so this should go in and i can keep improving things in the tree? dlg
> On 6 Dec 2019, at 9:45 pm, Claudio Jeker <[email protected]> wrote: > > On Fri, Dec 06, 2019 at 12:16:09PM +0100, Sebastian Benoit wrote: >> David Gwynne([email protected]) on 2019.12.06 15:14:42 +1000: >>> >>> >>>> On 5 Dec 2019, at 21:14, Sebastian Benoit <[email protected]> wrote: >>>> >>>> Claudio Jeker([email protected]) on 2019.12.05 09:53:49 +0100: >>>>> I would suggest to just pack most of the headers into one group of (). >>>>> >>>>> IPv4 ttl 1 [tos 0x20] 10.0.127.15 > 10.0.127.1 >>>>> would become >>>>> IPv4 (ttl 1 tos 0x20) 10.0.127.15 > 10.0.127.1 >>>>> and >>>>> IPv4 ttl 1 [tos 0x20] (id 39958, len 84) 10.0.127.15 > 10.0.127.1 >>>>> would become >>>>> IPv4 (ttl 1 tos 0x20 id 39958 len 84) 10.0.127.15 > 10.0.127.1 >>>>> >>>>> Maybe add the commas if that is easy to do. >>>> >>>> its more readable with commas, i think >>> >>> do you want me to come up with something in this space as part of the >>> large diff, or is the large change generally ok and we can tinker with >>> this stuff afterward? >> >> It was just a comment on the readability of lists like that. >> I like your idea, please proceed whichever way you like. >> >>> >>> there's some concern that what i'm proposing is too radical and will break >>> peoples muscle memory. > > The output of tcpdump depends on the version and OS it is used on. > IMO the important bits that people normally scan for are the IPs, port > numbers, some of the TCP seq numbers or similar protocol specific data. > To make this scanning easier I suggested to reduce the line noise of the > IP header by reducing the amount of different () and [] sequences giving > the eye a way to skip over that chunk quickly. > > I think the new format is better and people need to retrain a bit but > again we should not make it harder den necessary. > > For me your work can go in as long as the further improvements as > discussed here follow. > -- > :wq Claudio
