search

simsong / tcpflow

TCP/IP packet demultiplexer. Download from:
http://downloads.digitalcorpora.org/downloads/tcpflow/
GNU General Public License v3.0
1.68k stars 237 forks source link

Hex output #36

Closed jsoucheiron closed 11 years ago

jsoucheiron commented 11 years ago

It would be very useful to have an option to have a hex output of the flow. Sadly as of right now tcpflow is not usable for binary protocols.

simsong commented 11 years ago

Sure it's useful. Create transcript files and run xxd on the resulting files. Are you saying you want hex in the console mode output?

On Jan 17, 2013, at 6:54 AM, jsoucheiron notifications@github.com wrote:

It would be very useful to have an option to have a hex output of the flow. Sadly as of right now tcpflow is not usable for binary protocols.

— Reply to this email directly or view it on GitHub.

jsoucheiron commented 11 years ago

I would be extremely happy with an option that prints the output in both ascii and hex, quite like the -X option of tcpdump, but without all the headers. I haven't got time to set up my computer to compile the project myself yet (the version of libboost in ubuntu 10.04LTS is 1.40, it may take me a while to workaround this).

simsong commented 11 years ago

We will be incorporating the boost headers in the next release. Hex output is available now with the debug switch. I will add it for console output as well.

On Jan 17, 2013, at 7:29 AM, jsoucheiron notifications@github.com wrote:

I would be extremely happy with an option that prints the output in both ascii and hex, quite like the -X option of tcpdump, but without all the headers. I haven't got time to set up my computer to compile the project myself yet (the version of libboost in ubuntu 10.04LTS is 1.40, it may take me a while to workaround this).

— Reply to this email directly or view it on GitHub.

jsoucheiron commented 11 years ago

Thank you. I wasn't expecting such an incredibly fast response.

jsoucheiron commented 11 years ago

I updated my ubuntu and now I'm able to build it. Great! I can see the new -D option, but it doesn't seem to work (yet).

simsong commented 11 years ago

Glad it builds. Do you want to implement the -D option? If not, can you describe for me precisely what you want it to do? On May 22, 2013, at 7:08 AM, jsoucheiron notifications@github.com wrote:

I updated my ubuntu and now I'm able to build it. Great! I can see the new -D option, but it doesn't seem to work (yet).

— Reply to this email directly or view it on GitHub.

jsoucheiron commented 11 years ago

Have you ever tried the -X version of tcpdump? Something like that. Unfortunately I don't know when I'll have time to do it. But at least I'll try

simsong commented 11 years ago

Do you want this output to console? There are fundamental problems with reconstruction to console since it happens as the packets arrive. Or is this for offline? If it is offline, why not just use xxd?

On May 22, 2013, at 9:04 AM, jsoucheiron notifications@github.com wrote:

Have you ever tried the -X version of tcpdump? Something like that. Unfortunately I don't know when I'll have time to do it. But at least I'll try

— Reply to this email directly or view it on GitHub.

jsoucheiron commented 11 years ago

I have some devices that send data to a server. This devices send the data using a binary protocol. I'd like to be able to follow in realtime the binary comunication. I'll have to look into the code, but I'm guessing that somewhere there's a print buffer to console function. Instead of printing chars and dots when the value is not representable I'd like a plain hex chain all the time. I don't really need any ascii representation at all. I'll look into it, don't worry.

simsong commented 11 years ago

Yes, there is such a function. print_packet()

On May 22, 2013, at 9:25 AM, jsoucheiron notifications@github.com wrote:

I have some devices that send data to a server. This devices send the data using a binary protocol. I'd like to be able to follow in realtime the binary comunication. I'll have to look into the code, but I'm guessing that somewhere there's a print buffer to console function. Instead of printing chars and dots when the value is not representable I'd like a plain hex chain all the time. I don't really need any ascii representation at all. I'll look into it, don't worry.

— Reply to this email directly or view it on GitHub.

jsoucheiron commented 11 years ago

This should work. Please review the changes ;)

simsong commented 11 years ago

Why are you sprintfing into a buffer and then doing a fwrite? It would be better to just do an fprintf to stdout (or even a printf. Also, you should insert line breaks so it doesn't wrap over 80 characters. Why not do a proper hex dump?

jsoucheiron commented 11 years ago

Unfortunately my c++ knowledge is limited. This is the first solution I got working. Feel free to improve it anyway you like. What would you add to have proper hex dump? A new line every 64 chars should work great. It's good to debug and good to read.