Ethereal-users: Re: [Ethereal-users] ASCII Dump?

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

Date Index Thread Index Other Months All Mailing Lists
Date Prev Date Next Thread Prev Thread Next
From: Luke <secureboot@xxxxxxxxx>
Date: Fri, 18 Nov 2005 10:35:50 -0500

On Nov 17, 2005, at 1:48 PM, Guy Harris wrote:


Luke wrote:

On Nov 16, 2005, at 2:26 PM, Guy Harris wrote:
What I'm looking for is for the packet to be ASN.1 decoded (i.e., only show the decoded data), and just have all bytes of the packet dumped, using ASCII character code. 



I think I was a bit confusing before in what I was asking for -

What I'm looking for:
Just the TCP payload of a Kerberos packet, after ASN.1 decoding.
All Kerberos packets are ASN.1 encoded, to my knowledge. I'd rather not require users that will be using my tool to process these packets to have to download another tool that I've written to do the ASN.1 decoding of the packet, especially since Ethereal takes the ASN.1, interprets it correctly, and displays the Kerberos data, byte by byte, correctly, without any of the ASN.1 headers or ASN.1 information. Ethereal will be required anyway, and since it contains the functionality I need, I'm hoping to use it to do this particular type of packet capture. What I want to do is just have the Kerberos packet, without TCP/IP (and lower level) headers, after the ASN.1 has been decoded, dumped to a file.
Perhaps I'm misunderstanding how the ASN.1 encoding/decoding works. I was under the impression that ASN.1 added information to a data stream to support a correct transfer, and then that extra data was removed on the receiving side, leaving you with the data stream that was originally sent from the sender. So how I'm hoping tethereal will fit into this idea is that I'm hoping tethereal can take the TCP or UDP packet, depending on what Kerberos decides to use, take only the payload, do the ASN.1 decoding, and dump the result to a file. The reason I was even mentioning ACSII before is that usually when I see dumps of this type, I see them in pcap format, whereas what I'm actually looking for is just a straight dump of bytes to a file. When that happens, some of those bytes should display as ASCII characters (for instance, kerberos packets will contain "krb"). Other characters will not display as nicely.
Note that I do not want anything other than the ASN.1 decoded (if I'm understanding this correctly) Kerberos packet - no dissection information, no Ethernet headers, no ARP address, no dissection information (i.e., this field is a flag, this field is a principal, etc.). 

Has this cleared up my ambiguity?

Thanks for the help