tcpdump - view whole packet in CLI

Reply
L5 Sessionator

tcpdump - view whole packet in CLI

Hello.

 

I know I can capture whole packets (snaplen 0) and select verbose (and verbose ++) output when viewing packet captures with tcpdump on mmt interface.

But can I see whole packet in CLI? Verbose output only seems to add some header fields, I can't see content of a packet.

I know I can export the files via SCP. But some customers won't agree to open SSH from their mgmt network to let's say client VPN address pool.

 

 

L7 Applicator

Re: tcpdump - view whole packet in CLI

I think you want the "hex-" command options:

 

 view-pcap hex
+ hex              Print each packet (minus link header) in hex
+ hex-ascii        Print each packet (minus link header) in hex and ASCII
+ hex-ascii-link   Print each packet (including link header) in hex and ASCII
+ hex-link         Print each packet (including link header) in hex

For example, using the full "verbose++ yes" option (top line) with "hex-ascii-link yes" gets this type of output:

11:50:35.821556 70:8b:cd:51:d6:90 (oui Unknown) > 33:33:00:00:00:0c (oui Unknown), ethertype IPv6 (0x86dd), length 718: 
        0x0000:  3333 0000 000c 708b cd51 d690 86dd 6009  33....p..Q....`.
        0x0010:  e6a6 0298 1101 fe80 0000 0000 0000 5c97  ..............\.
        0x0020:  2f45 3d8c f357 ff02 0000 0000 0000 0000  /E=..W..........
        0x0030:  0000 0000 000c db69 0e76 0298 13f2 3c3f  .......i.v....<?
        0x0040:  786d 6c20 7665 7273 696f 6e3d 2231 2e30  xml.version="1.0
        0x0050:  2220 656e 636f 6469 6e67 3d22 7574 662d  ".encoding="utf-
        0x0060:  3822 3f3e 3c73 6f61 703a 456e 7665 6c6f  8"?><soap:Envelo
        0x0070:  7065 2078 6d6c 6e73 3a73 6f61 703d 2268  pe.xmlns:soap="h
        0x0080:  7474 703a 2f2f 7777 772e 7733 2e6f 7267  ttp://www.w3.org
        0x0090:  2f32 3030 332f 3035 2f73 6f61 702d 656e  /2003/05/soap-en
        0x00a0:  7665 6c6f 7065 2220 786d 6c6e 733a 7773  velope".xmlns:ws
        0x00b0:  613d 2268 7474 703a 2f2f 7363 6865 6d61  a="http://schema
.....

 

L5 Sessionator

Re: tcpdump - view whole packet in CLI

Yeah, that's it. Thanx!

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!

The Live Community thanks you for your participation!