Emanuele_Ciriachi
asked on
Simple question on snoop's output format
I have a snoop launched with the following command line:
snoop -d bge2 -x54 -ta host 192.168.104.152
but the format is something quite unreadable:
--------------------------
0: 3139 4031 3932 2e31 3638 2e31 3034 2e32 19@192.168.104.2
16: 3030 3a35 3036 3020 5349 502f 322e 300d 00:5060 SIP/2.0.
32: 0a43 616c 6c2d 4944 3a20 3230 3833 3533 .Call-ID: 208353
48: 3165 6537 6138 6533 6236 6266 6135 3565 1ee7a8e3b6bfa55e
64: 6537 3239 3532 3864 3962 4031 3932 2e31 e729528d9b@192.1
80: 3638 2e31 3034 2e31 3532 0d0a 4353 6571 68.104.152..CSeq
96: 3a20 3120 494e 5649 5445 0d0a 4672 6f6d : 1 INVITE..From
112: 3a20 3c73 6970 3a54 5031 5f41 5032 4031 : <sip:TP1_AP2@1
128: 3932 2e31 3638 2e31 3034 2e31 3532 3e3b 92.168.104.152>;
144: 7461 673d 3132 3334 3536 3738 390d 0a54 tag=123456789..T
160: 6f3a 203c 7369 703a 3131 3940 3139 322e o: <sip:119@192.
176: 3136 382e 3130 342e 3230 303e 0d0a 5669 168.104.200>..Vi
192: 613a 2053 4950 2f32 2e30 2f55 4450 2031 a: SIP/2.0/UDP 1
208: 3932 2e31 3638 2e31 3034 2e31 3532 3a35 92.168.104.152:5
224: 3036 303b 6272 616e 6368 3d7a 3968 4734 060;branch=z9hG4
240: 624b 3530 3166 6636 6235 6534 3465 3662 bK501ff6b5e44e6b
256: 6563 3138 6162 6165 3130 6632 3363 3031 ec18abae10f23c01
272: 3664 0d0a 4d61 782d 466f 7277 6172 6473 6d..Max-Forwards
288: 3a20 3235 350d 0a43 6f6e 7465 6e74 2d4c : 255..Content-L
304: 656e 6774 683a 2030 0d0a 0d0a ength: 0....
--------------------------
I am interested only in the ASCII part of the traffic, possibly put on one line; how can I configure snoop to have it this way?
snoop -d bge2 -x54 -ta host 192.168.104.152
but the format is something quite unreadable:
--------------------------
0: 3139 4031 3932 2e31 3638 2e31 3034 2e32 19@192.168.104.2
16: 3030 3a35 3036 3020 5349 502f 322e 300d 00:5060 SIP/2.0.
32: 0a43 616c 6c2d 4944 3a20 3230 3833 3533 .Call-ID: 208353
48: 3165 6537 6138 6533 6236 6266 6135 3565 1ee7a8e3b6bfa55e
64: 6537 3239 3532 3864 3962 4031 3932 2e31 e729528d9b@192.1
80: 3638 2e31 3034 2e31 3532 0d0a 4353 6571 68.104.152..CSeq
96: 3a20 3120 494e 5649 5445 0d0a 4672 6f6d : 1 INVITE..From
112: 3a20 3c73 6970 3a54 5031 5f41 5032 4031 : <sip:TP1_AP2@1
128: 3932 2e31 3638 2e31 3034 2e31 3532 3e3b 92.168.104.152>;
144: 7461 673d 3132 3334 3536 3738 390d 0a54 tag=123456789..T
160: 6f3a 203c 7369 703a 3131 3940 3139 322e o: <sip:119@192.
176: 3136 382e 3130 342e 3230 303e 0d0a 5669 168.104.200>..Vi
192: 613a 2053 4950 2f32 2e30 2f55 4450 2031 a: SIP/2.0/UDP 1
208: 3932 2e31 3638 2e31 3034 2e31 3532 3a35 92.168.104.152:5
224: 3036 303b 6272 616e 6368 3d7a 3968 4734 060;branch=z9hG4
240: 624b 3530 3166 6636 6235 6534 3465 3662 bK501ff6b5e44e6b
256: 6563 3138 6162 6165 3130 6632 3363 3031 ec18abae10f23c01
272: 3664 0d0a 4d61 782d 466f 7277 6172 6473 6d..Max-Forwards
288: 3a20 3235 350d 0a43 6f6e 7465 6e74 2d4c : 255..Content-L
304: 656e 6774 683a 2030 0d0a 0d0a ength: 0....
--------------------------
I am interested only in the ASCII part of the traffic, possibly put on one line; how can I configure snoop to have it this way?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Depending on the exact chars your command outputs, you may need to alter the commands above (particularly number and location of spaces!), hence the explainations!
HTH:)
HTH:)
Better still, put the alias command in your ~/.bashrc file, then it is automatically run each time you log in:)
Why are you using -x54 if you want a "readable" format? What are you actually trying to capture and how do you want to read it?
I find the easiest way is to capture in snoop and read in the capture file in Etherreal.
I find the easiest way is to capture in snoop and read in the capture file in Etherreal.
ASKER
Thanks for all the great suggestions. I am not in the test lab today so cannot try it out, will let you know.
Hi,
Snoop doesn't offer any embedded option to do what you want. The solution is to send the output to a file or pipe
and make a shell script.
hth