subject:"\[tanya\-jawab\] tcpdump ASCII"

[tanya-jawab] tcpdump ASCII

2010-07-05 Terurut Topik m Ilhami

Saya ingin melihat HTTP request dan response dengan tcpdump, tapi
ternyata hasilnya banyak character yang unreadable. Apakah Parameter
tcpdump yang murni menghasilkan Protokolnya saja?
contoh sederhana:

telnet 192.168.198.6 20080
Trying 192.168.198.6...
Connected to 192.168.198.6 (192.168.198.6).
Escape character is '^]'.
GET / HTTP/1.0

HTTP/1.0 401 Unauthorized
Connection: close
Server: nortel Web/1.0
Date: Tuesday, 06-Jul-10 02:25:41 GMT
Content-Type: text/html
Set-Cookie: LOGIN_LEVEL=3; path=/
WWW-Authenticate: Basic realm=Nortel Networks

HTML
BODY
nortel Web Server Error Report:HR
H1Server Error: 401 Unauthorized/H1
PHRH2Access denied/H2PHRplease mail problems to A
HREF=mailto:supp...@nortel.com;ADDRESSNORTEL/ADDRESS/A


/BODY/HTML

Connection closed by foreign host.
-

sementara TCPDUMP menghasilkan:
--
# tcpdump -An tcp dst port 20080
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth0, link-type EN10MB (Ethernet), capture size 96 bytes
08:53:06.460714 IP 123.231.138.118.49019  192.168.198.6.20080: S
1698208767:1698208767(0) win 5840 mss 1460,sackOK,timestamp
3809941593 0,nop,wscale 7
E..@.@.).{..v.{Npe8.
...Y
08:53:06.470207 IP 123.231.138.118.49019  192.168.198.6.20080: . ack
1639662594 win 46 nop,nop,timestamp 3809941604 89692100
e.@.@.*.{..v.{Npe8..a.D
...d.X..
08:53:20.287332 IP 123.231.138.118.49019  192.168.198.6.20080: P
0:16(16) ack 1 win 46 nop,nop,timestamp 3809955429 89692100
e.@.@.).{..v.{Npe8..a.D..C.
..Ne.X..GET / HTTP/1.0

08:53:21.381496 IP 123.231.138.118.49019  192.168.198.6.20080: P
16:18(2) ack 1 win 46 nop,nop,timestamp 3809956524 89693483
e.@.@.).{..v.{Npe8..a.D..5.
..R..X.+

08:53:21.396543 IP 123.231.138.118.49019  192.168.198.6.20080: . ack
466 win 54 nop,nop,timestamp 3809956539 89693593
e.@.@.).{..v.{Npe8..a.E6Y..
..R..X..
08:53:21.397166 IP 123.231.138.118.49019  192.168.198.6.20080: F
18:18(0) ack 467 win 54 nop,nop,timestamp 3809956539 89693593
e.@.@.).{..v.{Npe8..a.E6Y..
..R..X..

6 packets captured
6 packets received by filter
0 packets dropped by kernel

--

mohon pencerahannya.

-- 
FAQ milis di http://wiki.linux.or.id/FAQ_milis_tanya-jawab
Unsubscribe: kirim email ke tanya-jawab-unsubscr...@linux.or.id
Arsip dan info milis selengkapnya di http://linux.or.id/milis

Re: [tanya-jawab] tcpdump ASCII

2010-07-05 Terurut Topik Arief Yudhawarman

On Tue, Jul 06, 2010 at 09:31:09AM +0700, m Ilhami wrote:
 Saya ingin melihat HTTP request dan response dengan tcpdump, tapi
 ternyata hasilnya banyak character yang unreadable. Apakah Parameter
 tcpdump yang murni menghasilkan Protokolnya saja?
 contoh sederhana:

Saya pernah mengulas tcpdump dan pembacaan datanya dengan wireshark.
http://awarmanf.wordpress.com/2010/04/29/tcpdump-dan-wireshark-untuk-sniffing-network/
Di situ ada link ke tcpdump for newbie.

-- 
Arief Yudhawarman
http://awarmanf.wordpress.com

-- 
FAQ milis di http://wiki.linux.or.id/FAQ_milis_tanya-jawab
Unsubscribe: kirim email ke tanya-jawab-unsubscr...@linux.or.id
Arsip dan info milis selengkapnya di http://linux.or.id/milis

Re: [tanya-jawab] tcpdump ASCII

2010-07-05 Terurut Topik adi


On Tue, Jul 06, 2010 at 09:31:09AM +0700, m Ilhami wrote:

tcpdump yang murni menghasilkan Protokolnya saja?


pakai tcpflow saja. SOL.

Salam,

P.Y. Adi Prasaja

--
FAQ milis di http://wiki.linux.or.id/FAQ_milis_tanya-jawab
Unsubscribe: kirim email ke tanya-jawab-unsubscr...@linux.or.id
Arsip dan info milis selengkapnya di http://linux.or.id/milis

[tanya-jawab] tcpdump ASCII

Re: [tanya-jawab] tcpdump ASCII

Re: [tanya-jawab] tcpdump ASCII

3 matches

Site Navigation

Mail list logo

Footer information