Ethereal-users: RE: [Ethereal-users] How to use tethereal to display TCP data?

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

Date Index Thread Index Other Months All Mailing Lists
Date Prev Date Next Thread Prev Thread Next
From: "Mike Blake-Knox" <MBlake-Knox@xxxxxxxxxxxx>
Date: Thu, 24 Jul 2003 09:29:48 -0400
Title: Message
Thanks.
 
I guess I'll need to use -x plus a "munging" script.
 
 
Mike Blake-Knox
TSYS Office: (706) 644-3643
cellphone: (919) 280-4436
-----Original Message-----
From: Visser, Martin (Sydney) [mailto:martin.visser@xxxxxx]
Sent: Wednesday, July 23, 2003 9:31 PM
To: Mike Blake-Knox; ethereal-users@xxxxxxxxxxxx
Subject: RE: [Ethereal-users] How to use tethereal to display TCP data?

Mike,
 
 
I was hoping to be able to do tethereal -z proto,colinfo,tcp.data,tcp.data but unfortunately the tcp dissector doesn't allow you to filter on that field (a prerequisite for the -z proto function to work). So tcp.data doesn't exist as a field per se.
 
On closer inspection it seems that -V won't work for you with the current Tethereal. If there is a higher layer protocol on top of TCP detected it will be decoded, eg HTTP, -V then will show the HTTP decode, but not the TCP data. (Ethereal can turn off protocol decodes but tethereal can't AFAIK)
 
In that case, I can only suggest :-
 
1. Configure Ethereal to only decode TCP (disabling other protocols)
2. Use "print to text" to dump the decode.
3. Use a Perl Script  (or such) to find the TCP data field and munge it into the format you want (hex, ascii or otherwise)
 
BTW There was a script running around the used the -x function to munge together the full packet contents. This is useful for searching for a string and such.

 Martin

Martin Visser ,CISSP
Network and Security Consultant
Technology & Infrastructure - Consulting & Integration
HP Services

3 Richardson Place
North Ryde, Sydney NSW 2113, Australia
Phone (: +61-2-9022-1670    Mobile È: +61-411-254-513
   Fax 7: +61-2-9022-1800     E-mail + : martin.visserAThp.com

-----Original Message-----
From: Mike Blake-Knox [mailto:MBlake-Knox@xxxxxxxxxxxx]
Sent: Thursday, 24 July 2003 1:08 AM
To: Visser, Martin (Sydney); ethereal-users@xxxxxxxxxxxx
Subject: RE: [Ethereal-users] How to use tethereal to display TCP data?

That prints the entire protocol tree which is much more than I want.
 
Does the data/payload of a TCP message have a field name? It's not shown among the list of field names for TCP.
 
Thanks.
 
 
Mike Blake-Knox
TSYS Office: (706) 644-3643
cellphone: (919) 280-4436
-----Original Message-----
From: Visser, Martin (Sydney) [mailto:martin.visser@xxxxxx]
Sent: Tuesday, July 22, 2003 7:09 PM
To: Mike Blake-Knox; ethereal-users@xxxxxxxxxxxx
Subject: RE: [Ethereal-users] How to use tethereal to display TCP data?

Try using "tethereal -V"

Martin Visser ,CISSP
Network and Security Consultant
Technology & Infrastructure - Consulting & Integration
HP Services

3 Richardson Place
North Ryde, Sydney NSW 2113, Australia
Phone (: +61-2-9022-1670    Mobile È: +61-411-254-513
   Fax 7: +61-2-9022-1800     E-mail + : martin.visserAThp.com

-----Original Message-----
From: Mike Blake-Knox [mailto:MBlake-Knox@xxxxxxxxxxxx]
Sent: Wednesday, 23 July 2003 1:37 AM
To: ethereal-users@xxxxxxxxxxxx
Subject: [Ethereal-users] How to use tethereal to display TCP data?

How can I use tethereal to display TCP Data (what would show up under Data field in the tree view display?
 
Thanks
 
Mike Blake-Knox
TSYS Office: (706) 644-3643
cellphone: (919) 280-4436