David,
> I want to search the user portion of the IP frame for
> specific text or binary strings. How can I do this??
Here's how I do it with perl and tethereal
(Note: this won't work with 0.10a on Win32 due to bug in -x )
# usage tethereal -x -r file.trc | perl BinEthSearch.pl
use strict;
# Put your regex here.
my $search = qr/put your search regex here/i;
my $prev_pkt;
my $bin;
while(<>) {
# Is this a packet summary line?
if (/\d+(?:\.\d+){3} \-\> \d+(?:\.\d+){3}/) {
# First report any previous matches
print "Match for : $prev_pkt\n" if $bin =~ $search;
$prev_pkt=$_;
$bin="";
} elsif (/[0-9a-f]{4}\s+(?:[0-9a-f]{2} ){1,16}\s+([^\s]*)/) {
$bin.=$1;
}
}
-----------------------------------------------------------------------
Registered Office:
Marks & Spencer p.l.c
Michael House, Baker Street,
London, W1U 8EP
Registered No. 214436 in England and Wales.
Telephone (020) 7935 4422
Facsimile (020) 7487 2670
www.marksandspencer.com
Please note that electronic mail may be monitored.
This e-mail is confidential. If you received it by mistake, please let us know and then delete it from your system; you should not copy, disclose, or distribute its contents to anyone nor act in reliance on this e-mail, as this is prohibited and may be unlawful.
The registered office of Marks and Spencer Financial Services PLC, Marks and Spencer Unit Trust Management Limited, Marks and Spencer Life Assurance Limited and Marks and Spencer Savings and Investments Limited is Kings Meadow, Chester, CH99 9FB. These firms are authorised and regulated by the Financial Services Authority.