Subject: Re: ascii dump for tcpdump (was Re: truss-like command for netbsd)
To: Jason Thorpe <email@example.com>
From: David Greenman <firstname.lastname@example.org>
Date: 10/12/1998 12:19:11
>On 12 Oct 1998 11:12:45 -0700
> Wolfgang Rupprecht <email@example.com> wrote:
> > One other point to consider is that its been a *long* time since
> > tcpdump first came out. Back in the early days of tcpdump it wasn't
> > common for folks to use encrypted logins. If someone snooped the
> > ethernet you were basically hosed. There were no choices. Nowadays
> > there are kerberos and ssh.
>More importantly, I think LBL's excuse is rather lame, considering
> (a) tcpdump is available in source form, and anyone can add
> ASCII dumps to it fairly easily.
> (b) anyone with perms to run tcpdump can trivially write their
> own BPF-using program to dump packets in ASCII format.
>Bascically, if you don't want people to sniff your wire, make it so
>they can't open /dev/bpf*. Since our tcpdump isn't setuid, what's
...and of course you can do this as well:
tcpdump -s 1500 -l -w - | strings
Not quite the same, but useful.
Co-founder/Principal Architect, The FreeBSD Project