I had thought that only 'tcpdump -v' had redesigned output for common protocols,
but 'tcpdump' (no -v) does too. "IP" appears before IP addresses although there
was no real ambiguity before, more superfluous punctuation, case changes -- and
the result isn't yet "internally consistent" since it'
Hannes,
> | I don't feel that tcpdump output should be frozen forever; some changes are
> | appropriate. But the changes I've seen have seemed indiscriminate. Again,
> | why put a comma after the TCP flags? Why reorder the TCP fields relative
> | to one another? Why change the way 'cksum' is sp
Despite all my whining, it is great that tcpdump is being worked on again, and I
appreciate the effort that you've put into it. I just wish there was an option
that would preserve the old behavior. (Or, even better, an option that would
*give* the new behavior.) I think a lot of people would
Hannes,
These changes should not have been implemented globally, without some flag or
option to preserve the old behavior. Such a flag should be added.
> i am a believer that networking dissectors should print data in the order
> they arrive ... header information comes before ip adresses, right
On Jun 24, 2004, at 11:29 AM, Jefferson Ogata wrote:
It would seem to me that the best approach would be to have a format
configuration file when an entry for each dissected protocol. Local
installations could tweak it however they like.
That would be great -- but the default should be the old fo
Hannes,
does this break existing scripts ?
most certainly: however we have not yet found out how to
progress the software in terms of new protcols and multilayer
encapsualation support (gre/l2tp/mpls) and still stay 100%
downwards compatible;
You don't need to stay 100% compatible. However, some o
release will change a major version
number, to make the format changes more obvious to users.
Thanks very much,
Eddie Kohler
P.S. There's a bug in the ip_finddst function that causes most IP
packets with options to report incorrect TCP/UDP checksums. A bug
report and patch have been
Hi all,
The www.tcpdump.org section on mailing lists needs updating -- sending mail to
'[EMAIL PROTECTED]' results in an error; it looks like the address has
changed to '[EMAIL PROTECTED]'.
Eddie
-
This is the tcpdump-workers list.
Visit https://lists.sandelman.ca/ to unsubscribe.
