[ale] Pcap Tool? Re: Ale Digest, Vol 69, Issue 4
Joe Steele
joe at madewell.com
Mon Nov 14 17:57:23 EST 2005
On Mon, 2005-11-14 at 13:21 -0800, tom sawyer wrote:
> Geoffrey,
> If I store it as a txt file it keeps the format of:
> offset xx xx xx xx xx xx xx xx xx xx ..texthere.
> ...
> ...
>
> If I store it as a CSV file, it stores it but only the
> first line of data ie, no actuall message body of the
> email, just the statement: MESSAGE BODY
>
> I'm lookin for bassically all "text" of the email
> transmission without the hex view. Is there a way to
> get ethereal to do this? If not, any command-line
> tools? I could do this via a perl/php/etc script but
> I'm looking for pre-made tools first so I don't have
> to reinvent the wheel.
>
>
In ethereal, if you right click on a TCP packet, you have the option
"Follow TCP Stream". This option opens a window with the full content
of the stream which can be viewed and saved in various ways (including
plain ascii text).
--Joe
More information about the Ale
mailing list