Reputation: 1174
tcpdump output is diffferent than pcap file
I am trying to understand what should be correct command in which i can get tcpdump command output same as pcap file have.
Current commmand : tcpdump -s 0 -A -vvv -i eth0 port 5060
It's output is same as below :
E..G.M..@. ... .T.<......3`.
While on pcap same packate have below output :
I�b��))A�U�&E�{@a� ���O����S
How can i get same output as showing in pcap file using tcpdump command ?
Thanks in advance for your help.
Upvotes: 0
Views: 1765
Answers (1)
Reputation: 1155
As @Jboullianne surmised, you're probably just viewing the raw pcap file by printing it to a terminal window.
Pcap files are not text files, and the "terminal emulator" program that provides your terminal window is probably assuming the text it's seeing is UTF-8; not all sequences of raw bytes are valid UTF-8. The � is probably the Unicode "REPLACEMENT CHARACTER", which the terminal is putting out as a replacement for invalid UTF-8 sequences.
And not everything in a pcap file is packet data, so some of those "weird characters" don't correspond to packet data.
Tcpdump has no option to print the bytes of the packet as UTF-8, so there's no way for the packet dump to show the packet data in that form.
Upvotes: 1
Related Questions
- reading a tcpdump file with C++
- Extract TCP payload from pcap file
- Force TCPDump to write in PCAP instead of PCAP-NG format
- tcpdump / wireshark capturing problems
- Why isn't tcpdump rotating save files?
- How to restore data from a pcap file?
- Packet is stored wrong in .pcap file
- tcpdump throws PKTAP error
- tcpdump -dd output doesn't match pcap_compile_nopcap
- Packet length mismatch while using libpcap