Somehow, sometimes the code below generates an error when loading valid Windows-1252 XML.
It fails on Windows XP Professional x86 SP3 using MSXML6.
It succeeds on Windows 7 Ultimate x64 SP1 using MSXML6.
Note: the code below is written in Delphi, but equivalent code also fails in other environments.
procedure TXMLEOSErrorTestCase.Test;
var
XmlDocument: IXMLDOMDocument3;
XmlFileName: string;
begin
XmlDocument := CoFreeThreadedDOMDocument60.Create();
XmlFileName := TPath.Combine(TPath.GetDirectoryName(ParamStr(0)), '1-Normal.xml');
if not XmlDocument.load(XmlFileName) then
Parse(XmlDocument.parseError);
end;
This error occurs during the XmlDocument.load method:
reason: System error: -2146697210.
errorCode: -2146697210
url: C:\temp\1-Normal.xml
I trimmed the XML down to the XML found below.
This is the hex dump of the XML file:
000000: 3C 3F 78 6D 6C 20 76 65 72 73 69 6F 6E 20 3D 20 <?xml version =
000010: 22 31 2E 30 22 20 65 6E 63 6F 64 69 6E 67 3D 22 "1.0" encoding="
000020: 57 69 6E 64 6F 77 73 2D 31 32 35 32 22 3F 3E 3C Windows-1252"?><
000030: 52 4F 57 20 43 69 74 79 3D 22 E0 22 2F 3E 0D 0A ROW City="."/>..
This is the XML:
<?xml version = "1.0" encoding="Windows-1252"?><ROW City="à"/>
Why does the error occur?
(The XML loads perfectly fine in .NET and other environments not using MSXML6, it also works fine on Windows 7 Ultimate x64 SP1).
--jeroen
The behaviour depends on which version of the MSXML6.DLL you have installed.
To reproduce this better, I created another file abnormal.xml, in addition to the normal.xml from the question.
File dump abnormal.xml:
000000: 3C 3F 78 6D 6C 20 76 65 72 73 69 6F 6E 3D 22 31 <?xml version="1
000010: 2E 30 22 20 73 74 61 6E 64 61 6C 6F 6E 65 3D 22 .0" standalone="
000020: 79 65 73 22 3F 3E 3C 52 4F 57 20 43 69 74 79 3D yes"?><ROW City=
000030: 22 E0 22 2F 3E 0D 0A "."/>..
File abnormal.xml:
<?xml version="1.0" standalone="yes"?><ROW City="à"/>
File dump normal.xml:
000000: 3C 3F 78 6D 6C 20 76 65 72 73 69 6F 6E 20 3D 20 <?xml version =
000010: 22 31 2E 30 22 20 65 6E 63 6F 64 69 6E 67 3D 22 "1.0" encoding="
000020: 57 69 6E 64 6F 77 73 2D 31 32 35 32 22 3F 3E 3C Windows-1252"?><
000030: 52 4F 57 20 43 69 74 79 3D 22 E0 22 2F 3E 0D 0A ROW City="."/>..
File normal.xml:
<?xml version = "1.0" encoding="Windows-1252"?><ROW City="à"/>
The behaviour I expect is that:
abnormal.xml fails, because it does not specify an encoding, but contains a character with the high-bit set
normal.xml succeeds, as it conains a single-byte encoding supporting high-bit characters, so characters with high-bit set are allowed
These are the observed scenarios:
MSXML6 FAILURE:
reason: System error: -2146697210.
errorCode: -2146697210
url: file:///C:/My%20Dropbox/XMLEOSErrorTest/Abnormal.xml
reason: System error: -2146697210.
errorCode: -2146697210
url: file:///C:/My%20Dropbox/XMLEOSErrorTest/Normal.xml
MSXML6 SUCCESS:
reason: An invalid character was found in text content.
errorCode: -1072896760
url: file:///C:/My%20Dropbox/XMLEOSErrorTest/Abnormal.xml
srcText: <?xml version="1.0" standalone="yes"?><ROW City="
line: 1
linepos: 50
filepos: 49
This is an overview of what versions fail.
