A Perl script to combine all of packet_monitor header lines into 1 line

Blue Bar separator

The pm21line.pl (PM-to-one-line) perl script can be used to combine all of the protocol header lines displayed by packet_monitor into 1 line. This makes for some very long lines but also makes it easy to do a "display -match" or grep, or match.pl and display only specific packets. It also makes it easy to compare packets since all he fields line up. By eliminating non-header lines it makes the traces smaller for faster transfer. You can even load the traces into a spreadsheet for more extensive filtering and processing.

This macro can be run on VOS assuming that the gnu_library is installed. Since it requires redirection of standard input it has to be used from the bash shell. It can also be run on an ftLinux platform or under Windows provided that a perl environment is installed.

Usage

perl pm21line.pl < packet_monitor_file > output_file

Examples

ARP packets

C:\>type pm.arp.out

                dir                                                 icmp type           tcp 
hh:mm:ss.ttt dir   len proto source             destination         src port  dst port  type
14:52:05.803 Rcvd Ether Dst ff:ff:ff:ff:ff:ff  Src 00:04:96:19:0b:20 Type 0806  (ARP)
ARP Req Target 164.152.77.207  Src  164.152.76.1    [00:04:96:19:0b:20]

14:52:05.815 Rcvd Ether Dst ff:ff:ff:ff:ff:ff  Src 00:04:96:19:0b:20 Type 0806  (ARP)
ARP Req Target 164.152.76.146  Src  164.152.76.1    [00:04:96:19:0b:20]

14:52:05.815 Rcvd Ether Dst ff:ff:ff:ff:ff:ff  Src 00:04:96:19:0b:20 Type 0806  (ARP)
ARP Req Target 164.152.77.161  Src  164.152.76.1    [00:04:96:19:0b:20]

14:52:30.327 Rcvd Ether Dst ff:ff:ff:ff:ff:ff  Src 00:00:a8:41:52:22 Type 0806  (ARP)
ARP Req Target 172.16.1.34     Src  172.16.1.116    [00:00:a8:41:52:22]

14:52:30.327 Xmit Ether Dst 00:00:a8:41:52:22  Src 00:00:a8:42:3b:6e Type 0806  (ARP)
ARP Rep Target 172.16.1.116    [00:00:a8:41:52:22] Src  172.16.1.34     [00:00:a8:42:3b:6e]

14:52:31.209 Rcvd Ether Dst ff:ff:ff:ff:ff:ff  Src 00:90:27:c7:93:06 Type 0806  (ARP)
ARP Req Target 164.152.77.163  Src  164.152.77.248  [00:90:27:c7:93:06]



C:\>perl pm21line.pl < pm.arp.out > pm.arp.out



C:\>type pm.arp.txt

14:52:05.803 Rcvd Ether Dst ff:ff:ff:ff:ff:ff  Src 00:04:96:19:0b:20 Type 0806  (ARP) ARP Req Target 164.152.77.207  Src  164.152.76.1    [00:04:96:19:0b:20]
14:52:05.815 Rcvd Ether Dst ff:ff:ff:ff:ff:ff  Src 00:04:96:19:0b:20 Type 0806  (ARP) ARP Req Target 164.152.76.146  Src  164.152.76.1    [00:04:96:19:0b:20]
14:52:05.815 Rcvd Ether Dst ff:ff:ff:ff:ff:ff  Src 00:04:96:19:0b:20 Type 0806  (ARP) ARP Req Target 164.152.77.161  Src  164.152.76.1    [00:04:96:19:0b:20]
14:52:30.327 Rcvd Ether Dst ff:ff:ff:ff:ff:ff  Src 00:00:a8:41:52:22 Type 0806  (ARP) ARP Req Target 172.16.1.34     Src  172.16.1.116    [00:00:a8:41:52:22]
14:52:30.327 Xmit Ether Dst 00:00:a8:41:52:22  Src 00:00:a8:42:3b:6e Type 0806  (ARP) ARP Rep Target 172.16.1.116    [00:00:a8:41:52:22] Src  172.16.1.34     [00:00:a8:42:3b:6e]
14:52:31.209 Rcvd Ether Dst ff:ff:ff:ff:ff:ff  Src 00:90:27:c7:93:06 Type 0806  (ARP) ARP Req Target 164.152.77.163  Src  164.152.77.248  [00:90:27:c7:93:06]

ICMP packets

Note that any line that is not a header line is just ignored.

C:\>type pm.icmp.out

Noah_Davids.CAC logged in on %phx_vos#m15 at 08-09-05 14:51:27 mst.
%phx_vos#m15_mas>system>stcp>command_library>packet_monitor -numeric -time_stamp
 -verbose -pkt_hdr -hex_header -filter -protocol icmp
***********************************************************
WARNING: failure to specify a specific interface will cause
packet_monitor to bind to ALL interfaces on the module,
greatly increasing the amount of Streams memory used!!!
***********************************************************
                dir                                                 icmp type
        tcp
hh:mm:ss.ttt dir   len proto source             destination         src port  ds
t port  type
14:51:28.708 Xmit Ether Dst 00:c0:8c:64:56:ec  Src 00:00:a8:40:3b:6e Type 0800
(IP)
     offset 0  .  .  .  4  .  .  .   8  .  .  .  C  .  .  .  0...4... 8...C...
      0    45  0  0 5c 5e 5b  0  0  3c  1  a 1c  a 14  1  1  E  \^[   <<<<<<<<
     10     a 14  1  2                                       <<<<
IP   Ver/HL 45, ToS  0, Len   5c, ID 5e5b, Flg/Frg    0, TTL 3c,  Prtl  1
          Cksum  0a1c, Src 0a140101, Dst 0a140102
ICMP from 10.20.1.1 to 10.20.1.2        echo

