IPgrab is a verbose packet sniffer for UNIX hosts.
Links:
Example telnet output:
----------------------------------------------------------------
Ethernet header (961445334.490653)
----------------------------------------------------------------
Hardware source: 00:10:4b:96:1d:a8
Hardware destination: 08:00:02:25:29:77
Protocol: 0x800 (IP)
Length: 68
----------------------------------------------------------------
IP Header
----------------------------------------------------------------
Version: 4
Header length: 5
TOS: 0x10
Total length: 54
Identification: 6795
Fragmentation offset: 0
Unused bit: 0
Don't fragment bit: 1
More fragments bit: 0
Time to live: 64
Protocol: 6 (TCP)
Header checksum: 37890
Source address: 149.112.60.156
Destination address: 149.112.36.168
----------------------------------------------------------------
TCP Header
----------------------------------------------------------------
Source port: 2692 (unknown)
Destination port: 23 (telnet)
Sequence number: 2876130028
Acknowledgement number: 3994633468
Header length: 8
Unused: 0
Flags: PA
Window size: 32120
Checksum: 58743
Urgent: 0
Option: 1 (no op)
Option: 1 (no op)
Option: 8 (timestamp)
Length: 10
Timestamp value: 181028495
Timestamp reply: 44432019
-----------------------------------------------------------------
0D 00 ..
And of a minimal mode TCP session:
961445601.933843 00:10:4b:96:1d:a8->08:00:02:25:29:77 IP 149.112.60.156->198.186.203.44 (72,DF) TCP 2690->22 (PA,2794909852,2764779739,31856)961445602.086258 08:00:02:25:29:77->00:10:4b:96:1d:a8 IP 198.186.203.44->149.112.60.156 (52,DF) TCP 22->2690 (A,2764779739,2794909872,32120) 961445602.086374 08:00:02:25:29:77->00:10:4b:96:1d:a8 IP 198.186.203.44->149.112.60.156 (96,DF) TCP 22->2690 (PA,2764779739,2794909872,32120) 961445602.097106 00:10:4b:96:1d:a8->08:00:02:25:29:77 IP 149.112.60.156->198.186.203.44 (52,DF) TCP 2690->22 (A,2794909872,2764779783,31856)