The names of the DLL's between parentheses are from their version information.
failure; XP Professional SP3:
msxml6.dll version 6.20.1099.0 (MSXML 6.0 SP2)
msxml6r.dll version 6.0.3883.0 (XML Resources)
success; Windows 7 Ultimate x64 SP1:
msxml6.dll version 6.30.7600.16385 (MSXML 6.0 SP3)
msxml6r.dll version 6.30.7600.16385
msxml6r.dll.mui version 6.30.7600.16385
success; XP Professional SP3:
msxml6.dll version 6.20.1103.0 (MSXML 6.0 SP3)
msxml6r.dll version 6.0.3883.0 (XML Resources)
Observations:
Automatic Windows Update and Microsoft Update will not update MSXML6.DLL to the latest version on Windows XP SP3.
There is no MSXML6 SP3 for Windows XP.
The latest version is in fact 6.20.2003.0 for Windows XP SP2 and can be obtained at http://support.microsoft.com/kb/973686 (it does not install on Windows XP SP3).
The 6.20.1103.0 version of MSXML6.DLL for Windows XP SP3 can be obtained at http://support.microsoft.com/kb/973687 (direct download for XP SP3)
Microsoft has very little information on their site about this: http://www.google.com/search?q=msxml6+%226.20.1099.0%22+%226.20.1103.0%22+site:microsoft.com
Searching only for 6.20.1103.0 does not reveal much more: http://www.google.com/search?sourceid=chrome&ie=UTF-8&q=msxml6+%226.20.1103.0%22+site:microsoft.com
This gives the best search results: http://www.google.com/search?sourceid=chrome&ie=UTF-8&q=msxml6+%226.20.1103.0%22#sclient=psy&num=10&hl=en&q=msxml6+%226.20.1099.0%22+%226.20.1103.0%22
So: when doing MSXML6 work, first put in a check that you indeed have the latest MSXML6.DLL for your target Windows version.
--jeroen
Related
I am supposed to recreate the behavior of hexdump in C and now when I (almost) finished the task, the actual hexdump command behaves weird.
When I use:
hexdump -C filename1 notexistingfilename2
the error message for the non existing file appears between the lines of the output of the first file.
like this:
0000c4f0 65 00 64 79 6c 64 5f 73 74 75 62 5f 62 69 6e 64 |e.dyld_stub_bind|
0000c500 65 72 00 5f 5f 64 79 6c 64 5f 70 72 69 76 61 74 |er.__dyld_privat|
hexdump: h: No such file or directory
0000c510 65 00 00 00 00 00 00 00 |e.......|
0000c518
h being the non existing file.
This wasn't the case when I used hexdump earlier today. (System is MacOS and the behavior is the same in Bash aswell as in zsh, also not using the -C flag doesn't make a difference).
Context
I'm implementing an integration application based on Apache Camel, which must interface to Google Pub/Sub infrastructure. For this purpose, I'm using the dedicated Camel PubSub component , which is based on the Google
PubSub HTTP Service API
For development and test phases, I would like to use the PubSub Emulator, and make it available on a shared DEV environment so that the whole DEV team can access it.
Issue
When running the emulator on localhost, everything works fine: the REST HTTP API is available (e.g. to create topics and subscriptions), and Camel route is consuming messages properly.
gcloud beta emulators pubsub start --host-port=localhost:8085
API Call result ( topic creation):
$ curl -X PUT -v http://localhost:8085/v1/projects/test-project/topics/topic-data
HTTP/1.1 200 OK
content-type: application/json
{ "name": "projects/test-project/topics/topic-data"}
But as soon as I start Emulator with -host parameter different than localhost (e.g. using my main IP address), the REST API does not work anymore and always return 503 UNAVAILABLE:
gcloud beta emulators pubsub start --host-port=[MY_IP_ADDRESS]:8085
Result when trying to create topic :
$ curl -X PUT -v http://[MY_IP_ADDRESS]:8085/v1/projects/test-project/topics/topic-data
HTTP/1.1 503 Service Unavailable
content-type: application/json
{"error":{"code":503,"message":"io exception","status":"UNAVAILABLE"}}
I have changed the emulator log level to FINEST, but nothing in logs can explain this behavior:
INFOS: Server started, listening on 8085
aout 16, 2019 11:43:51 AM io.netty.buffer.AbstractByteBuf <clinit>
PRECIS: -Dio.netty.buffer.checkAccessible: true
aout 16, 2019 11:43:51 AM io.netty.buffer.AbstractByteBuf <clinit>
PRECIS: -Dio.netty.buffer.checkBounds: true
aout 16, 2019 11:43:51 AM io.netty.util.ResourceLeakDetectorFactory$DefaultResourceLeakDetectorFactory newResourceLeakDetector
PRECIS: Loaded default ResourceLeakDetector: io.netty.util.ResourceLeakDetector#280b84c6
aout 16, 2019 11:43:51 AM io.gapi.emulators.grpc.GrpcServer$3 operationComplete
INFOS: Adding handler(s) to newly registered Channel.