14:51:28.710 Rcvd Ether Dst 00:00:a8:40:3b:6e  Src 00:c0:8c:64:56:ec Type 0800
(IP)
     offset 0  .  .  .  4  .  .  .   8  .  .  .  C  .  .  .  0...4... 8...C...
      0    45  0  0 5c fe  0  0  0  40  1 66 76  a 14  1  2  E  \~    @<fv<<<<
     10     a 14  1  1                                       <<<<
IP   Ver/HL 45, ToS  0, Len   5c, ID fe00, Flg/Frg    0, TTL 40,  Prtl  1
          Cksum  6676, Src 0a140102, Dst 0a140101
ICMP from 10.20.1.2 to 10.20.1.1        echo rep

14:51:28.710 Xmit Ether Dst 00:c0:8c:64:e6:8c  Src 00:00:a8:40:3b:6e Type 0800
(IP)
     offset 0  .  .  .  4  .  .  .   8  .  .  .  C  .  .  .  0...4... 8...C...
      0    45  0  0 5c 5e 5c  0  0  3c  1  a  8  a 14  1  1  E  \^\   <<<<<<<<
     10     a 14  1 15                                       <<<<
IP   Ver/HL 45, ToS  0, Len   5c, ID 5e5c, Flg/Frg    0, TTL 3c,  Prtl  1
          Cksum  0a08, Src 0a140101, Dst 0a140115
ICMP from 10.20.1.1 to 10.20.1.21       echo

14:51:28.711 Rcvd Ether Dst 00:00:a8:40:3b:6e  Src 00:c0:8c:64:e6:8c Type 0800
(IP)
     offset 0  .  .  .  4  .  .  .   8  .  .  .  C  .  .  .  0...4... 8...C...
      0    45  0  0 5c fd 6f  0  0  40  1 66 f4  a 14  1 15  E  \}o   @<ft<<<<
     10     a 14  1  1                                       <<<<
IP   Ver/HL 45, ToS  0, Len   5c, ID fd6f, Flg/Frg    0, TTL 40,  Prtl  1
          Cksum  66f4, Src 0a140115, Dst 0a140101
ICMP from 10.20.1.21 to 10.20.1.1       echo rep

14:51:28.712 Xmit Ether Dst 00:c0:8c:d8:d1:2d  Src 00:00:a8:40:3b:6e Type 0800
(IP)
     offset 0  .  .  .  4  .  .  .   8  .  .  .  C  .  .  .  0...4... 8...C...
      0    45  0  0 5c 5e 5d  0  0  3c  1  a 19  a 14  1  1  E  \^]   <<<<<<<<
     10     a 14  1  3                                       <<<<
IP   Ver/HL 45, ToS  0, Len   5c, ID 5e5d, Flg/Frg    0, TTL 3c,  Prtl  1
          Cksum  0a19, Src 0a140101, Dst 0a140103
ICMP from 10.20.1.1 to 10.20.1.3        echo

14:51:28.712 Rcvd Ether Dst 00:00:a8:40:3b:6e  Src 00:c0:8c:d8:d1:2d Type 0800
(IP)
     offset 0  .  .  .  4  .  .  .   8  .  .  .  C  .  .  .  0...4... 8...C...
      0    45  0  0 5c 9b 17  0  0  40  1 c9 5e  a 14  1  3  E  \><   @<I^<<<<
     10     a 14  1  1                                       <<<<
IP   Ver/HL 45, ToS  0, Len   5c, ID 9b17, Flg/Frg    0, TTL 40,  Prtl  1
          Cksum  c95e, Src 0a140103, Dst 0a140101
ICMP from 10.20.1.3 to 10.20.1.1        echo rep

14:51:29.028 Rcvd Ether Dst 00:00:a8:41:3b:6e  Src 00:0c:6e:3f:ab:45 Type 0800
(IP)
     offset 0  .  .  .  4  .  .  .   8  .  .  .  C  .  .  .  0...4... 8...C...
      0    45  0  0 3c d9 76  0  0  80  1 7d c5 a4 98 4d 32  E  <Yv   ><}E$>M2
     10    a4 98 4d 22                                       $>M"
IP   Ver/HL 45, ToS  0, Len   3c, ID d976, Flg/Frg    0, TTL 80,  Prtl  1
          Cksum  7dc5, Src a4984d32, Dst a4984d22
ICMP from 164.152.77.50 to 164.152.77.34        echo

14:51:29.028 Xmit Ether Dst 00:0c:6e:3f:ab:45  Src 00:00:a8:41:3b:6e Type 0800
(IP)
     offset 0  .  .  .  4  .  .  .   8  .  .  .  C  .  .  .  0...4... 8...C...
      0    45  0  0 3c 5e 5e  0  0  3c  1 3c de a4 98 4d 22  E  <^^   <<<^$>M"
     10    a4 98 4d 32                                       $>M2
IP   Ver/HL 45, ToS  0, Len   3c, ID 5e5e, Flg/Frg    0, TTL 3c,  Prtl  1
          Cksum  3cde, Src a4984d22, Dst a4984d32
ICMP from 164.152.77.34 to 164.152.77.50        echo rep



