Ethereal-users: Re: [Ethereal-users] Follow TCP stream behaviour from 0.10.4 and 0.10.7
glm_mbx-usr@xxxxxxxx wrote:
Hi,
i've noticed a difference in behaviour from the above releases.
In fact saving ASCII data in 0.10.4 saves unformatted (raw data) to file, from 0.10.5 up
to 0.10.7 saves formatting (CR-LF) and periods (instead of non-printable) in file.
The resulting file from newer releases is unusable (due to formatting) and Hex Dump bring
to error-prone process to convert from hex to original raw data.
Why this change in save TCP stream data from 0.10.4 in newer releases?
Because non-printable bytes cause all sorts of different errors on
different systems. Converting them to periods is pretty standard in hex
dump programs. It is the hex that is authoritative.
Converting hex to the original data is not that hard.
"Follow TCP Stream", "Hex Dump", "Save As"
With your editor of choice:
- remove unwanted lines.
- leave all leading spaces on the remaining lines.
- replace any unwanted hex pairs with 2 spaces.
Run the attached perl script. You'll have 2 new files. One for each end
of the conversation.
I just tried this extracting a mime encoded jpeg inside a mail message.
Works perfectly.
--
There's no point in being grown up if you can't be childish sometimes.
-- Dr. Who
#!/usr/bin/perl -w
# Copyright Andrew J Hood 2004
# Released under the same terms as Ethereal
$file1=shift() || die "usage: $arg0 <outfile1> <outfile2> <hexdata>\n";
$file2=shift() || die "usage: $arg0 <outfile1> <outfile2> <hexdata>\n";
$hex =shift() || die "usage: $arg0 <outfile1> <outfile2> <hexdata>\n";
open HEXD,$hex || die "open $hex: $!\n";
open OUT1,">$file1" || die "open $file1: $!\n";
open OUT2,">$file2" || die "open $file2: $!\n";
while(<HEXD>) {
chomp();
next unless $_; # blank lines
*TGT=(m/^\s/o)?*OUT2:*OUT1;
s/^\s+//o;
$_=substr($_,0,58);
($off,@a)=split();
foreach (@a) {
print TGT pack('H2',$_);
}
}
close OUT2;
close OUT1;
close HEXD;