LinuxQuestions.org
Download your favorite Linux distribution at LQ ISO.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices


Reply
  Search this Thread
Old 12-13-2008, 04:24 PM   #1
doshirohan
LQ Newbie
 
Registered: Dec 2008
Posts: 3

Rep: Reputation: 0
How to dump packet data on shell


Hello experts here,

I know how to capture packets in userspace using libipq.h and netfilter architecture. I got packet in buffer using ipq_read and converted it to ipq_packet_msg_t. I want to display data part of its payload. I want to skip the header part containing tcp and ip header and show only data contained in the packet. Can anybody help me to do this.

Last edited by doshirohan; 12-13-2008 at 04:28 PM.
 
Old 01-07-2009, 09:57 AM   #2
angel115
Member
 
Registered: Jul 2005
Location: France / Ireland
Distribution: Debian mainly, and Ubuntu
Posts: 533

Rep: Reputation: 79
Did you have a look to TCPdump?

Angel
 
Old 01-08-2009, 12:05 PM   #3
doshirohan
LQ Newbie
 
Registered: Dec 2008
Posts: 3

Original Poster
Rep: Reputation: 0
Well that is quite nice tool to display all packets on the kernel.
But actually I want to display and analyse the packet fields such as src and dest. addresses and others.
Is there any other way.
Quote:
Originally Posted by angel115 View Post
Did you have a look to TCPdump?

Angel
 
Old 01-12-2009, 10:01 AM   #4
angel115
Member
 
Registered: Jul 2005
Location: France / Ireland
Distribution: Debian mainly, and Ubuntu
Posts: 533

Rep: Reputation: 79
Hi doshirohan,

Did you try the following:
Code:
tcpdump -xx -n -i eth0
It will display the source, destination as well as the content of the packet in HEX.

Sample below:
Code:
15:52:58.903797 IP 10.26.9.120.55259 > 222.75.39.28.48985: . ack 884649 win 2351 <nop,nop,timestamp 798491 809134559>
	0x0000:  000e 0c76 be7b 0013 72a3 8a51 08f0 4500
	0x0010:  0034 b3f9 4000 4006 7ad1 0a1a 0978 d44b
	0x0020:  241c d7db bf59 76ef 945f dfc3 8627 8010
	0x0030:  092f 8fe4 0000 0101 080a 000c 2f1b 303a
	0x0040:  69df
15:52:58.936274 IP 222.75.39.28.48985 > 10.26.9.120.55259: . 884649:886097(1448) ack 1 win 46 <nop,nop,timestamp 809134572 798483>
	0x0000:  0013 72a3 8a51 000e 0c76 be7b 08f0 4500
	0x0010:  05dc 69c8 4000 3806 c75a d44b 241c 0a1a
	0x0020:  0978 bf59 d7db dfc3 8627 76ef 945f 8010
	0x0030:  002e 84a1 0000 0101 080a 303a 69ec 000c
	0x0040:  2f13 35fa 0258 1385 0747 02aa 82c6 7c42
	0x0050:  6085 73de 3e94 303e 13f0 ec3c 547c d898
I hope this will help.
Tell me if that's not what you are looking for.

Best regards,
Angel.
 
Old 01-13-2009, 10:34 AM   #5
doshirohan
LQ Newbie
 
Registered: Dec 2008
Posts: 3

Original Poster
Rep: Reputation: 0
Hey that's so simple..
Unnecessarily I was going for sockets and all that to read the packet
Thanks angel.

Quote:
Originally Posted by angel115 View Post
Hi doshirohan,

Did you try the following:
Code:
tcpdump -xx -n -i eth0
It will display the source, destination as well as the content of the packet in HEX.
Sample below:
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
TCP Packet Dump in Server (Socket Progarmming) pooppp Linux - Networking 0 10-17-2008 07:52 AM
dump is delete my data Linux For Ever Linux - General 1 09-21-2006 06:13 AM
how do i read the data in the packet that i have captured after packet capture? gajaykrishnan Programming 23 04-19-2006 05:09 AM
dump packet data to file, but no packet header Nathanael Linux - Networking 3 02-08-2006 10:27 AM
packet dump linux_lover2005 Linux - Newbie 0 01-01-2005 06:55 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie

All times are GMT -5. The time now is 09:20 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration