> Personally I'd like to see a different behaviour in both, tcpdump and
> tethereal: Let "-n" keep the old semantics, add "-nm" to do namedecoding of
> MAC addresses, "-nn" do namedecoding of network addresses and "-nt" decoding
> of transport addresses (aka ports).
That might be a bit tricky to implement, given that both tcpdump and
Ethereal/Tethereal use "getopt()" to parse the command-line flags.
> Which leads me to another feature, the ability to
> save the resolved names (MAC, IP, port) with the trace. Does something like
> that already exist?
Not in tcpdump or Ethereal/Tethereal, although snoop has it:
machine$ man snoop
...
OPTIONS
...
-N Create an IP address-to-name file from a cap-
ture file. This must be set together with
the -i option that names a capture file. The
address-to-name file has the same name as the
capture file with .names appended. This file
records the IP address to hostname mapping at
the capture site and increases the portabil-
ity of the capture file. Generate a .names
file if the capture file is to be analyzed
elsewhere. Packets are not displayed when
this flag is used.
...
-n filename Use filename as an IP address-to-name mapping
table. This file must have the same format
as the /etc/hosts file (IP address followed
by the hostname).
...
and Microsoft Network Monitor also lets you save address-to-name
translation lists to text files, and read those files.
-
This is the TCPDUMP workers list. It is archived at
http://www.tcpdump.org/lists/workers/index.html
To unsubscribe use mailto:[EMAIL PROTECTED]?body=unsubscribe
