Subject: Re: help w/ tcpdump/arp
To: Julian Coleman <J.D.Coleman@newcastle.ac.uk>
From: Brian C. Grayson <firstname.lastname@example.org>
Date: 09/07/1998 12:20:48
On Mon, Sep 07, 1998 at 05:54:18PM +0100, Julian Coleman wrote:
> Brian Grayson wrote:
> > Is there a flag to tcpdump that says, print out the ethernet address
> > of the sending machine?
> Try :
> -e Print the link-level header on each dump line.
Ah -- thanks to all the responders. To my inexperienced
mind, ``link-level'' and ``Ethernet'' are not related at first
glance. Shows how much I know about networking, huh? Would
adding (typically Ethernet) in parentheses to the man page be
more helpful than confusing? I notice the source code says
ethernet, not link-level, in tcpdump.c.
> PS. How do you get tcpdump to show the length of packets?
I don't know about that one. I wrote a script that takes
tcpdump output and parses the length out of some of the output,
as a very rough traffic analyzer, but there _ought_ to be an easy
way to hack the source code, if nothing else.
"Love is a kind of seventh day -- it gives us a rest from thinking."
-- from "Camelot"