C:\>perl pm21line.pl < pm.icmp.out > pm.icmp.txt



C:\>type pm.icmp.txt

14:51:28.708 Xmit Ether Dst 00:c0:8c:64:56:ec  Src 00:00:a8:40:3b:6e Type 0800  (IP) IP   Ver/HL 45, ToS  0, Len   5c, ID 5e5b, Flg/Frg    0, TTL 3c,  Prtl  1 ICMP from 10.20.1.1 to 10.20.1.2 echo
14:51:28.710 Rcvd Ether Dst 00:00:a8:40:3b:6e  Src 00:c0:8c:64:56:ec Type 0800  (IP) IP   Ver/HL 45, ToS  0, Len   5c, ID fe00, Flg/Frg    0, TTL 40,  Prtl  1 ICMP from 10.20.1.2 to 10.20.1.1 echo rep
14:51:28.710 Xmit Ether Dst 00:c0:8c:64:e6:8c  Src 00:00:a8:40:3b:6e Type 0800  (IP) IP   Ver/HL 45, ToS  0, Len   5c, ID 5e5c, Flg/Frg    0, TTL 3c,  Prtl  1 ICMP from 10.20.1.1 to 10.20.1.21        echo
14:51:28.711 Rcvd Ether Dst 00:00:a8:40:3b:6e  Src 00:c0:8c:64:e6:8c Type 0800  (IP) IP   Ver/HL 45, ToS  0, Len   5c, ID fd6f, Flg/Frg    0, TTL 40,  Prtl  1 ICMP from 10.20.1.21 to 10.20.1.1        echo rep
14:51:28.712 Xmit Ether Dst 00:c0:8c:d8:d1:2d  Src 00:00:a8:40:3b:6e Type 0800  (IP) IP   Ver/HL 45, ToS  0, Len   5c, ID 5e5d, Flg/Frg    0, TTL 3c,  Prtl  1 ICMP from 10.20.1.1 to 10.20.1.3 echo
14:51:28.712 Rcvd Ether Dst 00:00:a8:40:3b:6e  Src 00:c0:8c:d8:d1:2d Type 0800  (IP) IP   Ver/HL 45, ToS  0, Len   5c, ID 9b17, Flg/Frg    0, TTL 40,  Prtl  1 ICMP from 10.20.1.3 to 10.20.1.1 echo rep
14:51:29.028 Rcvd Ether Dst 00:00:a8:41:3b:6e  Src 00:0c:6e:3f:ab:45 Type 0800  (IP) IP   Ver/HL 45, ToS  0, Len   3c, ID d976, Flg/Frg    0, TTL 80,  Prtl  1 ICMP from 164.152.77.50 to 164.152.77.34 echo
14:51:29.028 Xmit Ether Dst 00:0c:6e:3f:ab:45  Src 00:00:a8:41:3b:6e Type 0800  (IP) IP   Ver/HL 45, ToS  0, Len   3c, ID 5e5e, Flg/Frg    0, TTL 3c,  Prtl  1 ICMP from 164.152.77.34 to 164.152.77.50 echo rep

UDP packets

C:\>type pm.udp.out

Noah_Davids.CAC logged in on %phx_vos#m15 at 08-09-05 14:50:39 mst.
%phx_vos#m15_mas>system>stcp>command_library>packet_monitor -numeric -time_stamp
 -verbose -pkt_hdr -hex_header -filter -protocol udp
***********************************************************
WARNING: failure to specify a specific interface will cause
packet_monitor to bind to ALL interfaces on the module,
greatly increasing the amount of Streams memory used!!!
***********************************************************
                dir                                                 icmp type
        tcp
hh:mm:ss.ttt dir   len proto source             destination         src port  ds
t port  type
14:50:40.232 Rcvd Ether Dst ff:ff:ff:ff:ff:ff  Src 00:0c:6e:c6:0e:de Type 0800
(IP)
     offset 0  .  .  .  4  .  .  .   8  .  .  .  C  .  .  .  0...4... 8...C...
      0    45  0  0 4e 1a 55  0  0  80 11 3c de a4 98 4c 3c  E  N<U   >><^$>L<
     10    a4 98 4d ff                                       $>M>
IP   Ver/HL 45, ToS  0, Len   4e, ID 1a55, Flg/Frg    0, TTL 80,  Prtl 11
          Cksum  3cde, Src a4984c3c, Dst a4984dff
UDP from 164.152.76.60.137 to 164.152.77.255.137 Cksum 4282, 58 data bytes.

14:50:40.629 Rcvd Ether Dst ff:ff:ff:ff:ff:ff  Src 00:d0:b7:9e:d0:2f Type 0800
(IP)
     offset 0  .  .  .  4  .  .  .   8  .  .  .  C  .  .  .  0...4... 8...C...
      0    45  0  0 4e 57  5  0  0  80 11 fe 6c a4 98 4d fd  E  NW<   ><~l$>M}
     10    a4 98 4d ff                                       $>M>
IP   Ver/HL 45, ToS  0, Len   4e, ID 5705, Flg/Frg    0, TTL 80,  Prtl 11
          Cksum  fe6c, Src a4984dfd, Dst a4984dff
UDP from 164.152.77.253.137 to 164.152.77.255.137 Cksum 121f, 58 data bytes.

14:50:40.644 Xmit Ether Dst 00:80:50:04:1c:27  Src 00:00:a8:40:3b:6e Type 0800
(IP)
     offset 0  .  .  .  4  .  .  .   8  .  .  .  C  .  .  .  0...4... 8...C...
      0    45  0  0 53 df 3e  0  0  3c 11 89 15  a 14  1  1  E  S_>   <<><<<<<
     10     a 14  1 1e                                       <<<<
IP   Ver/HL 45, ToS  0, Len   53, ID df3e, Flg/Frg    0, TTL 3c,  Prtl 11
          Cksum  8915, Src 0a140101, Dst 0a14011e
UDP from 10.20.1.1.49668 to 10.20.1.30.161 Cksum 0000, 63 data bytes.

14:50:40.680 Rcvd Ether Dst 00:00:a8:40:3b:6e  Src 00:80:50:04:1c:27 Type 0800
(IP)
     offset 0  .  .  .  4  .  .  .   8  .  .  .  C  .  .  .  0...4... 8...C...
      0    45  0  0 54  0  0 40  0  40 11 24 56  a 14  1 1b  E  T  @  @<$V<<<<
     10     a 14  1  1                                       <<<<
IP   Ver/HL 45, ToS  0, Len   54, ID    0, Flg/Frg 4000, TTL 40,  Prtl 11
          Cksum  2456, Src 0a14011b, Dst 0a140101
UDP from 10.20.1.27.161 to 10.20.1.1.49668 Cksum 4a30, 64 data bytes.

14:50:40.980 Rcvd Ether Dst ff:ff:ff:ff:ff:ff  Src 00:0c:6e:c6:0e:de Type 0800
(IP)
     offset 0  .  .  .  4  .  .  .   8  .  .  .  C  .  .  .  0...4... 8...C...
      0    45  0  0 4e 1a 6c  0  0  80 11 3c c7 a4 98 4c 3c  E  N<l   ><<G$>L<
     10    a4 98 4d ff                                       $>M>
IP   Ver/HL 45, ToS  0, Len   4e, ID 1a6c, Flg/Frg    0, TTL 80,  Prtl 11
          Cksum  3cc7, Src a4984c3c, Dst a4984dff
UDP from 164.152.76.60.137 to 164.152.77.255.137 Cksum 4282, 58 data bytes.

14:50:41.379 Rcvd Ether Dst ff:ff:ff:ff:ff:ff  Src 00:d0:b7:9e:d0:2f Type 0800
(IP)
     offset 0  .  .  .  4  .  .  .   8  .  .  .  C  .  .  .  0...4... 8...C...
      0    45  0  0 4e 57  6  0  0  80 11 fe 6b a4 98 4d fd  E  NW<   ><~k$>M}
     10    a4 98 4d ff                                       $>M>
IP   Ver/HL 45, ToS  0, Len   4e, ID 5706, Flg/Frg    0, TTL 80,  Prtl 11
          Cksum  fe6b, Src a4984dfd, Dst a4984dff
UDP from 164.152.77.253.137 to 164.152.77.255.137 Cksum 121f, 58 data bytes.

14:50:41.685 Xmit Ether Dst 00:80:50:04:1c:27  Src 00:00:a8:40:3b:6e Type 0800
(IP)
     offset 0  .  .  .  4  .  .  .   8  .  .  .  C  .  .  .  0...4... 8...C...
      0    45  0  0 53 df 3f  0  0  3c 11 89 14  a 14  1  1  E  S_?   <<><<<<<
     10     a 14  1 1e                                       <<<<
IP   Ver/HL 45, ToS  0, Len   53, ID df3f, Flg/Frg    0, TTL 3c,  Prtl 11
          Cksum  8914, Src 0a140101, Dst 0a14011e
UDP from 10.20.1.1.49669 to 10.20.1.30.161 Cksum 0000, 63 data bytes.

14:50:41.722 Rcvd Ether Dst 00:00:a8:40:3b:6e  Src 00:80:50:04:1c:27 Type 0800
(IP)
     offset 0  .  .  .  4  .  .  .   8  .  .  .  C  .  .  .  0...4... 8...C...
      0    45  0  0 54  0  0 40  0  40 11 24 56  a 14  1 1b  E  T  @  @<$V<<<<
     10     a 14  1  1                                       <<<<
IP   Ver/HL 45, ToS  0, Len   54, ID    0, Flg/Frg 4000, TTL 40,  Prtl 11
          Cksum  2456, Src 0a14011b, Dst 0a140101
UDP from 10.20.1.27.161 to 10.20.1.1.49669 Cksum 4a2e, 64 data bytes.

14:50:42.130 Rcvd Ether Dst ff:ff:ff:ff:ff:ff  Src 00:d0:b7:9e:d0:2f Type 0800
(IP)
     offset 0  .  .  .  4  .  .  .   8  .  .  .  C  .  .  .  0...4... 8...C...
      0    45  0  0 4e 57  7  0  0  80 11 fe 6a a4 98 4d fd  E  NW<   ><~j$>M}
     10    a4 98 4d ff                                       $>M>
IP   Ver/HL 45, ToS  0, Len   4e, ID 5707, Flg/Frg    0, TTL 80,  Prtl 11
          Cksum  fe6a, Src a4984dfd, Dst a4984dff
UDP from 164.152.77.253.137 to 164.152.77.255.137 Cksum 121f, 58 data bytes.

