[tech] Solaris snoop: how can the packet contents be extracted usefully?
James Devenish
devenish at ucc.gu.uwa.edu.au
Fri Jul 27 19:54:12 WST 2001
Hmmm,
If I have a dump of IP packets produced by Solaris `snoop`, how can I
extract the data (not headers) from consecutive packets and concatenate
them to recreate a long stream of data (let's assume that the packets are
TCP packets and are in the correct order and without duplication)? There
don't seem to be command-line options to do this (the stream contains a
mixture of ASCII and 'binary' data which makes it hard to read with
the naked eye, plus I want to process it). `snoop -i filename -x 0` is
on the right track, but I want the raw bytes, not the pretty printing.
Because I don't know the format of the output, I don't know how to
extract the data programmatically (of course, I'd prefer an
out-of-the-box solution to one that I have to write myself). For some
reason I've been having trouble finding the snoop source. But in any
case, the output is from the snoop that's bundled with Solaris 8 so it
may not resemble other snoops (and I don't have the Solaris 8 source).
Thank you.
PS. No, I cannot use a different capture programme, I have to use
the output that I have.
PPS. Internet Explorer su...oh never mind.
More information about the tech
mailing list