Snort mailing list archives

Previous By Date Next
Previous By Thread Next

RE: OT: "Pretty Packet Printer"

From: "Jerry Shenk" <jas () decns com>
Date: Tue, 8 May 2001 06:32:21 -0400
Have you looked at tcpshow?  I'm not sure if that's what you're referring
to.  It's not specific to snort at all....in fact, it is specific to tcpdump
output but if you have snort outputting in tcpdump format, tcpshow gives you
a pretty decent breakdown of the packet.



Packet 19
        Timestamp:                      00:25:53.570000
        Source Ethernet Address:        00:00:C0:32:9D:30
        Destination Ethernet Address:   00:50:04:B5:79:C2
        Encapsulated Protocol:          IP
IP Header
        Version:                        4
        Header Length:                  20 bytes
        Service Type:                   0x00
        Datagram Length:                45 bytes
        Identification:                 0x0096
        Flags:                          MF=off, DF=on
        Fragment Offset:                0
        TTL:                            110
        Encapsulated Protocol:          TCP
        Header Checksum:                0xC016
        Source IP Address:              217.54.173.180
        Destination IP Address:         210.31.21.101
TCP Header
        Source Port:                    110 (pop-3)
        Destination Port:               3871 (<unknown>)
        Sequence Number:                1237726229
        Acknowledgement Number:         2058443429
        Header Length:                  20 bytes (data=5)
        Flags:                          URG=off, ACK=on,  PSH=on
                                        RST=off, SYN=off, FIN=off
        Window Advertisement:           6134 bytes
        Checksum:                       0x6897
        Urgent Pointer:                 0
TCP Data
        +OK.

-----Original Message-----
From: snort-users-admin () lists sourceforge net
[mailto:snort-users-admin () lists sourceforge net]On Behalf Of Erek Adams
Sent: Monday, May 07, 2001 10:45 PM
To: Snorters Anonymous
Subject: [Snort-users] OT: "Pretty Packet Printer"



Pardon the OT post, but would anyone have a pointer to a 'Pretty Packet
Printer'?  I'd love to have a script that will display nd decode the packet
while displaying the packet structure around it.  Does that make sense? :)

I've seen the output of such a beast that used block ASCII art, I just can't
recall where! :-/

-----
Erek Adams
Nifty-Type-Guy
TheAdamsFamily.Net



_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
http://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users


_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
http://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: