Sniffing and displaying TCP packets in UTF-8

Alexandre Dupuis picture Alexandre Dupuis · Aug 6, 2010 · Viewed 8.6k times · Source

I am trying to use tcpdump to display the content of tcp packets flowing on my network. I have something like:

tcpdump -i wlan0 -l -A

The -A option displays the content as ASCII text, but my text seems to be UTF-8. Is there a way to display UTF-8 properly using tcpdump? Do you know any other tools which could help?

Many thanks

Answer

Delian Krustev picture Delian Krustev · Apr 25, 2012

Make sure your terminal supports outputting UTF-8 and pipe the output to something which replaces non printable characters:

tcpdump -lnpi lo tcp port 80 -s 16000 -w - | tr -t '[^[:print:]]' ''
tcpdump -lnpi lo tcp port 80 -s 16000 -w - | strings -e S -n 1

If your terminal does not support UTF-8 you have to convert the output to a supported encoding . E.g.:

tcpdump -lnpi lo tcp port 80 -s 16000 -w - | tr -t '[^[:print:]]' '' | iconv -c -f utf-8 -t cp1251

-c option tells iconv to omit character which does not have valid representation in the target encoding.