hrbrid hex/ascii mode?
Brought to you by:
jpr5
Menu
▾
▴
#3 hrbrid hex/ascii mode?
open
nobody
None
5
2014-12-10
2008-06-18
Anonymous
No
Hi there
I'm a very keen ngrep user and routinely use "-W single" plus perl's regex power to create "poor mans IDS" scripts for specific things. Works well.
However, the fact that all the non-ASCII chars are replaced with '.' is a bit of a limitation. e.g. if I'm trying to capture NetBIOS filenames in packets (which are mainly in Unicode now), I see "dir\filename.txt" as "d.i.r.\.f.i.l.e.n.a.m.e...t.x.t.".
What I'd love to see is a "-W singleENC" option - where all the non-ASCII were converted
e.g. the above filename could be "d\0i\0r\0\\\0f\0i\0\l\0\e\0name.txt" (you get the idea ;-)
Then it'd be easier for me to distinguish real period chars from non-ASCII for starters, as well as being able to actually match on non-ASCII when I need to.
Thanks!
Jason
Logged In: YES
user_id=17025
Originator: NO
Whoops - SF didn't allow me to login before accepting this post. So it's me :-)