aout 16, 2019 11:43:51 AM io.netty.handler.logging.LoggingHandler channelRegistered
PRECIS: [id: 0x369f8b68, L:/a.b.c.d:8085 - R:/a.b.c.d:49246] REGISTERED
aout 16, 2019 11:43:51 AM io.netty.handler.logging.LoggingHandler channelActive
PRECIS: [id: 0x369f8b68, L:/a.b.c.d:8085 - R:/a.b.c.d:49246] ACTIVE
aout 16, 2019 11:43:51 AM io.netty.util.Recycler <clinit>
PRECIS: -Dio.netty.recycler.maxCapacityPerThread: 4096
aout 16, 2019 11:43:51 AM io.netty.util.Recycler <clinit>
PRECIS: -Dio.netty.recycler.maxSharedCapacityFactor: 2
aout 16, 2019 11:43:51 AM io.netty.util.Recycler <clinit>
PRECIS: -Dio.netty.recycler.linkCapacity: 16
aout 16, 2019 11:43:51 AM io.netty.util.Recycler <clinit>
PRECIS: -Dio.netty.recycler.ratio: 8
aout 16, 2019 11:43:51 AM io.netty.handler.logging.LoggingHandler channelRead
PRECIS: [id: 0x369f8b68, L:/a.b.c.d:8085 - R:/a.b.c.d:49246] READ: 285B
+-------------------------------------------------+
| 0 1 2 3 4 5 6 7 8 9 a b c d e f |
+--------+-------------------------------------------------+----------------+
|00000000| 50 55 54 20 2f 76 31 2f 70 72 6f 6a 65 63 74 73 |PUT /v1/projects|
|00000010| 2f 74 65 73 74 2d 70 72 6f 6a 65 63 74 2f 74 6f |/test-project/to|
|00000020| 70 69 63 73 2f 74 6f 70 69 63 2d 64 61 74 61 20 |pics/topic-data |
|00000030| 48 54 54 50 2f 31 2e 31 0d 0a 55 73 65 72 2d 41 |HTTP/1.1..User-A|
|00000040| 67 65 6e 74 3a 20 50 6f 73 74 6d 61 6e 52 75 6e |gent: PostmanRun|
|00000050| 74 69 6d 65 2f 37 2e 31 35 2e 32 0d 0a 41 63 63 |time/7.15.2..Acc|
|00000060| 65 70 74 3a 20 2a 2f 2a 0d 0a 43 61 63 68 65 2d |ept: */*..Cache-|
|00000070| 43 6f 6e 74 72 6f 6c 3a 20 6e 6f 2d 63 61 63 68 |Control: no-cach|
|00000080| 65 0d 0a 50 6f 73 74 6d 61 6e 2d 54 6f 6b 65 6e |e..Postman-Token|
|00000090| 3a 20 66 31 61 38 33 63 35 36 2d 36 66 38 66 2d |: f1a83c56-6f8f-|
|000000a0| 34 65 35 32 2d 38 64 35 35 2d 64 64 66 66 64 37 |4e52-8d55-ddffd7|
|000000b0| 37 38 66 64 36 65 0d 0a 48 6f 73 74 3a 20 31 30 |78fd6e..Host: a.|
|000000c0| 2e 32 2e 34 31 2e 31 39 32 3a 38 30 38 35 0d 0a |.b.c.d:8085.....|
|000000d0| 41 63 63 65 70 74 2d 45 6e 63 6f 64 69 6e 67 3a |Accept-Encoding:|
|000000e0| 20 67 7a 69 70 2c 20 64 65 66 6c 61 74 65 0d 0a | gzip, deflate..|
|000000f0| 43 6f 6e 74 65 6e 74 2d 4c 65 6e 67 74 68 3a 20 |Content-Length: |
|00000100| 30 0d 0a 43 6f 6e 6e 65 63 74 69 6f 6e 3a 20 6b |0..Connection: k|
|00000110| 65 65 70 2d 61 6c 69 76 65 0d 0a 0d 0a |eep-alive.... |
+--------+-------------------------------------------------+----------------+
aout 16, 2019 11:43:51 AM io.gapi.emulators.netty.HttpVersionRoutingHandler channelRead
INFOS: Detected non-HTTP/2 connection.
