Hi,
I've been going through A. Kuznetsov's tcpdump 3.4 patch, splitting it to
'already there', 'interesting', etc. piles
A few issues for discussion, some from the patch, some from elsewhere:
* why tcpdump man page is .1? Legacy? It's not like it's usually used by
other than Charlie Root. Thus .8 would be warranted. This is how e.g.
OpenBSD and Red Hat Linux install it. Would the change require trickery
in CVS?
* -a is rather useless IMO, could very well be default behaviour too.
* -u (print NFS handles uncoded) could be removed and moved to -v or -vv.
* -n doesn't print protocol ports (add -nn for current behaviour?)
-> -n is usually used to avoid DNS lookups, many would probably be ok
with seeing port numbers translated
* promiscuous mode setting is reversed, should be disabled by default?.
-> well, this is a matter of taste I suppose.
* SMB printing should not be so noisy (nbt packets..) without -v.
* no token ring layer 2 support. No tr/x.25 printing. Porting would
require some effort, and I doubt it's worth it (who are using these
anyway? :).
* print-ether format is different: doesn't show interface,
'<','>','B','M' (incoming, outgoing, broadcast, multicast, ...), etc:
20:01:54.633721 netcore.fi.ssh > xxx.fi.45811: P 1:65(64) ack 0
win
32120 (DF)
vs.
20:02:19.741408 eth0 > yyy.fi.ssh > zzz.fi.973: P
132:928(796) ack 1 win 6432 (DF) [tos 0x10]
-> would require a change in libpcap too?
-> interface name is really handy IMO!
--
Pekka Savola "Tell me of difficulties surmounted,
Netcore Oy not those you stumble over and fall"
Systems. Networks. Security. -- Robert Jordan: A Crown of Swords
-
This is the TCPDUMP workers list. It is archived at
http://www.tcpdump.org/lists/workers/index.html
To unsubscribe use mailto:[EMAIL PROTECTED]?body=unsubscribe
