tcpview.tar.gzTurn packet dumps into grep-able TCP information
| tcpview.tar.gz |
11 May 2004 | 14.4k |
A tool originally written to help me decode the protocols between a PocketPC device and Windows, although it works for lots of other TCP-based things as well.
The tcpview program reads tcpdump output files, reconstructs TCP sessions and outputs the result in a form suitable for examination. Logical connections are identified, duplicate packets ignored, and payloads prefixed with a session byte offset, all so you can grep out particular connections with ease. Payload are dumped in hex or disassembled if a decoder recognises it.
The extensible payload decoding architecture lets you add your own decoder, sod once you figure out the protocol of one stream, you can write some simple code to print it out in a nice fashion, and not have to worry about the TCP layer. Decoders for dccm and cerdisp are included.
0 17:04:33.286486 nefer:1105 > insm05:7070 C connect 1 17:04:33.513278 nefer:1105 < insm55:7070 S accept 1 17:04:33.514057 C ack 1 17:04:33.514973 C data 405 (0x195) bytes 1 C 0000: 504e4100 0a001400 02000100 04002062 PNA . . . . . b 1 C 0010: 64336530 36636234 38643566 32353866 d3e0 6cb4 8d5f 258f ... 1 C 027c: 20312020 20202020 20353132 37203136 1 512 7 16 1 C 028c: 5f4b6270 735f566f 6963655d _Kbp s_Vo ice] 1 17:05:07.422821 C close (by client) 1 17:05:07.688507 S ack 1 17:05:07.690581 S ack 1 17:05:07.706926 S closed 0 17:05:07.707716 nefer:1105 > insm05:7070 C ack
Related software:
The subversion repository for this software can be accessed through http://svn.adaptive-enterprises.com/misc/tcpview or browsed with ViewVC.
This software has been placed in the public domain.