Title: Message
Mike,
I was
hoping to be able to do tethereal -z proto,colinfo,tcp.data,tcp.data but
unfortunately the tcp dissector doesn't allow you to filter on that field (a
prerequisite for the -z proto function to work). So tcp.data doesn't exist as a
field per se.
On
closer inspection it seems that -V won't work for you with the current
Tethereal. If there is a higher layer protocol on top of TCP detected it
will be decoded, eg HTTP, -V then will show the HTTP decode, but not the TCP
data. (Ethereal can turn off protocol decodes but tethereal can't
AFAIK)
In
that case, I can only suggest :-
1.
Configure Ethereal to only decode TCP (disabling other
protocols)
2. Use
"print to text" to dump the decode.
3. Use
a Perl Script (or such) to find the TCP data field and munge it
into the format you want (hex, ascii or otherwise)
BTW
There was a script running around the used the -x function to munge together the
full packet contents. This is useful for searching for a string and
such.
Martin
Martin
Visser
,CISSP
Network and
Security Consultant
Technology &
Infrastructure - Consulting & Integration
HP
Services
3 Richardson Place
North Ryde, Sydney NSW 2113,
Australia
Phone (: +61-2-9022-1670 Mobile È: +61-411-254-513
Fax 7: +61-2-9022-1800 E-mail + : martin.visserAThp.com
That prints
the entire protocol tree which is much more than I want.
Does the
data/payload of a TCP message have a field name? It's not shown among the list
of field names for TCP.
Thanks.
Mike Blake-Knox
TSYS Office: (706)
644-3643
cellphone: (919) 280-4436
Try using "tethereal -V"
Martin
Visser
,CISSP
Network and
Security Consultant
Technology &
Infrastructure - Consulting & Integration
HP
Services
3 Richardson Place
North Ryde,
Sydney NSW 2113, Australia
Phone (: +61-2-9022-1670 Mobile È:
+61-411-254-513
Fax 7:
+61-2-9022-1800
E-mail + : martin.visserAThp.com
How can I use
tethereal to display TCP Data (what would show up under Data field in the
tree view display?
Thanks
Mike Blake-Knox
TSYS Office: (706)
644-3643
cellphone: (919)
280-4436
�
