Ethereal-users: Re: [Ethereal-users] ASCII Dump?

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

Date Index Thread Index Other Months All Mailing Lists
Date Prev Date Next Thread Prev Thread Next
From: Luke <secureboot@xxxxxxxxx>
Date: Thu, 17 Nov 2005 09:45:56 -0500
On Nov 16, 2005, at 2:26 PM, Guy Harris wrote:

Luke wrote:
How exactly do I need to call tethereal to get an ASCII dump instead of pcap binary format? I looked through the output formatting options, but couldn't figure out one that would be ASCII.
Well, first of all, "ASCII" is a character code, not a format. This mail message is ASCII, and so is ASCII art; just saying "ASCII" doesn't say enough about the format you want.
By *default*, tethereal writes to the standard output the summary information for the packet (i.e., the information you see in the packet list in Ethereal), as ASCII text (although it might include non-ASCII characters, e.g. UTF-8, at some point). There's no formatting option for that - the *absence* of formatting options requests that ("-w" is the option used to request pcap binary format).
The "-V" option makes it write to the standard output the detailed dissection (i.e., the information you see in the packet detail pane in Ethereal).
You say you want Kerberos packets written as "ASN.1 decoded, in ASCII format". I'm not sure what you mean by "ASN.1 decoded", but the detailed dissection of ASN.1-based protocols such as Kerberos is "ASN.1 decoded", and if you enable the detailed display of ASN.1 information by passing the flag "-o ber.show_internals:true", it'll show the ASN.1 BER encoding information, not just the encoded data.
However, you later say you want "hex or ASCII packets outputted, one per line" - the detailed dissection doesn't put the packets out "one per line", as each packet requires several lines.
What I'm looking for is for the packet to be ASN.1 decoded (i.e., only show the decoded data), and just have all bytes of the packet dumped, using ASCII character code. Basically, if a kerberos packet comes in, I want to see the string "krbtgt" (and all the other stuff that goes with the packet) in the dump file, not octal bytes, ASN.1 formatting junk, etc. Note that I also don't want any of the tethereal comments, dissection info, etc.
Is this possible with Tethereal? Obviously, tethereal can do all this decoding, since I see it being done during the dissection, I just want to know if it's possible to just dump the decoded packet.