aout 16, 2019 11:43:51 AM io.netty.handler.logging.LoggingHandler channelReadComplete
PRECIS: [id: 0x369f8b68, L:/a.b.c.d:8085 - R:/a.b.c.d:49246] READ COMPLETE
aout 16, 2019 11:43:51 AM io.grpc.Context createStorage
PRECIS: Storage override doesn't exist. Using default
java.lang.ClassNotFoundException: io.grpc.override.ContextStorageOverride
at java.net.URLClassLoader.findClass(URLClassLoader.java:381)
at java.lang.ClassLoader.loadClass(ClassLoader.java:424)
at sun.misc.Launcher$AppClassLoader.loadClass(Launcher.java:349)
at java.lang.ClassLoader.loadClass(ClassLoader.java:357)
at java.lang.Class.forName0(Native Method)
at java.lang.Class.forName(Class.java:264)
at io.grpc.Context.createStorage(Context.java:137)
at io.grpc.Context.storage(Context.java:129)
at io.grpc.Context.current(Context.java:181)
at io.grpc.Context$Key.get(Context.java:891)
at io.grpc.internal.CensusTracingModule$TracingClientInterceptor.interceptCall(CensusTracingModule.java:385)
at io.grpc.ClientInterceptors$InterceptorChannel.newCall(ClientInterceptors.java:156)
at io.grpc.internal.CensusStatsModule$StatsClientInterceptor.interceptCall(CensusStatsModule.java:691)
at io.grpc.ClientInterceptors$InterceptorChannel.newCall(ClientInterceptors.java:156)
at io.grpc.internal.ManagedChannelImpl.newCall(ManagedChannelImpl.java:819)
at io.grpc.internal.ForwardingManagedChannel.newCall(ForwardingManagedChannel.java:63)
at io.grpc.stub.MetadataUtils$HeaderAttachingClientInterceptor.interceptCall(MetadataUtils.java:74)
at io.grpc.ClientInterceptors$InterceptorChannel.newCall(ClientInterceptors.java:156)
at com.google.pubsub.v1.PublisherGrpc$PublisherStub.createTopic(PublisherGrpc.java:673)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:498)
at io.gapi.emulators.grpc.ProtoReflectionUtil.invoke(ProtoReflectionUtil.java:159)
at io.gapi.emulators.grpc.HttpAdapter$UnaryMethodHandler.handle(HttpAdapter.java:531)
at io.gapi.emulators.grpc.HttpAdapter.handleRequest(HttpAdapter.java:165)
at io.gapi.emulators.netty.HttpHandler.channelRead(HttpHandler.java:52)
at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:359)
at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:345)
at io.netty.channel.AbstractChannelHandlerContext.fireChannelRead(AbstractChannelHandlerContext.java:337)
at io.netty.handler.codec.MessageToMessageDecoder.channelRead(MessageToMessageDecoder.java:102)
at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:359)
at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:345)
at io.netty.channel.AbstractChannelHandlerContext.fireChannelRead(AbstractChannelHandlerContext.java:337)
at io.netty.handler.codec.MessageToMessageDecoder.channelRead(MessageToMessageDecoder.java:102)
at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:359)
at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:345)
at io.netty.channel.AbstractChannelHandlerContext.fireChannelRead(AbstractChannelHandlerContext.java:337)
at io.netty.handler.codec.ByteToMessageDecoder.fireChannelRead(ByteToMessageDecoder.java:323)
at io.netty.handler.codec.ByteToMessageDecoder.channelRead(ByteToMessageDecoder.java:297)
at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:359)
at io.netty.channel.AbstractChannelHandlerContext.access$600(AbstractChannelHandlerContext.java:38)
at io.netty.channel.AbstractChannelHandlerContext$7.run(AbstractChannelHandlerContext.java:350)
at io.netty.util.concurrent.AbstractEventExecutor.safeExecute(AbstractEventExecutor.java:163)
at io.netty.util.concurrent.SingleThreadEventExecutor.runAllTasks(SingleThreadEventExecutor.java:404)
