--- Begin Message ---Hi, On Thu, May 07, 2020 at 01:05:19AM -0700, Guy Harris wrote: > A mechanism where you could do something such as "-T tcp:1073:{protocol}" > to force traffic to TCP port 1073 to be dissected as the specified > protocol might be useful; in this case, we'd do something such as > "-T mpls:{protocol}" to force *all* MPLS packets to be dissected > as the specified protocol, and "-T mpls:{label}:{protocol}", to > force packets with a particular label to be dissected as the specified > protocol (which might mean you'd have to run tcpdump twice - once > to see what the label is, and once to decode the label.I find this to be a fairly complex solution, at least for my use case. I know what I'm looking at ("tcpdump -s0 'label 12003'"), it's just tcpdump not knowing what these packets are - so for these simple cases, a "-T mplsnocweth" "-T mplscweth" (or whatever it's called in the end) would be sufficient. The documentation would need updating to make clear what happens behind the scenes ("this forces some of the dissectors to decode the packet in a particular way", and then possibly explain for each -T value to what sort of packets it applies) OTOH, as a long-term road map, why not :-) gert -- "If was one thing all people took for granted, was conviction that if you feed honest figures into a computer, honest figures come out. Never doubted it myself till I met a computer with a sense of humor." Robert A. Heinlein, The Moon is a Harsh Mistress Gert Doering - Munich, Germany g...@greenie.muc.de
--- End Message ---
_______________________________________________ tcpdump-workers mailing list tcpdump-workers@lists.tcpdump.org https://lists.sandelman.ca/mailman/listinfo/tcpdump-workers
