Parse and print packets

-A option can be used to print packets in ASCII format. E.g., show contents of web pages:

  1. # tcpdump -A port 80
  2. ......
  3. 15:37:32.623887 IP sin10s02-in-f14.1e100.net.http > archlinux.40742: Flags [.], ack 138, win 240, options [nop,nop,TS val 1699492976 ecr 4020616092], length 0
  4. E..4.%..x......N
  5. ....P.&..6.b*;............
  6. eL4p....
  7. 15:37:32.628640 IP sin10s02-in-f14.1e100.net.http > archlinux.40742: Flags [P.], seq 1:529, ack 138, win 240, options [nop,nop,TS val 1699492981 ecr 4020616092], length 528: HTTP: HTTP/1.1 301 Moved Permanently
  8. E..D.'..x......N
  9. ....P.&..6.b*;.....h......
  10. eL4u....HTTP/1.1 301 Moved Permanently
  11. Location: http://www.google.com/
  12. Content-Type: text/html; charset=UTF-8
  13. Date: Fri, 03 May 2019 07:37:32 GMT
  14. Expires: Sun, 02 Jun 2019 07:37:32 GMT
  15. Cache-Control: public, max-age=2592000
  16. Server: gws
  17. Content-Length: 219
  18. X-XSS-Protection: 0
  19. X-Frame-Options: SAMEORIGIN
  20. <HTML><HEAD><meta http-equiv="content-type" content="text/html;charset=utf-8">
  21. <TITLE>301 Moved</TITLE></HEAD><BODY>
  22. <H1>301 Moved</H1>
  23. The document has moved
  24. <A HREF="http://www.google.com/">here</A>.
  25. </BODY></HTML>
  26. ......

There is also a group of “-x/-xx/-X/-XX“ options to parse and print packets:



























Option Meaning Example
-x Print the data of each packet (minus its link level header) in hex. 12:58:03.592155 IP 192.168.35.211.ssh > 10.217.133.114.54092: Flags [P.], seq 260:296, ack 1, win 317, length 36

0x0000: 4548 004c 6b56 4000 4006 5a47 c0a8 23d3

0x0010: 0ad9 8572 0016 d34c 4251 850d 7a7c d8b4

……
-xx Print the data of each packet, including its link level header, in hex. 13:16:30.839337 IP 192.168.35.211.ssh > 10.217.133.114.54092: Flags [P.], seq 260:296, ack 1, win 317, length 36

0x0000: 001e bdde 5f00 0800 2770 9e7a 0800 4548

0x0010: 004c 6ba0 4000 4006 59fd c0a8 23d3 0ad9

……
-X Print the data of each packet (minus its link level header) in hex and ASCII. 13:19:13.539666 IP 192.168.35.211.ssh > 10.217.133.114.54092: Flags [P.], seq 1114673977:1114674085, ack 2055006128, win 317, length 108

0x0000: 4548 0094 744c 4000 4006 5109 c0a8 23d3 EH..tL@.@.Q…#.

0x0010: 0ad9 8572 0016 d34c 4270 9339 7a7c e7b0 …r…LBp.9z|..

……
-XX Print the data of each packet, including its link level header, in hex and ASCII. 13:22:22.536935 IP 192.168.35.211.ssh > 10.217.133.114.54092: Flags [P.], seq 1114682321:1114682429, ack 2055007124, win 317, length 108

0x0000: 001e bdde 5f00 0800 2770 9e7a 0800 4548 …._…’p.z..EH

0x0010: 0094 7480 4000 4006 50d5 c0a8 23d3 0ad9 ..t.@.@.P…#…

……