LinuxQuestions.org
View the Most Wanted LQ Wiki articles.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices

Reply
 
Search this Thread
Old 05-24-2005, 10:03 AM   #1
Palula
Member
 
Registered: May 2005
Location: Brazil
Distribution: Fedore Core 3
Posts: 138

Rep: Reputation: 15
Question Tcpdump(ing) MSN in a readable form.


Hi there.

Ive been searching through the man pages of tcpdump a possible way for me to sniff the packets originated by msn (conversations) and I havent been possible to understand a thing that appears as a result of the tcpdump command line used.

My main question is: Is it possible for me to read conversations originated by msn with tcpdump? If yes, then what would be the syntax for me to put in the command line?

The command line Ive been using, that so far looks the best in the man pages is this:

tcpdump -w dump.txt -x tcp port 1863

Which creates a text file with all the sniffing and I can later read it. But it is full of unreadble and meaningless symbols.

Again: "Id like to see/read conversations."
Thank you guys.
 
Old 05-24-2005, 03:41 PM   #2
Mara
Moderator
 
Registered: Feb 2002
Location: Grenoble
Distribution: Debian
Posts: 9,535

Rep: Reputation: 148Reputation: 148
Open the file in a tool like Ethreal. Search for an option to see 'application data' or similar.
 
Old 05-24-2005, 04:00 PM   #3
Palula
Member
 
Registered: May 2005
Location: Brazil
Distribution: Fedore Core 3
Posts: 138

Original Poster
Rep: Reputation: 15
Really Would Like have the Knowledge in tcpdump

Ok, so as I heard (Im a newbie), Ethereal is one of the best programs for packet sniffing and net analyzing on the web. But the problem is that I would like to stick to the Linux native apps.

Mainly: Is it possible to do this in tcpdump? Because if it isnt then my question is answered and I will naturally move on to another step and try to initiate myself on installing new software, worrying about dependencies etc...

Thanks.
 
Old 05-25-2005, 04:53 PM   #4
Mara
Moderator
 
Registered: Feb 2002
Location: Grenoble
Distribution: Debian
Posts: 9,535

Rep: Reputation: 148Reputation: 148
tcpdump run from command line is used (and designed) to view packet headers, not content. You want content, not headers. I don't see an option in tcpdump to show packets without headers. It means you need to get the traces and then process them using an external tool to get what you want.
 
Old 05-25-2005, 05:46 PM   #5
bulliver
Senior Member
 
Registered: Nov 2002
Location: Edmonton AB, Canada
Distribution: Gentoo x86; Gentoo PPC; Gentoo Sparc64; FreeBSD; OS X; Solaris
Posts: 3,731
Blog Entries: 4

Rep: Reputation: 66
Something along the lines of:

$ strings < package.dump | grep expression

will do it. You just need to have a gander at the package.dump file manually to find a suitable expression to identify the data you want. For example:

$ strings < package.dump | grep -A8 "HTTP/1.1"

will print 8 lines of each http header it finds.
 
Old 05-26-2005, 04:15 PM   #6
Mara
Moderator
 
Registered: Feb 2002
Location: Grenoble
Distribution: Debian
Posts: 9,535

Rep: Reputation: 148Reputation: 148
It should usually give good results, but may be not enough when data (one message) is divided by different packets. You can try as bulliver suggests and see if it works in your case.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
To call a new form from Current form in QT Desginer kiranbud Linux - Software 0 11-25-2005 11:56 PM
shell script works form command line but not form crontab saifee General 1 10-14-2004 10:27 AM
how do I copy a whoel folder form one directory to another form the command line? zwyrbla Linux - Newbie 8 08-24-2004 06:40 PM
I want Linux source code for FAT file system in user readable form not in binary form ramya272 Linux - Newbie 5 02-05-2004 07:54 PM
how can install TCL/TK latest pakege in tar.gz form for msn mobassir Linux - Software 13 10-22-2003 08:36 AM


All times are GMT -5. The time now is 05:34 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration