tcpdump - just output the packet contents line by line

linux ubuntu tcpdump

Some nice alternatives to the -A switch womble pointed out:

tcpflow will read a pcap file and split the TCP connections into separate files. Make sure you use a temp directory as it will split it into separate files for each connection.

tcpdump -s0 -w capfile
...
mkdir tmp && cd tmp
tcpflow -r ../capfile

You can also get something from tcpflow very similar to tcpdump -A, without splitting to different files:

tcpflow -C -r capfile

Personally, I find using wireshark and its Follow TCP stream option the easiest to read as it color-codes each side of the conversation. You can capture with wireshark directly or read captures made with tcpdump.


The dots are non-printable characters; anything outside of the range ASCII 32-126 (or thereabouts). You're getting the hexdump representation because you used the -X option; if you instead use the -A option, you'll get just the ASCII representation.

Related

Supermicro server onsite maintenance
How do you get Redis connections working within an Amazon VPC private subnet?
Apache: Redirect 404 and ErrorDocument 404 difference
How do you rotate Apache logs on Linux (centos)?
Why are ISP's installing routers on my site when the feed is a form of ethernet already?
SSH via 3rd Machine
Best practices for backing up databases
how to write a script that only acts on new log entries
How to sync two MySQL tables (on demand or via cron)
Architecting your network when you run out of VLANs
rsyslogd: Any way to get around the number of local facilities?
Does this log indicate the server reboooted?