Dump packet content to the console

Using the command line option -dump you can print the content of selected packets to the console.

The following will dump all the packets seen by the probe

java -jar Probe.jar -dump

....
Ethernet - 00:02:2d:0c:1f:80 -> 00:04:e2:60:66:a2
Ethernet - payload: 800
      IP - 10.0.1.20 -> 158.39.26.220
      IP - length: 87
      IP - payload: 17
     UDP - 2002 -> 53
     DNS - operation: DNS query
000: 03 31 30 30 01 31 01 30 02 31 30 07 69 6e 2d 61  .100.1.0.10.in-a
016: 64 64 72 04 61 72 70 61 00 00 0c 00 01 00 00 00  ddr.arpa........
032: 00                                               .

Ethernet - 00:04:e2:60:66:a2 -> 00:02:2d:0c:1f:80
Ethernet - payload: 800
      IP - 158.39.26.220 -> 10.0.1.20
      IP - length: 164
      IP - payload: 17
     UDP - 53 -> 2002
     DNS - operation: DNS response
000: 03 31 30 30 01 31 01 30 02 31 30 07 69 6e 2d 61  .100.1.0.10.in-a
016: 64 64 72 04 61 72 70 61 00 00 0c 00 01 c0 14 00  ddr.arpa.....?..
032: 06 00 01 00 00 1c 05 00 41 08 70 72 69 73 6f 6e  ........A.prison
048: 65 72 04 69 61 6e 61 03 6f 72 67 00 0a 68 6f 73  er.iana.org..hos
064: 74 6d 61 73 74 65 72 0c 72 6f 6f 74 2d 73 65 72  tmaster.root-ser
080: 76 65 72 73 c0 43 77 54 00 00 00 00 00 00 00 00  vers?CwT........
096: 00 00 00 00 00 00 00 00 00 00 00 00 00 00        ..............
				

The first lines display the protocols of the packet, Ethernet, IP, and UDP. The first packet above is a DNS query to the name server (port 53 on top of UDP and IP). The second packet seen is the reply from the name server with the answer to the query.

This will dump all the packets transmitted or received by the host with IP 10.0.1.20:

java -jar Probe.jar -dump 10.0.1.20
				

This will dump all the HTTP packets seen by the probe:

java -jar Probe.jar -dump :1.2048.6.80
				

1 is for ethernet, 2048 is IP (0x800), 6 is for TCP, and 80 is the HTTP port number.

This will dump all the HTTP traffic for the host with IP 10.0.1.20:

java -jar Probe.jar -dump 10.0.1.20:1.2048.6.80