14:50:42.189 Rcvd Ether Dst ff:ff:ff:ff:ff:ff  Src 00:16:97:c4:01:ab Type 0800
(IP)
     offset 0  .  .  .  4  .  .  .   8  .  .  .  C  .  .  .  0...4... 8...C...
      0    45  0  0 7e 48 39  0  0  80 11 96 ea ac 10  1 2c  E  ~H9   ><>j,<<,
     10    ac 10  1 ff                                       ,<<>
IP   Ver/HL 45, ToS  0, Len   7e, ID 4839, Flg/Frg    0, TTL 80,  Prtl 11
          Cksum  96ea, Src ac10012c, Dst ac1001ff
UDP from 172.16.1.44.1026 to 172.16.1.255.1100 Cksum 68c5, 106 data bytes.

14:50:42.726 Xmit Ether Dst 00:80:50:04:1c:27  Src 00:00:a8:40:3b:6e Type 0800
(IP)
     offset 0  .  .  .  4  .  .  .   8  .  .  .  C  .  .  .  0...4... 8...C...
      0    45  0  0 53 df 40  0  0  3c 11 89 13  a 14  1  1  E  S_@   <<><<<<<
     10     a 14  1 1e                                       <<<<
IP   Ver/HL 45, ToS  0, Len   53, ID df40, Flg/Frg    0, TTL 3c,  Prtl 11
          Cksum  8913, Src 0a140101, Dst 0a14011e
UDP from 10.20.1.1.49670 to 10.20.1.30.161 Cksum 0000, 63 data bytes.

ready  14:50:56
Process finished.
Terminating Noah_Davids.CAC (pm).  Process stopped by Noah_Davids.CAC.



C:\>perl pm21line.pl < pm.udp.out > pm.udp.txt



C:\>type pm.udp.txt

14:50:40.232 Rcvd Ether Dst ff:ff:ff:ff:ff:ff  Src 00:0c:6e:c6:0e:de Type 0800  (IP) IP   Ver/HL 45, ToS  0, Len   4e, ID 1a55, Flg/Frg    0, TTL 80,  Prtl 11 UDP from 164.152.76.60.137 to 164.152.77.255.137 Cksum 4282, 58 data bytes.
14:50:40.629 Rcvd Ether Dst ff:ff:ff:ff:ff:ff  Src 00:d0:b7:9e:d0:2f Type 0800  (IP) IP   Ver/HL 45, ToS  0, Len   4e, ID 5705, Flg/Frg    0, TTL 80,  Prtl 11 UDP from 164.152.77.253.137 to 164.152.77.255.137 Cksum 121f, 58 data bytes.
14:50:40.644 Xmit Ether Dst 00:80:50:04:1c:27  Src 00:00:a8:40:3b:6e Type 0800  (IP) IP   Ver/HL 45, ToS  0, Len   53, ID df3e, Flg/Frg    0, TTL 3c,  Prtl 11 UDP from 10.20.1.1.49668 to 10.20.1.30.161 Cksum 0000, 63 data bytes.
14:50:40.680 Rcvd Ether Dst 00:00:a8:40:3b:6e  Src 00:80:50:04:1c:27 Type 0800  (IP) IP   Ver/HL 45, ToS  0, Len   54, ID    0, Flg/Frg 4000, TTL 40,  Prtl 11 UDP from 10.20.1.27.161 to 10.20.1.1.49668 Cksum 4a30, 64 data bytes.
14:50:40.980 Rcvd Ether Dst ff:ff:ff:ff:ff:ff  Src 00:0c:6e:c6:0e:de Type 0800  (IP) IP   Ver/HL 45, ToS  0, Len   4e, ID 1a6c, Flg/Frg    0, TTL 80,  Prtl 11 UDP from 164.152.76.60.137 to 164.152.77.255.137 Cksum 4282, 58 data bytes.
14:50:41.379 Rcvd Ether Dst ff:ff:ff:ff:ff:ff  Src 00:d0:b7:9e:d0:2f Type 0800  (IP) IP   Ver/HL 45, ToS  0, Len   4e, ID 5706, Flg/Frg    0, TTL 80,  Prtl 11 UDP from 164.152.77.253.137 to 164.152.77.255.137 Cksum 121f, 58 data bytes.
14:50:41.685 Xmit Ether Dst 00:80:50:04:1c:27  Src 00:00:a8:40:3b:6e Type 0800  (IP) IP   Ver/HL 45, ToS  0, Len   53, ID df3f, Flg/Frg    0, TTL 3c,  Prtl 11 UDP from 10.20.1.1.49669 to 10.20.1.30.161 Cksum 0000, 63 data bytes.
14:50:41.722 Rcvd Ether Dst 00:00:a8:40:3b:6e  Src 00:80:50:04:1c:27 Type 0800  (IP) IP   Ver/HL 45, ToS  0, Len   54, ID    0, Flg/Frg 4000, TTL 40,  Prtl 11 UDP from 10.20.1.27.161 to 10.20.1.1.49669 Cksum 4a2e, 64 data bytes.
14:50:42.130 Rcvd Ether Dst ff:ff:ff:ff:ff:ff  Src 00:d0:b7:9e:d0:2f Type 0800  (IP) IP   Ver/HL 45, ToS  0, Len   4e, ID 5707, Flg/Frg    0, TTL 80,  Prtl 11 UDP from 164.152.77.253.137 to 164.152.77.255.137 Cksum 121f, 58 data bytes.
14:50:42.189 Rcvd Ether Dst ff:ff:ff:ff:ff:ff  Src 00:16:97:c4:01:ab Type 0800  (IP) IP   Ver/HL 45, ToS  0, Len   7e, ID 4839, Flg/Frg    0, TTL 80,  Prtl 11 UDP from 172.16.1.44.1026 to 172.16.1.255.1100 Cksum 68c5, 106 data bytes.
14:50:42.726 Xmit Ether Dst 00:80:50:04:1c:27  Src 00:00:a8:40:3b:6e Type 0800  (IP) IP   Ver/HL 45, ToS  0, Len   53, ID df40, Flg/Frg    0, TTL 3c,  Prtl 11 UDP from 10.20.1.1.49670 to 10.20.1.30.161 Cksum 0000, 63 data bytes.

