On Fri, Dec 06, 2019 at 12:16:09PM +0100, Sebastian Benoit wrote: > David Gwynne([email protected]) on 2019.12.06 15:14:42 +1000: > > > > > > > On 5 Dec 2019, at 21:14, Sebastian Benoit <[email protected]> wrote: > > > > > > Claudio Jeker([email protected]) on 2019.12.05 09:53:49 +0100: > > >> I would suggest to just pack most of the headers into one group of (). > > >> > > >> IPv4 ttl 1 [tos 0x20] 10.0.127.15 > 10.0.127.1 > > >> would become > > >> IPv4 (ttl 1 tos 0x20) 10.0.127.15 > 10.0.127.1 > > >> and > > >> IPv4 ttl 1 [tos 0x20] (id 39958, len 84) 10.0.127.15 > 10.0.127.1 > > >> would become > > >> IPv4 (ttl 1 tos 0x20 id 39958 len 84) 10.0.127.15 > 10.0.127.1 > > >> > > >> Maybe add the commas if that is easy to do. > > > > > > its more readable with commas, i think > > > > do you want me to come up with something in this space as part of the > > large diff, or is the large change generally ok and we can tinker with > > this stuff afterward? > > It was just a comment on the readability of lists like that. > I like your idea, please proceed whichever way you like. > > > > > there's some concern that what i'm proposing is too radical and will break > > peoples muscle memory.
The output of tcpdump depends on the version and OS it is used on. IMO the important bits that people normally scan for are the IPs, port numbers, some of the TCP seq numbers or similar protocol specific data. To make this scanning easier I suggested to reduce the line noise of the IP header by reducing the amount of different () and [] sequences giving the eye a way to skip over that chunk quickly. I think the new format is better and people need to retrain a bit but again we should not make it harder den necessary. For me your work can go in as long as the further improvements as discussed here follow. -- :wq Claudio
