Re: [tcpdump-workers] Quiet down SMB printing unless in verbosemode (fwd)

Mon, 29 Jan 2001 03:17:35 -0800 

All,

>> On Fri, Jan 19, 2001 at 05:55:33PM +0200, Pekka Savola wrote:
>> > Is there anyone who wouldn't want to quiet down SMB printing by
>> > default unless -v is given?
>> 
>> It seems reasonable to me, as tcpdump has traditionally printed one-line
>> summaries for packets - even *with* "-v".
>> 
>> I don't know whether anybody out there uses it to do that kind of
>> detailed dissection.
>> 
>> There are probably other protocols for which a more detailed dissection
>> might be useful; snoop and Tethereal, by default, print one line for all
>> packets, but have flags that cause them to print out a *very* detailed
>> report on the packet, at all protocol layers.  snoop uses "-v", and
>> Tethereal uses "-V"; tcpdump could use either "enough" "-v"s ("-vvvvv"
>> or so), or could use a "-V" flag.

I absolutely agree. I believe that "one line display per packet" is
the way to go since it's more UNIX-style; it's easy to pass it to a
filter like sed, grep, wc, and awk. tcpdump is supposed to be used
that way, isn't it?

I also agree that multi-line output is sometimes convenient for some
complicated protocols but it should be so handled only when it's
explicitly specified with -v flag.

Personaly, I like the way how DNS is decoded in a current
tcpdump. It's a bit cryptic at a first look but it's very concise and
contains sufficient information to understand how the protocol is
working.

As far as I know, SMB and CDP are the two instances that output
multiple lines by default (any others?). To prevent from emerging such
a decoder more in the future, I think, at this time, we should write
up a guideline document about decoding principle that we should
obey. This document should describe not only "one line display per
packet unless -v specified", but also the way how to handle some
typical encoding formats in today's protocol like "(bit) flag", TLV,
"tunnel something..", etc. Any comments?

Regards,

=--=--=--=--=--=--=--=--=--=--=--=--=--=--=--=--=
 +----+----+     
 |.. .|    |     Motonori Shindo
 |_~__|    |     
 | .. |~~_~|     Sr. Systems Engineer
 | .  |    |     CoSine Communications Inc.
 +----+----+     
 C o S i n e     e-mail:  [EMAIL PROTECTED] 
Communications
=--=--=--=--=--=--=--=--=--=--=--=--=--=--=--=--=






-
This is the TCPDUMP workers list. It is archived at
http://www.tcpdump.org/lists/workers/index.html
To unsubscribe use mailto:[EMAIL PROTECTED]?body=unsubscribe

Reply via email to