Tcpick
Tcpick rebuilds individual connection streams by assembling packets in order. It’s like a mini command-line version of Wireshark’s “Follow TCP Stream” function. Tcpick has options to output data in hex or plain text with binary stripped.
You can also use it to display individual packets as that are seen. In this mode you don’t make use of the stream rebuilding features, but it is still handy for quickly displaying packets with binary stripped out.
For example, the following is a crude, but effective Yahoo Instant Messenger sniffer:
tcpick -i eth0 -yP "host 192.168.1.2" | grep YMSG
You could also do the same thing by looking only for Yahoo IM packets like this:
tcpick -i eth0 "port mmcc" -S -yP # port 5050
For AIM packets use this:
tcpick -i eth0 "port aol" -S -h -yP # port 5190
The -h option shows headers. You need that for AIM to figure out who sent which message. Yahoo puts this information in the message, so -h is not necessary with Yahoo.
Show HTTP GET requests on the entire network LAN:
tcpick -i eth0 -yP | grep GET example: root@utm-desktop:/home/rnd# tcpick -i eth0 "port mmcc" -S -yP # port 5050 Starting tcpick 0.2.1 at 2009-01-23 16:08 MYT Timeout for connections is 600 tcpick: listening on eth0 setting filter: "port mmcc" YMSG.............Hf.104..Pahang:1..109..mayangsari383..117...[4m.[2m.[#008040m<font face="Garamond" size="14">;)) lina ni garang semacam..datang bulan ke..124..1.. YMSG.....f.......Hf.104..Pahang:1..105..Learn how to weave the Songket, or just chat. .108..1..109..zakriman77..113..1024.. YMSG.....n.......Hf.104..Pahang:1..109..clark_kent9910..117...[1m<font face="Comic Sans MS">:"> malam semalam yg hangat ..124..1.. YMSG.............Hf.104..Pahang:1..109..lina_licious85..117..<ALT #231b01,#c10dc6, #170ecf>.[1m<font face="Lucida Sans Unicode">malas nak bgtau la sari, jg id dieorg:- "</ALT>..124..1... YMSG.....2.......Hf.104..Pahang:1..108..1..109..ribuzz87..113..1024... YMSG.....+.......Hf.104..Pahang:1..109..chatersfairuz..117..<font INF LINE:80 ID:Yzak VER:8.86.25 PROT:YMSGV15 TM:16 TMS:08:33 CS:cs128.msg.sp1>.[#F20000m<font face="Microsoft Sans Serif" size="11" tattoo>:)>-..f4!r..$..<):) ..--.....</font> <u><b>.[#0000C0m<font face="Comic Sans MS" size="13">aduhhh sumbat..124..1... YMSG.....}.......Hf.104..Pahang:1..109..clark_kent9910..117...[1m<font face="Comic Sans MS">dtg bulan ari ni tapi malam smalam tak)..124..1... YMSG.....3.......Hf.104..Pahang:1..108..1..109..zakriman77..113..1024.. YMSG.....k.......Hf.104..Pahang:1..109..mayangsari383..117...[4m.[2m.[#008040m<font face="Garamond" size="14">;)) ck..124..1... YMSG....._.......Hf.104..Pahang:1..109..mimy_eza..117..<font size="20">kt kontan ada jaulan murah dok skg..124..1.. YMSG.....].......Hf.104..Pahang:1..109..clark_kent9910..117...[1m<font face="Comic Sans MS">jaulan =))..124..1... YMSG.............Hf.104..Pahang:1..109..de_skunk..117..<font INF LINE:24 ID:Yzak VER:8.85.10 PROT:YMSGV15 TM:16 TMS:09:14 CS:cs121.msg.mud><fade #018B00,#000603>. [#000000m<font face="Times New Roman" size="12">:))ya maulai \:D/</fade>..124..1... Good Luck.....
i am using this
tcpick -i ppp0 -yP -S -C “port 5050″