Subject: Re: ascii dump for tcpdump (was Re: truss-like command for netbsd)
To: Wolfgang Rupprecht <>
From: Jason Thorpe <>
List: current-users
Date: 10/12/1998 11:46:52
On 12 Oct 1998 11:12:45 -0700 
 Wolfgang Rupprecht <> wrote:

 > One other point to consider is that its been a *long* time since
 > tcpdump first came out.  Back in the early days of tcpdump it wasn't
 > common for folks to use encrypted logins.  If someone snooped the
 > ethernet you were basically hosed.  There were no choices.  Nowadays
 > there are kerberos and ssh.

More importantly, I think LBL's excuse is rather lame, considering

	(a) tcpdump is available in source form, and anyone can add
	    ASCII dumps to it fairly easily.

	(b) anyone with perms to run tcpdump can trivially write their
	    own BPF-using program to dump packets in ASCII format.

Bascically, if you don't want people to sniff your wire, make it so
they can't open /dev/bpf*.  Since our tcpdump isn't setuid, what's
the problem?

Jason R. Thorpe                             
NASA Ames Research Center                            Home: +1 408 866 1912
NAS: M/S 258-5                                       Work: +1 650 604 0935
Moffett Field, CA 94035                             Pager: +1 650 940 5942