[ale] Pcap Tool? Re: Ale Digest, Vol 69, Issue 4
tom sawyer
tomsayer3135 at yahoo.com
Mon Nov 14 16:21:53 EST 2005
Geoffrey,
If I store it as a txt file it keeps the format of:
offset xx xx xx xx xx xx xx xx xx xx ..texthere.
...
...
If I store it as a CSV file, it stores it but only the
first line of data ie, no actuall message body of the
email, just the statement: MESSAGE BODY
I'm lookin for bassically all "text" of the email
transmission without the hex view. Is there a way to
get ethereal to do this? If not, any command-line
tools? I could do this via a perl/php/etc script but
I'm looking for pre-made tools first so I don't have
to reinvent the wheel.
Thanks,
Tom
-------------
Message: 9
Date: Mon, 14 Nov 2005 15:43:29 -0500
From: Geoffrey <esoteric at 3times25.net>
To: ale at ale.org
Subject: Re: [ale] pcap tool?
To: Atlanta Linux Enthusiasts <ale at ale.org>
Message-ID: <4378F6F1.8060002 at 3times25.net>
Content-Type: text/plain; charset=ISO-8859-1;
format=flowed
tom sawyer wrote:
> Hello all,
>
> Just wondering if anyone has seen a already built
tool
> that will take a pcap file of a stream of data and
> parse it out into plain-text (minus tcp/ip info).
>
> ex, I have a tcp-stream of an email transaction in a
> pcap file that I want to take just the text out.
>
> Any ideas? Ethereal only saves it as formated in a
> hex-dump type format with hex ......... hex text
From the file menu:
File->Export->???
A great many of useful options including text and csv
>
> Thanks,
> Tom
--
Until later, Geoffrey
__________________________________
Yahoo! FareChase: Search multiple travel sites in one click.
http://farechase.yahoo.com
More information about the Ale
mailing list