TCP packets

Note that non-header lines that are ignored include the hex dump output.

C:\>type pm.tcp.out

Noah_Davids.CAC logged in on %phx_vos#m15 at 08-09-05 16:17:27 mst.
%phx_vos#m15_mas>system>stcp>command_library>packet_monitor -numeric -time_stamp
 -verbose -pkt_hdr -hex_header -hex_dump -length 1500 -filter -protocol tcp
***********************************************************
WARNING: failure to specify a specific interface will cause
packet_monitor to bind to ALL interfaces on the module,
greatly increasing the amount of Streams memory used!!!
***********************************************************
                dir                                                 icmp type
        tcp
hh:mm:ss.ttt dir   len proto source             destination         src port  ds
t port  type
16:17:28.372 Xmit Ether Dst 00:00:a8:c0:86:a1  Src 00:00:a8:41:3b:6e Type 0800
(IP)
     offset 0  .  .  .  4  .  .  .   8  .  .  .  C  .  .  .  0...4... 8...C...
      0    45  0  0 4a a9 64  0  0  3c  6 f1 2b a4 98 4d 22  E  J)d   <<q+$>M"
     10    a4 98 4d cb                                       $>MK
IP   Ver/HL 45, ToS  0, Len   4a, ID a964, Flg/Frg    0, TTL 3c,  Prtl  6
          Cksum  f12b, Src a4984d22, Dst a4984dcb
TCP from 164.152.77.34.49170 to 164.152.77.203.3000
    seq   125847069, ack   68071061, window 32768, 34 data bytes, flags Push Ack
.
    X/Off 05, Flags 18, Cksum 3231,  Urg-> 0000
     offset 0  .  .  .  4  .  .  .   8  .  .  .  C  .  .  .  0...4... 8...C...
      0    55  e 55  f 3a 3b ff fe   0  0  0  0  0  0  0  0  U<U<:;>~
     10     0  0  0  0  0  0  0  0   0  0  0  0  0  0 2e e9                 .i
     20    3a  e                                             :<

16:17:28.378 Rcvd Ether Dst 00:00:a8:41:3b:6e  Src 00:00:a8:c0:86:a1 Type 0800
(IP)
     offset 0  .  .  .  4  .  .  .   8  .  .  .  C  .  .  .  0...4... 8...C...
      0    45  0  0 4a 13 a7  0  0  3c  6 86 e9 a4 98 4d cb  E  J<'   <<>i$>MK
     10    a4 98 4d 22                                       $>M"
IP   Ver/HL 45, ToS  0, Len   4a, ID 13a7, Flg/Frg    0, TTL 3c,  Prtl  6
          Cksum  86e9, Src a4984dcb, Dst a4984d22
TCP from 164.152.77.203.3000 to 164.152.77.34.49170
    seq    68071061, ack  125847103, window 32768, 34 data bytes, flags Push Ack
.
    X/Off 05, Flags 18, Cksum 320f,  Urg-> 0000
     offset 0  .  .  .  4  .  .  .   8  .  .  .  C  .  .  .  0...4... 8...C...
      0    55  f 55  e 3a 3b ff fe   0  0  0  0  0  0  0  0  U<U<:;>~
     10     0  0  0  0  0  0  0  0   0  0  0  0  0  0 2e e9                 .i
     20    3a  e                                             :<

16:17:28.570 Rcvd Ether Dst 00:00:a8:41:3b:6e  Src 00:00:a8:c0:86:a1 Type 0800
(IP)
     offset 0  .  .  .  4  .  .  .   8  .  .  .  C  .  .  .  0...4... 8...C...
      0    45  0  0 28 13 a8  0  0  3c  6 87  a a4 98 4d cb  E  (<(   <<><$>MK
     10    a4 98 4d 22                                       $>M"
IP   Ver/HL 45, ToS  0, Len   28, ID 13a8, Flg/Frg    0, TTL 3c,  Prtl  6
          Cksum  870a, Src a4984dcb, Dst a4984d22
TCP from 164.152.77.203.3000 to 164.152.77.34.49170
    seq    68071095, ack  125847103, window 32768, 0 data bytes, flags Ack.
    X/Off 05, Flags 10, Cksum 7f66,  Urg-> 0000
No tcp data.

