-
January 23rd, 2003, 03:11 AM
#11
Member
Originally posted here by don
The only thing that is sent plaintext is the ascii breakout. That is there so we humans can interpret the machine language. That is the only reason. Think tcpdump usage here --->
tcpdump -nXvs 0 ip and host
tcpdump ---> the program of course
n ---> don't resolve to canonical names (keep it in numerica format)
X ---> dump it in ascii format as well
v ---> verbose mode (show ip header info as well)
s ---> snap length (ethernet is default of 1500)
so in other words tcpdump tranlates the hex into text I can use?
-
January 23rd, 2003, 03:58 AM
#12
in other words, it will give you the same "text" that you have in the text section of the sniffer program that you are using. any binary that can be grouped into 7, but normally 8 bits can be viewed as ascii. tcpdump does not do any translating. it captures in binary and can group the binary digits together into bytes (8bits) words (16bits) or long words (32bits).
each single digit takes up four binary bits
45 00 00 30 00 00 40 00 31 06 F4 E0 CF 2C C4 10 (bytes)
4500 0030 0000 4000 3106 F4E0 CF2C C410 (words)
45000030 00004000 3106F4E0 CF2CC410 (long words)
http://www.asciitable.com to see how this is simple mapped onto ascii characters. the disadvantage of viewing this "text" is that alot of characters will not be displayed, or will be displayed like ¡ö or ▐ or ¨€ because they might be special characters, null, ack, line feed. viewing the packet data in hex allows you to see everything.
so in other words tcpdump tranlates the hex into text I can use?
by text you can use, you mean what?
Hmm...theres something a little peculiar here. Oh i see what it is! the sentence is talking about itself! do you see that? what do you mean? sentences can\'t talk! No, but they REFER to things, and this one refers directly-unambigeously-unmistakably-to the very sentence which it is!
-
January 23rd, 2003, 03:58 AM
#13
You got it baby! Well the payload portion of it. You will still have to xlate the hex if ya wanna
the other info ie: ip hdr stuff.
-
January 23rd, 2003, 04:30 AM
#14
has anyone checked out www.ngsec.com and looked for their tool section, their ngsniff seems to do a decent job... decodes the headers, then give you the hex and ascii payload..
only got it like 5 minutes ago, but looks pretty usable..
-
January 23rd, 2003, 04:54 AM
#15
Member
Originally posted here by (V)/\><
in other words, it will give you the same "text" that you have in the text section of the sniffer program that you are using. any binary that can be grouped into 7, but normally 8 bits can be viewed as ascii. tcpdump does not do any translating. it captures in binary and can group the binary digits together into bytes (8bits) words (16bits) or long words (32bits).
each single digit takes up four binary bits
45 00 00 30 00 00 40 00 31 06 F4 E0 CF 2C C4 10 (bytes)
4500 0030 0000 4000 3106 F4E0 CF2C C410 (words)
45000030 00004000 3106F4E0 CF2CC410 (long words)
http://www.asciitable.com to see how this is simple mapped onto ascii characters. the disadvantage of viewing this "text" is that alot of characters will not be displayed, or will be displayed like ¡ö or ▐ or ¨€ because they might be special characters, null, ack, line feed. viewing the packet data in hex allows you to see everything.
by text you can use, you mean what?
In other words I want to be able to sniff protocol x and then be be able to use protocol x via telnet
-
January 23rd, 2003, 04:17 PM
#16
yeah, I\'m gonna need that by friday...
-
January 23rd, 2003, 04:23 PM
#17
The easiest thing for you is probably to load up Ethereal. It does a nice job of simplifying
things.
-
January 23rd, 2003, 05:06 PM
#18
Member
I'll play with Etherreal on the laptop later
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|