at io.netty.channel.nio.NioEventLoop.run(NioEventLoop.java:495)
at io.netty.util.concurrent.SingleThreadEventExecutor$5.run(SingleThreadEventExecutor.java:905)
at java.lang.Thread.run(Thread.java:748)
aout 16, 2019 11:43:51 AM io.netty.handler.logging.LoggingHandler flush
PRECIS: [id: 0x369f8b68, L:/a.b.c.d:8085 - R:/a.b.c.d:49246] FLUSH
aout 16, 2019 11:43:51 AM io.grpc.internal.DnsNameResolver$Resolve resolveInternal
PRECIS: No TXT records found for localhost
aout 16, 2019 11:43:53 AM io.gapi.emulators.netty.HttpHandler$1 onError
INFOS: Exception when handling request: UNAVAILABLE: io exception
aout 16, 2019 11:43:53 AM io.netty.handler.logging.LoggingHandler write
PRECIS: [id: 0x369f8b68, L:/a.b.c.d:8085 - R:/a.b.c.d:49246] WRITE: 158B
+-------------------------------------------------+
| 0 1 2 3 4 5 6 7 8 9 a b c d e f |
+--------+-------------------------------------------------+----------------+
|00000000| 48 54 54 50 2f 31 2e 31 20 35 30 33 20 53 65 72 |HTTP/1.1 503 Ser|
|00000010| 76 69 63 65 20 55 6e 61 76 61 69 6c 61 62 6c 65 |vice Unavailable|
|00000020| 0d 0a 63 6f 6e 74 65 6e 74 2d 74 79 70 65 3a 20 |..content-type: |
|00000030| 61 70 70 6c 69 63 61 74 69 6f 6e 2f 6a 73 6f 6e |application/json|
|00000040| 0d 0a 63 6f 6e 74 65 6e 74 2d 6c 65 6e 67 74 68 |..content-length|
|00000050| 3a 20 37 30 0d 0a 0d 0a 7b 22 65 72 72 6f 72 22 |: 70....{"error"|
|00000060| 3a 7b 22 63 6f 64 65 22 3a 35 30 33 2c 22 6d 65 |:{"code":503,"me|
|00000070| 73 73 61 67 65 22 3a 22 69 6f 20 65 78 63 65 70 |ssage":"io excep|
|00000080| 74 69 6f 6e 22 2c 22 73 74 61 74 75 73 22 3a 22 |tion","status":"|
|00000090| 55 4e 41 56 41 49 4c 41 42 4c 45 22 7d 7d |UNAVAILABLE"}} |
+--------+-------------------------------------------------+----------------+
aout 16, 2019 11:43:53 AM io.netty.handler.logging.LoggingHandler flush
PRECIS: [id: 0x369f8b68, L:/a.b.c.d:8085 - R:/a.b.c.d:49246] FLUSH
(note that message No TXT records found for localhost is also present when running emulator on localhost, so I'm not sure if this can be the cause)
Note the gRPC API is working fine in both scenario (localhost and specific IP address) but unfortunately I cannot use this protocole as Camel PubSub component is not supporting it.
I got the same result
{"error":{"code":503,"message":"io exception","status":"UNAVAILABLE"}}
but it started to work after I changed binding host from my external IP to global 0.0.0.0 host
gcloud beta emulators pubsub start --host-port=0.0.0.0:8085
I think i faced same kinda issue in past, difference is i was doing something different but whenever i was using my ip in url, url was not reachable.
Thing was some times when we are working with local system you will have to tweak your firewall in order to let your request get pass. It worked like a charm for me. I admit that all i did was disable my firewall but at the moment security was not that important to me.
Hope this might help. Please Do post if you find out if there was any other issue, I am very curious about this since i have to work with pubsub services very often.
Thanks.
As in the subject. I'm wondering if it is possible to get encrypted bytes like below when using AES128 CBC:
7b 22 63 6d 64 22 3a 22 73 65 74 41 70 22 2c 22
73 63 6f 22 2c 22 70 61 00 73 22 3a 22 70 61 73
73 77 6f 72 64 22 7d 00 00 00 00 00 00 00 00 00
Note the NULL byte in the second row.
EDIT: A bit of background behind this question.
I have a C function that takes my buffer and plain text (utf8) after calling it I need to know who much of the buffer was filled up.
Yes, any byte value is possible including 0.
