Re: using TCPDump

[Guy Harris <gharris () sonic net>]

On Sun, Dec 29, 2002 at 07:30:29PM -0500, Antonio I. wrote:
> Maybe I have not explained myself properly.

Probably.

> I did subsequent dumps on my ethernet card while accessing a web page and the 
> output was basically of the same type as when doing the traceroute, a 
> lot like the examples you gave. I expected to see ascii data, that is, 
> the html data from the server, among other things.

Well, the "-X" flag or, in the current CVS version of tcpdump (which is not yet
an official release, but will be the next release, and which you can get
from the "Current Tar files" section of the tcpdump.org Web site), the
"-A" flag, will show you the raw ASCII data in the packet.

However, it's not a nice neat display of HTML data, it's just a raw ASCII
dump of the packet data.

Ethereal doesn't give you a nice neat display of HTML data, either -
you'd have to look at the hex/ASCII dump pane, or use "-x" with
Tethereal, and that's a dump similar to what "-X" gives you with tcpdump.

> But that was not the 
> case, in fact I did not see anything at all related to html data. This 
> is why I refered to it as meaningless.

Then you needed to explain that you were looking for the HTML data.

> Maybe I had a different picture 
> of what tcpdump was. You see my inital interest in this program was, as 
> I thought, its ability to look at information going to or coming out of 
> a machine, in plain text form. For example if someone is accessing an 
> unsecure service such as telnet ( insecure telnet that is, because as I 
> have heard there is now secure telnet ) and I am listening to port 23, I 
> would be able to see the username and password information.

As I indicated, the "-X" flag can do that.
-
This is the TCPDUMP workers list. It is archived at
http://www.tcpdump.org/lists/workers/index.html
To unsubscribe use mailto:tcpdump-workers-request () tcpdump org?body=unsubscribe