Ethereal-users: Re: [Ethereal-users] Little Problem
Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.
From: C7 <c7.mail@xxxxxxxxx>
Date: Wed, 7 Dec 2005 11:15:35 +0000
I've tried the command:
$ tethereal.exe -i 2 -f "tcp port 3128" -R http.request.method=="GET" -c 20 -V > capture.txt
But I get this for just one packet:
Frame 1 (801 bytes on wire, 801 bytes captured)
Arrival Time: Dec 7, 2005 11:08:44.511925000
Time delta from previous packet: 0.000000000 seconds
Time since reference or first frame: 0.000000000 seconds
Frame Number: 1
Packet Length: 801 bytes
Capture Length: 801 bytes
Protocols in frame: eth:ip:tcp:http
Ethernet II, Src: 3com_4d:f1:68 (00:01:02:4d:f1:68), Dst: All-HSRP-routers_00 (00:00:0c:07:ac:00)
Destination: All-HSRP-routers_00 (00:00:0c:07:ac:00)
Source: 3com_4d:f1:68 (00:01:02:4d:f1:68)
Type: IP (0x0800)
Internet Protocol, Src: 192.168.231.169 (192.168.231.169), Dst: 193.137.16.172 (193.137.16.172)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
0000 00.. = Differentiated Services Codepoint: Default (0x00)
.... ..0. = ECN-Capable Transport (ECT): 0
.... ...0 = ECN-CE: 0
Total Length: 787
Identification: 0x2adf (10975)
Flags: 0x04 (Don't Fragment)
0... = Reserved bit: Not set
.1.. = Don't fragment: Set
..0. = More fragments: Not set
Fragment offset: 0
Time to live: 128
Protocol: TCP (0x06)
Header checksum: 0x527e [correct]
Good: True
Bad : False
Source: 192.168.231.169 (192.168.231.169)
Destination: 193.137.16.172 ( 193.137.16.172)
Transmission Control Protocol, Src Port: 1199 (1199), Dst Port: 3128 (3128), Seq: 0, Ack: 0, Len: 747
Source port: 1199 (1199)
Destination port: 3128 (3128)
Sequence number: 0 (relative sequence number)
Next sequence number: 747 (relative sequence number)
Acknowledgement number: 0 (relative ack number)
Header length: 20 bytes
Flags: 0x0018 (PSH, ACK)
0... .... = Congestion Window Reduced (CWR): Not set
.0.. .... = ECN-Echo: Not set
..0. .... = Urgent: Not set
...1 .... = Acknowledgment: Set
.... 1... = Push: Set
.... .0.. = Reset: Not set
.... ..0. = Syn: Not set
.... ...0 = Fin: Not set
Window size: 16809
Checksum: 0x3d97 [correct]
Hypertext Transfer Protocol
GET http://www.optimus.pt/SiteOptimus/img/includes/top/newlogo.gif HTTP/1.0\r\n
Request Method: GET
Request URI: http://www.optimus.pt/SiteOptimus/img/includes/top/newlogo.gif
Request Version: HTTP/1.0
Accept: */*\r\n
Referer: http://www.optimus.pt/Site+Optimus/Massmarket\r\n
Accept-Language: pt\r\n
Proxy-Connection: Keep-Alive\r\n
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)\r\n
Host: www.optimus.pt\r\n
Cookie: ASPSESSIONIDCCBABCST=CPKJFBHCLKBKLGHMJFPADPHH; ASP.NET_SessionId=jlk1giyvyh5zv5452gbfodjs ; ASINFO=60eb7a8dc9d32d8a48f0302a8466ebf17f36a98b498e91fa4808c0d628d3abeb0cbadd7593a2c6602000t-2lk0bbCZMt6BJtncKs7g00020hgldgbAV5l5ZjpndPqmZKi
\r\n
I just need the line that gives me the HOST, and eventualy the source and destination IP, and the hour. Do you know a option to add to the command or a display filter, that gives me only these things?
