#!/usr/bin/perl 
#
# $Id: tcp2txt.pl,v 1.3 2008/12/20 15:23:32 mcrosby Exp $
#
# tcp2txt
#
# This is a quick application that will take the output of either
#  tcpdump -X
# or 
#  tshark -x
# and do a straight dump of all the ascii.
# Why would you like to do this?  Well, the hex/ascii formats will 
# split the line based soley on character position, which means you can't
# grep for things (as what you are grepping for may be split across lines,
# and even worse has hex between the two parts).
#
# This app does a relatively raw dump of the protocol which lets you 
# quickly and easily grep.
#
# Note that right now it will print both headers and the handshaking packets
# (will just show up as garbage, basically).  This could be worked around
# if people care.  Also, it's only US-Ascii for now, extended character
# sets shouldn't be too hard but one would need enough knowledge of what 
# character set the protocol uses (could be given as a command line).
#
#
# tcpdump looks like this:
#         0x0000:  4510 00f4 2558 4000 4006 0000 0a01 0102  E...%X@.@.......
# tshark looks like this:
#0000  00 1d 4f 48 f0 bc 00 17 31 99 5e 78 08 00 45 00   ..OH....1.^x..E.

use strict;
my($pkt)="";
while(<>) {
    chomp();
    if(/^[\da-f]+\s+(.*)/) { # tshark
        foreach my $c (split(/\s+/,$1)) {
	    if($c=~m|^[\da-f]{2}$|) {
		$pkt.=hex2asc($c);
	    }
        }
    } elsif(/^\s*0x[\da-f]+(.*)/) { # tcpdump 
	foreach my $c (split(/\s+/,$1)) { 
	    if($c=~m|^([\da-f]{2})([\da-f]{2})$|) { 
		$pkt.=hex2asc($1).hex2asc($2);
	    }
	}
    } else { # we are either between packets or achieved a format we 
             # don't understand.
        if($pkt ne "") {
            print $pkt."\n";
            $pkt="";
        }
	print; # print header
	print "\n"; # print header
    }
}

sub hex2asc {
    my($c)=hex($_[0]);
    if($c==10) {
	return("\n");
    } elsif(($c>37)&&($c<127)) {
	return(chr($c));
    } else {
	return(" ");
    }
}