16:17:28.600 Xmit Ether Dst 00:00:a8:c0:86:a1  Src 00:00:a8:41:3b:6e Type 0800
(IP)
     offset 0  .  .  .  4  .  .  .   8  .  .  .  C  .  .  .  0...4... 8...C...
      0    45  0  0 28 a9 65  0  0  3c  6 f1 4c a4 98 4d 22  E  ()e   <<qL$>M"
     10    a4 98 4d cb                                       $>MK
IP   Ver/HL 45, ToS  0, Len   28, ID a965, Flg/Frg    0, TTL 3c,  Prtl  6
          Cksum  f14c, Src a4984d22, Dst a4984dcb
TCP from 164.152.77.34.49170 to 164.152.77.203.3000
    seq   125847103, ack   68071095, window 32768, 0 data bytes, flags Ack.
    X/Off 05, Flags 10, Cksum 7f66,  Urg-> 0000
No tcp data.

16:17:29.120 Xmit Ether Dst 00:00:a8:80:80:4a  Src 00:00:a8:41:3b:6e Type 0800
(IP)
     offset 0  .  .  .  4  .  .  .   8  .  .  .  C  .  .  .  0...4... 8...C...
      0    45  0  0 4a a9 66  0  0  3c  6 f1 e9 a4 98 4d 22  E  J)f   <<qi$>M"
     10    a4 98 4d  b                                       $>M<
IP   Ver/HL 45, ToS  0, Len   4a, ID a966, Flg/Frg    0, TTL 3c,  Prtl  6
          Cksum  f1e9, Src a4984d22, Dst a4984d0b
TCP from 164.152.77.34.49177 to 164.152.77.11.3002
    seq   132742361, ack  858875097, window 32768, 34 data bytes, flags Push Ack
.
    X/Off 05, Flags 18, Cksum 2dff,  Urg-> 0000
     offset 0  .  .  .  4  .  .  .   8  .  .  .  C  .  .  .  0...4... 8...C...
      0    55  d 55  f ae af ff fe   0  0  0  0  0  0  0  0  U<U<./>~
     10     0  0  0  0  0  0  0  0   0  0  0  0  0  0 2e d3                 .S
     20    ae  d                                             .<

16:17:29.121 Rcvd Ether Dst 00:00:a8:41:3b:6e  Src 00:00:a8:80:80:4a Type 0800
(IP)
     offset 0  .  .  .  4  .  .  .   8  .  .  .  C  .  .  .  0...4... 8...C...
      0    45  0  0 4a 58 68  0  0  40  6 3e e8 a4 98 4d  b  E  JXh   @<>h$>M<
     10    a4 98 4d 22                                       $>M"
IP   Ver/HL 45, ToS  0, Len   4a, ID 5868, Flg/Frg    0, TTL 40,  Prtl  6
          Cksum  3ee8, Src a4984d0b, Dst a4984d22
TCP from 164.152.77.11.3002 to 164.152.77.34.49177
    seq   858875097, ack  132742395, window 11468, 34 data bytes, flags Push Ack
.
    X/Off 05, Flags 18, Cksum 8111,  Urg-> 0000
     offset 0  .  .  .  4  .  .  .   8  .  .  .  C  .  .  .  0...4... 8...C...
      0    55  f 55  d ae af ff fe   0  0  0  0  0  0  0  0  U<U<./>~
     10     0  0  0  0  0  0  0  0   0  0  0  0  0  0 2e d3                 .S
     20    ae  d                                             .<

16:17:29.347 Xmit Ether Dst 00:00:a8:80:80:4a  Src 00:00:a8:41:3b:6e Type 0800
(IP)
     offset 0  .  .  .  4  .  .  .   8  .  .  .  C  .  .  .  0...4... 8...C...
      0    45  0  0 28 a9 67  0  0  3c  6 f2  a a4 98 4d 22  E  ()g   <<r<$>M"
     10    a4 98 4d  b                                       $>M<
IP   Ver/HL 45, ToS  0, Len   28, ID a967, Flg/Frg    0, TTL 3c,  Prtl  6
          Cksum  f20a, Src a4984d22, Dst a4984d0b
TCP from 164.152.77.34.49177 to 164.152.77.11.3002
    seq   132742395, ack  858875131, window 32768, 0 data bytes, flags Ack.
    X/Off 05, Flags 10, Cksum 6391,  Urg-> 0000
No tcp data.



