[tcpdump-workers] Re: SIP support?

Sat, 21 Apr 2001 09:27:32 -0700 


Assuming you're talking about the Session Initiation Protocol, it's just
text, right, like an HTTP transaction?  I have a perl script that
postprocesses "tcpdump -x" output and displays the TCP payload simply
as text, e.g.

09:27:55.301485 localhost.4402 > localhost.http: P 1:314(313) ack 1 win 57344 
<nop,nop,timestamp 171605511 171605511> (DF)
        GET /apache_pb.gif HTTP/1.0
        Referer: http://localhost/
        Connection: Keep-Alive
        User-Agent: Mozilla/4.72 [en] (X11; U; FreeBSD 4.3-RC i386)
        Host: localhost
        Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, image/png
        Accept-Encoding: gzip
        Accept-Language: en
        Accept-Charset: iso-8859-1,*,utf-8

09:27:55.396305 localhost.http > localhost.4402: . ack 314 win 57031 
<nop,nop,timestamp 171605521 171605511> (DF)
09:27:55.589525 localhost.http > localhost.4402: P 1:2614(2613) ack 314 win 57344 
<nop,nop,timestamp 171605540 171605511> (DF)
        HTTP/1.1 200 OK
        Date: Sat, 21 Apr 2001 16:27:55 GMT
        Server: Apache/1.3.12 (Unix)
        Last-Modified: Wed, 03 Jul 1996 06:18:15 GMT
        ETag: "1b03b5-916-31da10a7"
        Accept-Ranges: bytes
        Content-Length: 2326
        Keep-Alive: timeout=15, max=100
        Connection: Keep-Alive
        Content-Type: image/gif

        GIF89a.. 
................ssskkkZZZ!...B..1..R......B...............1..c.........J..{........J...c....Rc......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................!.......,......
 .G......H......*\......#J.H..E.....0......l0.!...(Q&X..A.....3.._...h.;. 
...2....3...=e.%03.P..p..W..L.....y....`..|Iv..

It might make sense to make this format a command line option... perhaps
using fn_print() instead of just using "." to represent nonprintables.

  Bill
-
This is the TCPDUMP workers list. It is archived at
http://www.tcpdump.org/lists/workers/index.html
To unsubscribe use mailto:[EMAIL PROTECTED]?body=unsubscribe

Reply via email to