c:ab:cd:ef (00:00:0c:ab:cd:ef)
	    Sender IP address: 192.168.0.1 (192.168.0.1)
	    Target MAC address: 00:00:00:00:00:00 (00:00:00:00:00:00)
	    Target IP address: 192.168.0.255 (192.168.0.255)

If you mean the latter, then either running Tethereal with the "-V"
flag, or doing an Ethereal "print to file" operation, can produce that.