Skip IP headers with tcpdump

Question

Skip IP headers with tcpdump

I use the tcpdumpSSDP service for debugging.

$ sudo tcpdump -Aq udp port 1900

When printing UDP packets, I get a lot of nonsense before the HTTP headers, which I assume are IP and UDP headers. How to suppress their printing and just print application level data in a package (including HTTP headers)?

Here is an example, the material that I do not want, up NOTIFYto the second line:

14:41:56.738130 IP www.routerlogin.com.2239 > 239.255.255.250.1900: UDP, length 326
E..b..@................l.N..NOTIFY * HTTP/1.1
HOST: 239.255.255.250:1900

+5

python udp tcpdump ssdp

Matt joiner Jun 03 '12 at 6:48

source share

1 answer

Mike Pennington · Accepted Answer · 2012-06-03T12:10:21+0000

Unfortunately, there are no shortcuts tcpdumpor even tsharkto do what you want ... the best we can do is run STDOUT through a text filter ...

perl sed, , , ...

[mpenning@Bucksnort ~]$ sudo tcpdump -Aq udp port 1900 | perl -e 'while ($line=<STDIN>) { if ($line!~/239.255.255.250.+?UDP/) { if ($line=~/(NOTIFY.+)$/) {print "$1\n";} else {print $line;}}}'
NOTIFY * HTTP/1.1
HOST: 239.255.255.250:1900

[mpenning@Bucksnort ~]$

, perl STDIN, ,...

while ($line=<STDIN>) {
    if ($line!~/239.255.255.250.+?UDP/) {
        if ($line=~/(NOTIFY.+)$/) {
            print "$1\n";
        } else {
            print $line;
        }
    }
}

Skip IP headers with tcpdump

More articles: