> On Tue, 1 May 2001, Guy Harris wrote:
>
> > Note that, by default, you should *not* print the entire packet;
> > traditionally, tcpdump has printed, by default, only one line per
> > packet, summarizing the packet.
>
> Yes, but it is not always possible to summarize the packet in one line.
> For example, look at SCTP... we had a hard time putting anything
> meaningful into one line. The nature of the protocol is to bundle various
> "chunks"... each of which has totally new information. Hence, printing
> only the first one (or something similar), would give an incorrect view of
> the contents.
Then just print "sctp", or something, without bothering to summarize the
packet to any greater degree - at least some people were *NOT* happy
when tcpdump was printing multiple lines for single packets; for one
thing, it breaks scripts that treat each line as a single packet.
Or do as Ethereal/Tethereal do, and put information about each chunk in
the summary line (emphasis on "line" here) - or do so only if "vflag" is
1, just printing "sctp" if "vflag" is 0, and printing a multi-line
summary if it's > 1.
In any case, by default, you should still *not* print the entire packet
by default, but should print only one line per packet, summarizing the
packet. Print multiple lines only if "vflag" is > 1.
-
This is the TCPDUMP workers list. It is archived at
http://www.tcpdump.org/lists/workers/index.html
To unsubscribe use mailto:[EMAIL PROTECTED]?body=unsubscribe