C:\>perl pm21line.pl < pm.tcp.out > pm.tcp.txt



C:\>type pm.tcp.txt

16:17:28.372 Xmit Ether Dst 00:00:a8:c0:86:a1  Src 00:00:a8:41:3b:6e Type 0800  (IP) IP   Ver/HL 45, ToS  0, Len   4a, ID a964, Flg/Frg    0, TTL 3c,  Prtl  6 TCP from 164.152.77.34.49170 to 164.152.77.203.3000     seq   125847069, ack   68071061, window 32768, 34 data bytes, flags Push Ack.
16:17:28.378 Rcvd Ether Dst 00:00:a8:41:3b:6e  Src 00:00:a8:c0:86:a1 Type 0800  (IP) IP   Ver/HL 45, ToS  0, Len   4a, ID 13a7, Flg/Frg    0, TTL 3c,  Prtl  6 TCP from 164.152.77.203.3000 to 164.152.77.34.49170     seq    68071061, ack  125847103, window 32768, 34 data bytes, flags Push Ack.
16:17:28.570 Rcvd Ether Dst 00:00:a8:41:3b:6e  Src 00:00:a8:c0:86:a1 Type 0800  (IP) IP   Ver/HL 45, ToS  0, Len   28, ID 13a8, Flg/Frg    0, TTL 3c,  Prtl  6 TCP from 164.152.77.203.3000 to 164.152.77.34.49170     seq    68071095, ack  125847103, window 32768, 0 data bytes, flags Ack.
16:17:28.600 Xmit Ether Dst 00:00:a8:c0:86:a1  Src 00:00:a8:41:3b:6e Type 0800  (IP) IP   Ver/HL 45, ToS  0, Len   28, ID a965, Flg/Frg    0, TTL 3c,  Prtl  6 TCP from 164.152.77.34.49170 to 164.152.77.203.3000     seq   125847103, ack   68071095, window 32768, 0 data bytes, flags Ack.
16:17:29.120 Xmit Ether Dst 00:00:a8:80:80:4a  Src 00:00:a8:41:3b:6e Type 0800  (IP) IP   Ver/HL 45, ToS  0, Len   4a, ID a966, Flg/Frg    0, TTL 3c,  Prtl  6 TCP from 164.152.77.34.49177 to 164.152.77.11.3002     seq   132742361, ack  858875097, window 32768, 34 data bytes, flags Push Ack.
16:17:29.121 Rcvd Ether Dst 00:00:a8:41:3b:6e  Src 00:00:a8:80:80:4a Type 0800  (IP) IP   Ver/HL 45, ToS  0, Len   4a, ID 5868, Flg/Frg    0, TTL 40,  Prtl  6 TCP from 164.152.77.11.3002 to 164.152.77.34.49177     seq   858875097, ack  132742395, window 11468, 34 data bytes, flags Push Ack.
16:17:29.347 Xmit Ether Dst 00:00:a8:80:80:4a  Src 00:00:a8:41:3b:6e Type 0800  (IP) IP   Ver/HL 45, ToS  0, Len   28, ID a967, Flg/Frg    0, TTL 3c,  Prtl  6 TCP from 164.152.77.34.49177 to 164.152.77.11.3002     seq   132742395, ack  858875131, window 32768, 0 data bytes, flags Ack.

pm21line.pl

                                                                   
# pm21line.pl begins here
#
# pm21line.pl
# version 1.0
# version 1.1 08-09-04 Added the match for /\^+.*Prtl/ to capture the final part
#                      of the IP header if it wraps around to a new line. Note this
#                      will only happen if the input was originally captured from a
#                      terminal session or a capture file was displayed to a terminal.
# version 1.2 10-11-26 Added disclaimer
# Noah.Davids@stratus.com
#
# The lastest version of this script and documentation can be found at
#      http://noahdavids.org/self_published/pm21line.html
#
#
# tested with the following combinations of (format control) packet_monitor
# arguments. The filter controls shouldn't have any effect.
#   -numeric -time_stamp -verbose -pkt_hdr -hex_header
#   -numeric -time_stamp -verbose -pkt_hdr
#   -numeric -time_stamp -verbose
#    -verbose
#   -verbose -pkt_hdr
#
# This software is provided on an "AS IS" basis, WITHOUT ANY WARRANTY OR ANY
# SUPPORT OF ANY KIND. The AUTHOR SPECIFICALLY DISCLAIMS ANY IMPLIED WARRANTIES
# OF MERCHANTABILITY OR FITNESS FOR ANY PARTICULAR PURPOSE.  This disclaimer
# applies, despite any verbal representations of any kind provided by the
# author or anyone else.
#
use strict;
use warnings;

my ($oneLine);

while ($_ = <stdin>)
{
     if (/Rcvd Ether/) {$oneLine = substr($_, 0, -1);}
     if (/Xmit Ether/) {$oneLine = substr($_, 0, -1);}
     if (/Rcvd IP/)    {$oneLine = substr($_, 0, -1);}
     if (/Xmit IP/)    {$oneLine = substr($_, 0, -1);}
     
     if (/^\+.*Prtl  /){$oneLine = $oneLine . substr($_, 1, -1);}
     
     if (/Rcvd ARP/ | /Xmit ARP/)
     {
          print $_;
          $oneLine = "start over";
     }
     if (/^IP   Ver/)  {$oneLine = $oneLine . " " . substr($_, 0, -1);}
     
     if (/^TCP/)
     {
          $oneLine = $oneLine . " " .substr($_, 0, -1);
          $_ = <stdin>;
          $oneLine = $oneLine . " " . $_;
          print $oneLine;
          $oneLine = "start over";
     }
     if (/^UDP/ | /^ICMP/ | /^ARP/)
     {
          $oneLine = $oneLine . " " . $_;
          print $oneLine;
          $oneLine = "start over";
     }
}
#
# pm21line.pl ends here



Blue Bar separator
This page was last modified on 10-11-26
mailbox Send comments and suggestions
to ndav1@cox.net