[tcpdump-workers] tcpdump --color ?

[Bass]

Hi,
I've been using tcpdump a lot more lately and staring at long streams of
packets and was wondering if the tcpdump devs would be willing to add a
"--color" option to colorize the different major fields in the output.

For example, the timestamp could be one color, the protocol could be a
different color, src & dst could be a different color, flags, tcp options,
etc.

It'd be especially cool and useful if the hex output from -x or -X
colorized the different headers of the packet so that the ethernet frame
hex values would be all one color, the IP header hex values would be a
different color, and the embedded protocol values would be a different
color as well.  This would make it very easy to see the start and end of
each header in the hex output.

Having the color option would simply make it easier and faster for your
eyes to quickly latch on to the different sections and would be very much
appreciated by many people, I'm sure.

Thanks!
-
This is the tcpdump-workers list.
Visit https://cod.sandelman.ca/ to unsubscribe.

[tcpdump-workers] rpcap

[Artur]

Is rpcap implementation supports IPv6 address ? In function
rpcap_send_request_start on patch rpcap2.patch (3518553 rpcap:// support) use
only ipv4type address.
Why dont use struct addrinfo hints and function getaddrinfo to can use ipv4 and
ipv6?

-
This is the tcpdump-workers list.
Visit https://cod.sandelman.ca/ to unsubscribe.

Re: [tcpdump-workers] tcpdump --color ?

[Michael Richardson]

Oh, and anyone doing --colour and to do what vim and Linux ls fail to
do:
you must set the foreground *AND* background colours

If you don't do that then you assume everyone has white xterms, 
and which isn't the case, and one gets things like dark blue letters
on a blue background...

-- 
]   He who is tired of Weird Al is tired of life!   |  firewalls  [
]   Michael Richardson, Sandelman Software Works, Ottawa, ON|net architect[
] m...@sandelman.ottawa.on.ca http://www.sandelman.ottawa.on.ca/ |device driver[
   Kyoto Plus: watch the video 
   then sign the petition. 
-
This is the tcpdump-workers list.
Visit https://cod.sandelman.ca/ to unsubscribe.

Re: [tcpdump-workers] tcpdump --color ?

[Michael Richardson]

> "Bass" == Bass   writes:
Bass> Hi, I've been using tcpdump a lot more lately and staring at
Bass> long streams of packets and was wondering if the tcpdump devs
Bass> would be willing to add a "--color" option to colorize the
Bass> different major fields in the output.

Well, you'd have to spell it properly as: "--colour" :-)

Bass> For example, the timestamp could be one color, the protocol
Bass> could be a different color, src & dst could be a different
Bass> color, flags, tcp options, etc.

Bass> It'd be especially cool and useful if the hex output from -x
Bass> or -X colorized the different headers of the packet so that
Bass> the ethernet frame hex values would be all one color, the IP
Bass> header hex values would be a different color, and the embedded
Bass> protocol values would be a different color as well.  This
Bass> would make it very easy to see the start and end of each
Bass> header in the hex output.

I'm not opposed to it.
I would not want to add a dependancy to libncurses though.
Perhaps we can create a utility program that tcpdump invokes,
which users ncurses to get all the right colour strings. tcpdump
can popen() that and read the results and use them.

The difficult part is sprinkling these all the code.
It might be easier to sprinkle XML through it...

-- 
]   He who is tired of Weird Al is tired of life!   |  firewalls  [
]   Michael Richardson, Sandelman Software Works, Ottawa, ON|net architect[
] m...@sandelman.ottawa.on.ca http://www.sandelman.ottawa.on.ca/ |device driver[
   Kyoto Plus: watch the video 
   then sign the petition. 
-
This is the tcpdump-workers list.
Visit https://cod.sandelman.ca/ to unsubscribe.

Re: [tcpdump-workers] rpcap

[Fulvio Risso]

On 05/15/2012 10:52 PM, Artur wrote:

Is rpcap implementation supports IPv6 address ? In function
rpcap_send_request_start on patch rpcap2.patch (3518553 rpcap:// support) use
only ipv4type address.
Why dont use struct addrinfo hints and function getaddrinfo to can use ipv4 and
ipv6?


Just because the code was done in 2002 and probably at that time I used the old 
socket style.
No reason why it shouldn't support Ipv6 (except for the fact that you have to 
device another separator for the port number; ":" is no longer a valid symbol 
for that).


However, no much time to upgrade the code to support Ipv6 (from my part), 
though.

fulvio

-
This is the tcpdump-workers list.
Visit https://cod.sandelman.ca/ to unsubscribe.