LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Networking (https://www.linuxquestions.org/questions/linux-networking-3/)
-   -   netcat / tcpdump howto do (https://www.linuxquestions.org/questions/linux-networking-3/netcat-tcpdump-howto-do-584339/)

saavik 09-13-2007 01:31 AM

netcat / tcpdump howto do
 
Hello !

I use

Quote:

/usr/sbin/tcpdump -i br0 port 4003 -n -X -s 1500 -tttt
to see the contend of my ip-packages passing port 4003.

It`s ok, but I would like to have a tool (maybe netcat) which only gives me the contend, and not the whole packages with the header (which i do not need).

Could somebody help me ?

netguy2000 09-13-2007 02:56 AM

I am not an expert of tcpdump , but I think you need to use "head" & "tail" command to crop your output of tcpdump command line. with "|" sign.


Regards,
Rizwan.

saavik 09-13-2007 03:18 AM

well i tought of that allready but as there are cr/lf in the output, so there is no chance for cut/grep to make it right.

saavik 09-13-2007 06:02 AM

well i found out that what i want can be done by

tcpdump -X


but this not only shows the data but also the header. Is there a possibility to only get the data of the tcp-Package ?

win32sux 09-13-2007 07:21 AM

I just tried a quick grep on your original command and I didn't seem to have any issues.

saavik 09-13-2007 07:33 AM

i get

Quote:

2007-09-14 04:30:01.242109 IP xxxxxxx > xxxxx.1056: P 38963:39009(46) ack 1 win 4096
0x0000: 4500 0056 1fda 0000 3c06 0d78 0a0a 14ee E..V....<..x....
0x0010: 0a28 2831 0fa3 0420 6463 aa6e aaa2 9a4d .((1....dc.n...M
0x0020: 5018 1000 894b 0000 4558 3030 3034 3830 P....K..EX000480
0x0030: 3030 3038 3638 3130 3139 3030 3030 3030 0008681019000000
0x0040: 3030 3030 3030 3430 3239 3030 3030 3030 0000004029000000

and i want

Quote:

EX0004800008681019000000

win32sux 09-13-2007 07:58 AM

That's isolating the last column and stripping the newline characters, no?
Code:

grep -v ^2007 | awk '{print $10}' | tr -d '\n'

saavik 09-13-2007 09:09 AM

Yes,

that would be it, nearly, as I need to seperate the different packages, which would begin with 'EX'.

But I think i can add that cr/lf before the 'EX'.

Thanks so far!

win32sux 09-13-2007 08:44 PM

Quote:

Originally Posted by saavik (Post 2890677)
that would be it, nearly, as I need to seperate the different packages, which would begin with 'EX'.

But I think i can add that cr/lf before the 'EX'.

Yeah, sounds like a job for sed, I think. Let us know how it goes!

win32sux 09-18-2007 05:34 AM

Hi saavik. Just wondering how it went with this. Did you use sed?


All times are GMT -5. The time now is 07:11 PM.