Personally I prefer multilog + pflogd + some other tool to examine the pcap file.
My old favorite is nc-data -d. The entire program fits on one page.
od or xxd -c1 |cut -d: -f2 will work too.
ngrep is fussy about interface types but I use that too.
Filters for nc-data output can be written in lex, sed, awk, lua, whatever.
I've even experimented with snobol4 and spitbol on packets since the output format of nc-data is so simple.
Personally I prefer multilog + pflogd + some other tool to examine the pcap file.
My old favorite is nc-data -d. The entire program fits on one page.
od or xxd -c1 |cut -d: -f2 will work too.
ngrep is fussy about interface types but I use that too.
Filters for nc-data output can be written in lex, sed, awk, lua, whatever.
I've even experimented with snobol4 and spitbol on packets since the output format of nc-data is so simple.