We have a message being routed from a box to one out of many host - I tried the below command;
/usr/sbin/tcpdump -A -X -v -vv -vv port 11111 and host box1.com or host box2.com or host box3.com or host box4.com
I get the below output:
16:23:09.981969 IP sbox1.com.11959 > box1.com.11111: . ack 37 win 81 <nop,nop,timestamp 947669375 2267318557>
0x0000: 4500 0045 c008 4500 4506 454f ba39 3e10 E..4..@.@..O.9>.
0x0010: 0a30 600d 0eb7 07b0 402d 44c8 21b6 ef42 .9b.....F-@.!..B
0x0020: 0987 8898 a796 89a1 90b6 456a 89b0 12b4 ...Q.i......8|I.
0x0030: 8724 891d
The message is in binary format - how can I print it in human readable format as far as possible?
You are using the argument -X when calling tcpdump. According to the Manpage for tcpdump, this tells tcpdump to: "When parsing and printing, in addition to printing the headers of each packet, print the data of each packet (minus its link level header) in hex and ASCII."
The ASCII text on the right is the actual packet. If you are only interested in the ASCII text, then you can simply omit the -X argument. You can find some more helpful commands for tcpdump here as well.
I am not sure what information you are trying to learn from this particular ACK packet, but if you need any help deciphering it, Microsoft provides a pretty decent getting started/basics guide here.