The implied question here is "can I use string handling functions on encrypted data". You cannot because 0 is a valid value. You need to keep track of the number of bytes in the encrypted data.
Don't ask where and why I got it, but I have a lot of lines like these in .c file:
0005080: 3465 3434 2035 6635 6620 2064 6c65 2e5f 4e44 5f5f dle._
0005090: 5f44 544f 525f 454e 445f 5f0a 3030 3031 _DTOR_END__.0001
00050a0: 3334 303a 2030 3035 6620 3566 3663 2036 340: 005f 5f6c 6
00050b0: 3936 3220 3633 3566 2036 3337 3320 3735 962 635f 6373 75
00050c0: 3566 2036 3936 6520 3639 3734 2020 2e5f 5f 696e 6974 ._
00050d0: 5f6c 6962 635f 6373 755f 696e 6974 0a30 _libc_csu_init.0
What can I do with it? Is this a program?
That's not a C file. That's not a C file at all!
What appears to have happened here is that someone flipped some parameters trying to compile a file; something like gcc -o my_file.c my_file.c, or something to that effect.
If you're on Linux, you can run the file utility to figure out what it is.
Note:
This might well also be a piece of malware: The enterprising would-be attacker sent you the file, hoping you would double-click it in the file manager, causing it to execute and do something nasty.
Edit:
Also, is that the literal content of the file, or the file as seen through xxd? If it's the former, it's more likely a mistake of some kind; but if it's the latter: Beware.
This looks like the output of the hexdump command.
If you have a file temp.c with the following code:
#include<stdio.h>
int main()
{
printf("Hello World!\n");
return 0;
}
Then, hexdump -C temp.c will produce the output as:
00000000 23 69 6e 63 6c 75 64 65 3c 73 74 64 69 6f 2e 68 |#include<stdio.h|
00000010 3e 0a 69 6e 74 20 6d 61 69 6e 28 29 0a 7b 0a 09 |>.int main().{..|
00000020 70 72 69 6e 74 66 28 22 48 65 6c 6c 6f 20 57 6f |printf("Hello Wo|
00000030 72 6c 64 21 5c 6e 22 29 3b 0a 09 72 65 74 75 72 |rld!\n");..retur|
00000040 6e 20 30 3b 0a 7d 0a |n 0;.}.|
00000047
The last few lines of the compiled output file (a.out generally) for the above program reads:
\00__data_start\00__gmon_start__\00__dso_handle\00_IO_stdin_used\00__libc_csu_init\00_end\00_start\00__bss_start\00main\00_Jv_RegisterClasses\00__TMC_END__\00_ITM_registerTMCloneTable\00_init\00
In your case, it looks like the hexdump (or a similar) command was used on an a.out (i.e. object code file) file and those are the last few lines of the output.
Good luck!
Im tring to export file from wireshark , so i could search in it.
now every option i try doesn't give simple raw format as the tcp raw view , when i follow
tcp stream .
all it gives me is hex view of the packets and the string in this kind of format breaks and can't be searchable . i want it to export to searchable format.
can it be done ?
this is what im getting now :
0000 48 54 54 50 2f 31 2e 31 20 35 30 30 20 49 6e 74 HTTP/1.1 500 Int
0010 65 72 6e 61 6c 20 53 65 72 76 65 72 20 45 72 72 ernal Server Err
0020 6f 72 0d 0a 44 61 74 65 3a 20 54 68 75 2c 20 31 or..Date: Thu, 1
0030 30 20 4e 6f 76 20 32 30 31 31 20 31 36 3a 33 32 0 Nov 2011 16:32
0040 3a 35 37 20 47 4d 54 0d 0a 50 72 61 67 6d 61 3a :57 GMT..Pragma:
0050 20 6e 6f 2d 63 61 63 68 65 0d 0a 43 6f 6e 74 65 no-cache..Conte
What about using TShark, sed and tr?
tshark -r Clmt_04.pcap -x -R "frame.number<40" | sed 's/^.{56}//' | tr -d '\n' > Clmt-04.txt
tshark -x
add output of hex and ASCII dump (Packet Bytes)
sed 's/^.{56}//'
remove the first 56 characters of each line
tr -d '\n'
remove new line character
Hope this helps
After you identify the tcp stream, you can use the following command with tshark:
tshark -nr <file>.pcapng -q -z follow,tcp,ascii,XXXX
Where XXXX is the tcp stream.