Thank you :)
$ tethereal.exe -i 2 -f "tcp port 3128" -R http.request.method=="GET" -c 20 -V > capture.txt
But I get this for just one packet:
Frame 1 (801 bytes on wire, 801 bytes captured)
Arrival Time: Dec 7, 2005 11:08:44.511925000
Time delta from previous packet: 0.000000000 seconds
Time since reference or first frame: 0.000000000 seconds
Frame Number: 1
Packet Length: 801 bytes
Capture Length: 801 bytes
Protocols in frame: eth:ip:tcp:http
Ethernet II, Src: 3com_4d:f1:68 (00:01:02:4d:f1:68), Dst: All-HSRP-routers_00 (00:00:0c:07:ac:00)
Destination: All-HSRP-routers_00 (00:00:0c:07:ac:00)
Source: 3com_4d:f1:68 (00:01:02:4d:f1:68)
Type: IP (0x0800)
Internet Protocol, Src: 192.168.231.169 (192.168.231.169), Dst: 193.137.16.172 (193.137.16.172)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
0000 00.. = Differentiated Services Codepoint: Default (0x00)
.... ..0. = ECN-Capable Transport (ECT): 0
.... ...0 = ECN-CE: 0
Total Length: 787
Identification: 0x2adf (10975)
Flags: 0x04 (Don't Fragment)
0... = Reserved bit: Not set
.1.. = Don't fragment: Set
..0. = More fragments: Not set
Fragment offset: 0
Time to live: 128
Protocol: TCP (0x06)
Header checksum: 0x527e [correct]
Good: True
Bad : False
Source: 192.168.231.169 (192.168.231.169)
Destination: 193.137.16.172 ( 193.137.16.172)
Transmission Control Protocol, Src Port: 1199 (1199), Dst Port: 3128 (3128), Seq: 0, Ack: 0, Len: 747
Source port: 1199 (1199)
Destination port: 3128 (3128)
Sequence number: 0 (relative sequence number)
Next sequence number: 747 (relative sequence number)
Acknowledgement number: 0 (relative ack number)
Header length: 20 bytes
Flags: 0x0018 (PSH, ACK)
0... .... = Congestion Window Reduced (CWR): Not set
.0.. .... = ECN-Echo: Not set
..0. .... = Urgent: Not set
...1 .... = Acknowledgment: Set
.... 1... = Push: Set
.... .0.. = Reset: Not set
.... ..0. = Syn: Not set
.... ...0 = Fin: Not set
Window size: 16809
Checksum: 0x3d97 [correct]
Hypertext Transfer Protocol
GET http://www.optimus.pt/SiteOptimus/img/includes/top/newlogo.gif HTTP/1.0\r\n
Request Method: GET
Request URI: http://www.optimus.pt/SiteOptimus/img/includes/top/newlogo.gif
Request Version: HTTP/1.0
Accept: */*\r\n
Referer: http://www.optimus.pt/Site+Optimus/Massmarket\r\n
Accept-Language: pt\r\n
Proxy-Connection: Keep-Alive\r\n
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)\r\n
Host: www.optimus.pt\r\n
Cookie: ASPSESSIONIDCCBABCST=CPKJFBHCLKBKLGHMJFPADPHH; ASP.NET_SessionId=jlk1giyvyh5zv5452gbfodjs ; ASINFO=60eb7a8dc9d32d8a48f0302a8466ebf17f36a98b498e91fa4808c0d628d3abeb0cbadd7593a2c6602000t-2lk0bbCZMt6BJtncKs7g00020hgldgbAV5l5ZjpndPqmZKi
\r\n
I just need the line that gives me the HOST, and eventualy the source and destination IP, and the hour. Do you know a option to add to the command or a display filter, that gives me only these things?
Thank you :)
2005/12/6, LEGO <luis.ontanon@xxxxxxxxx>:
> I'm working with tethereal and the command that i've made is this:
>
> tethereal.exe -i 2 -f "tcp port 3128" -R http.request.method=="GET" -w
> capture.txt -c 20
>
> But when i open the file, i can't read the first line:
the -w option specifies the name of a *capture file* in which to save
the filtered output. So what you are doing is to create a filtered
capture file that can be opened with (at least) ethereal.
If you want to save the TEXT output of tethereal you want to call it as
$ tethereal.exe -i 2 -f "tcp port 3128" -R http.request.method=="GET"
-c 20 -V > capture.txt
that way the text output gets redirected to capture.txt . Note that I
added the -V option so that the dissection tree appears in the file If
you want just the summary you can supress it.
L
--
This information is top security. When you have read it, destroy yourself.
-- Marshall McLuhan
_______________________________________________
Ethereal-users mailing list
Ethereal-users@xxxxxxxxxxxx
http://www.ethereal.com/mailman/listinfo/ethereal-users
- Follow-Ups:
- Re: [Ethereal-users] Little Problem
- From: Guy Harris
- Re: [Ethereal-users] Little Problem
- References:
- [Ethereal-users] Little Problem
- From: C7
- Re: [Ethereal-users] Little Problem
- From: LEGO
- [Ethereal-users] Little Problem
- Prev by Date: [Ethereal-users] HTTP Packets on a Virtual Machine
- Next by Date: Re: [Ethereal-users] Little Problem
- Previous by thread: Re: [Ethereal-users] Little Problem
- Next by thread: Re: [Ethereal-users] Little Problem
- Index(es):